X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/52e3ce3b132d85f702f0f611c84770244e119e0f..c2ef5d7e9fc09693770d5d89a6913b47b9d6dbe7:/src/src/expand.c diff --git a/src/src/expand.c b/src/src/expand.c index cd9b48c23..06dc58cb1 100644 --- a/src/src/expand.c +++ b/src/src/expand.c @@ -2,8 +2,8 @@ * Exim - an Internet mail transport agent * *************************************************/ +/* Copyright (c) The Exim Maintainers 2020 - 2022 */ /* Copyright (c) University of Cambridge 1995 - 2018 */ -/* Copyright (c) The Exim Maintainers 2020 - 2021 */ /* See the file NOTICE for conditions of use and distribution. */ @@ -444,9 +444,9 @@ enum vtypes { vtype_pspace, /* partition space; value is T/F for spool/log */ vtype_pinodes, /* partition inodes; value is T/F for spool/log */ vtype_cert /* SSL certificate */ - #ifndef DISABLE_DKIM +#ifndef DISABLE_DKIM ,vtype_dkim /* Lookup of value in DKIM signature */ - #endif +#endif }; /* Type for main variable table */ @@ -583,9 +583,9 @@ static var_entry var_table[] = { { "interface_address", vtype_stringptr, &interface_address }, { "interface_port", vtype_int, &interface_port }, { "item", vtype_stringptr, &iterate_item }, - #ifdef LOOKUP_LDAP +#ifdef LOOKUP_LDAP { "ldap_dn", vtype_stringptr, &eldap_dn }, - #endif +#endif { "load_average", vtype_load_avg, NULL }, { "local_part", vtype_stringptr, &deliver_localpart }, { "local_part_data", vtype_stringptr, &deliver_localpart_data }, @@ -750,17 +750,8 @@ static var_entry var_table[] = { { "spool_directory", vtype_stringptr, &spool_directory }, { "spool_inodes", vtype_pinodes, (void *)TRUE }, { "spool_space", vtype_pspace, (void *)TRUE }, -#ifdef EXPERIMENTAL_SRS_ALT - { "srs_db_address", vtype_stringptr, &srs_db_address }, - { "srs_db_key", vtype_stringptr, &srs_db_key }, - { "srs_orig_recipient", vtype_stringptr, &srs_orig_recipient }, - { "srs_orig_sender", vtype_stringptr, &srs_orig_sender }, -#endif -#if defined(EXPERIMENTAL_SRS_ALT) || defined(SUPPORT_SRS) +#ifdef SUPPORT_SRS { "srs_recipient", vtype_stringptr, &srs_recipient }, -#endif -#ifdef EXPERIMENTAL_SRS_ALT - { "srs_status", vtype_stringptr, &srs_status }, #endif { "thisaddress", vtype_stringptr, &filter_thisaddress }, @@ -1297,7 +1288,7 @@ expand_getlistele(int field, const uschar * list) const uschar * tlist = list; int sep = 0; /* Tainted mem for the throwaway element copies */ -uschar * dummy = store_get(2, TRUE); +uschar * dummy = store_get(2, GET_TAINTED); if (field < 0) { @@ -1984,7 +1975,7 @@ switch (vp->type) int len = message_body_visible; if (len > message_size) len = message_size; - *ss = body = store_get(len+1, TRUE); + *ss = body = store_get(len+1, GET_TAINTED); body[0] = 0; if (vp->type == vtype_msgbody_end) { @@ -2907,64 +2898,49 @@ switch(cond_type = identify_operator(&s, &opname)) { case ECOND_NUM_E: case ECOND_NUM_EE: - tempcond = (num[0] == num[1]); - break; + tempcond = (num[0] == num[1]); break; case ECOND_NUM_G: - tempcond = (num[0] > num[1]); - break; + tempcond = (num[0] > num[1]); break; case ECOND_NUM_GE: - tempcond = (num[0] >= num[1]); - break; + tempcond = (num[0] >= num[1]); break; case ECOND_NUM_L: - tempcond = (num[0] < num[1]); - break; + tempcond = (num[0] < num[1]); break; case ECOND_NUM_LE: - tempcond = (num[0] <= num[1]); - break; + tempcond = (num[0] <= num[1]); break; case ECOND_STR_LT: - tempcond = (Ustrcmp(sub[0], sub[1]) < 0); - break; + tempcond = (Ustrcmp(sub[0], sub[1]) < 0); break; case ECOND_STR_LTI: - tempcond = (strcmpic(sub[0], sub[1]) < 0); - break; + tempcond = (strcmpic(sub[0], sub[1]) < 0); break; case ECOND_STR_LE: - tempcond = (Ustrcmp(sub[0], sub[1]) <= 0); - break; + tempcond = (Ustrcmp(sub[0], sub[1]) <= 0); break; case ECOND_STR_LEI: - tempcond = (strcmpic(sub[0], sub[1]) <= 0); - break; + tempcond = (strcmpic(sub[0], sub[1]) <= 0); break; case ECOND_STR_EQ: - tempcond = (Ustrcmp(sub[0], sub[1]) == 0); - break; + tempcond = (Ustrcmp(sub[0], sub[1]) == 0); break; case ECOND_STR_EQI: - tempcond = (strcmpic(sub[0], sub[1]) == 0); - break; + tempcond = (strcmpic(sub[0], sub[1]) == 0); break; case ECOND_STR_GT: - tempcond = (Ustrcmp(sub[0], sub[1]) > 0); - break; + tempcond = (Ustrcmp(sub[0], sub[1]) > 0); break; case ECOND_STR_GTI: - tempcond = (strcmpic(sub[0], sub[1]) > 0); - break; + tempcond = (strcmpic(sub[0], sub[1]) > 0); break; case ECOND_STR_GE: - tempcond = (Ustrcmp(sub[0], sub[1]) >= 0); - break; + tempcond = (Ustrcmp(sub[0], sub[1]) >= 0); break; case ECOND_STR_GEI: - tempcond = (strcmpic(sub[0], sub[1]) >= 0); - break; + tempcond = (strcmpic(sub[0], sub[1]) >= 0); break; case ECOND_MATCH: /* Regular expression match */ { @@ -2987,72 +2963,68 @@ switch(cond_type = identify_operator(&s, &opname)) } case ECOND_MATCH_ADDRESS: /* Match in an address list */ - rc = match_address_list(sub[0], TRUE, FALSE, &(sub[1]), NULL, -1, 0, NULL); - goto MATCHED_SOMETHING; + rc = match_address_list(sub[0], TRUE, FALSE, &(sub[1]), NULL, -1, 0, + CUSS &lookup_value); + goto MATCHED_SOMETHING; case ECOND_MATCH_DOMAIN: /* Match in a domain list */ - rc = match_isinlist(sub[0], &(sub[1]), 0, &domainlist_anchor, NULL, - MCL_DOMAIN + MCL_NOEXPAND, TRUE, NULL); - goto MATCHED_SOMETHING; + rc = match_isinlist(sub[0], &(sub[1]), 0, &domainlist_anchor, NULL, + MCL_DOMAIN + MCL_NOEXPAND, TRUE, CUSS &lookup_value); + goto MATCHED_SOMETHING; case ECOND_MATCH_IP: /* Match IP address in a host list */ - if (sub[0][0] != 0 && string_is_ip_address(sub[0], NULL) == 0) - { - expand_string_message = string_sprintf("\"%s\" is not an IP address", - sub[0]); - return NULL; - } - else - { - unsigned int *nullcache = NULL; - check_host_block cb; - - cb.host_name = US""; - cb.host_address = sub[0]; - - /* If the host address starts off ::ffff: it is an IPv6 address in - IPv4-compatible mode. Find the IPv4 part for checking against IPv4 - addresses. */ - - cb.host_ipv4 = (Ustrncmp(cb.host_address, "::ffff:", 7) == 0)? - cb.host_address + 7 : cb.host_address; - - rc = match_check_list( - &sub[1], /* the list */ - 0, /* separator character */ - &hostlist_anchor, /* anchor pointer */ - &nullcache, /* cache pointer */ - check_host, /* function for testing */ - &cb, /* argument for function */ - MCL_HOST, /* type of check */ - sub[0], /* text for debugging */ - NULL); /* where to pass back data */ - } - goto MATCHED_SOMETHING; + if (sub[0][0] != 0 && string_is_ip_address(sub[0], NULL) == 0) + { + expand_string_message = string_sprintf("\"%s\" is not an IP address", + sub[0]); + return NULL; + } + else + { + unsigned int *nullcache = NULL; + check_host_block cb; + + cb.host_name = US""; + cb.host_address = sub[0]; + + /* If the host address starts off ::ffff: it is an IPv6 address in + IPv4-compatible mode. Find the IPv4 part for checking against IPv4 + addresses. */ + + cb.host_ipv4 = (Ustrncmp(cb.host_address, "::ffff:", 7) == 0)? + cb.host_address + 7 : cb.host_address; + + rc = match_check_list( + &sub[1], /* the list */ + 0, /* separator character */ + &hostlist_anchor, /* anchor pointer */ + &nullcache, /* cache pointer */ + check_host, /* function for testing */ + &cb, /* argument for function */ + MCL_HOST, /* type of check */ + sub[0], /* text for debugging */ + CUSS &lookup_value); /* where to pass back data */ + } + goto MATCHED_SOMETHING; case ECOND_MATCH_LOCAL_PART: - rc = match_isinlist(sub[0], &(sub[1]), 0, &localpartlist_anchor, NULL, - MCL_LOCALPART + MCL_NOEXPAND, TRUE, NULL); - /* Fall through */ - /* VVVVVVVVVVVV */ - MATCHED_SOMETHING: - switch(rc) - { - case OK: - tempcond = TRUE; - break; - - case FAIL: - tempcond = FALSE; - break; + rc = match_isinlist(sub[0], &(sub[1]), 0, &localpartlist_anchor, NULL, + MCL_LOCALPART + MCL_NOEXPAND, TRUE, CUSS &lookup_value); + /* Fall through */ + /* VVVVVVVVVVVV */ + MATCHED_SOMETHING: + switch(rc) + { + case OK: tempcond = TRUE; break; + case FAIL: tempcond = FALSE; break; - case DEFER: - expand_string_message = string_sprintf("unable to complete match " - "against \"%s\": %s", sub[1], search_error_message); - return NULL; - } + case DEFER: + expand_string_message = string_sprintf("unable to complete match " + "against \"%s\": %s", sub[1], search_error_message); + return NULL; + } - break; + break; /* Various "encrypted" comparisons. If the second string starts with "{" then an encryption type is given. Default to crypt() or crypt16() @@ -3061,138 +3033,138 @@ switch(cond_type = identify_operator(&s, &opname)) case ECOND_CRYPTEQ: #ifndef SUPPORT_CRYPTEQ - goto COND_FAILED_NOT_COMPILED; + goto COND_FAILED_NOT_COMPILED; #else - if (strncmpic(sub[1], US"{md5}", 5) == 0) - { - int sublen = Ustrlen(sub[1]+5); - md5 base; - uschar digest[16]; + if (strncmpic(sub[1], US"{md5}", 5) == 0) + { + int sublen = Ustrlen(sub[1]+5); + md5 base; + uschar digest[16]; - md5_start(&base); - md5_end(&base, sub[0], Ustrlen(sub[0]), digest); + md5_start(&base); + md5_end(&base, sub[0], Ustrlen(sub[0]), digest); - /* If the length that we are comparing against is 24, the MD5 digest - is expressed as a base64 string. This is the way LDAP does it. However, - some other software uses a straightforward hex representation. We assume - this if the length is 32. Other lengths fail. */ + /* If the length that we are comparing against is 24, the MD5 digest + is expressed as a base64 string. This is the way LDAP does it. However, + some other software uses a straightforward hex representation. We assume + this if the length is 32. Other lengths fail. */ - if (sublen == 24) - { - uschar *coded = b64encode(CUS digest, 16); - DEBUG(D_auth) debug_printf("crypteq: using MD5+B64 hashing\n" - " subject=%s\n crypted=%s\n", coded, sub[1]+5); - tempcond = (Ustrcmp(coded, sub[1]+5) == 0); - } - else if (sublen == 32) - { - uschar coded[36]; - for (int i = 0; i < 16; i++) sprintf(CS (coded+2*i), "%02X", digest[i]); - coded[32] = 0; - DEBUG(D_auth) debug_printf("crypteq: using MD5+hex hashing\n" - " subject=%s\n crypted=%s\n", coded, sub[1]+5); - tempcond = (strcmpic(coded, sub[1]+5) == 0); - } - else - { - DEBUG(D_auth) debug_printf("crypteq: length for MD5 not 24 or 32: " - "fail\n crypted=%s\n", sub[1]+5); - tempcond = FALSE; - } - } + if (sublen == 24) + { + uschar *coded = b64encode(CUS digest, 16); + DEBUG(D_auth) debug_printf("crypteq: using MD5+B64 hashing\n" + " subject=%s\n crypted=%s\n", coded, sub[1]+5); + tempcond = (Ustrcmp(coded, sub[1]+5) == 0); + } + else if (sublen == 32) + { + uschar coded[36]; + for (int i = 0; i < 16; i++) sprintf(CS (coded+2*i), "%02X", digest[i]); + coded[32] = 0; + DEBUG(D_auth) debug_printf("crypteq: using MD5+hex hashing\n" + " subject=%s\n crypted=%s\n", coded, sub[1]+5); + tempcond = (strcmpic(coded, sub[1]+5) == 0); + } + else + { + DEBUG(D_auth) debug_printf("crypteq: length for MD5 not 24 or 32: " + "fail\n crypted=%s\n", sub[1]+5); + tempcond = FALSE; + } + } - else if (strncmpic(sub[1], US"{sha1}", 6) == 0) - { - int sublen = Ustrlen(sub[1]+6); - hctx h; - uschar digest[20]; + else if (strncmpic(sub[1], US"{sha1}", 6) == 0) + { + int sublen = Ustrlen(sub[1]+6); + hctx h; + uschar digest[20]; - sha1_start(&h); - sha1_end(&h, sub[0], Ustrlen(sub[0]), digest); + sha1_start(&h); + sha1_end(&h, sub[0], Ustrlen(sub[0]), digest); - /* If the length that we are comparing against is 28, assume the SHA1 - digest is expressed as a base64 string. If the length is 40, assume a - straightforward hex representation. Other lengths fail. */ + /* If the length that we are comparing against is 28, assume the SHA1 + digest is expressed as a base64 string. If the length is 40, assume a + straightforward hex representation. Other lengths fail. */ - if (sublen == 28) - { - uschar *coded = b64encode(CUS digest, 20); - DEBUG(D_auth) debug_printf("crypteq: using SHA1+B64 hashing\n" - " subject=%s\n crypted=%s\n", coded, sub[1]+6); - tempcond = (Ustrcmp(coded, sub[1]+6) == 0); - } - else if (sublen == 40) - { - uschar coded[44]; - for (int i = 0; i < 20; i++) sprintf(CS (coded+2*i), "%02X", digest[i]); - coded[40] = 0; - DEBUG(D_auth) debug_printf("crypteq: using SHA1+hex hashing\n" - " subject=%s\n crypted=%s\n", coded, sub[1]+6); - tempcond = (strcmpic(coded, sub[1]+6) == 0); - } - else - { - DEBUG(D_auth) debug_printf("crypteq: length for SHA-1 not 28 or 40: " - "fail\n crypted=%s\n", sub[1]+6); - tempcond = FALSE; - } - } + if (sublen == 28) + { + uschar *coded = b64encode(CUS digest, 20); + DEBUG(D_auth) debug_printf("crypteq: using SHA1+B64 hashing\n" + " subject=%s\n crypted=%s\n", coded, sub[1]+6); + tempcond = (Ustrcmp(coded, sub[1]+6) == 0); + } + else if (sublen == 40) + { + uschar coded[44]; + for (int i = 0; i < 20; i++) sprintf(CS (coded+2*i), "%02X", digest[i]); + coded[40] = 0; + DEBUG(D_auth) debug_printf("crypteq: using SHA1+hex hashing\n" + " subject=%s\n crypted=%s\n", coded, sub[1]+6); + tempcond = (strcmpic(coded, sub[1]+6) == 0); + } + else + { + DEBUG(D_auth) debug_printf("crypteq: length for SHA-1 not 28 or 40: " + "fail\n crypted=%s\n", sub[1]+6); + tempcond = FALSE; + } + } - else /* {crypt} or {crypt16} and non-{ at start */ - /* }-for-text-editors */ - { - int which = 0; - uschar *coded; + else /* {crypt} or {crypt16} and non-{ at start */ + /* }-for-text-editors */ + { + int which = 0; + uschar *coded; - if (strncmpic(sub[1], US"{crypt}", 7) == 0) - { - sub[1] += 7; - which = 1; - } - else if (strncmpic(sub[1], US"{crypt16}", 9) == 0) - { - sub[1] += 9; - which = 2; - } - else if (sub[1][0] == '{') /* }-for-text-editors */ - { - expand_string_message = string_sprintf("unknown encryption mechanism " - "in \"%s\"", sub[1]); - return NULL; - } + if (strncmpic(sub[1], US"{crypt}", 7) == 0) + { + sub[1] += 7; + which = 1; + } + else if (strncmpic(sub[1], US"{crypt16}", 9) == 0) + { + sub[1] += 9; + which = 2; + } + else if (sub[1][0] == '{') /* }-for-text-editors */ + { + expand_string_message = string_sprintf("unknown encryption mechanism " + "in \"%s\"", sub[1]); + return NULL; + } - switch(which) - { - case 0: coded = US DEFAULT_CRYPT(CS sub[0], CS sub[1]); break; - case 1: coded = US crypt(CS sub[0], CS sub[1]); break; - default: coded = US crypt16(CS sub[0], CS sub[1]); break; - } + switch(which) + { + case 0: coded = US DEFAULT_CRYPT(CS sub[0], CS sub[1]); break; + case 1: coded = US crypt(CS sub[0], CS sub[1]); break; + default: coded = US crypt16(CS sub[0], CS sub[1]); break; + } - #define STR(s) # s - #define XSTR(s) STR(s) - DEBUG(D_auth) debug_printf("crypteq: using %s()\n" - " subject=%s\n crypted=%s\n", - which == 0 ? XSTR(DEFAULT_CRYPT) : which == 1 ? "crypt" : "crypt16", - coded, sub[1]); - #undef STR - #undef XSTR - - /* If the encrypted string contains fewer than two characters (for the - salt), force failure. Otherwise we get false positives: with an empty - string the yield of crypt() is an empty string! */ - - if (coded) - tempcond = Ustrlen(sub[1]) < 2 ? FALSE : Ustrcmp(coded, sub[1]) == 0; - else if (errno == EINVAL) - tempcond = FALSE; - else - { - expand_string_message = string_sprintf("crypt error: %s\n", - US strerror(errno)); - return NULL; + #define STR(s) # s + #define XSTR(s) STR(s) + DEBUG(D_auth) debug_printf("crypteq: using %s()\n" + " subject=%s\n crypted=%s\n", + which == 0 ? XSTR(DEFAULT_CRYPT) : which == 1 ? "crypt" : "crypt16", + coded, sub[1]); + #undef STR + #undef XSTR + + /* If the encrypted string contains fewer than two characters (for the + salt), force failure. Otherwise we get false positives: with an empty + string the yield of crypt() is an empty string! */ + + if (coded) + tempcond = Ustrlen(sub[1]) < 2 ? FALSE : Ustrcmp(coded, sub[1]) == 0; + else if (errno == EINVAL) + tempcond = FALSE; + else + { + expand_string_message = string_sprintf("crypt error: %s\n", + US strerror(errno)); + return NULL; + } } - } - break; + break; #endif /* SUPPORT_CRYPTEQ */ case ECOND_INLIST: @@ -3215,6 +3187,7 @@ switch(cond_type = identify_operator(&s, &opname)) if (compare(sub[0], iterate_item) == 0) { tempcond = TRUE; + lookup_value = iterate_item; break; } } @@ -3843,8 +3816,8 @@ Returns: pointer to string containing the last three static uschar * prvs_daystamp(int day_offset) { -uschar *days = store_get(32, FALSE); /* Need at least 24 for cases */ -(void)string_format(days, 32, TIME_T_FMT, /* where TIME_T_FMT is %lld */ +uschar * days = store_get(32, GET_UNTAINTED); /* Need at least 24 for cases */ +(void)string_format(days, 32, TIME_T_FMT, /* where TIME_T_FMT is %lld */ (time(NULL) + day_offset*86400)/86400); return (Ustrlen(days) >= 3) ? &days[Ustrlen(days)-3] : US"100"; } @@ -3915,7 +3888,7 @@ chash_end(HMAC_SHA1, &h, innerhash, 20, finalhash); /* Hashing is deemed sufficient to de-taint any input data */ -p = finalhash_hex = store_get(40, FALSE); +p = finalhash_hex = store_get(40, GET_UNTAINTED); for (int i = 0; i < 3; i++) { *p++ = hex_digits[(finalhash[i] & 0xf0) >> 4]; @@ -3946,7 +3919,7 @@ Returns: new pointer for expandable string, terminated if non-null */ gstring * -cat_file(FILE *f, gstring *yield, uschar *eol) +cat_file(FILE * f, gstring * yield, uschar * eol) { uschar buffer[1024]; @@ -3958,8 +3931,6 @@ while (Ufgets(buffer, sizeof(buffer), f)) if (eol && buffer[len]) yield = string_cat(yield, eol); } - -(void) string_from_gstring(yield); return yield; } @@ -3981,7 +3952,6 @@ while ((rc = tls_read(tls_ctx, buffer, sizeof(buffer))) > 0) /* We assume that all errors, and any returns of zero bytes, are actually EOF. */ -(void) string_from_gstring(yield); return yield; } #endif @@ -4356,7 +4326,7 @@ list = ((namedlist_block *)(t->data.ptr))->string; /* The list could be quite long so we (re)use a buffer for each element rather than getting each in new memory */ -if (is_tainted(list)) buffer = store_get(LISTNAMED_BUF_SIZE, TRUE); +if (is_tainted(list)) buffer = store_get(LISTNAMED_BUF_SIZE, GET_TAINTED); while ((item = string_nextinlist(&list, &sep, buffer, LISTNAMED_BUF_SIZE))) { uschar * buf = US" : "; @@ -4507,13 +4477,13 @@ expand_level++; f.expand_string_forcedfail = FALSE; expand_string_message = US""; -{ uschar *m; -if ((m = is_tainted2(string, LOG_MAIN|LOG_PANIC, "Tainted string '%s' in expansion", s))) +if (is_tainted(string)) { - expand_string_message = m; + expand_string_message = + string_sprintf("attempt to expand tainted string '%s'", s); + log_write(0, LOG_MAIN|LOG_PANIC, "%s", expand_string_message); goto EXPAND_FAILED; } -} while (*s) { @@ -4613,13 +4583,13 @@ while (*s) buffer. */ if (!yield) - g = store_get(sizeof(gstring), FALSE); + g = store_get(sizeof(gstring), GET_UNTAINTED); else if (yield->ptr == 0) { if (resetok) reset_point = store_reset(reset_point); yield = NULL; reset_point = store_mark(); - g = store_get(sizeof(gstring), FALSE); /* alloc _before_ calling find_variable() */ + g = store_get(sizeof(gstring), GET_UNTAINTED); /* alloc _before_ calling find_variable() */ } /* Header */ @@ -4733,7 +4703,7 @@ while (*s) skipping, but "break" otherwise so we get debug output for the item expansion. */ { - int start = yield->ptr; + int start = gstring_length(yield); switch(item_type) { /* Call an ACL from an expansion. We feed data in via $acl_arg1 - $acl_arg9. @@ -4829,6 +4799,7 @@ while (*s) const uschar *next_s; int save_expand_nmax = save_expand_strings(save_expand_nstring, save_expand_nlength); + uschar * save_lookup_value = lookup_value; Uskip_whitespace(&s); if (!(next_s = eval_condition(s, &resetok, skipping ? NULL : &cond))) @@ -4862,6 +4833,7 @@ while (*s) /* Restore external setting of expansion variables for continuation at this level. */ + lookup_value = save_lookup_value; restore_expand_strings(save_expand_nmax, save_expand_nstring, save_expand_nlength); break; @@ -5554,10 +5526,8 @@ while (*s) case EITEM_RUN: { FILE * f; - uschar * arg; - const uschar ** argv; - pid_t pid; - int fd_in, fd_out; + const uschar * arg, ** argv; + BOOL late_expand = TRUE; if ((expand_forbid & RDO_RUN) != 0) { @@ -5565,17 +5535,45 @@ while (*s) goto EXPAND_FAILED; } + /* Handle options to the "run" */ + + while (*s == ',') + { + if (Ustrncmp(++s, "preexpand", 9) == 0) + { late_expand = FALSE; s += 9; } + else + { + const uschar * t = s; + while (isalpha(*++t)) ; + expand_string_message = string_sprintf("bad option '%.*s' for run", + (int)(t-s), s); + goto EXPAND_FAILED; + } + } Uskip_whitespace(&s); - if (*s != '{') + + if (*s != '{') /*}*/ { expand_string_message = US"missing '{' for command arg of run"; - goto EXPAND_FAILED_CURLY; + goto EXPAND_FAILED_CURLY; /*"}*/ } - if (!(arg = expand_string_internal(s+1, TRUE, &s, skipping, TRUE, &resetok))) - goto EXPAND_FAILED; - Uskip_whitespace(&s); + s++; + + if (late_expand) /* this is the default case */ + { + int n = Ustrcspn(s, "}"); + arg = skipping ? NULL : string_copyn(s, n); + s += n; + } + else + { + if (!(arg = expand_string_internal(s, TRUE, &s, skipping, TRUE, &resetok))) + goto EXPAND_FAILED; + Uskip_whitespace(&s); + } + /*{*/ if (*s++ != '}') - { + { /*{*/ expand_string_message = US"missing '}' closing command arg of run"; goto EXPAND_FAILED_CURLY; } @@ -5587,13 +5585,17 @@ while (*s) } else { + int fd_in, fd_out; + pid_t pid; + if (!transport_set_up_command(&argv, /* anchor for arg list */ arg, /* raw command */ - FALSE, /* don't expand the arguments */ - 0, /* not relevant when... */ - NULL, /* no transporting address */ - US"${run} expansion", /* for error messages */ - &expand_string_message)) /* where to put error message */ + late_expand, /* expand args if not already done */ + 0, /* not relevant when... */ + NULL, /* no transporting address */ + late_expand, /* allow tainted args, when expand-after-split */ + US"${run} expansion", /* for error messages */ + &expand_string_message)) /* where to put error message */ goto EXPAND_FAILED; /* Create the child process, making it a group leader. */ @@ -5604,7 +5606,7 @@ while (*s) expand_string_message = string_sprintf("couldn't create child process: %s", strerror(errno)); goto EXPAND_FAILED; - } + } /* Nothing is written to the standard input. */ @@ -5956,8 +5958,7 @@ while (*s) /* Copy the characters before the match, plus the expanded insertion. */ - if (ovec[0] > moffset) - yield = string_catn(yield, subject + moffset, ovec[0] - moffset); + yield = string_catn(yield, subject + moffset, ovec[0] - moffset); if (!(insert = expand_string(sub[2]))) goto EXPAND_FAILED; @@ -6572,6 +6573,9 @@ while (*s) item of the output list, add in a space if the new item begins with the separator character, or is an empty string. */ +/*XXX is there not a standard support function for this, appending to a list? */ +/* yes, string_append_listele(), but it depends on lack of text before the list */ + if ( yield && yield->ptr != save_ptr && (temp[0] == *outsep || temp[0] == 0)) yield = string_catn(yield, US" ", 1); @@ -6845,7 +6849,7 @@ while (*s) log_write(0, LOG_MAIN|LOG_PANIC, "%s", expand_string_message); goto EXPAND_FAILED; } - t = store_get_perm(sizeof(tree_node) + Ustrlen(argv[0]), is_tainted(argv[0])); + t = store_get_perm(sizeof(tree_node) + Ustrlen(argv[0]), argv[0]); Ustrcpy(t->name, argv[0]); t->data.ptr = handle; (void)tree_insertnode(&dlobj_anchor, t); @@ -6939,68 +6943,73 @@ while (*s) case 3: goto EXPAND_FAILED; } - g = string_catn(g, US"SRS0=", 5); - - /* ${l_4:${hmac{md5}{SRS_SECRET}{${lc:$return_path}}}}= */ - hmac_md5(sub[0], string_copylc(sub[1]), cksum, sizeof(cksum)); - g = string_catn(g, cksum, sizeof(cksum)); - g = string_catn(g, US"=", 1); - - /* ${base32:${eval:$tod_epoch/86400&0x3ff}}= */ + if (sub[1] && *(sub[1])) { - struct timeval now; - unsigned long i; - gstring * h = NULL; - - gettimeofday(&now, NULL); - for (unsigned long i = (now.tv_sec / 86400) & 0x3ff; i; i >>= 5) - h = string_catn(h, &base32_chars[i & 0x1f], 1); - if (h) while (h->ptr > 0) - g = string_catn(g, &h->s[--h->ptr], 1); - } - g = string_catn(g, US"=", 1); + g = string_catn(g, US"SRS0=", 5); - /* ${domain:$return_path}=${local_part:$return_path} */ - { - int start, end, domain; - uschar * t = parse_extract_address(sub[1], &expand_string_message, - &start, &end, &domain, FALSE); - uschar * s; + /* ${l_4:${hmac{md5}{SRS_SECRET}{${lc:$return_path}}}}= */ + hmac_md5(sub[0], string_copylc(sub[1]), cksum, sizeof(cksum)); + g = string_catn(g, cksum, sizeof(cksum)); + g = string_catn(g, US"=", 1); - if (!t) - goto EXPAND_FAILED; + /* ${base32:${eval:$tod_epoch/86400&0x3ff}}= */ + { + struct timeval now; + unsigned long i; + gstring * h = NULL; - if (domain > 0) g = string_cat(g, t + domain); + gettimeofday(&now, NULL); + for (unsigned long i = (now.tv_sec / 86400) & 0x3ff; i; i >>= 5) + h = string_catn(h, &base32_chars[i & 0x1f], 1); + if (h) while (h->ptr > 0) + g = string_catn(g, &h->s[--h->ptr], 1); + } g = string_catn(g, US"=", 1); - s = domain > 0 ? string_copyn(t, domain - 1) : t; - if ((quoted = Ustrchr(s, '"') != NULL)) + /* ${domain:$return_path}=${local_part:$return_path} */ { - gstring * h = NULL; - DEBUG(D_expand) debug_printf_indent("auto-quoting local part\n"); - while (*s) /* de-quote */ + int start, end, domain; + uschar * t = parse_extract_address(sub[1], &expand_string_message, + &start, &end, &domain, FALSE); + uschar * s; + + if (!t) + goto EXPAND_FAILED; + + if (domain > 0) g = string_cat(g, t + domain); + g = string_catn(g, US"=", 1); + + s = domain > 0 ? string_copyn(t, domain - 1) : t; + if ((quoted = Ustrchr(s, '"') != NULL)) { - while (*s && *s != '"') h = string_catn(h, s++, 1); - if (*s) s++; - while (*s && *s != '"') h = string_catn(h, s++, 1); - if (*s) s++; + gstring * h = NULL; + DEBUG(D_expand) debug_printf_indent("auto-quoting local part\n"); + while (*s) /* de-quote */ + { + while (*s && *s != '"') h = string_catn(h, s++, 1); + if (*s) s++; + while (*s && *s != '"') h = string_catn(h, s++, 1); + if (*s) s++; + } + gstring_release_unused(h); + s = string_from_gstring(h); } - gstring_release_unused(h); - s = string_from_gstring(h); + g = string_cat(g, s); } - g = string_cat(g, s); - } - /* Assume that if the original local_part had quotes - it was for good reason */ + /* Assume that if the original local_part had quotes + it was for good reason */ - if (quoted) yield = string_catn(yield, US"\"", 1); - yield = string_catn(yield, g->s, g->ptr); - if (quoted) yield = string_catn(yield, US"\"", 1); + if (quoted) yield = string_catn(yield, US"\"", 1); + yield = string_catn(yield, g->s, g->ptr); + if (quoted) yield = string_catn(yield, US"\"", 1); - /* @$original_domain */ - yield = string_catn(yield, US"@", 1); - yield = string_cat(yield, sub[2]); + /* @$original_domain */ + yield = string_catn(yield, US"@", 1); + yield = string_cat(yield, sub[2]); + } + else + DEBUG(D_expand) debug_printf_indent("null return_path for srs-encode\n"); if (skipping) continue; break; @@ -7013,7 +7022,7 @@ while (*s) /*NOTREACHED*/ DEBUG(D_expand) - if (start > 0 || *s) /* only if not the sole expansion of the line */ + if (yield && (start > 0 || *s)) /* only if not the sole expansion of the line */ debug_expansion_interim(US"item-res", yield->s + start, yield->ptr - start, skipping); continue; @@ -7208,14 +7217,14 @@ NOT_ITEM: ; } case EOP_MD5: - #ifndef DISABLE_TLS +#ifndef DISABLE_TLS if (vp && *(void **)vp->value) { uschar * cp = tls_cert_fprt_md5(*(void **)vp->value); yield = string_cat(yield, cp); } else - #endif +#endif { md5 base; uschar digest[16]; @@ -7227,14 +7236,14 @@ NOT_ITEM: ; break; case EOP_SHA1: - #ifndef DISABLE_TLS +#ifndef DISABLE_TLS if (vp && *(void **)vp->value) { uschar * cp = tls_cert_fprt_sha1(*(void **)vp->value); yield = string_cat(yield, cp); } else - #endif +#endif { hctx h; uschar digest[20]; @@ -7247,7 +7256,7 @@ NOT_ITEM: ; case EOP_SHA2: case EOP_SHA256: - #ifdef EXIM_HAVE_SHA2 +#ifdef EXIM_HAVE_SHA2 if (vp && *(void **)vp->value) if (c == EOP_SHA256) yield = string_cat(yield, tls_cert_fprt_sha256(*(void **)vp->value)); @@ -7269,18 +7278,18 @@ NOT_ITEM: ; goto EXPAND_FAILED; } - exim_sha_update(&h, sub, Ustrlen(sub)); + exim_sha_update_string(&h, sub); exim_sha_finish(&h, &b); while (b.len-- > 0) yield = string_fmt_append(yield, "%02X", *b.data++); } - #else +#else expand_string_message = US"sha256 only supported with TLS"; - #endif +#endif break; case EOP_SHA3: - #ifdef EXIM_HAVE_SHA3 +#ifdef EXIM_HAVE_SHA3 { hctx h; blob b; @@ -7297,16 +7306,16 @@ NOT_ITEM: ; goto EXPAND_FAILED; } - exim_sha_update(&h, sub, Ustrlen(sub)); + exim_sha_update_string(&h, sub); exim_sha_finish(&h, &b); while (b.len-- > 0) yield = string_fmt_append(yield, "%02X", *b.data++); } break; - #else +#else expand_string_message = US"sha3 only supported with GnuTLS 3.5.0 + or OpenSSL 1.1.1 +"; goto EXPAND_FAILED; - #endif +#endif /* Convert hex encoding to base64 encoding */ @@ -7374,7 +7383,7 @@ NOT_ITEM: ; case EOP_LISTCOUNT: { int cnt = 0, sep = 0; - uschar * buf = store_get(2, is_tainted(sub)); + uschar * buf = store_get(2, sub); while (string_nextinlist(CUSS &sub, &sep, buf, 1)) cnt++; yield = string_fmt_append(yield, "%d", cnt); @@ -7634,10 +7643,10 @@ NOT_ITEM: ; goto EXPAND_FAILED; } - if (lookup_list[n]->quote) - sub = (lookup_list[n]->quote)(sub, opt); - else if (opt) - sub = NULL; + if (lookup_list[n]->quote) + sub = (lookup_list[n]->quote)(sub, opt, (unsigned)n); + else if (opt) + sub = NULL; if (!sub) { @@ -7697,7 +7706,7 @@ NOT_ITEM: ; case EOP_FROM_UTF8: { - uschar * buff = store_get(4, is_tainted(sub)); + uschar * buff = store_get(4, sub); while (*sub) { int c; @@ -7723,13 +7732,10 @@ NOT_ITEM: ; /* Manually track tainting, as we deal in individual chars below */ - if (is_tainted(sub)) - { - if (yield->s && yield->ptr) - gstring_rebuffer(yield); - else - yield->s = store_get(yield->size = Ustrlen(sub), is_tainted(sub)); - } + if (!yield->s || !yield->ptr) + yield->s = store_get(yield->size = Ustrlen(sub), sub); + else if (is_incompatible(yield->s, sub)) + gstring_rebuffer(yield, sub); /* Check the UTF-8, byte-by-byte */ @@ -7810,7 +7816,7 @@ NOT_ITEM: ; break; } - #ifdef SUPPORT_I18N +#ifdef SUPPORT_I18N case EOP_UTF8_DOMAIN_TO_ALABEL: { uschar * error = NULL; @@ -7871,7 +7877,7 @@ NOT_ITEM: ; yield = string_cat(yield, s); break; } - #endif /* EXPERIMENTAL_INTERNATIONAL */ +#endif /* EXPERIMENTAL_INTERNATIONAL */ /* escape turns all non-printing characters into escape sequences. */ @@ -7947,13 +7953,13 @@ NOT_ITEM: ; case EOP_STR2B64: case EOP_BASE64: { - #ifndef DISABLE_TLS +#ifndef DISABLE_TLS uschar * s = vp && *(void **)vp->value ? tls_cert_der_b64(*(void **)vp->value) : b64encode(CUS sub, Ustrlen(sub)); - #else +#else uschar * s = b64encode(CUS sub, Ustrlen(sub)); - #endif +#endif yield = string_cat(yield, s); break; } @@ -8161,9 +8167,34 @@ NOT_ITEM: ; } /* EOP_* switch */ DEBUG(D_expand) - if (start > 0 || *s) /* only if not the sole expansion of the line */ - debug_expansion_interim(US"op-res", - yield->s + start, yield->ptr - start, skipping); + { + const uschar * s = yield->s + start; + int i = yield->ptr - start; + BOOL tainted = is_tainted(s); + + DEBUG(D_noutf8) + { + debug_printf_indent("|-----op-res: %.*s\n", i, s); + if (tainted) + { + debug_printf_indent("%s \\__", skipping ? "| " : " "); + debug_print_taint(yield->s); + } + } + else + { + debug_printf_indent(UTF8_VERT_RIGHT + UTF8_HORIZ UTF8_HORIZ UTF8_HORIZ UTF8_HORIZ UTF8_HORIZ + "op-res: %.*s\n", i, s); + if (tainted) + { + debug_printf_indent("%s", + skipping + ? UTF8_VERT " " : " " UTF8_UP_RIGHT UTF8_HORIZ UTF8_HORIZ); + debug_print_taint(yield->s); + } + } + } continue; } } @@ -8184,13 +8215,13 @@ NOT_ITEM: ; gstring * g = NULL; if (!yield) - g = store_get(sizeof(gstring), FALSE); + g = store_get(sizeof(gstring), GET_UNTAINTED); else if (yield->ptr == 0) { if (resetok) reset_point = store_reset(reset_point); yield = NULL; reset_point = store_mark(); - g = store_get(sizeof(gstring), FALSE); /* alloc _before_ calling find_variable() */ + g = store_get(sizeof(gstring), GET_UNTAINTED); /* alloc _before_ calling find_variable() */ } if (!(value = find_variable(name, FALSE, skipping, &newsize))) { @@ -8256,8 +8287,10 @@ DEBUG(D_expand) debug_printf_indent("%sresult: %s\n", skipping ? "|-----" : "\\_____", yield->s); if (tainted) - debug_printf_indent("%s \\__(tainted)\n", - skipping ? "| " : " "); + { + debug_printf_indent("%s \\__", skipping ? "| " : " "); + debug_print_taint(yield->s); + } if (skipping) debug_printf_indent("\\___skipping: result is not used\n"); } @@ -8271,9 +8304,12 @@ DEBUG(D_expand) skipping ? UTF8_VERT_RIGHT : UTF8_UP_RIGHT, yield->s); if (tainted) - debug_printf_indent("%s(tainted)\n", + { + debug_printf_indent("%s", skipping ? UTF8_VERT " " : " " UTF8_UP_RIGHT UTF8_HORIZ UTF8_HORIZ); + debug_print_taint(yield->s); + } if (skipping) debug_printf_indent(UTF8_UP_RIGHT UTF8_HORIZ UTF8_HORIZ UTF8_HORIZ "skipping: result is not used\n");