X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/9f6b3bf5187562bac4c96e3ed6a17740d01489fa..fba5586e6d47f55e024e97681c166e857c4f3d1c:/src/src/spool_in.c diff --git a/src/src/spool_in.c b/src/src/spool_in.c index 82885db56..588effd2c 100644 --- a/src/src/spool_in.c +++ b/src/src/spool_in.c @@ -2,9 +2,10 @@ * Exim - an Internet mail transport agent * *************************************************/ -/* Copyright (c) The Exim Maintainers 2020 - 2022 */ +/* Copyright (c) The Exim Maintainers 2020 - 2023 */ /* Copyright (c) University of Cambridge 1995 - 2018 */ /* See the file NOTICE for conditions of use and distribution. */ +/* SPDX-License-Identifier: GPL-2.0-or-later */ /* Functions for reading spool files. When compiling for a utility (eximon), not all are needed, and some functionality can be cut out. */ @@ -35,18 +36,18 @@ Side effect: message_subdir is set for the (possibly split) spool directory */ int -spool_open_datafile(uschar *id) +spool_open_datafile(const uschar * id) { struct stat statbuf; flock_t lock_data; int fd; -/* If split_spool_directory is set, first look for the file in the appropriate -sub-directory of the input directory. If it is not found there, try the input -directory itself, to pick up leftovers from before the splitting. If split_ -spool_directory is not set, first look in the main input directory. If it is -not found there, try the split sub-directory, in case it is left over from a -splitting state. */ +/* If split_spool_directory is set (handled by set_subdir_str()), first look for +the file in the appropriate sub-directory of the input directory. If it is not +found there, try the input directory itself, to pick up leftovers from before +the splitting. If split_ spool_directory is not set, first look in the main +input directory. If it is not found there, try the split sub-directory, in case +it is left over from a splitting state. */ for (int i = 0; i < 2; i++) { @@ -58,18 +59,12 @@ for (int i = 0; i < 2; i++) DEBUG(D_deliver) debug_printf_indent("Trying spool file %s\n", fname); /* We protect against symlink attacks both in not propagating the - * file-descriptor to other processes as we exec, and also ensuring that we - * don't even open symlinks. - * No -D file inside the spool area should be a symlink. - */ + file-descriptor to other processes as we exec, and also ensuring that we + don't even open symlinks. + No -D file inside the spool area should be a symlink. */ + if ((fd = Uopen(fname, -#ifdef O_CLOEXEC - O_CLOEXEC | -#endif -#ifdef O_NOFOLLOW - O_NOFOLLOW | -#endif - O_RDWR | O_APPEND, 0)) >= 0) + EXIM_CLOEXEC | EXIM_NOFOLLOW | O_RDWR | O_APPEND, 0)) >= 0) break; save_errno = errno; if (errno == ENOENT) @@ -80,6 +75,11 @@ for (int i = 0; i < 2; i++) *queue_name ? US" Q=" : US"", *queue_name ? queue_name : US"", id); + else DEBUG(D_deliver) + debug_printf("Spool%s%s file %s-D not found\n", + *queue_name ? US" Q=" : US"", + *queue_name ? queue_name : US"", + id); } else log_write(0, LOG_MAIN, "Spool error for %s: %s", fname, strerror(errno)); @@ -102,7 +102,7 @@ what it locks. */ lock_data.l_type = F_WRLCK; lock_data.l_whence = SEEK_SET; lock_data.l_start = 0; -lock_data.l_len = SPOOL_DATA_START_OFFSET; +lock_data.l_len = spool_data_start_offset(id); if (fcntl(fd, F_SETLK, &lock_data) < 0) { @@ -119,7 +119,7 @@ in the count, but add one for the newline before the data. */ if (fstat(fd, &statbuf) == 0) { - message_body_size = statbuf.st_size - SPOOL_DATA_START_OFFSET; + message_body_size = statbuf.st_size - spool_data_start_offset(id); message_size = message_body_size + 1; } @@ -300,6 +300,9 @@ message_smtputf8 = FALSE; message_utf8_downconvert = 0; #endif +#ifndef COMPILE_UTILITY +debuglog_name[0] = '\0'; +#endif dsn_ret = 0; dsn_envid = NULL; } @@ -371,6 +374,7 @@ int n; int rcount = 0; long int uid, gid; BOOL inheader = FALSE; +const uschar * where; /* Reset all the global variables to their default values. However, there is one exception. DO NOT change the default value of dont_deliver, because it may @@ -402,9 +406,15 @@ DEBUG(D_deliver) debug_printf_indent("reading spool file %s\n", name); /* The first line of a spool file contains the message id followed by -H (i.e. the file name), in order to make the file self-identifying. */ +where = US"first line read"; if (Ufgets(big_buffer, big_buffer_size, fp) == NULL) goto SPOOL_READ_ERROR; -if (Ustrlen(big_buffer) != MESSAGE_ID_LENGTH + 3 || - Ustrncmp(big_buffer, name, MESSAGE_ID_LENGTH + 2) != 0) +where = US"first line length"; +if ( ( Ustrlen(big_buffer) != MESSAGE_ID_LENGTH + 3 + && Ustrlen(big_buffer) != MESSAGE_ID_LENGTH_OLD + 3 + ) + || ( Ustrncmp(big_buffer, name, MESSAGE_ID_LENGTH + 2) != 0 + && Ustrncmp(big_buffer, name, MESSAGE_ID_LENGTH_OLD + 2) != 0 + ) ) goto SPOOL_FORMAT_ERROR; /* The next three lines in the header file are in a fixed format. The first @@ -414,20 +424,24 @@ negative uids and gids. The second contains the mail address of the message's sender, enclosed in <>. The third contains the time the message was received, and the number of warning messages for delivery delays that have been sent. */ +where = US"2nd line read"; if (Ufgets(big_buffer, big_buffer_size, fp) == NULL) goto SPOOL_READ_ERROR; { uschar *p = big_buffer + Ustrlen(big_buffer); while (p > big_buffer && isspace(p[-1])) p--; *p = 0; + where = US"2nd line fmt 1"; if (!isdigit(p[-1])) goto SPOOL_FORMAT_ERROR; while (p > big_buffer && (isdigit(p[-1]) || '-' == p[-1])) p--; gid = Uatoi(p); + where = US"2nd line fmt 2"; if (p <= big_buffer || *(--p) != ' ') goto SPOOL_FORMAT_ERROR; *p = 0; if (!isdigit(p[-1])) goto SPOOL_FORMAT_ERROR; while (p > big_buffer && (isdigit(p[-1]) || '-' == p[-1])) p--; uid = Uatoi(p); + where = US"2nd line fmt 3"; if (p <= big_buffer || *(--p) != ' ') goto SPOOL_FORMAT_ERROR; *p = 0; } @@ -436,7 +450,7 @@ originator_login = string_copy(big_buffer); originator_uid = (uid_t)uid; originator_gid = (gid_t)gid; -/* envelope from */ +where = US"envelope from"; if (Ufgets(big_buffer, big_buffer_size, fp) == NULL) goto SPOOL_READ_ERROR; n = Ustrlen(big_buffer); if (n < 3 || big_buffer[0] != '<' || big_buffer[n-2] != '>') @@ -446,7 +460,7 @@ sender_address = store_get(n-2, GET_TAINTED); Ustrncpy(sender_address, big_buffer+1, n-3); sender_address[n-3] = 0; -/* time */ +where = US"time"; if (Ufgets(big_buffer, big_buffer_size, fp) == NULL) goto SPOOL_READ_ERROR; if (sscanf(CS big_buffer, TIME_T_FMT " %d", &received_time.tv_sec, &warning_count) != 2) goto SPOOL_FORMAT_ERROR; @@ -498,15 +512,19 @@ for (;;) if (*var == '(') /* marker for quoted value */ { uschar * s; - int idx; for (s = ++var; *s != ')'; ) s++; #ifndef COMPILE_UTILITY - if ((idx = search_findtype(var, s - var)) < 0) { - DEBUG(D_any) debug_printf("Unrecognised quoter %.*s\n", (int)(s - var), var+1); - goto SPOOL_FORMAT_ERROR; + int idx; + if ((idx = search_findtype(var, s - var)) < 0) + { + DEBUG(D_any) + debug_printf("Unrecognised quoter %.*s\n", (int)(s - var), var+1); + where = NULL; + goto SPOOL_FORMAT_ERROR; + } + proto_mem = store_get_quoted(1, GET_TAINTED, idx); } - proto_mem = store_get_quoted(1, GET_TAINTED, idx); #endif /* COMPILE_UTILITY */ var = s + 1; } @@ -528,7 +546,8 @@ for (;;) int count; tree_node *node; endptr = Ustrchr(var + 5, ' '); - if (endptr == NULL) goto SPOOL_FORMAT_ERROR; + where = US"-aclXn"; + if (!endptr) goto SPOOL_FORMAT_ERROR; name = string_sprintf("%c%.*s", var[3], (int)(endptr - var - 5), var + 5); if (sscanf(CS endptr, " %d", &count) != 1) goto SPOOL_FORMAT_ERROR; @@ -562,6 +581,7 @@ for (;;) unsigned index, count; uschar name[20]; /* Need plenty of space for %u format */ tree_node * node; + where = US"-acl (old)"; if ( sscanf(CS var + 4, "%u %u", &index, &count) != 2 || index >= 20 || count > 16384 /* arbitrary limit on variable size */ @@ -594,11 +614,16 @@ for (;;) case 'd': if (Ustrcmp(p, "eliver_firsttime") == 0) f.deliver_firsttime = TRUE; - /* Check if the dsn flags have been set in the header file */ else if (Ustrncmp(p, "sn_ret", 6) == 0) dsn_ret= atoi(CS var + 7); else if (Ustrncmp(p, "sn_envid", 8) == 0) dsn_envid = string_copy_taint(var + 10, proto_mem); +#ifndef COMPILE_UTILITY + else if (Ustrncmp(p, "ebug_selector ", 14) == 0) + debug_selector = strtol(CS var + 15, NULL, 0); + else if (Ustrncmp(p, "ebuglog_name ", 13) == 0) + debug_logging_from_spool(var + 14); +#endif break; case 'f': @@ -771,6 +796,7 @@ DEBUG(D_deliver) /* We now have the tree of addresses NOT to deliver to, or a line containing "XX", indicating no tree. */ +where = US"nondeliver"; if (Ustrncmp(big_buffer, "XX\n", 3) != 0 && !read_nonrecipients_tree(&tree_nonrecipients, fp, big_buffer, big_buffer_size)) goto SPOOL_FORMAT_ERROR; @@ -783,6 +809,7 @@ DEBUG(D_deliver) debug_print_tree("Non-recipients", tree_nonrecipients); buffer. It contains the count of recipients which follow on separate lines. Apply an arbitrary sanity check.*/ +where = US"rcpt cnt"; if (Ufgets(big_buffer, big_buffer_size, fp) == NULL) goto SPOOL_READ_ERROR; if (sscanf(CS big_buffer, "%d", &rcount) != 1 || rcount > 16384) goto SPOOL_FORMAT_ERROR; @@ -798,6 +825,7 @@ recipients_list = store_get(rcount * sizeof(recipient_item), GET_UNTAINTED); the Coverity error on recipients_count */ /* coverity[tainted_data] */ +where = US"recipient"; for (recipients_count = 0; recipients_count < rcount; recipients_count++) { int nn; @@ -949,12 +977,13 @@ always, in order to check on the format of the file, but only create a header list if requested to do so. */ inheader = TRUE; +where = US"headers"; if (Ufgets(big_buffer, big_buffer_size, fp) == NULL) goto SPOOL_READ_ERROR; if (big_buffer[0] != '\n') goto SPOOL_FORMAT_ERROR; while ((n = fgetc(fp)) != EOF) { - header_line *h; + header_line * h; uschar flag[4]; int i; @@ -1032,7 +1061,8 @@ if (errno != 0) SPOOL_FORMAT_ERROR: #ifndef COMPILE_UTILITY -DEBUG(D_any) debug_printf("Format error in spool file %s\n", name); +DEBUG(D_any) debug_printf("Format error in spool file %s%s%s\n", name, + where ? ": " : "", where ? where : US""); #endif /* COMPILE_UTILITY */ fclose(fp); @@ -1051,15 +1081,14 @@ We assume that message_subdir is already set. uschar * spool_sender_from_msgid(const uschar * id) { -uschar * name = string_sprintf("%s-H", id); FILE * fp; int n; uschar * yield = NULL; -if (!(fp = Ufopen(spool_fname(US"input", message_subdir, name, US""), "rb"))) +if (!(fp = Ufopen(spool_fname(US"input", message_subdir, id, US"-H"), "rb"))) return NULL; -DEBUG(D_deliver) debug_printf_indent("reading spool file %s\n", name); +DEBUG(D_deliver) debug_printf_indent("reading spool file %s-H\n", id); /* Skip the line with the copy of the filename, then the line with login/uid/gid. Read the next line, which should be the envelope sender.