X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/8f2cf8f5adaa08ef84b47bf9bc2f71e39236c22d..1ed70f64c0df2c1428057c2ad5b3d43260087396:/src/src/expand.c diff --git a/src/src/expand.c b/src/src/expand.c index 9b315b42b..b7719f642 100644 --- a/src/src/expand.c +++ b/src/src/expand.c @@ -1288,7 +1288,7 @@ expand_getlistele(int field, const uschar * list) const uschar * tlist = list; int sep = 0; /* Tainted mem for the throwaway element copies */ -uschar * dummy = store_get(2, TRUE); +uschar * dummy = store_get(2, GET_TAINTED); if (field < 0) { @@ -1975,7 +1975,7 @@ switch (vp->type) int len = message_body_visible; if (len > message_size) len = message_size; - *ss = body = store_get(len+1, TRUE); + *ss = body = store_get(len+1, GET_TAINTED); body[0] = 0; if (vp->type == vtype_msgbody_end) { @@ -2898,64 +2898,49 @@ switch(cond_type = identify_operator(&s, &opname)) { case ECOND_NUM_E: case ECOND_NUM_EE: - tempcond = (num[0] == num[1]); - break; + tempcond = (num[0] == num[1]); break; case ECOND_NUM_G: - tempcond = (num[0] > num[1]); - break; + tempcond = (num[0] > num[1]); break; case ECOND_NUM_GE: - tempcond = (num[0] >= num[1]); - break; + tempcond = (num[0] >= num[1]); break; case ECOND_NUM_L: - tempcond = (num[0] < num[1]); - break; + tempcond = (num[0] < num[1]); break; case ECOND_NUM_LE: - tempcond = (num[0] <= num[1]); - break; + tempcond = (num[0] <= num[1]); break; case ECOND_STR_LT: - tempcond = (Ustrcmp(sub[0], sub[1]) < 0); - break; + tempcond = (Ustrcmp(sub[0], sub[1]) < 0); break; case ECOND_STR_LTI: - tempcond = (strcmpic(sub[0], sub[1]) < 0); - break; + tempcond = (strcmpic(sub[0], sub[1]) < 0); break; case ECOND_STR_LE: - tempcond = (Ustrcmp(sub[0], sub[1]) <= 0); - break; + tempcond = (Ustrcmp(sub[0], sub[1]) <= 0); break; case ECOND_STR_LEI: - tempcond = (strcmpic(sub[0], sub[1]) <= 0); - break; + tempcond = (strcmpic(sub[0], sub[1]) <= 0); break; case ECOND_STR_EQ: - tempcond = (Ustrcmp(sub[0], sub[1]) == 0); - break; + tempcond = (Ustrcmp(sub[0], sub[1]) == 0); break; case ECOND_STR_EQI: - tempcond = (strcmpic(sub[0], sub[1]) == 0); - break; + tempcond = (strcmpic(sub[0], sub[1]) == 0); break; case ECOND_STR_GT: - tempcond = (Ustrcmp(sub[0], sub[1]) > 0); - break; + tempcond = (Ustrcmp(sub[0], sub[1]) > 0); break; case ECOND_STR_GTI: - tempcond = (strcmpic(sub[0], sub[1]) > 0); - break; + tempcond = (strcmpic(sub[0], sub[1]) > 0); break; case ECOND_STR_GE: - tempcond = (Ustrcmp(sub[0], sub[1]) >= 0); - break; + tempcond = (Ustrcmp(sub[0], sub[1]) >= 0); break; case ECOND_STR_GEI: - tempcond = (strcmpic(sub[0], sub[1]) >= 0); - break; + tempcond = (strcmpic(sub[0], sub[1]) >= 0); break; case ECOND_MATCH: /* Regular expression match */ { @@ -2978,72 +2963,68 @@ switch(cond_type = identify_operator(&s, &opname)) } case ECOND_MATCH_ADDRESS: /* Match in an address list */ - rc = match_address_list(sub[0], TRUE, FALSE, &(sub[1]), NULL, -1, 0, NULL); - goto MATCHED_SOMETHING; + rc = match_address_list(sub[0], TRUE, FALSE, &(sub[1]), NULL, -1, 0, + NULL); + goto MATCHED_SOMETHING; case ECOND_MATCH_DOMAIN: /* Match in a domain list */ - rc = match_isinlist(sub[0], &(sub[1]), 0, &domainlist_anchor, NULL, - MCL_DOMAIN + MCL_NOEXPAND, TRUE, NULL); - goto MATCHED_SOMETHING; + rc = match_isinlist(sub[0], &(sub[1]), 0, &domainlist_anchor, NULL, + MCL_DOMAIN + MCL_NOEXPAND, TRUE, NULL); + goto MATCHED_SOMETHING; case ECOND_MATCH_IP: /* Match IP address in a host list */ - if (sub[0][0] != 0 && string_is_ip_address(sub[0], NULL) == 0) - { - expand_string_message = string_sprintf("\"%s\" is not an IP address", - sub[0]); - return NULL; - } - else - { - unsigned int *nullcache = NULL; - check_host_block cb; - - cb.host_name = US""; - cb.host_address = sub[0]; - - /* If the host address starts off ::ffff: it is an IPv6 address in - IPv4-compatible mode. Find the IPv4 part for checking against IPv4 - addresses. */ - - cb.host_ipv4 = (Ustrncmp(cb.host_address, "::ffff:", 7) == 0)? - cb.host_address + 7 : cb.host_address; - - rc = match_check_list( - &sub[1], /* the list */ - 0, /* separator character */ - &hostlist_anchor, /* anchor pointer */ - &nullcache, /* cache pointer */ - check_host, /* function for testing */ - &cb, /* argument for function */ - MCL_HOST, /* type of check */ - sub[0], /* text for debugging */ - NULL); /* where to pass back data */ - } - goto MATCHED_SOMETHING; + if (sub[0][0] != 0 && string_is_ip_address(sub[0], NULL) == 0) + { + expand_string_message = string_sprintf("\"%s\" is not an IP address", + sub[0]); + return NULL; + } + else + { + unsigned int *nullcache = NULL; + check_host_block cb; + + cb.host_name = US""; + cb.host_address = sub[0]; + + /* If the host address starts off ::ffff: it is an IPv6 address in + IPv4-compatible mode. Find the IPv4 part for checking against IPv4 + addresses. */ + + cb.host_ipv4 = (Ustrncmp(cb.host_address, "::ffff:", 7) == 0)? + cb.host_address + 7 : cb.host_address; + + rc = match_check_list( + &sub[1], /* the list */ + 0, /* separator character */ + &hostlist_anchor, /* anchor pointer */ + &nullcache, /* cache pointer */ + check_host, /* function for testing */ + &cb, /* argument for function */ + MCL_HOST, /* type of check */ + sub[0], /* text for debugging */ + NULL); /* where to pass back data */ + } + goto MATCHED_SOMETHING; case ECOND_MATCH_LOCAL_PART: - rc = match_isinlist(sub[0], &(sub[1]), 0, &localpartlist_anchor, NULL, - MCL_LOCALPART + MCL_NOEXPAND, TRUE, NULL); - /* Fall through */ - /* VVVVVVVVVVVV */ - MATCHED_SOMETHING: - switch(rc) - { - case OK: - tempcond = TRUE; - break; - - case FAIL: - tempcond = FALSE; - break; + rc = match_isinlist(sub[0], &(sub[1]), 0, &localpartlist_anchor, NULL, + MCL_LOCALPART + MCL_NOEXPAND, TRUE, NULL); + /* Fall through */ + /* VVVVVVVVVVVV */ + MATCHED_SOMETHING: + switch(rc) + { + case OK: tempcond = TRUE; break; + case FAIL: tempcond = FALSE; break; - case DEFER: - expand_string_message = string_sprintf("unable to complete match " - "against \"%s\": %s", sub[1], search_error_message); - return NULL; - } + case DEFER: + expand_string_message = string_sprintf("unable to complete match " + "against \"%s\": %s", sub[1], search_error_message); + return NULL; + } - break; + break; /* Various "encrypted" comparisons. If the second string starts with "{" then an encryption type is given. Default to crypt() or crypt16() @@ -3052,138 +3033,138 @@ switch(cond_type = identify_operator(&s, &opname)) case ECOND_CRYPTEQ: #ifndef SUPPORT_CRYPTEQ - goto COND_FAILED_NOT_COMPILED; + goto COND_FAILED_NOT_COMPILED; #else - if (strncmpic(sub[1], US"{md5}", 5) == 0) - { - int sublen = Ustrlen(sub[1]+5); - md5 base; - uschar digest[16]; + if (strncmpic(sub[1], US"{md5}", 5) == 0) + { + int sublen = Ustrlen(sub[1]+5); + md5 base; + uschar digest[16]; - md5_start(&base); - md5_end(&base, sub[0], Ustrlen(sub[0]), digest); + md5_start(&base); + md5_end(&base, sub[0], Ustrlen(sub[0]), digest); - /* If the length that we are comparing against is 24, the MD5 digest - is expressed as a base64 string. This is the way LDAP does it. However, - some other software uses a straightforward hex representation. We assume - this if the length is 32. Other lengths fail. */ + /* If the length that we are comparing against is 24, the MD5 digest + is expressed as a base64 string. This is the way LDAP does it. However, + some other software uses a straightforward hex representation. We assume + this if the length is 32. Other lengths fail. */ - if (sublen == 24) - { - uschar *coded = b64encode(CUS digest, 16); - DEBUG(D_auth) debug_printf("crypteq: using MD5+B64 hashing\n" - " subject=%s\n crypted=%s\n", coded, sub[1]+5); - tempcond = (Ustrcmp(coded, sub[1]+5) == 0); - } - else if (sublen == 32) - { - uschar coded[36]; - for (int i = 0; i < 16; i++) sprintf(CS (coded+2*i), "%02X", digest[i]); - coded[32] = 0; - DEBUG(D_auth) debug_printf("crypteq: using MD5+hex hashing\n" - " subject=%s\n crypted=%s\n", coded, sub[1]+5); - tempcond = (strcmpic(coded, sub[1]+5) == 0); - } - else - { - DEBUG(D_auth) debug_printf("crypteq: length for MD5 not 24 or 32: " - "fail\n crypted=%s\n", sub[1]+5); - tempcond = FALSE; - } - } + if (sublen == 24) + { + uschar *coded = b64encode(CUS digest, 16); + DEBUG(D_auth) debug_printf("crypteq: using MD5+B64 hashing\n" + " subject=%s\n crypted=%s\n", coded, sub[1]+5); + tempcond = (Ustrcmp(coded, sub[1]+5) == 0); + } + else if (sublen == 32) + { + uschar coded[36]; + for (int i = 0; i < 16; i++) sprintf(CS (coded+2*i), "%02X", digest[i]); + coded[32] = 0; + DEBUG(D_auth) debug_printf("crypteq: using MD5+hex hashing\n" + " subject=%s\n crypted=%s\n", coded, sub[1]+5); + tempcond = (strcmpic(coded, sub[1]+5) == 0); + } + else + { + DEBUG(D_auth) debug_printf("crypteq: length for MD5 not 24 or 32: " + "fail\n crypted=%s\n", sub[1]+5); + tempcond = FALSE; + } + } - else if (strncmpic(sub[1], US"{sha1}", 6) == 0) - { - int sublen = Ustrlen(sub[1]+6); - hctx h; - uschar digest[20]; + else if (strncmpic(sub[1], US"{sha1}", 6) == 0) + { + int sublen = Ustrlen(sub[1]+6); + hctx h; + uschar digest[20]; - sha1_start(&h); - sha1_end(&h, sub[0], Ustrlen(sub[0]), digest); + sha1_start(&h); + sha1_end(&h, sub[0], Ustrlen(sub[0]), digest); - /* If the length that we are comparing against is 28, assume the SHA1 - digest is expressed as a base64 string. If the length is 40, assume a - straightforward hex representation. Other lengths fail. */ + /* If the length that we are comparing against is 28, assume the SHA1 + digest is expressed as a base64 string. If the length is 40, assume a + straightforward hex representation. Other lengths fail. */ - if (sublen == 28) - { - uschar *coded = b64encode(CUS digest, 20); - DEBUG(D_auth) debug_printf("crypteq: using SHA1+B64 hashing\n" - " subject=%s\n crypted=%s\n", coded, sub[1]+6); - tempcond = (Ustrcmp(coded, sub[1]+6) == 0); - } - else if (sublen == 40) - { - uschar coded[44]; - for (int i = 0; i < 20; i++) sprintf(CS (coded+2*i), "%02X", digest[i]); - coded[40] = 0; - DEBUG(D_auth) debug_printf("crypteq: using SHA1+hex hashing\n" - " subject=%s\n crypted=%s\n", coded, sub[1]+6); - tempcond = (strcmpic(coded, sub[1]+6) == 0); - } - else - { - DEBUG(D_auth) debug_printf("crypteq: length for SHA-1 not 28 or 40: " - "fail\n crypted=%s\n", sub[1]+6); - tempcond = FALSE; - } - } + if (sublen == 28) + { + uschar *coded = b64encode(CUS digest, 20); + DEBUG(D_auth) debug_printf("crypteq: using SHA1+B64 hashing\n" + " subject=%s\n crypted=%s\n", coded, sub[1]+6); + tempcond = (Ustrcmp(coded, sub[1]+6) == 0); + } + else if (sublen == 40) + { + uschar coded[44]; + for (int i = 0; i < 20; i++) sprintf(CS (coded+2*i), "%02X", digest[i]); + coded[40] = 0; + DEBUG(D_auth) debug_printf("crypteq: using SHA1+hex hashing\n" + " subject=%s\n crypted=%s\n", coded, sub[1]+6); + tempcond = (strcmpic(coded, sub[1]+6) == 0); + } + else + { + DEBUG(D_auth) debug_printf("crypteq: length for SHA-1 not 28 or 40: " + "fail\n crypted=%s\n", sub[1]+6); + tempcond = FALSE; + } + } - else /* {crypt} or {crypt16} and non-{ at start */ - /* }-for-text-editors */ - { - int which = 0; - uschar *coded; + else /* {crypt} or {crypt16} and non-{ at start */ + /* }-for-text-editors */ + { + int which = 0; + uschar *coded; - if (strncmpic(sub[1], US"{crypt}", 7) == 0) - { - sub[1] += 7; - which = 1; - } - else if (strncmpic(sub[1], US"{crypt16}", 9) == 0) - { - sub[1] += 9; - which = 2; - } - else if (sub[1][0] == '{') /* }-for-text-editors */ - { - expand_string_message = string_sprintf("unknown encryption mechanism " - "in \"%s\"", sub[1]); - return NULL; - } + if (strncmpic(sub[1], US"{crypt}", 7) == 0) + { + sub[1] += 7; + which = 1; + } + else if (strncmpic(sub[1], US"{crypt16}", 9) == 0) + { + sub[1] += 9; + which = 2; + } + else if (sub[1][0] == '{') /* }-for-text-editors */ + { + expand_string_message = string_sprintf("unknown encryption mechanism " + "in \"%s\"", sub[1]); + return NULL; + } - switch(which) - { - case 0: coded = US DEFAULT_CRYPT(CS sub[0], CS sub[1]); break; - case 1: coded = US crypt(CS sub[0], CS sub[1]); break; - default: coded = US crypt16(CS sub[0], CS sub[1]); break; - } + switch(which) + { + case 0: coded = US DEFAULT_CRYPT(CS sub[0], CS sub[1]); break; + case 1: coded = US crypt(CS sub[0], CS sub[1]); break; + default: coded = US crypt16(CS sub[0], CS sub[1]); break; + } - #define STR(s) # s - #define XSTR(s) STR(s) - DEBUG(D_auth) debug_printf("crypteq: using %s()\n" - " subject=%s\n crypted=%s\n", - which == 0 ? XSTR(DEFAULT_CRYPT) : which == 1 ? "crypt" : "crypt16", - coded, sub[1]); - #undef STR - #undef XSTR - - /* If the encrypted string contains fewer than two characters (for the - salt), force failure. Otherwise we get false positives: with an empty - string the yield of crypt() is an empty string! */ - - if (coded) - tempcond = Ustrlen(sub[1]) < 2 ? FALSE : Ustrcmp(coded, sub[1]) == 0; - else if (errno == EINVAL) - tempcond = FALSE; - else - { - expand_string_message = string_sprintf("crypt error: %s\n", - US strerror(errno)); - return NULL; + #define STR(s) # s + #define XSTR(s) STR(s) + DEBUG(D_auth) debug_printf("crypteq: using %s()\n" + " subject=%s\n crypted=%s\n", + which == 0 ? XSTR(DEFAULT_CRYPT) : which == 1 ? "crypt" : "crypt16", + coded, sub[1]); + #undef STR + #undef XSTR + + /* If the encrypted string contains fewer than two characters (for the + salt), force failure. Otherwise we get false positives: with an empty + string the yield of crypt() is an empty string! */ + + if (coded) + tempcond = Ustrlen(sub[1]) < 2 ? FALSE : Ustrcmp(coded, sub[1]) == 0; + else if (errno == EINVAL) + tempcond = FALSE; + else + { + expand_string_message = string_sprintf("crypt error: %s\n", + US strerror(errno)); + return NULL; + } } - } - break; + break; #endif /* SUPPORT_CRYPTEQ */ case ECOND_INLIST: @@ -3834,8 +3815,8 @@ Returns: pointer to string containing the last three static uschar * prvs_daystamp(int day_offset) { -uschar *days = store_get(32, FALSE); /* Need at least 24 for cases */ -(void)string_format(days, 32, TIME_T_FMT, /* where TIME_T_FMT is %lld */ +uschar * days = store_get(32, GET_UNTAINTED); /* Need at least 24 for cases */ +(void)string_format(days, 32, TIME_T_FMT, /* where TIME_T_FMT is %lld */ (time(NULL) + day_offset*86400)/86400); return (Ustrlen(days) >= 3) ? &days[Ustrlen(days)-3] : US"100"; } @@ -3906,7 +3887,7 @@ chash_end(HMAC_SHA1, &h, innerhash, 20, finalhash); /* Hashing is deemed sufficient to de-taint any input data */ -p = finalhash_hex = store_get(40, FALSE); +p = finalhash_hex = store_get(40, GET_UNTAINTED); for (int i = 0; i < 3; i++) { *p++ = hex_digits[(finalhash[i] & 0xf0) >> 4]; @@ -4347,7 +4328,7 @@ list = ((namedlist_block *)(t->data.ptr))->string; /* The list could be quite long so we (re)use a buffer for each element rather than getting each in new memory */ -if (is_tainted(list)) buffer = store_get(LISTNAMED_BUF_SIZE, TRUE); +if (is_tainted(list)) buffer = store_get(LISTNAMED_BUF_SIZE, GET_TAINTED); while ((item = string_nextinlist(&list, &sep, buffer, LISTNAMED_BUF_SIZE))) { uschar * buf = US" : "; @@ -4604,13 +4585,13 @@ while (*s) buffer. */ if (!yield) - g = store_get(sizeof(gstring), FALSE); + g = store_get(sizeof(gstring), GET_UNTAINTED); else if (yield->ptr == 0) { if (resetok) reset_point = store_reset(reset_point); yield = NULL; reset_point = store_mark(); - g = store_get(sizeof(gstring), FALSE); /* alloc _before_ calling find_variable() */ + g = store_get(sizeof(gstring), GET_UNTAINTED); /* alloc _before_ calling find_variable() */ } /* Header */ @@ -6436,6 +6417,7 @@ while (*s) goto EXPAND_FAILED; /*{{*/ if (*s++ != '}') { + /*{*/ expand_string_message = string_sprintf("missing '}' closing first arg of %s", name); goto EXPAND_FAILED_CURLY; @@ -6835,7 +6817,7 @@ while (*s) log_write(0, LOG_MAIN|LOG_PANIC, "%s", expand_string_message); goto EXPAND_FAILED; } - t = store_get_perm(sizeof(tree_node) + Ustrlen(argv[0]), is_tainted(argv[0])); + t = store_get_perm(sizeof(tree_node) + Ustrlen(argv[0]), argv[0]); Ustrcpy(t->name, argv[0]); t->data.ptr = handle; (void)tree_insertnode(&dlobj_anchor, t); @@ -7364,7 +7346,7 @@ NOT_ITEM: ; case EOP_LISTCOUNT: { int cnt = 0, sep = 0; - uschar * buf = store_get(2, is_tainted(sub)); + uschar * buf = store_get(2, sub); while (string_nextinlist(CUSS &sub, &sep, buf, 1)) cnt++; yield = string_fmt_append(yield, "%d", cnt); @@ -7624,109 +7606,108 @@ NOT_ITEM: ; goto EXPAND_FAILED; } - if (lookup_list[n]->quote) - sub = (lookup_list[n]->quote)(sub, opt); - else if (opt) - sub = NULL; + if (lookup_list[n]->quote) + sub = (lookup_list[n]->quote)(sub, opt, (unsigned)n); + else if (opt) + sub = NULL; - if (!sub) - { - expand_string_message = string_sprintf( - "\"%s\" unrecognized after \"${quote_%s\"", /*}*/ - opt, arg); - goto EXPAND_FAILED; - } + if (!sub) + { + expand_string_message = string_sprintf( + "\"%s\" unrecognized after \"${quote_%s\"", /*}*/ + opt, arg); + goto EXPAND_FAILED; + } - yield = string_cat(yield, sub); - break; - } + yield = string_cat(yield, sub); + break; + } - /* rx quote sticks in \ before any non-alphameric character so that - the insertion works in a regular expression. */ + /* rx quote sticks in \ before any non-alphameric character so that + the insertion works in a regular expression. */ - case EOP_RXQUOTE: - { - uschar *t = sub - 1; - while (*(++t) != 0) - { - if (!isalnum(*t)) - yield = string_catn(yield, US"\\", 1); - yield = string_catn(yield, t, 1); - } - break; - } + case EOP_RXQUOTE: + { + uschar *t = sub - 1; + while (*(++t) != 0) + { + if (!isalnum(*t)) + yield = string_catn(yield, US"\\", 1); + yield = string_catn(yield, t, 1); + } + break; + } - /* RFC 2047 encodes, assuming headers_charset (default ISO 8859-1) as - prescribed by the RFC, if there are characters that need to be encoded */ + /* RFC 2047 encodes, assuming headers_charset (default ISO 8859-1) as + prescribed by the RFC, if there are characters that need to be encoded */ - case EOP_RFC2047: - yield = string_cat(yield, - parse_quote_2047(sub, Ustrlen(sub), headers_charset, - FALSE)); - break; + case EOP_RFC2047: + yield = string_cat(yield, + parse_quote_2047(sub, Ustrlen(sub), headers_charset, + FALSE)); + break; - /* RFC 2047 decode */ + /* RFC 2047 decode */ - case EOP_RFC2047D: - { - int len; - uschar *error; - uschar *decoded = rfc2047_decode(sub, check_rfc2047_length, - headers_charset, '?', &len, &error); - if (error) - { - expand_string_message = error; - goto EXPAND_FAILED; - } - yield = string_catn(yield, decoded, len); - break; - } + case EOP_RFC2047D: + { + int len; + uschar *error; + uschar *decoded = rfc2047_decode(sub, check_rfc2047_length, + headers_charset, '?', &len, &error); + if (error) + { + expand_string_message = error; + goto EXPAND_FAILED; + } + yield = string_catn(yield, decoded, len); + break; + } - /* from_utf8 converts UTF-8 to 8859-1, turning non-existent chars into - underscores */ + /* from_utf8 converts UTF-8 to 8859-1, turning non-existent chars into + underscores */ - case EOP_FROM_UTF8: - { - uschar * buff = store_get(4, is_tainted(sub)); - while (*sub) - { - int c; - GETUTF8INC(c, sub); - if (c > 255) c = '_'; - buff[0] = c; - yield = string_catn(yield, buff, 1); - } - break; - } + case EOP_FROM_UTF8: + { + uschar * buff = store_get(4, sub); + while (*sub) + { + int c; + GETUTF8INC(c, sub); + if (c > 255) c = '_'; + buff[0] = c; + yield = string_catn(yield, buff, 1); + } + break; + } - /* replace illegal UTF-8 sequences by replacement character */ + /* replace illegal UTF-8 sequences by replacement character */ - #define UTF8_REPLACEMENT_CHAR US"?" + #define UTF8_REPLACEMENT_CHAR US"?" - case EOP_UTF8CLEAN: - { - int seq_len = 0, index = 0; - int bytes_left = 0; - long codepoint = -1; - int complete; - uschar seq_buff[4]; /* accumulate utf-8 here */ + case EOP_UTF8CLEAN: + { + int seq_len = 0, index = 0; + int bytes_left = 0; + long codepoint = -1; + int complete; + uschar seq_buff[4]; /* accumulate utf-8 here */ - /* Manually track tainting, as we deal in individual chars below */ + /* Manually track tainting, as we deal in individual chars below */ - if (is_tainted(sub)) - if (yield->s && yield->ptr) - gstring_rebuffer(yield); - else - yield->s = store_get(yield->size = Ustrlen(sub), TRUE); + if (!yield->s || !yield->ptr) + yield->s = store_get(yield->size = Ustrlen(sub), sub); + else if (is_incompatible(yield->s, sub)) + gstring_rebuffer(yield, sub); - /* Check the UTF-8, byte-by-byte */ + /* Check the UTF-8, byte-by-byte */ - while (*sub) - { - complete = 0; - uschar c = *sub++; + while (*sub) + { + complete = 0; + uschar c = *sub++; - if (bytes_left) + if (bytes_left) { if ((c & 0xc0) != 0x80) /* wrong continuation byte; invalidate all bytes */ @@ -8149,9 +8130,34 @@ NOT_ITEM: ; } /* EOP_* switch */ DEBUG(D_expand) - if (start > 0 || *s) /* only if not the sole expansion of the line */ - debug_expansion_interim(US"op-res", - yield->s + start, yield->ptr - start, skipping); + { + const uschar * s = yield->s + start; + int i = yield->ptr - start; + BOOL tainted = is_tainted(s); + + DEBUG(D_noutf8) + { + debug_printf_indent("|-----op-res: %.*s\n", i, s); + if (tainted) + { + debug_printf_indent("%s \\__", skipping ? "| " : " "); + debug_print_taint(yield->s); + } + } + else + { + debug_printf_indent(UTF8_VERT_RIGHT + UTF8_HORIZ UTF8_HORIZ UTF8_HORIZ UTF8_HORIZ UTF8_HORIZ + "op-res: %.*s\n", i, s); + if (tainted) + { + debug_printf_indent("%s", + skipping + ? UTF8_VERT " " : " " UTF8_UP_RIGHT UTF8_HORIZ UTF8_HORIZ); + debug_print_taint(yield->s); + } + } + } continue; } } @@ -8172,13 +8178,13 @@ NOT_ITEM: ; gstring * g = NULL; if (!yield) - g = store_get(sizeof(gstring), FALSE); + g = store_get(sizeof(gstring), GET_UNTAINTED); else if (yield->ptr == 0) { if (resetok) reset_point = store_reset(reset_point); yield = NULL; reset_point = store_mark(); - g = store_get(sizeof(gstring), FALSE); /* alloc _before_ calling find_variable() */ + g = store_get(sizeof(gstring), GET_UNTAINTED); /* alloc _before_ calling find_variable() */ } if (!(value = find_variable(name, FALSE, skipping, &newsize))) { @@ -8244,8 +8250,10 @@ DEBUG(D_expand) debug_printf_indent("%sresult: %s\n", skipping ? "|-----" : "\\_____", yield->s); if (tainted) - debug_printf_indent("%s \\__(tainted)\n", - skipping ? "| " : " "); + { + debug_printf_indent("%s \\__", skipping ? "| " : " "); + debug_print_taint(yield->s); + } if (skipping) debug_printf_indent("\\___skipping: result is not used\n"); } @@ -8259,9 +8267,12 @@ DEBUG(D_expand) skipping ? UTF8_VERT_RIGHT : UTF8_UP_RIGHT, yield->s); if (tainted) - debug_printf_indent("%s(tainted)\n", + { + debug_printf_indent("%s", skipping ? UTF8_VERT " " : " " UTF8_UP_RIGHT UTF8_HORIZ UTF8_HORIZ); + debug_print_taint(yield->s); + } if (skipping) debug_printf_indent(UTF8_UP_RIGHT UTF8_HORIZ UTF8_HORIZ UTF8_HORIZ "skipping: result is not used\n"); @@ -8288,6 +8299,7 @@ that is a bad idea, because expand_string_message is in dynamic store. */ EXPAND_FAILED: if (left) *left = s; DEBUG(D_expand) + { DEBUG(D_noutf8) { debug_printf_indent("|failed to expand: %s\n", string); @@ -8307,6 +8319,7 @@ DEBUG(D_expand) if (f.expand_string_forcedfail) debug_printf_indent(UTF8_UP_RIGHT "failure was forced\n"); } + } if (resetok_p && !resetok) *resetok_p = FALSE; expand_level--; return NULL;