X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/158b02e0e2e6c4693bdbba50009a329be3a05f77..cb45303cf2a8d9922702f13db42b3285c48f6aa7:/src/src/verify.c diff --git a/src/src/verify.c b/src/src/verify.c index c182e12e1..ed0898c9b 100644 --- a/src/src/verify.c +++ b/src/src/verify.c @@ -78,7 +78,7 @@ if (type[0] == 'd' && cache_record->result != ccache_reject) { if (length == sizeof(dbdata_callout_cache_obs)) { - dbdata_callout_cache *new = store_get(sizeof(dbdata_callout_cache), FALSE); + dbdata_callout_cache * new = store_get(sizeof(dbdata_callout_cache), GET_UNTAINTED); memcpy(new, cache_record, length); new->postmaster_stamp = new->random_stamp = new->time_stamp; cache_record = new; @@ -400,7 +400,7 @@ if (addr->transport == cutthrough.addr.transport) if (done) { - address_item * na = store_get(sizeof(address_item), FALSE); + address_item * na = store_get(sizeof(address_item), GET_UNTAINTED); *na = cutthrough.addr; cutthrough.addr = *addr; cutthrough.addr.host_used = &cutthrough.host; @@ -651,7 +651,7 @@ coding means skipping this whole loop and doing the append separately. */ log_write(0, LOG_MAIN|LOG_PANIC, "<%s>: %s", addr->address, addr->message); - if (!sx) sx = store_get(sizeof(*sx), TRUE); /* tainted buffers */ + if (!sx) sx = store_get(sizeof(*sx), GET_TAINTED); /* tainted buffers */ memset(sx, 0, sizeof(*sx)); sx->addrlist = sx->first_addr = addr; @@ -661,6 +661,7 @@ coding means skipping this whole loop and doing the append separately. */ sx->conn_args.interface = interface; sx->helo_data = tf->helo_data; sx->conn_args.tblock = addr->transport; + sx->conn_args.sock = -1; sx->verify = TRUE; tls_retry_connection: @@ -815,7 +816,7 @@ tls_retry_connection: sx->cctx.sock = -1; #ifndef DISABLE_EVENT (void) event_raise(addr->transport->event_action, - US"tcp:close", NULL); + US"tcp:close", NULL, NULL); #endif addr->address = main_address; addr->transport_return = PENDING_DEFER; @@ -1096,7 +1097,7 @@ no_conn: for (address_item * caddr = &cutthrough.addr, * parent = addr->parent; parent; caddr = caddr->parent, parent = parent->parent) - *(caddr->parent = store_get(sizeof(address_item), FALSE)) = *parent; + *(caddr->parent = store_get(sizeof(address_item), GET_UNTAINTED)) = *parent; ctctx.outblock.buffer = ctbuffer; ctctx.outblock.buffersize = sizeof(ctbuffer); @@ -1126,8 +1127,9 @@ no_conn: HDEBUG(D_transport|D_acl|D_v) debug_printf_indent(" SMTP(close)>>\n"); (void)close(sx->cctx.sock); sx->cctx.sock = -1; + smtp_debug_cmd_report(); #ifndef DISABLE_EVENT - (void) event_raise(addr->transport->event_action, US"tcp:close", NULL); + (void) event_raise(addr->transport->event_action, US"tcp:close", NULL, NULL); #endif } } @@ -1346,7 +1348,7 @@ cutthrough_predata(void) if(cutthrough.cctx.sock < 0 || cutthrough.callout_hold_only) return FALSE; -HDEBUG(D_transport|D_acl|D_v) debug_printf_indent(" SMTP>> DATA\n"); +smtp_debug_cmd(US"DATA", 0); cutthrough_puts(US"DATA\r\n", 6); cutthrough_flush_send(); @@ -1414,7 +1416,7 @@ if(fd >= 0) */ client_conn_ctx tmp_ctx = cutthrough.cctx; ctctx.outblock.ptr = ctbuffer; - HDEBUG(D_transport|D_acl|D_v) debug_printf_indent(" SMTP>> QUIT\n"); + smtp_debug_cmd(US"QUIT", 0); _cutthrough_puts(US"QUIT\r\n", 6); /* avoid recursion */ _cutthrough_flush_send(); cutthrough.cctx.sock = -1; /* avoid recursion via read timeout */ @@ -1433,6 +1435,7 @@ if(fd >= 0) #endif HDEBUG(D_transport|D_acl|D_v) debug_printf_indent(" SMTP(close)>>\n"); (void)close(fd); + smtp_debug_cmd_report(); HDEBUG(D_acl) debug_printf_indent("----------- cutthrough shutdown (%s) ------------\n", why); } ctctx.outblock.ptr = ctbuffer; @@ -2150,10 +2153,6 @@ for (addr_list = addr_local, i = 0; i < 2; addr_list = addr_remote, i++) addr_list = addr->next; fprintf(fp, "%s", CS addr->address); -#ifdef EXPERIMENTAL_SRS_ALT - if(addr->prop.srs_sender) - fprintf(fp, " [srs = %s]", addr->prop.srs_sender); -#endif /* If the address is a duplicate, show something about it. */ @@ -2876,28 +2875,27 @@ Returns: OK matched */ int -check_host(void *arg, const uschar *ss, const uschar **valueptr, uschar **error) +check_host(void * arg, const uschar * ss, const uschar ** valueptr, uschar ** error) { -check_host_block *cb = (check_host_block *)arg; +check_host_block * cb = (check_host_block *)arg; int mlen = -1; int maskoffset; -BOOL iplookup = FALSE; -BOOL isquery = FALSE; -BOOL isiponly = cb->host_name != NULL && cb->host_name[0] == 0; -const uschar *t; +BOOL iplookup = FALSE, isquery = FALSE; +BOOL isiponly = cb->host_name && !cb->host_name[0]; +const uschar * t; uschar * semicolon, * endname, * opts; -uschar **aliases; +uschar ** aliases; /* Optimize for the special case when the pattern is "*". */ -if (*ss == '*' && ss[1] == 0) return OK; +if (*ss == '*' && !ss[1]) return OK; /* If the pattern is empty, it matches only in the case when there is no host - this can occur in ACL checking for SMTP input using the -bs option. In this situation, the host address is the empty string. */ -if (cb->host_address[0] == 0) return (*ss == 0)? OK : FAIL; -if (*ss == 0) return FAIL; +if (!cb->host_address[0]) return *ss ? FAIL : OK; +if (!*ss) return FAIL; /* If the pattern is precisely "@" then match against the primary host name, provided that host name matching is permitted; if it's "@[]" match against the @@ -2934,7 +2932,7 @@ course slashes may be present in lookups, but not preceded only by digits and dots). */ for (t = ss; isdigit(*t) || *t == '.'; ) t++; -if (*t == 0 || (*t == '/' && t != ss)) +if (!*t || (*t == '/' && t != ss)) { *error = US"malformed IPv4 address or address mask"; return ERROR; @@ -3549,13 +3547,13 @@ else if (n > 4) save_errno = (buf[1] << 24) | (buf[2] << 16) | (buf[3] << 8) | buf[4]; if ((recipient_verify_failure = n > 5 - ? string_copyn_taint(buf+5, n-5, FALSE) : NULL)) + ? string_copyn_taint(buf+5, n-5, GET_UNTAINTED) : NULL)) { int m; s = buf + 5 + Ustrlen(recipient_verify_failure) + 1; m = n - (s - buf); acl_verify_message = *msg = - m > 0 ? string_copyn_taint(s, m, FALSE) : NULL; + m > 0 ? string_copyn_taint(s, m, GET_UNTAINTED) : NULL; } DEBUG(D_verify) debug_printf_indent("verify call response:" @@ -3576,6 +3574,7 @@ else } close(pfd[pipe_read]); +signal(SIGCHLD, oldsignal); errno = save_errno; return yield;