X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/995e599afd3e6468d3396fb351ed0cd0ea212779..0cc804c87799fb5902e66d5bd537a762f786dc2a:/src/src/host.c diff --git a/src/src/host.c b/src/src/host.c index 6b9f674b8..e99e6ceba 100644 --- a/src/src/host.c +++ b/src/src/host.c @@ -3,7 +3,7 @@ *************************************************/ /* Copyright (c) University of Cambridge 1995 - 2018 */ -/* Copyright (c) The Exim Maintainers 2020 */ +/* Copyright (c) The Exim Maintainers 2020 - 2021 */ /* See the file NOTICE for conditions of use and distribution. */ /* Functions for finding hosts, either by gethostbyname(), gethostbyaddr(), or @@ -197,9 +197,9 @@ if ((ipa = string_is_ip_address(lname, NULL)) != 0) || ipa == 6 && af == AF_INET6) { int x[4]; - yield = store_get(sizeof(struct hostent), FALSE); - alist = store_get(2 * sizeof(char *), FALSE); - adds = store_get(alen, FALSE); + yield = store_get(sizeof(struct hostent), GET_UNTAINTED); + alist = store_get(2 * sizeof(char *), GET_UNTAINTED); + adds = store_get(alen, GET_UNTAINTED); yield->h_name = CS name; yield->h_aliases = NULL; yield->h_addrtype = af; @@ -222,7 +222,8 @@ if ((ipa = string_is_ip_address(lname, NULL)) != 0) else { *error_num = HOST_NOT_FOUND; - return NULL; + yield = NULL; + goto out; } /* Handle a host name */ @@ -238,11 +239,11 @@ else switch(rc) { case DNS_SUCCEED: break; - case DNS_NOMATCH: *error_num = HOST_NOT_FOUND; return NULL; - case DNS_NODATA: *error_num = NO_DATA; return NULL; - case DNS_AGAIN: *error_num = TRY_AGAIN; return NULL; + case DNS_NOMATCH: *error_num = HOST_NOT_FOUND; yield = NULL; goto out; + case DNS_NODATA: *error_num = NO_DATA; yield = NULL; goto out; + case DNS_AGAIN: *error_num = TRY_AGAIN; yield = NULL; goto out; default: - case DNS_FAIL: *error_num = NO_RECOVERY; return NULL; + case DNS_FAIL: *error_num = NO_RECOVERY; yield = NULL; goto out; } for (dns_record * rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS); @@ -250,9 +251,9 @@ else rr = dns_next_rr(dnsa, &dnss, RESET_NEXT)) if (rr->type == type) count++; - yield = store_get(sizeof(struct hostent), FALSE); - alist = store_get((count + 1) * sizeof(char *), FALSE); - adds = store_get(count *alen, FALSE); + yield = store_get(sizeof(struct hostent), GET_UNTAINTED); + alist = store_get((count + 1) * sizeof(char *), GET_UNTAINTED); + adds = store_get(count *alen, GET_UNTAINTED); yield->h_name = CS name; yield->h_aliases = NULL; @@ -280,6 +281,9 @@ else *alist = NULL; } +out: + +store_free_dns_answer(dnsa); return yield; } @@ -324,12 +328,12 @@ while ((name = string_nextinlist(&list, &sep, NULL, 0))) continue; } - h = store_get(sizeof(host_item), FALSE); + h = store_get(sizeof(host_item), GET_UNTAINTED); h->name = name; h->address = NULL; h->port = PORT_NONE; h->mx = fake_mx; - h->sort_key = randomize? (-fake_mx)*1000 + random_number(1000) : 0; + h->sort_key = randomize ? (-fake_mx)*1000 + random_number(1000) : 0; h->status = hstatus_unknown; h->why = hwhy_unknown; h->last_try = 0; @@ -728,7 +732,6 @@ host_build_ifacelist(const uschar *list, uschar *name) int sep = 0; uschar *s; ip_address_item * yield = NULL, * last = NULL, * next; -BOOL taint = is_tainted(list); while ((s = string_nextinlist(&list, &sep, NULL, 0))) { @@ -747,7 +750,7 @@ while ((s = string_nextinlist(&list, &sep, NULL, 0))) address above. The field in the ip_address_item is large enough to hold an IPv6 address. */ - next = store_get(sizeof(ip_address_item), taint); + next = store_get(sizeof(ip_address_item), list); next->next = NULL; Ustrcpy(next->address, s); next->port = port; @@ -945,7 +948,7 @@ else /* If there is no buffer, put the string into some new store. */ -if (!buffer) buffer = store_get(46, FALSE); +if (!buffer) buffer = store_get(46, GET_UNTAINTED); /* Callers of this function with a non-NULL buffer must ensure that it is large enough to hold an IPv6 address, namely, at least 46 bytes. That's what @@ -1197,9 +1200,9 @@ for (c = buffer, k = -1, i = 0; i < 8; i++) c++; } -c[-1] = '\0'; /* drop trailing colon */ +*--c = '\0'; /* drop trailing colon */ -/* debug_printf("%s: D k %d <%s> <%s>\n", __FUNCTION__, k, d, d + 2*(k+1)); */ +/* debug_printf("%s: D k %d <%s> <%s>\n", __FUNCTION__, k, buffer, buffer + 2*(k+1)); */ if (k >= 0) { /* collapse */ c = d + 2*(k+1); @@ -1578,12 +1581,12 @@ Put it in permanent memory. */ if (hosts->h_aliases) { - int count = 1; + int count = 1; /* need 1 more for terminating NULL */ uschar **ptr; for (uschar ** aliases = USS hosts->h_aliases; *aliases; aliases++) count++; store_pool = POOL_PERM; - ptr = sender_host_aliases = store_get(count * sizeof(uschar *), FALSE); + ptr = sender_host_aliases = store_get(count * sizeof(uschar *), GET_UNTAINTED); store_pool = POOL_TAINT_PERM; for (uschar ** aliases = USS hosts->h_aliases; *aliases; aliases++) @@ -1687,7 +1690,7 @@ while ((ordername = string_nextinlist(&list, &sep, NULL, 0))) { uschar **aptr = NULL; int ssize = 264; - int count = 0; + int count = 1; /* need 1 more for terminating NULL */ int old_pool = store_pool; sender_host_dnssec = dns_is_secure(dnsa); @@ -1705,7 +1708,7 @@ while ((ordername = string_nextinlist(&list, &sep, NULL, 0))) /* Get store for the list of aliases. For compatibility with gethostbyaddr, we make an empty list if there are none. */ - aptr = sender_host_aliases = store_get(count * sizeof(uschar *), FALSE); + aptr = sender_host_aliases = store_get(count * sizeof(uschar *), GET_UNTAINTED); /* Re-scan and extract the names */ @@ -1713,7 +1716,7 @@ while ((ordername = string_nextinlist(&list, &sep, NULL, 0))) rr; rr = dns_next_rr(dnsa, &dnss, RESET_NEXT)) if (rr->type == T_PTR) { - uschar * s = store_get(ssize, TRUE); /* names are tainted */ + uschar * s = store_get(ssize, GET_TAINTED); /* names are tainted */ /* If an overlong response was received, the data will have been truncated and dn_expand may fail. */ @@ -1790,7 +1793,7 @@ HDEBUG(D_host_lookup) { uschar **aliases = sender_host_aliases; debug_printf("IP address lookup yielded \"%s\"\n", sender_host_name); - while (*aliases != NULL) debug_printf(" alias \"%s\"\n", *aliases++); + while (*aliases) debug_printf(" alias \"%s\"\n", *aliases++); } /* We need to verify that a forward lookup on the name we found does indeed @@ -2115,7 +2118,7 @@ for (int i = 1; i <= times; else { - host_item *next = store_get(sizeof(host_item), FALSE); + host_item *next = store_get(sizeof(host_item), GET_UNTAINTED); next->name = host->name; #ifndef DISABLE_TLS next->certname = host->certname; @@ -2262,6 +2265,7 @@ host_item *thishostlast = NULL; /* Indicates not yet filled in anything */ BOOL v6_find_again = FALSE; BOOL dnssec_fail = FALSE; int i; +dns_answer * dnsa; #ifndef DISABLE_TLS /* Copy the host name at this point to the value which is used for @@ -2287,6 +2291,8 @@ if (allow_ip && string_is_ip_address(host->name, NULL) != 0) return HOST_FOUND; } +dnsa = store_get_dns_answer(); + /* On an IPv6 system, unless IPv6 is disabled, go round the loop up to twice, looking for AAAA records the first time. However, unless doing standalone testing, we force an IPv4 lookup if the domain matches dns_ipv4_lookup global. @@ -2318,7 +2324,6 @@ for (; i >= 0; i--) int type = types[i]; int randoffset = i == (whichrrs & HOST_FIND_IPV4_FIRST ? 1 : 0) ? 500 : 0; /* Ensures v6/4 sort order */ - dns_answer * dnsa = store_get_dns_answer(); dns_scan dnss; int rc = dns_lookup_timerwrap(dnsa, host->name, type, fully_qualified_name); @@ -2341,10 +2346,13 @@ for (; i >= 0; i--) { if (i == 0) /* Just tried for an A record, i.e. end of loop */ { - if (host->address != NULL) return HOST_FOUND; /* AAAA was found */ - if (rc == DNS_AGAIN || rc == DNS_FAIL || v6_find_again) - return HOST_FIND_AGAIN; - return HOST_FIND_FAILED; /* DNS_NOMATCH or DNS_NODATA */ + if (host->address != NULL) + i = HOST_FOUND; /* AAAA was found */ + else if (rc == DNS_AGAIN || rc == DNS_FAIL || v6_find_again) + i = HOST_FIND_AGAIN; + else + i = HOST_FIND_FAILED; /* DNS_NOMATCH or DNS_NODATA */ + goto out; } /* Tried for an AAAA record: remember if this was a temporary @@ -2447,7 +2455,7 @@ for (; i >= 0; i--) /* Not a duplicate */ new_sort_key = host->mx * 1000 + random_number(500) + randoffset; - next = store_get(sizeof(host_item), FALSE); + next = store_get(sizeof(host_item), GET_UNTAINTED); /* New address goes first: insert the new block after the first one (so as not to disturb the original pointer) but put the new address @@ -2489,11 +2497,15 @@ for (; i >= 0; i--) /* Control gets here only if the second lookup (the A record) succeeded. However, the address may not be filled in if it was ignored. */ -return host->address +i = host->address ? HOST_FOUND : dnssec_fail ? HOST_FIND_SECURITY : HOST_IGNORED; + +out: + store_free_dns_answer(dnsa); + return i; } @@ -2850,7 +2862,7 @@ for (dns_record * rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS); /* Make a new host item and seek the correct insertion place */ { int sort_key = precedence * 1000 + weight; - host_item *next = store_get(sizeof(host_item), FALSE); + host_item * next = store_get(sizeof(host_item), GET_UNTAINTED); next->name = string_copy_dnsdomain(data); next->address = NULL; next->port = port; @@ -3162,6 +3174,7 @@ DEBUG(D_host_lookup) out: dns_init(FALSE, FALSE, FALSE); /* clear the dnssec bit for getaddrbyname */ +store_free_dns_answer(dnsa); return yield; } @@ -3260,6 +3273,7 @@ uschar buffer[256]; disable_ipv6 = FALSE; primary_hostname = US""; +store_init(); store_pool = POOL_MAIN; debug_selector = D_host_lookup|D_interface; debug_file = stdout;