X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/137ae145e066dda8f9d81cf6d2c9f76c15929605..fc057b9e8d3cbccb97a3044bda7faa0271670583:/src/src/rda.c diff --git a/src/src/rda.c b/src/src/rda.c index aed8abc24..0ffc61c77 100644 --- a/src/src/rda.c +++ b/src/src/rda.c @@ -3,7 +3,7 @@ *************************************************/ /* Copyright (c) University of Cambridge 1995 - 2018 */ -/* Copyright (c) The Exim maintainers 2020 */ +/* Copyright (c) The Exim maintainers 2020 - 2021 */ /* See the file NOTICE for conditions of use and distribution. */ /* This module contains code for extracting addresses from a forwarding list @@ -166,7 +166,7 @@ Returns: pointer to string in store; NULL on error */ static uschar * -rda_get_file_contents(redirect_block *rdata, int options, uschar **error, +rda_get_file_contents(const redirect_block *rdata, int options, uschar **error, int *yield) { FILE *fwd; @@ -179,10 +179,8 @@ struct stat statbuf; /* Reading a file is a form of expansion; we wish to deny attackers the capability to specify the file name. */ -if (is_tainted(filename)) +if ((*error = is_tainted2(filename, 0, "Tainted name '%s' for file read not permitted\n", filename))) { - *error = string_sprintf("Tainted name '%s' for file read not permitted\n", - filename); *yield = FF_ERROR; return NULL; } @@ -222,7 +220,7 @@ if (!(fwd = Ufopen(filename, "rb"))) switch(errno) DEFAULT_ERROR: default: - *error = string_open_failed(errno, "%s", filename); + *error = string_open_failed("%s", filename); *yield = FF_ERROR; return NULL; } @@ -339,13 +337,13 @@ Returns: a suitable return for rda_interpret() */ static int -rda_extract(redirect_block *rdata, int options, uschar *include_directory, - uschar *sieve_vacation_directory, uschar *sieve_enotify_mailto_owner, - uschar *sieve_useraddress, uschar *sieve_subaddress, - address_item **generated, uschar **error, error_block **eblockp, - int *filtertype) +rda_extract(const redirect_block * rdata, int options, + const uschar * include_directory, const uschar * sieve_vacation_directory, + const uschar * sieve_enotify_mailto_owner, const uschar * sieve_useraddress, + const uschar * sieve_subaddress, address_item ** generated, uschar ** error, + error_block ** eblockp, int * filtertype) { -uschar *data; +const uschar * data; if (rdata->isfile) { @@ -442,9 +440,9 @@ Returns: -1 on error, else 0 static int rda_write_string(int fd, const uschar *s) { -int len = (s == NULL)? 0 : Ustrlen(s) + 1; +int len = s ? Ustrlen(s) + 1 : 0; return ( write(fd, &len, sizeof(int)) != sizeof(int) - || (s != NULL && write(fd, s, len) != len) + || (s && write(fd, s, len) != len) ) ? -1 : 0; } @@ -541,11 +539,11 @@ Returns: values from extraction function, or FF_NONEXIST: */ int -rda_interpret(redirect_block *rdata, int options, uschar *include_directory, - uschar *sieve_vacation_directory, uschar *sieve_enotify_mailto_owner, - uschar *sieve_useraddress, uschar *sieve_subaddress, ugid_block *ugid, - address_item **generated, uschar **error, error_block **eblockp, - int *filtertype, uschar *rname) +rda_interpret(redirect_block * rdata, int options, + const uschar * include_directory, const uschar * sieve_vacation_directory, + const uschar * sieve_enotify_mailto_owner, const uschar * sieve_useraddress, + const uschar * sieve_subaddress, const ugid_block * ugid, address_item ** generated, + uschar ** error, error_block ** eblockp, int * filtertype, const uschar * rname) { int fd, rc, pfd[2]; int yield, status; @@ -618,9 +616,14 @@ search_tidyup(); if ((pid = exim_fork(US"router-interpret")) == 0) { header_line *waslast = header_last; /* Save last header */ + int fd_flags = -1; fd = pfd[pipe_write]; (void)close(pfd[pipe_read]); + + if ((fd_flags = fcntl(fd, F_GETFD)) == -1) goto bad; + if (fcntl(fd, F_SETFD, fd_flags | FD_CLOEXEC) == -1) goto bad; + exim_setugid(ugid->uid, ugid->gid, FALSE, rname); /* Addresses can get rewritten in filters; if we are not root or the exim @@ -956,16 +959,14 @@ if (had_disaster) *error = string_sprintf("internal problem in %s: failure to transfer " "data from subprocess: status=%04x%s%s%s", rname, status, readerror, - (*error == NULL)? US"" : US": error=", - (*error == NULL)? US"" : *error); + *error ? US": error=" : US"", + *error ? *error : US""); log_write(0, LOG_MAIN|LOG_PANIC, "%s", *error); } else if (status != 0) - { log_write(0, LOG_MAIN|LOG_PANIC, "internal problem in %s: unexpected status " "%04x from redirect subprocess (but data correctly received)", rname, status); - } FINAL_EXIT: (void)close(fd);