X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/4fab92fbc2b63bac2d89c1dae69fa1845cb640b7..107077d7fd6736711bf5cd980221723401d37c51:/src/src/environment.c

diff --git a/src/src/environment.c b/src/src/environment.c
index c394eb7e7..d96a4e1dd 100644
--- a/src/src/environment.c
+++ b/src/src/environment.c
@@ -2,9 +2,12 @@
 *     Exim - an Internet mail transport agent    *
 *************************************************/
 
-/* Copyright (c) Heiko Schlittermann 2016
+/*
+ * Copyright (c) The Exim Maintainers 2022 - 2023
+ * Copyright (c) Heiko Schlittermann 2016
  * hs@schlittermann.de
  * See the file NOTICE for conditions of use and distribution.
+ * SPDX-License-Identifier: GPL-2.0-or-later
  */
 
 #include "exim.h"
@@ -24,7 +27,7 @@ Returns:    TRUE if successful
 BOOL
 cleanup_environment()
 {
-if (!keep_environment || *keep_environment == '\0')
+if (!keep_environment || !*keep_environment)
   {
   /* From: https://github.com/dovecot/core/blob/master/src/lib/env-util.c#L55
   Try to clear the environment.
@@ -38,8 +41,13 @@ if (!keep_environment || *keep_environment == '\0')
   }
 else if (Ustrcmp(keep_environment, "*") != 0)
   {
-  uschar **p;
-  if (environ) for (p = USS environ; *p; /* see below */)
+  rmark reset_point = store_mark();
+  unsigned deb = debug_selector;
+  BOOL hc = host_checking;
+  debug_selector = 0;			/* quieten this clearout */
+  host_checking = FALSE;
+
+  if (environ) for (uschar ** p = USS environ; *p; /* see below */)
     {
     /* It's considered broken if we do not find the '=', according to
     Florian Weimer. For now we ignore such strings. unsetenv() would complain,
@@ -50,23 +58,42 @@ else if (Ustrcmp(keep_environment, "*") != 0)
       {
       uschar * name = string_copyn(*p, eqp - *p);
 
-      if (OK != match_isinlist(name, CUSS &keep_environment,
-          0, NULL, NULL, MCL_NOEXPAND, FALSE, NULL))
-        if (os_unsetenv(name) < 0) return FALSE;
-        else p = USS environ; /* RESTART from the beginning */
-      else p++;
-      store_reset(name);
+      if (match_isinlist(name, CUSS &keep_environment,
+          0, NULL, NULL, MCL_NOEXPAND, FALSE, NULL) == OK)
+	p++;			/* next */
+      else if (os_unsetenv(name) == 0)
+	p = USS environ;	/* RESTART from the beginning */
+      else
+	{ debug_selector = deb; host_checking = hc; return FALSE; }
       }
     }
+  debug_selector = deb;
+  host_checking = hc;
+  store_reset(reset_point);
+  }
+DEBUG(D_expand)
+  {
+  debug_printf("environment after trimming:\n");
+  if (environ) for (uschar ** p = USS environ; *p; p++)
+    debug_printf(" %s\n", *p);
   }
 if (add_environment)
   {
-    uschar * p;
-    int sep = 0;
-    const uschar * envlist = add_environment;
+  int sep = 0;
+  const uschar * envlist = add_environment;
+  int old_pool = store_pool;
+  store_pool = POOL_PERM;		/* Need perm memory for any created env vars */
 
-    while ((p = string_nextinlist(&envlist, &sep, NULL, 0))) putenv(CS p);
+  for (const uschar * p; p = string_nextinlist(&envlist, &sep, NULL, 0); )
+    {
+    DEBUG(D_expand) debug_printf("adding %s\n", p);
+    putenv(CS p);
+    }
+  store_pool = old_pool;
   }
+#ifndef DISABLE_TLS
+tls_clean_env();
+#endif
 
-  return TRUE;
+return TRUE;
 }