X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/f3ebb786e451da973560f1c9d8cdb151d25108b5..5fcc791a74a6f6933b3fb03f36e9ea3553152cf7:/src/src/transports/autoreply.c

diff --git a/src/src/transports/autoreply.c b/src/src/transports/autoreply.c
index 734e65833..e75349ed9 100644
--- a/src/src/transports/autoreply.c
+++ b/src/src/transports/autoreply.c
@@ -16,44 +16,27 @@ order (note that "_" comes before the lower case letters). Those starting
 with "*" are not settable by the user but are used by the option-reading
 software for alternative value types. Some options are publicly visible and so
 are stored in the driver instance block. These are flagged with opt_public. */
+#define LOFF(field) OPT_OFF(autoreply_transport_options_block, field)
 
 optionlist autoreply_transport_options[] = {
-  { "bcc",               opt_stringptr,
-      (void *)offsetof(autoreply_transport_options_block, bcc) },
-  { "cc",                opt_stringptr,
-      (void *)offsetof(autoreply_transport_options_block, cc) },
-  { "file",              opt_stringptr,
-      (void *)offsetof(autoreply_transport_options_block, file) },
-  { "file_expand",     opt_bool,
-      (void *)offsetof(autoreply_transport_options_block, file_expand) },
-  { "file_optional",     opt_bool,
-      (void *)offsetof(autoreply_transport_options_block, file_optional) },
-  { "from",              opt_stringptr,
-      (void *)offsetof(autoreply_transport_options_block, from) },
-  { "headers",           opt_stringptr,
-      (void *)offsetof(autoreply_transport_options_block, headers) },
-  { "log",               opt_stringptr,
-      (void *)offsetof(autoreply_transport_options_block, logfile) },
-  { "mode",              opt_octint,
-      (void *)offsetof(autoreply_transport_options_block, mode) },
-  { "never_mail",        opt_stringptr,
-      (void *)offsetof(autoreply_transport_options_block, never_mail) },
-  { "once",              opt_stringptr,
-      (void *)offsetof(autoreply_transport_options_block, oncelog) },
-  { "once_file_size",    opt_int,
-      (void *)offsetof(autoreply_transport_options_block, once_file_size) },
-  { "once_repeat",       opt_stringptr,
-      (void *)offsetof(autoreply_transport_options_block, once_repeat) },
-  { "reply_to",          opt_stringptr,
-      (void *)offsetof(autoreply_transport_options_block, reply_to) },
-  { "return_message",    opt_bool,
-      (void *)offsetof(autoreply_transport_options_block, return_message) },
-  { "subject",           opt_stringptr,
-      (void *)offsetof(autoreply_transport_options_block, subject) },
-  { "text",              opt_stringptr,
-      (void *)offsetof(autoreply_transport_options_block, text) },
-  { "to",                opt_stringptr,
-      (void *)offsetof(autoreply_transport_options_block, to) },
+  { "bcc",               opt_stringptr,	LOFF(bcc) },
+  { "cc",                opt_stringptr,	LOFF(cc) },
+  { "file",              opt_stringptr,	LOFF(file) },
+  { "file_expand",     opt_bool,	LOFF(file_expand) },
+  { "file_optional",     opt_bool,	LOFF(file_optional) },
+  { "from",              opt_stringptr,	LOFF(from) },
+  { "headers",           opt_stringptr,	LOFF(headers) },
+  { "log",               opt_stringptr,	LOFF(logfile) },
+  { "mode",              opt_octint,	LOFF(mode) },
+  { "never_mail",        opt_stringptr,	LOFF(never_mail) },
+  { "once",              opt_stringptr,	LOFF(oncelog) },
+  { "once_file_size",    opt_int,	LOFF(once_file_size) },
+  { "once_repeat",       opt_stringptr,	LOFF(once_repeat) },
+  { "reply_to",          opt_stringptr,	LOFF(reply_to) },
+  { "return_message",    opt_bool,	LOFF(return_message) },
+  { "subject",           opt_stringptr,	LOFF(subject) },
+  { "text",              opt_stringptr,	LOFF(text) },
+  { "to",                opt_stringptr,	LOFF(to) },
 };
 
 /* Size of the options list. An extern variable has to be used so that its
@@ -156,7 +139,7 @@ checkexpand(uschar *s, address_item *addr, uschar *name, int type)
 {
 uschar *ss = expand_string(s);
 
-if (ss == NULL)
+if (!ss)
   {
   addr->transport_return = FAIL;
   addr->message = string_sprintf("Expansion of \"%s\" failed in %s transport: "
@@ -219,7 +202,7 @@ while (*s != 0)
   /* If there is some kind of syntax error, just give up on this header
   line. */
 
-  if (next == NULL) break;
+  if (!next) break;
 
   /* See if the address is on the never_mail list */
 
@@ -307,7 +290,7 @@ from that block. It has typically been set up by a mail filter processing
 router. Otherwise, the data must be supplied by this transport, and
 it has to be expanded here. */
 
-if (addr->reply != NULL)
+if (addr->reply)
   {
   DEBUG(D_transport) debug_printf("taking data from address\n");
   from = addr->reply->from;
@@ -418,25 +401,34 @@ recipient, the effect might not be quite as envisaged. If once_file_size is
 set, instead of a dbm file, we use a regular file containing a circular buffer
 recipient cache. */
 
-if (oncelog && *oncelog != 0 && to)
+if (oncelog && *oncelog && to)
   {
   time_t then = 0;
 
+  if (is_tainted(oncelog))
+    {
+    addr->transport_return = DEFER;
+    addr->basic_errno = EACCES;
+    addr->message = string_sprintf("Tainted '%s' (once file for %s transport)"
+      " not permitted", oncelog, tblock->name);
+    goto END_OFF;
+    }
+
   /* Handle fixed-size cache file. */
 
   if (ob->once_file_size > 0)
     {
     uschar * nextp;
     struct stat statbuf;
-    cache_fd = Uopen(oncelog, O_CREAT|O_RDWR, ob->mode);
 
+    cache_fd = Uopen(oncelog, O_CREAT|O_RDWR, ob->mode);
     if (cache_fd < 0 || fstat(cache_fd, &statbuf) != 0)
       {
       addr->transport_return = DEFER;
+      addr->basic_errno = errno;
       addr->message = string_sprintf("Failed to %s \"once\" file %s when "
         "sending message from %s transport: %s",
-        (cache_fd < 0)? "open" : "stat", oncelog, tblock->name,
-          strerror(errno));
+        cache_fd < 0 ? "open" : "stat", oncelog, tblock->name, strerror(errno));
       goto END_OFF;
       }
 
@@ -489,6 +481,7 @@ if (oncelog && *oncelog != 0 && to)
     if (!dbm_file)
       {
       addr->transport_return = DEFER;
+      addr->basic_errno = errno;
       addr->message = string_sprintf("Failed to open %s file %s when sending "
         "message from %s transport: %s", EXIM_DBTYPE, oncelog, tblock->name,
         strerror(errno));
@@ -522,6 +515,15 @@ if (oncelog && *oncelog != 0 && to)
   if (then != 0 && (once_repeat_sec <= 0 || now - then < once_repeat_sec))
     {
     int log_fd;
+    if (is_tainted(logfile))
+      {
+      addr->transport_return = DEFER;
+      addr->basic_errno = EACCES;
+      addr->message = string_sprintf("Tainted '%s' (logfile for %s transport)"
+	" not permitted", logfile, tblock->name);
+      goto END_OFF;
+      }
+
     DEBUG(D_transport) debug_printf("message previously sent to %s%s\n", to,
       (once_repeat_sec > 0)? " and repeat time not reached" : "");
     log_fd = logfile ? Uopen(logfile, O_WRONLY|O_APPEND|O_CREAT, ob->mode) : -1;
@@ -543,13 +545,20 @@ if (oncelog && *oncelog != 0 && to)
   }
 
 /* We are going to send a message. Ensure any requested file is available. */
-
 if (file)
   {
-  ff = Ufopen(file, "rb");
-  if (!ff && !ob->file_optional)
+  if (is_tainted(file))
     {
     addr->transport_return = DEFER;
+    addr->basic_errno = EACCES;
+    addr->message = string_sprintf("Tainted '%s' (file for %s transport)"
+      " not permitted", file, tblock->name);
+    return FALSE;
+    }
+  if (!(ff = Ufopen(file, "rb")) && !ob->file_optional)
+    {
+    addr->transport_return = DEFER;
+    addr->basic_errno = errno;
     addr->message = string_sprintf("Failed to open file %s when sending "
       "message from %s transport: %s", file, tblock->name, strerror(errno));
     return FALSE;
@@ -565,6 +574,7 @@ pid = child_open_exim(&fd);
 if (pid < 0)
   {
   addr->transport_return = DEFER;
+  addr->basic_errno = errno;
   addr->message = string_sprintf("Failed to create child process to send "
     "message from %s transport: %s", tblock->name, strerror(errno));
   DEBUG(D_transport) debug_printf("%s\n", addr->message);
@@ -598,52 +608,7 @@ if (h)
   fprintf(fp, "In-Reply-To: %s", message_id);
   }
 
-/* Generate a References header if there is at least one of Message-ID:,
-References:, or In-Reply-To: (see RFC 2822). */
-
-for (h = header_list; h; h = h->next)
-  if (h->type != htype_old && strncmpic(US"References:", h->text, 11) == 0)
-    break;
-
-if (!h)
-  for (h = header_list; h; h = h->next)
-    if (h->type != htype_old && strncmpic(US"In-Reply-To:", h->text, 12) == 0)
-      break;
-
-/* We limit the total length of references.  Although there is no fixed
-limit, some systems do not like headers growing beyond recognition.
-Keep the first message ID for the thread root and the last few for
-the position inside the thread, up to a maximum of 12 altogether. */
-
-if (h || message_id)
-  {
-  fprintf(fp, "References:");
-  if (h)
-    {
-    uschar *s, *id, *error;
-    uschar *referenced_ids[12];
-    int reference_count = 0;
-
-    s = Ustrchr(h->text, ':') + 1;
-    f.parse_allow_group = FALSE;
-    while (*s != 0 && (s = parse_message_id(s, &id, &error)) != NULL)
-      {
-      if (reference_count == nelem(referenced_ids))
-        {
-        memmove(referenced_ids + 1, referenced_ids + 2,
-           sizeof(referenced_ids) - 2*sizeof(uschar *));
-        referenced_ids[reference_count - 1] = id;
-        }
-      else referenced_ids[reference_count++] = id;
-      }
-    for (int i = 0; i < reference_count; ++i) fprintf(fp, " %s", referenced_ids[i]);
-    }
-
-  /* The message id will have a newline on the end of it. */
-
-  if (message_id) fprintf(fp, " %s", message_id);
-  else fprintf(fp, "\n");
-  }
+moan_write_references(fp, message_id);
 
 /* Add an Auto-Submitted: header */