X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/8ac90765750f87c573300b9e953af3d8090cab8b..a85c067ba6c6940512cf57ec213277a370d87e70:/src/src/routers/dnslookup.c

diff --git a/src/src/routers/dnslookup.c b/src/src/routers/dnslookup.c
index a3b0d352c..0b1abeb8e 100644
--- a/src/src/routers/dnslookup.c
+++ b/src/src/routers/dnslookup.c
@@ -2,8 +2,10 @@
 *     Exim - an Internet mail transport agent    *
 *************************************************/
 
+/* Copyright (c) The Exim Maintainers 2020 - 2022 */
 /* Copyright (c) University of Cambridge 1995 - 2018 */
 /* See the file NOTICE for conditions of use and distribution. */
+/* SPDX-License-Identifier: GPL-2.0-only */
 
 #include "../exim.h"
 #include "rf_functions.h"
@@ -12,34 +14,22 @@
 
 
 /* Options specific to the dnslookup router. */
+#define LOFF(field) OPT_OFF(dnslookup_router_options_block, field)
 
 optionlist dnslookup_router_options[] = {
-  { "check_secondary_mx", opt_bool,
-      (void *)(offsetof(dnslookup_router_options_block, check_secondary_mx)) },
-  { "check_srv",          opt_stringptr,
-      (void *)(offsetof(dnslookup_router_options_block, check_srv)) },
-  { "fail_defer_domains", opt_stringptr,
-      (void *)(offsetof(dnslookup_router_options_block, fail_defer_domains)) },
-  { "ipv4_only",          opt_stringptr,
-      (void *)(offsetof(dnslookup_router_options_block, ipv4_only)) },
-  { "ipv4_prefer",        opt_stringptr,
-      (void *)(offsetof(dnslookup_router_options_block, ipv4_prefer)) },
-  { "mx_domains",         opt_stringptr,
-      (void *)(offsetof(dnslookup_router_options_block, mx_domains)) },
-  { "mx_fail_domains",    opt_stringptr,
-      (void *)(offsetof(dnslookup_router_options_block, mx_fail_domains)) },
-  { "qualify_single",     opt_bool,
-      (void *)(offsetof(dnslookup_router_options_block, qualify_single)) },
-  { "rewrite_headers",    opt_bool,
-      (void *)(offsetof(dnslookup_router_options_block, rewrite_headers)) },
-  { "same_domain_copy_routing", opt_bool|opt_public,
-      (void *)(offsetof(router_instance, same_domain_copy_routing)) },
-  { "search_parents",     opt_bool,
-      (void *)(offsetof(dnslookup_router_options_block, search_parents)) },
-  { "srv_fail_domains",   opt_stringptr,
-      (void *)(offsetof(dnslookup_router_options_block, srv_fail_domains)) },
-  { "widen_domains",      opt_stringptr,
-      (void *)(offsetof(dnslookup_router_options_block, widen_domains)) }
+  { "check_secondary_mx", opt_bool,		LOFF(check_secondary_mx) },
+  { "check_srv",          opt_stringptr,	LOFF(check_srv) },
+  { "fail_defer_domains", opt_stringptr,	LOFF(fail_defer_domains) },
+  { "ipv4_only",          opt_stringptr,	LOFF(ipv4_only) },
+  { "ipv4_prefer",        opt_stringptr,	LOFF(ipv4_prefer) },
+  { "mx_domains",         opt_stringptr,	LOFF(mx_domains) },
+  { "mx_fail_domains",    opt_stringptr,	LOFF(mx_fail_domains) },
+  { "qualify_single",     opt_bool,		LOFF(qualify_single) },
+  { "rewrite_headers",    opt_bool,		LOFF(rewrite_headers) },
+  { "same_domain_copy_routing", opt_bool|opt_public, OPT_OFF(router_instance, same_domain_copy_routing) },
+  { "search_parents",     opt_bool,		LOFF(search_parents) },
+  { "srv_fail_domains",   opt_stringptr,	LOFF(srv_fail_domains) },
+  { "widen_domains",      opt_stringptr,	LOFF(widen_domains) }
 };
 
 /* Size of the options list. An extern variable has to be used so that its
@@ -171,9 +161,6 @@ const uschar *fully_qualified_name;
 const uschar *listptr;
 uschar widen_buffer[256];
 
-addr_new = addr_new;          /* Keep picky compilers happy */
-addr_succeed = addr_succeed;
-
 DEBUG(D_route)
   debug_printf("%s router called for %s\n  domain = %s\n",
     rblock->name, addr->address, addr->domain);
@@ -183,7 +170,7 @@ DEBUG(D_route)
 if (ob->check_srv)
   {
   if (  !(srv_service = expand_string(ob->check_srv))
-     && !expand_string_forcedfail)
+     && !f.expand_string_forcedfail)
     {
     addr->message = string_sprintf("%s router: failed to expand \"%s\": %s",
       rblock->name, ob->check_srv, expand_string_message);
@@ -218,6 +205,7 @@ if (  ob->widen_domains
    && (verify != v_sender || !ob->rewrite_headers || addr->parent))
   {
   listptr = ob->widen_domains;
+  /* not expanded so should never be tainted */
   widen = string_nextinlist(&listptr, &widen_sep, widen_buffer,
     sizeof(widen_buffer));
 
@@ -247,6 +235,7 @@ for (;;)
   else if (widen)
     {
     h.name = string_sprintf("%s.%s", addr->domain, widen);
+    /* not expanded so should never be tainted */
     widen = string_nextinlist(&listptr, &widen_sep, widen_buffer,
       sizeof(widen_buffer));
     DEBUG(D_route) debug_printf("%s router widened %s to %s\n", rblock->name,
@@ -266,12 +255,12 @@ for (;;)
   if (  ob->ipv4_only
      && expand_check_condition(ob->ipv4_only, rblock->name, US"router"))
     flags = flags & ~HOST_FIND_BY_AAAA | HOST_FIND_IPV4_ONLY;
-  else if (search_find_defer)
+  else if (f.search_find_defer)
     return DEFER;
   if (  ob->ipv4_prefer
      && expand_check_condition(ob->ipv4_prefer, rblock->name, US"router"))
     flags |= HOST_FIND_IPV4_FIRST;
-  else if (search_find_defer)
+  else if (f.search_find_defer)
     return DEFER;
 
   /* Set up the rest of the initial host item. Others may get chained on if
@@ -289,7 +278,7 @@ for (;;)
 
   /* Unfortunately, we cannot set the mx_only option in advance, because the
   DNS lookup may extend an unqualified name. Therefore, we must do the test
-  stoubsequently. We use the same logic as that for widen_domains above to avoid
+  subsequently. We use the same logic as that for widen_domains above to avoid
   requesting a header rewrite that cannot work. */
 
   if (verify != v_sender || !ob->rewrite_headers || addr->parent)
@@ -399,7 +388,7 @@ for (;;)
   /* If there's a syntax error, do not continue with any widening, and note
   the error. */
 
-  if (host_find_failed_syntax)
+  if (f.host_find_failed_syntax)
     {
     addr->message = string_sprintf("mail domain \"%s\" is syntactically "
       "invalid", h.name);
@@ -459,7 +448,7 @@ else if (ob->check_secondary_mx && !testflag(addr, af_local_host_removed))
 rc = rf_get_errors_address(addr, rblock, verify, &addr->prop.errors_address);
 if (rc != OK) return rc;
 
-/* Set up the additional and removeable headers for this address. */
+/* Set up the additional and removable headers for this address. */
 
 rc = rf_get_munge_headers(addr, rblock, &addr->prop.extra_headers,
   &addr->prop.remove_headers);
@@ -468,7 +457,7 @@ if (rc != OK) return rc;
 /* Get store in which to preserve the original host item, chained on
 to the address. */
 
-addr->host_list = store_get(sizeof(host_item));
+addr->host_list = store_get(sizeof(host_item), GET_UNTAINTED);
 addr->host_list[0] = h;
 
 /* Fill in the transport and queue the address for delivery. */