X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/839287b7fc870dc61755101d28c7ba959632d7df..a85c067ba6c6940512cf57ec213277a370d87e70:/src/src/lookups/readsock.c

diff --git a/src/src/lookups/readsock.c b/src/src/lookups/readsock.c
index f7e04d1d8..7c7b9cfa8 100644
--- a/src/src/lookups/readsock.c
+++ b/src/src/lookups/readsock.c
@@ -2,8 +2,10 @@
 *     Exim - an Internet mail transport agent    *
 *************************************************/
 
+/* Copyright (c) The Exim Maintainers 2021 - 2022 */
 /* Copyright (c) Jeremy Harris 2020 */
 /* See the file NOTICE for conditions of use and distribution. */
+/* SPDX-License-Identifier: GPL-2.0-only */
 
 #include "../exim.h"
 #include "lf_functions.h"
@@ -95,7 +97,7 @@ else
 
   sigalrm_seen = FALSE;
   ALARM(timeout);
-  rc = connect(cctx->sock, (struct sockaddr *)(&sockun), sizeof(sockun));
+  rc = connect(cctx->sock, (struct sockaddr *) &sockun, sizeof(sockun));
   ALARM_CLR(0);
   if (sigalrm_seen)
     {
@@ -115,10 +117,20 @@ else
 #ifndef DISABLE_TLS
 if (do_tls)
   {
+  union sockaddr_46 interface_sock;
+  EXIM_SOCKLEN_T size = sizeof(interface_sock);
   smtp_connect_args conn_args = {.host = &host };
-  tls_support tls_dummy = {.sni=NULL};
+  tls_support tls_dummy = { .sni = NULL };
   uschar * errstr;
 
+  if (getsockname(cctx->sock, (struct sockaddr *) &interface_sock, &size) == 0)
+    conn_args.sending_ip_address = host_ntoa(-1, &interface_sock, NULL, NULL);
+  else
+    {
+    *errmsg = string_sprintf("getsockname failed: %s", strerror(errno));
+    goto bad;
+    }
+
   if (!tls_client_start(cctx, &conn_args, NULL, &tls_dummy, &errstr))
     {
     *errmsg = string_sprintf("TLS connect failed: %s", errstr);
@@ -149,7 +161,7 @@ that connection cacheing at the framework layer works. */
 static void *
 readsock_open(const uschar * filename, uschar ** errmsg)
 {
-client_conn_ctx * cctx = store_get(sizeof(*cctx), FALSE);
+client_conn_ctx * cctx = store_get(sizeof(*cctx), GET_UNTAINTED);
 cctx->sock = -1;
 cctx->tls_ctx = NULL;
 DEBUG(D_lookup) debug_printf_indent("readsock: allocated context\n");
@@ -254,7 +266,12 @@ if (TRUE)
 if (!cctx->tls_ctx)
 #endif
   {
-  FILE * fp = fdopen(cctx->sock, lf.do_shutdown ? "rb" : "wb");
+  FILE * fp = fdopen(cctx->sock, "rb");
+  if (!fp)
+    {
+    log_write(0, LOG_MAIN|LOG_PANIC, "readsock fdopen: %s\n", strerror(errno));
+    goto out;
+    }
   ALARM(timeout);
   yield = cat_file(fp, NULL, eol);
   }