X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/aae2bf28db36ab9133829dc33ea6ef886e8373c2..fa1c8faf169384bebaa8d172f491574c45ae2aa4:/src/src/expand.c diff --git a/src/src/expand.c b/src/src/expand.c index fea6501fe..9a88d38ca 100644 --- a/src/src/expand.c +++ b/src/src/expand.c @@ -475,6 +475,7 @@ typedef struct { typedef uschar * stringptr_fn_t(void); static uschar * fn_recipients(void); +static uschar * fn_recipients_list(void); static uschar * fn_queue_size(void); /* This table must be kept in alphabetical order. */ @@ -694,6 +695,7 @@ static var_entry var_table[] = { { "recipient_verify_failure",vtype_stringptr,&recipient_verify_failure }, { "recipients", vtype_string_func, (void *) &fn_recipients }, { "recipients_count", vtype_int, &recipients_count }, + { "recipients_list", vtype_string_func, (void *) &fn_recipients_list }, { "regex_cachesize", vtype_int, ®ex_cachesize },/* undocumented; devel observability */ #ifdef WITH_CONTENT_SCAN { "regex_match_string", vtype_stringptr, ®ex_match_string }, @@ -839,6 +841,7 @@ uschar * fn_arc_domains(void) {return NULL;} uschar * fn_hdrs_added(void) {return NULL;} uschar * fn_queue_size(void) {return NULL;} uschar * fn_recipients(void) {return NULL;} +uschar * fn_recipients_list(void) {return NULL;} uschar * sender_helo_verified_boolstr(void) {return NULL;} uschar * smtp_cmd_hist(void) {return NULL;} @@ -1800,21 +1803,39 @@ return g; *************************************************/ /* A recipients list is available only during system message filtering, during ACL processing after DATA, and while expanding pipe commands -generated from a system filter, but not elsewhere. */ +generated from a system filter, but not elsewhere. Note that this does +not check for commas in the elements, and uses comma-space as seperator - +so cannot be used as an exim list as-is. */ static uschar * fn_recipients(void) { -uschar * s; gstring * g = NULL; if (!f.enable_dollar_recipients) return NULL; for (int i = 0; i < recipients_count; i++) { - s = recipients_list[i].address; + const uschar * s = recipients_list[i].address; g = string_append2_listele_n(g, US", ", s, Ustrlen(s)); } +gstring_release_unused(g); +return string_from_gstring(g); +} + +/* Similar, but as a properly-quoted exim list */ + + +static uschar * +fn_recipients_list(void) +{ +gstring * g = NULL; + +if (!f.enable_dollar_recipients) return NULL; + +for (int i = 0; i < recipients_count; i++) + g = string_append_listele(g, ':', recipients_list[i].address); +gstring_release_unused(g); return string_from_gstring(g); } @@ -2119,7 +2140,7 @@ switch (vp->type) case vtype_string_func: { stringptr_fn_t * fn = (stringptr_fn_t *) val; - uschar* s = fn(); + uschar * s = fn(); return s ? s : US""; } @@ -2741,9 +2762,17 @@ switch(cond_type = identify_operator(&s, &opname)) case ECOND_ISIP: case ECOND_ISIP4: case ECOND_ISIP6: - rc = string_is_ip_address(sub[0], NULL); - *yield = ((cond_type == ECOND_ISIP)? (rc != 0) : - (cond_type == ECOND_ISIP4)? (rc == 4) : (rc == 6)) == testfor; + { + const uschar *errp; + const uschar **errpp; + DEBUG(D_expand) errpp = &errp; else errpp = 0; + if (0 == (rc = string_is_ip_addressX(sub[0], NULL, errpp))) + DEBUG(D_expand) debug_printf("failed: %s\n", errp); + + *yield = ( cond_type == ECOND_ISIP ? rc != 0 : + cond_type == ECOND_ISIP4 ? rc == 4 : rc == 6) == testfor; + } + break; /* Various authentication tests - all optionally compiled */ @@ -3561,53 +3590,50 @@ switch(cond_type = identify_operator(&s, &opname)) /* If a zero-length secret was given, we're done. Otherwise carry on and validate the given SRS local_part againt our secret. */ - if (!*sub[1]) + if (*sub[1]) { - boolvalue = TRUE; - goto srs_result; - } + /* check the timestamp */ + { + struct timeval now; + uschar * ss = sub[0] + ovec[4]; /* substring 2, the timestamp */ + long d; + int n; - /* check the timestamp */ - { - struct timeval now; - uschar * ss = sub[0] + ovec[4]; /* substring 2, the timestamp */ - long d; - int n; + gettimeofday(&now, NULL); + now.tv_sec /= 86400; /* days since epoch */ - gettimeofday(&now, NULL); - now.tv_sec /= 86400; /* days since epoch */ + /* Decode substring 2 from base32 to a number */ - /* Decode substring 2 from base32 to a number */ + for (d = 0, n = ovec[5]-ovec[4]; n; n--) + { + uschar * t = Ustrchr(base32_chars, *ss++); + d = d * 32 + (t - base32_chars); + } - for (d = 0, n = ovec[5]-ovec[4]; n; n--) - { - uschar * t = Ustrchr(base32_chars, *ss++); - d = d * 32 + (t - base32_chars); + if (((now.tv_sec - d) & 0x3ff) > 10) /* days since SRS generated */ + { + DEBUG(D_expand) debug_printf("SRS too old\n"); + goto srs_result; + } } - if (((now.tv_sec - d) & 0x3ff) > 10) /* days since SRS generated */ + /* check length of substring 1, the offered checksum */ + + if (ovec[3]-ovec[2] != 4) { - DEBUG(D_expand) debug_printf("SRS too old\n"); + DEBUG(D_expand) debug_printf("SRS checksum wrong size\n"); goto srs_result; } - } - - /* check length of substring 1, the offered checksum */ - - if (ovec[3]-ovec[2] != 4) - { - DEBUG(D_expand) debug_printf("SRS checksum wrong size\n"); - goto srs_result; - } - /* Hash the address with our secret, and compare that computed checksum - with the one extracted from the arg */ + /* Hash the address with our secret, and compare that computed checksum + with the one extracted from the arg */ - hmac_md5(sub[1], srs_recipient, cksum, sizeof(cksum)); - if (Ustrncmp(cksum, sub[0] + ovec[2], 4) != 0) - { - DEBUG(D_expand) debug_printf("SRS checksum mismatch\n"); - goto srs_result; + hmac_md5(sub[1], srs_recipient, cksum, sizeof(cksum)); + if (Ustrncmp(cksum, sub[0] + ovec[2], 4) != 0) + { + DEBUG(D_expand) debug_printf("SRS checksum mismatch\n"); + goto srs_result; + } } boolvalue = TRUE; @@ -5623,7 +5649,7 @@ while (*s) { FILE * f; const uschar * arg, ** argv; - BOOL late_expand = TRUE; + unsigned late_expand = TSUC_EXPAND_ARGS | TSUC_ALLOW_TAINTED_ARGS | TSUC_ALLOW_RECIPIENTS; if (expand_forbid & RDO_RUN) { @@ -5635,7 +5661,7 @@ while (*s) while (*s == ',') if (Ustrncmp(++s, "preexpand", 9) == 0) - { late_expand = FALSE; s += 9; } + { late_expand = 0; s += 9; } else { const uschar * t = s; @@ -5695,7 +5721,6 @@ while (*s) late_expand, /* expand args if not already done */ 0, /* not relevant when... */ NULL, /* no transporting address */ - late_expand, /* allow tainted args, when expand-after-split */ US"${run} expansion", /* for error messages */ &expand_string_message)) /* where to put error message */ goto EXPAND_FAILED; @@ -5786,16 +5811,15 @@ while (*s) case 3: goto EXPAND_FAILED; } - yield = string_cat(yield, sub[0]); - o2m = Ustrlen(sub[2]) - 1; - - if (o2m >= 0) for (; oldptr < yield->ptr; oldptr++) + if ( (yield = string_cat(yield, sub[0])) + && (o2m = Ustrlen(sub[2]) - 1) >= 0) + for (; oldptr < yield->ptr; oldptr++) { uschar * m = Ustrrchr(sub[1], yield->s[oldptr]); if (m) { int o = m - sub[1]; - yield->s[oldptr] = sub[2][(o < o2m)? o : o2m]; + yield->s[oldptr] = sub[2][o < o2m ? o : o2m]; } } @@ -6547,6 +6571,7 @@ while (*s) goto EXPAND_FAILED_CURLY; /*}*/ } + DEBUG(D_expand) debug_printf_indent("%s: evaluate input list list\n", name); if (!(list = expand_string_internal(s, ESI_BRACE_ENDS | ESI_HONOR_DOLLAR | flags, &s, &resetok, NULL))) goto EXPAND_FAILED; /*{{*/ @@ -6566,6 +6591,7 @@ while (*s) expand_string_message = US"missing '{' for second arg of reduce"; goto EXPAND_FAILED_CURLY; /*}*/ } + DEBUG(D_expand) debug_printf_indent("reduce: initial result list\n"); t = expand_string_internal(s, ESI_BRACE_ENDS | ESI_HONOR_DOLLAR | flags, &s, &resetok, NULL); if (!t) goto EXPAND_FAILED; @@ -6593,6 +6619,7 @@ while (*s) condition for real. For EITEM_MAP and EITEM_REDUCE, do the same, using the normal internal expansion function. */ + DEBUG(D_expand) debug_printf_indent("%s: find end of conditionn\n", name); if (item_type != EITEM_FILTER) temp = expand_string_internal(s, ESI_BRACE_ENDS | ESI_HONOR_DOLLAR | ESI_SKIPPING, &s, &resetok, NULL); @@ -7862,7 +7889,7 @@ NOT_ITEM: ; case EOP_UTF8CLEAN: { int seq_len = 0, index = 0, bytes_left = 0, complete; - long codepoint = -1; + u_long codepoint = (u_long)-1; uschar seq_buff[4]; /* accumulate utf-8 here */ /* Manually track tainting, as we deal in individual chars below */ @@ -7896,6 +7923,15 @@ NOT_ITEM: ; if (--bytes_left == 0) /* codepoint complete */ if(codepoint > 0x10FFFF) /* is it too large? */ complete = -1; /* error (RFC3629 limit) */ + else if ( (codepoint & 0x1FF800 ) == 0xD800 ) /* surrogate */ + /* A UTF-16 surrogate (which should be one of a pair that + encode a Unicode codepoint that is outside the Basic + Multilingual Plane). Error, not UTF8. + RFC2279.2 is slightly unclear on this, but + https://unicodebook.readthedocs.io/issues.html#strict-utf8-decoder + says "Surrogates characters are also invalid in UTF-8: + characters in U+D800—U+DFFF have to be rejected." */ + complete = -1; else { /* finished; output utf-8 sequence */ yield = string_catn(yield, seq_buff, seq_len); @@ -7905,27 +7941,25 @@ NOT_ITEM: ; } else /* no bytes left: new sequence */ { - if(!(c & 0x80)) /* 1-byte sequence, US-ASCII, keep it */ + if (!(c & 0x80)) /* 1-byte sequence, US-ASCII, keep it */ { yield = string_catn(yield, &c, 1); continue; } - if((c & 0xe0) == 0xc0) /* 2-byte sequence */ - { - if(c == 0xc0 || c == 0xc1) /* 0xc0 and 0xc1 are illegal */ + if ((c & 0xe0) == 0xc0) /* 2-byte sequence */ + if (c == 0xc0 || c == 0xc1) /* 0xc0 and 0xc1 are illegal */ complete = -1; else { - bytes_left = 1; - codepoint = c & 0x1f; + bytes_left = 1; + codepoint = c & 0x1f; } - } - else if((c & 0xf0) == 0xe0) /* 3-byte sequence */ + else if ((c & 0xf0) == 0xe0) /* 3-byte sequence */ { bytes_left = 2; codepoint = c & 0x0f; } - else if((c & 0xf8) == 0xf0) /* 4-byte sequence */ + else if ((c & 0xf8) == 0xf0) /* 4-byte sequence */ { bytes_left = 3; codepoint = c & 0x07; @@ -8107,7 +8141,7 @@ NOT_ITEM: ; case EOP_BASE64D: { uschar * s; - int len = b64decode(sub, &s); + int len = b64decode(sub, &s, sub); if (len < 0) { expand_string_message = string_sprintf("string \"%s\" is not "