X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/92583637b25b6bde926f9ca6be7b085e5ac8b1e6..a85c067ba6c6940512cf57ec213277a370d87e70:/src/src/host.c diff --git a/src/src/host.c b/src/src/host.c index 18f1b54f8..874e19a08 100644 --- a/src/src/host.c +++ b/src/src/host.c @@ -2,9 +2,10 @@ * Exim - an Internet mail transport agent * *************************************************/ +/* Copyright (c) The Exim Maintainers 2020 - 2022 */ /* Copyright (c) University of Cambridge 1995 - 2018 */ -/* Copyright (c) The Exim Maintainers 2020 */ /* See the file NOTICE for conditions of use and distribution. */ +/* SPDX-License-Identifier: GPL-2.0-only */ /* Functions for finding hosts, either by gethostbyname(), gethostbyaddr(), or directly via the DNS. When IPv6 is supported, getipnodebyname() and @@ -84,13 +85,13 @@ random_number(int limit) if (limit < 1) return 0; if (random_seed == 0) - { - if (f.running_in_test_harness) random_seed = 42; else + if (f.running_in_test_harness) + random_seed = 42; + else { int p = (int)getpid(); random_seed = (int)time(NULL) ^ ((p << 16) | p); } - } random_seed = 1103515245 * random_seed + 12345; return (unsigned int)(random_seed >> 16) % limit; } @@ -197,9 +198,9 @@ if ((ipa = string_is_ip_address(lname, NULL)) != 0) || ipa == 6 && af == AF_INET6) { int x[4]; - yield = store_get(sizeof(struct hostent), FALSE); - alist = store_get(2 * sizeof(char *), FALSE); - adds = store_get(alen, FALSE); + yield = store_get(sizeof(struct hostent), GET_UNTAINTED); + alist = store_get(2 * sizeof(char *), GET_UNTAINTED); + adds = store_get(alen, GET_UNTAINTED); yield->h_name = CS name; yield->h_aliases = NULL; yield->h_addrtype = af; @@ -251,9 +252,9 @@ else rr = dns_next_rr(dnsa, &dnss, RESET_NEXT)) if (rr->type == type) count++; - yield = store_get(sizeof(struct hostent), FALSE); - alist = store_get((count + 1) * sizeof(char *), FALSE); - adds = store_get(count *alen, FALSE); + yield = store_get(sizeof(struct hostent), GET_UNTAINTED); + alist = store_get((count + 1) * sizeof(char *), GET_UNTAINTED); + adds = store_get(count *alen, GET_UNTAINTED); yield->h_name = CS name; yield->h_aliases = NULL; @@ -328,12 +329,12 @@ while ((name = string_nextinlist(&list, &sep, NULL, 0))) continue; } - h = store_get(sizeof(host_item), FALSE); + h = store_get(sizeof(host_item), GET_UNTAINTED); h->name = name; h->address = NULL; h->port = PORT_NONE; h->mx = fake_mx; - h->sort_key = randomize? (-fake_mx)*1000 + random_number(1000) : 0; + h->sort_key = randomize ? (-fake_mx)*1000 + random_number(1000) : 0; h->status = hstatus_unknown; h->why = hwhy_unknown; h->last_try = 0; @@ -363,77 +364,6 @@ while ((name = string_nextinlist(&list, &sep, NULL, 0))) } - - - -/************************************************* -* Extract port from address string * -*************************************************/ - -/* In the spool file, and in the -oMa and -oMi options, a host plus port is -given as an IP address followed by a dot and a port number. This function -decodes this. - -An alternative format for the -oMa and -oMi options is [ip address]:port which -is what Exim 4 uses for output, because it seems to becoming commonly used, -whereas the dot form confuses some programs/people. So we recognize that form -too. - -Argument: - address points to the string; if there is a port, the '.' in the string - is overwritten with zero to terminate the address; if the string - is in the [xxx]:ppp format, the address is shifted left and the - brackets are removed - -Returns: 0 if there is no port, else the port number. If there's a syntax - error, leave the incoming address alone, and return 0. -*/ - -int -host_address_extract_port(uschar *address) -{ -int port = 0; -uschar *endptr; - -/* Handle the "bracketed with colon on the end" format */ - -if (*address == '[') - { - uschar *rb = address + 1; - while (*rb != 0 && *rb != ']') rb++; - if (*rb++ == 0) return 0; /* Missing ]; leave invalid address */ - if (*rb == ':') - { - port = Ustrtol(rb + 1, &endptr, 10); - if (*endptr != 0) return 0; /* Invalid port; leave invalid address */ - } - else if (*rb != 0) return 0; /* Bad syntax; leave invalid address */ - memmove(address, address + 1, rb - address - 2); - rb[-2] = 0; - } - -/* Handle the "dot on the end" format */ - -else - { - int skip = -3; /* Skip 3 dots in IPv4 addresses */ - address--; - while (*(++address) != 0) - { - int ch = *address; - if (ch == ':') skip = 0; /* Skip 0 dots in IPv6 addresses */ - else if (ch == '.' && skip++ >= 0) break; - } - if (*address == 0) return 0; - port = Ustrtol(address + 1, &endptr, 10); - if (*endptr != 0) return 0; /* Invalid port; leave invalid address */ - *address = 0; - } - -return port; -} - - /************************************************* * Get port from a host item's name * *************************************************/ @@ -732,7 +662,6 @@ host_build_ifacelist(const uschar *list, uschar *name) int sep = 0; uschar *s; ip_address_item * yield = NULL, * last = NULL, * next; -BOOL taint = is_tainted(list); while ((s = string_nextinlist(&list, &sep, NULL, 0))) { @@ -751,7 +680,7 @@ while ((s = string_nextinlist(&list, &sep, NULL, 0))) address above. The field in the ip_address_item is large enough to hold an IPv6 address. */ - next = store_get(sizeof(ip_address_item), taint); + next = store_get(sizeof(ip_address_item), list); next->next = NULL; Ustrcpy(next->address, s); next->port = port; @@ -915,14 +844,14 @@ if (type < 0) struct sockaddr_in6 *sk = (struct sockaddr_in6 *)arg; yield = US inet_ntop(family, &(sk->sin6_addr), CS addr_buffer, sizeof(addr_buffer)); - if (portptr != NULL) *portptr = ntohs(sk->sin6_port); + if (portptr) *portptr = ntohs(sk->sin6_port); } else { struct sockaddr_in *sk = (struct sockaddr_in *)arg; yield = US inet_ntop(family, &(sk->sin_addr), CS addr_buffer, sizeof(addr_buffer)); - if (portptr != NULL) *portptr = ntohs(sk->sin_port); + if (portptr) *portptr = ntohs(sk->sin_port); } } else @@ -941,7 +870,7 @@ if (Ustrncmp(yield, "::ffff:", 7) == 0) yield += 7; if (type < 0) { yield = US inet_ntoa(((struct sockaddr_in *)arg)->sin_addr); - if (portptr != NULL) *portptr = ntohs(((struct sockaddr_in *)arg)->sin_port); + if (portptr) *portptr = ntohs(((struct sockaddr_in *)arg)->sin_port); } else yield = US inet_ntoa(*((struct in_addr *)arg)); @@ -949,7 +878,7 @@ else /* If there is no buffer, put the string into some new store. */ -if (!buffer) buffer = store_get(46, FALSE); +if (!buffer) buffer = store_get(46, GET_UNTAINTED); /* Callers of this function with a non-NULL buffer must ensure that it is large enough to hold an IPv6 address, namely, at least 46 bytes. That's what @@ -1201,9 +1130,9 @@ for (c = buffer, k = -1, i = 0; i < 8; i++) c++; } -c[-1] = '\0'; /* drop trailing colon */ +*--c = '\0'; /* drop trailing colon */ -/* debug_printf("%s: D k %d <%s> <%s>\n", __FUNCTION__, k, d, d + 2*(k+1)); */ +/* debug_printf("%s: D k %d <%s> <%s>\n", __FUNCTION__, k, buffer, buffer + 2*(k+1)); */ if (k >= 0) { /* collapse */ c = d + 2*(k+1); @@ -1582,12 +1511,12 @@ Put it in permanent memory. */ if (hosts->h_aliases) { - int count = 1; + int count = 1; /* need 1 more for terminating NULL */ uschar **ptr; for (uschar ** aliases = USS hosts->h_aliases; *aliases; aliases++) count++; store_pool = POOL_PERM; - ptr = sender_host_aliases = store_get(count * sizeof(uschar *), FALSE); + ptr = sender_host_aliases = store_get(count * sizeof(uschar *), GET_UNTAINTED); store_pool = POOL_TAINT_PERM; for (uschar ** aliases = USS hosts->h_aliases; *aliases; aliases++) @@ -1691,7 +1620,7 @@ while ((ordername = string_nextinlist(&list, &sep, NULL, 0))) { uschar **aptr = NULL; int ssize = 264; - int count = 0; + int count = 1; /* need 1 more for terminating NULL */ int old_pool = store_pool; sender_host_dnssec = dns_is_secure(dnsa); @@ -1709,7 +1638,7 @@ while ((ordername = string_nextinlist(&list, &sep, NULL, 0))) /* Get store for the list of aliases. For compatibility with gethostbyaddr, we make an empty list if there are none. */ - aptr = sender_host_aliases = store_get(count * sizeof(uschar *), FALSE); + aptr = sender_host_aliases = store_get(count * sizeof(uschar *), GET_UNTAINTED); /* Re-scan and extract the names */ @@ -1717,7 +1646,8 @@ while ((ordername = string_nextinlist(&list, &sep, NULL, 0))) rr; rr = dns_next_rr(dnsa, &dnss, RESET_NEXT)) if (rr->type == T_PTR) { - uschar * s = store_get(ssize, TRUE); /* names are tainted */ + uschar * s = store_get(ssize, GET_TAINTED); /* names are tainted */ + unsigned slen; /* If an overlong response was received, the data will have been truncated and dn_expand may fail. */ @@ -1730,13 +1660,19 @@ while ((ordername = string_nextinlist(&list, &sep, NULL, 0))) break; } - store_release_above(s + Ustrlen(s) + 1); - if (!s[0]) + store_release_above(s + (slen = Ustrlen(s)) + 1); + if (!*s) { HDEBUG(D_host_lookup) debug_printf("IP address lookup yielded an " "empty name: treated as non-existent host name\n"); continue; } + if (Ustrspn(s, letter_digit_hyphen_dot) != slen) + { + HDEBUG(D_host_lookup) debug_printf("IP address lookup yielded an " + "illegal name (bad char): treated as non-existent host name\n"); + continue; + } if (!sender_host_name) sender_host_name = s; else *aptr++ = s; while (*s) { *s = tolower(*s); s++; } @@ -1794,7 +1730,7 @@ HDEBUG(D_host_lookup) { uschar **aliases = sender_host_aliases; debug_printf("IP address lookup yielded \"%s\"\n", sender_host_name); - while (*aliases != NULL) debug_printf(" alias \"%s\"\n", *aliases++); + while (*aliases) debug_printf(" alias \"%s\"\n", *aliases++); } /* We need to verify that a forward lookup on the name we found does indeed @@ -2119,7 +2055,7 @@ for (int i = 1; i <= times; else { - host_item *next = store_get(sizeof(host_item), FALSE); + host_item *next = store_get(sizeof(host_item), GET_UNTAINTED); next->name = host->name; #ifndef DISABLE_TLS next->certname = host->certname; @@ -2456,7 +2392,7 @@ for (; i >= 0; i--) /* Not a duplicate */ new_sort_key = host->mx * 1000 + random_number(500) + randoffset; - next = store_get(sizeof(host_item), FALSE); + next = store_get(sizeof(host_item), GET_UNTAINTED); /* New address goes first: insert the new block after the first one (so as not to disturb the original pointer) but put the new address @@ -2863,7 +2799,7 @@ for (dns_record * rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS); /* Make a new host item and seek the correct insertion place */ { int sort_key = precedence * 1000 + weight; - host_item *next = store_get(sizeof(host_item), FALSE); + host_item * next = store_get(sizeof(host_item), GET_UNTAINTED); next->name = string_copy_dnsdomain(data); next->address = NULL; next->port = port;