X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/8e669ac162fe3b1040297f1d021de10778dce9d9..1d28cc061677bd07d9bed48dd84bd5c590247043:/src/src/bmi_spam.c diff --git a/src/src/bmi_spam.c b/src/src/bmi_spam.c index b8b9051b6..03e8defa6 100644 --- a/src/src/bmi_spam.c +++ b/src/src/bmi_spam.c @@ -1,5 +1,3 @@ -/* $Cambridge: exim/src/src/bmi_spam.c,v 1.3 2005/02/17 11:58:25 ph10 Exp $ */ - /************************************************* * Exim - an Internet mail transport agent * *************************************************/ @@ -7,6 +5,8 @@ /* Code for calling Brightmail AntiSpam. Copyright (c) Tom Kistner 2004 License: GPL */ +/* Copyright (c) The Exim Maintainers 2021 - 2022 */ +/* SPDX-License-Identifier: GPL-2.0-or-later */ #include "exim.h" #ifdef EXPERIMENTAL_BRIGHTMAIL @@ -29,7 +29,7 @@ uschar *bmi_process_message(header_line *header_list, int data_fd) { uschar *verdicts = NULL; int i,j; - err = bmiInitSystem(BMI_VERSION, (char *)bmi_config_file, &system); + err = bmiInitSystem(BMI_VERSION, CS bmi_config_file, &system); if (bmiErrorIsFatal(err) == BMI_TRUE) { err_loc = bmiErrorGetLocation(err); err_type = bmiErrorGetType(err); @@ -53,24 +53,24 @@ uschar *bmi_process_message(header_line *header_list, int data_fd) { host_address = localhost; else host_address = sender_host_address; - err = bmiProcessConnection((char *)host_address, message); + err = bmiProcessConnection(CS host_address, message); if (bmiErrorIsFatal(err) == BMI_TRUE) { err_loc = bmiErrorGetLocation(err); err_type = bmiErrorGetType(err); log_write(0, LOG_PANIC, - "bmi error [loc %d type %d]: bmiProcessConnection() failed (IP %s).", (int)err_loc, (int)err_type, (char *)host_address); + "bmi error [loc %d type %d]: bmiProcessConnection() failed (IP %s).", (int)err_loc, (int)err_type, CS host_address); bmiFreeMessage(message); bmiFreeSystem(system); return NULL; }; /* Send envelope sender address */ - err = bmiProcessFROM((char *)sender_address, message); + err = bmiProcessFROM(CS sender_address, message); if (bmiErrorIsFatal(err) == BMI_TRUE) { err_loc = bmiErrorGetLocation(err); err_type = bmiErrorGetType(err); log_write(0, LOG_PANIC, - "bmi error [loc %d type %d]: bmiProcessFROM() failed (address %s).", (int)err_loc, (int)err_type, (char *)sender_address); + "bmi error [loc %d type %d]: bmiProcessFROM() failed (address %s).", (int)err_loc, (int)err_type, CS sender_address); bmiFreeMessage(message); bmiFreeSystem(system); return NULL; @@ -88,14 +88,14 @@ uschar *bmi_process_message(header_line *header_list, int data_fd) { err = bmiOptinMset(optin, r->bmi_optin, ':'); if (bmiErrorIsFatal(err) == BMI_TRUE) { log_write(0, LOG_PANIC|LOG_MAIN, - "bmi warning: [loc %d type %d]: bmiOptinMSet() failed (address '%s', string '%s').", (int)err_loc, (int)err_type, (char *)r->address, (char *)r->bmi_optin); + "bmi warning: [loc %d type %d]: bmiOptinMSet() failed (address '%s', string '%s').", (int)err_loc, (int)err_type, CS r->address, CS r->bmi_optin); if (optin != NULL) bmiOptinFree(optin); optin = NULL; }; }; - err = bmiAccumulateTO((char *)r->address, optin, message); + err = bmiAccumulateTO(CS r->address, optin, message); if (optin != NULL) bmiOptinFree(optin); @@ -104,7 +104,7 @@ uschar *bmi_process_message(header_line *header_list, int data_fd) { err_loc = bmiErrorGetLocation(err); err_type = bmiErrorGetType(err); log_write(0, LOG_PANIC, - "bmi error [loc %d type %d]: bmiAccumulateTO() failed (address %s).", (int)err_loc, (int)err_type, (char *)r->address); + "bmi error [loc %d type %d]: bmiAccumulateTO() failed (address %s).", (int)err_loc, (int)err_type, CS r->address); bmiFreeMessage(message); bmiFreeSystem(system); return NULL; @@ -128,7 +128,7 @@ uschar *bmi_process_message(header_line *header_list, int data_fd) { header_list = header_list->next; continue; }; - err = bmiAccumulateHeaders((const char *)header_list->text, header_list->slen, message); + err = bmiAccumulateHeaders(CCS header_list->text, header_list->slen, message); if (bmiErrorIsFatal(err) == BMI_TRUE) { err_loc = bmiErrorGetLocation(err); err_type = bmiErrorGetType(err); @@ -156,7 +156,7 @@ uschar *bmi_process_message(header_line *header_list, int data_fd) { do { j = fread(data_buffer, 1, sizeof(data_buffer), data_file); if (j > 0) { - err = bmiAccumulateBody((const char *)data_buffer, j, message); + err = bmiAccumulateBody(CCS data_buffer, j, message); if (bmiErrorIsFatal(err) == BMI_TRUE) { err_loc = bmiErrorGetLocation(err); err_type = bmiErrorGetType(err); @@ -192,17 +192,20 @@ uschar *bmi_process_message(header_line *header_list, int data_fd) { return NULL; }; - /* get store for the verdict string */ - verdicts = store_get(1); + /* Get store for the verdict string. Since we are processing message data, assume that + the verdict is tainted. XXX this should use a growable-string */ + + verdicts = store_get(1, GET_TAINTED); *verdicts = '\0'; for ( err = bmiAccessFirstVerdict(message, &verdict); - verdict != NULL; + verdict; err = bmiAccessNextVerdict(message, verdict, &verdict) ) { char *verdict_str; err = bmiCreateStrFromVerdict(verdict,&verdict_str); - if (!store_extend(verdicts, Ustrlen(verdicts)+1, Ustrlen(verdicts)+1+strlen(verdict_str)+1)) { + if (!store_extend(verdicts, + Ustrlen(verdicts)+1, Ustrlen(verdicts)+1+strlen(verdict_str)+1)) { /* can't allocate more store */ return NULL; }; @@ -301,7 +304,7 @@ uschar *bmi_get_alt_location(uschar *base64_verdict) { } else { /* deliver to alternate location */ - rc = store_get(strlen(bmiVerdictAccessDestination(verdict))+1); + rc = store_get(strlen(bmiVerdictAccessDestination(verdict))+1, GET_TAINTED); Ustrcpy(rc, bmiVerdictAccessDestination(verdict)); rc[strlen(bmiVerdictAccessDestination(verdict))] = '\0'; }; @@ -326,11 +329,11 @@ uschar *bmi_get_base64_verdict(uschar *bmi_local_part, uschar *bmi_domain) { return NULL; /* allocate room for the b64 verdict string */ - verdict_buffer = store_get(Ustrlen(bmi_verdicts)+1); + verdict_buffer = store_get(Ustrlen(bmi_verdicts)+1, GET_TAINTED); /* loop through verdicts */ verdict_ptr = bmi_verdicts; - while ((verdict_str = (const char *)string_nextinlist(&verdict_ptr, &sep, + while ((verdict_str = CCS string_nextinlist(&verdict_ptr, &sep, verdict_buffer, Ustrlen(bmi_verdicts)+1)) != NULL) { @@ -352,7 +355,7 @@ uschar *bmi_get_base64_verdict(uschar *bmi_local_part, uschar *bmi_domain) { uschar *rcpt_domain; /* compare address against our subject */ - rcpt_local_part = (unsigned char *)bmiRecipientAccessAddress(recipient); + rcpt_local_part = US bmiRecipientAccessAddress(recipient); rcpt_domain = Ustrchr(rcpt_local_part,'@'); if (rcpt_domain == NULL) { rcpt_domain = US""; @@ -366,7 +369,7 @@ uschar *bmi_get_base64_verdict(uschar *bmi_local_part, uschar *bmi_domain) { (strcmpic(rcpt_domain, bmi_domain) == 0) ) { /* found verdict */ bmiFreeVerdict(verdict); - return (uschar *)verdict_str; + return US verdict_str; }; }; @@ -447,13 +450,15 @@ int bmi_check_rule(uschar *base64_verdict, uschar *option_list) { } /* loop through numbers */ + /* option_list doesn't seem to be expanded so cannot be tainted. If it ever is we + will trap here */ rule_ptr = option_list; while ((rule_num = string_nextinlist(&rule_ptr, &sep, - rule_buffer, 32)) != NULL) { + rule_buffer, sizeof(rule_buffer)))) { int rule_int = -1; /* try to translate to int */ - sscanf(rule_num, "%d", &rule_int); + (void)sscanf(rule_num, "%d", &rule_int); if (rule_int > 0) { debug_printf("checking rule #%d\n", rule_int); /* check if rule fired on the message */