X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/05b70ebcdceb3d0b2eadd39b84782d22b63ed9a2..a85c067ba6c6940512cf57ec213277a370d87e70:/src/src/lookups/readsock.c

diff --git a/src/src/lookups/readsock.c b/src/src/lookups/readsock.c
index 06058ed17..7c7b9cfa8 100644
--- a/src/src/lookups/readsock.c
+++ b/src/src/lookups/readsock.c
@@ -2,9 +2,10 @@
 *     Exim - an Internet mail transport agent    *
 *************************************************/
 
+/* Copyright (c) The Exim Maintainers 2021 - 2022 */
 /* Copyright (c) Jeremy Harris 2020 */
-/* Copyright (c) The Exim Maintainers 2021 */
 /* See the file NOTICE for conditions of use and distribution. */
+/* SPDX-License-Identifier: GPL-2.0-only */
 
 #include "../exim.h"
 #include "lf_functions.h"
@@ -96,7 +97,7 @@ else
 
   sigalrm_seen = FALSE;
   ALARM(timeout);
-  rc = connect(cctx->sock, (struct sockaddr *)(&sockun), sizeof(sockun));
+  rc = connect(cctx->sock, (struct sockaddr *) &sockun, sizeof(sockun));
   ALARM_CLR(0);
   if (sigalrm_seen)
     {
@@ -116,10 +117,20 @@ else
 #ifndef DISABLE_TLS
 if (do_tls)
   {
+  union sockaddr_46 interface_sock;
+  EXIM_SOCKLEN_T size = sizeof(interface_sock);
   smtp_connect_args conn_args = {.host = &host };
-  tls_support tls_dummy = {.sni=NULL};
+  tls_support tls_dummy = { .sni = NULL };
   uschar * errstr;
 
+  if (getsockname(cctx->sock, (struct sockaddr *) &interface_sock, &size) == 0)
+    conn_args.sending_ip_address = host_ntoa(-1, &interface_sock, NULL, NULL);
+  else
+    {
+    *errmsg = string_sprintf("getsockname failed: %s", strerror(errno));
+    goto bad;
+    }
+
   if (!tls_client_start(cctx, &conn_args, NULL, &tls_dummy, &errstr))
     {
     *errmsg = string_sprintf("TLS connect failed: %s", errstr);
@@ -150,7 +161,7 @@ that connection cacheing at the framework layer works. */
 static void *
 readsock_open(const uschar * filename, uschar ** errmsg)
 {
-client_conn_ctx * cctx = store_get(sizeof(*cctx), FALSE);
+client_conn_ctx * cctx = store_get(sizeof(*cctx), GET_UNTAINTED);
 cctx->sock = -1;
 cctx->tls_ctx = NULL;
 DEBUG(D_lookup) debug_printf_indent("readsock: allocated context\n");
@@ -256,6 +267,11 @@ if (!cctx->tls_ctx)
 #endif
   {
   FILE * fp = fdopen(cctx->sock, "rb");
+  if (!fp)
+    {
+    log_write(0, LOG_MAIN|LOG_PANIC, "readsock fdopen: %s\n", strerror(errno));
+    goto out;
+    }
   ALARM(timeout);
   yield = cat_file(fp, NULL, eol);
   }