static pcre_list *
compile(const uschar * list)
{
- int sep = 0;
- uschar *regex_string;
- uschar regex_string_buffer[1024];
- const char *pcre_error;
- int pcre_erroffset;
- pcre_list *re_list_head = NULL;
- pcre_list *ri;
-
- /* precompile our regexes */
- while ((regex_string = string_nextinlist(&list, &sep,
- regex_string_buffer,
- sizeof(regex_string_buffer))) != NULL) {
+int sep = 0;
+uschar *regex_string;
+const char *pcre_error;
+int pcre_erroffset;
+pcre_list *re_list_head = NULL;
+pcre_list *ri;
+
+/* precompile our regexes */
+while ((regex_string = string_nextinlist(&list, &sep, NULL, 0)))
+ if (strcmpic(regex_string, US"false") != 0 && Ustrcmp(regex_string, "0") != 0)
+ {
pcre *re;
- /* parse option */
- if ( (strcmpic(regex_string,US"false") == 0) ||
- (Ustrcmp(regex_string,"0") == 0) )
- continue; /* explicitly no matching */
-
/* compile our regular expression */
if (!(re = pcre_compile( CS regex_string,
- 0, &pcre_error, &pcre_erroffset, NULL ))) {
+ 0, &pcre_error, &pcre_erroffset, NULL )))
+ {
log_write(0, LOG_MAIN,
- "regex acl condition warning - error in regex '%s': %s at offset %d, skipped.",
+ "regex acl condition warning - error in regex '%s': %s at offset %d, skipped.",
regex_string, pcre_error, pcre_erroffset);
continue;
- }
+ }
ri = store_get(sizeof(pcre_list));
ri->re = re;
- ri->pcre_text = string_copy(regex_string);
+ ri->pcre_text = regex_string;
ri->next = re_list_head;
re_list_head = ri;
- }
- return re_list_head;
+ }
+return re_list_head;
}
static int
matcher(pcre_list * re_list_head, uschar * linebuffer, int len)
{
- pcre_list * ri;
+pcre_list * ri;
+
+for(ri = re_list_head; ri; ri = ri->next)
+ {
+ int ovec[3*(REGEX_VARS+1)];
+ int n, nn;
- for(ri = re_list_head; ri; ri = ri->next)
+ /* try matcher on the line */
+ n = pcre_exec(ri->re, NULL, CS linebuffer, len, 0, 0, ovec, nelem(ovec));
+ if (n > 0)
{
- int ovec[3*(REGEX_VARS+1)];
- int n, nn;
-
- /* try matcher on the line */
- n = pcre_exec(ri->re, NULL,
- CS linebuffer, len, 0, 0,
- ovec, nelem(ovec));
- if (n > 0)
- {
- Ustrncpy(regex_match_string_buffer, ri->pcre_text, 1023);
- regex_match_string = regex_match_string_buffer;
+ Ustrncpy(regex_match_string_buffer, ri->pcre_text,
+ sizeof(regex_match_string_buffer)-1);
+ regex_match_string = regex_match_string_buffer;
- for (nn = 1; nn < n; nn++)
- regex_vars[nn-1] =
- string_copyn(linebuffer + ovec[nn*2], ovec[nn*2+1] - ovec[nn*2]);
+ for (nn = 1; nn < n; nn++)
+ regex_vars[nn-1] =
+ string_copyn(linebuffer + ovec[nn*2], ovec[nn*2+1] - ovec[nn*2]);
- return OK;
- }
+ return OK;
}
- return FAIL;
+ }
+return FAIL;
}
int
regex(const uschar **listptr)
{
- unsigned long mbox_size;
- FILE *mbox_file;
- pcre_list *re_list_head;
- uschar *linebuffer;
- long f_pos = 0;
- int ret = FAIL;
-
- /* reset expansion variable */
- regex_match_string = NULL;
-
- if (mime_stream == NULL) { /* We are in the DATA ACL */
- mbox_file = spool_mbox(&mbox_size, NULL);
- if (mbox_file == NULL) { /* error while spooling */
- log_write(0, LOG_MAIN|LOG_PANIC,
- "regex acl condition: error while creating mbox spool file");
- return DEFER;
+unsigned long mbox_size;
+FILE *mbox_file;
+pcre_list *re_list_head;
+uschar *linebuffer;
+long f_pos = 0;
+int ret = FAIL;
+
+/* reset expansion variable */
+regex_match_string = NULL;
+
+if (!mime_stream) /* We are in the DATA ACL */
+ {
+ if (!(mbox_file = spool_mbox(&mbox_size, NULL)))
+ { /* error while spooling */
+ log_write(0, LOG_MAIN|LOG_PANIC,
+ "regex acl condition: error while creating mbox spool file");
+ return DEFER;
}
}
- else {
- f_pos = ftell(mime_stream);
- mbox_file = mime_stream;
+else
+ {
+ f_pos = ftell(mime_stream);
+ mbox_file = mime_stream;
}
- /* precompile our regexes */
- if (!(re_list_head = compile(*listptr)))
- return FAIL; /* no regexes -> nothing to do */
-
- /* match each line against all regexes */
- linebuffer = store_get(32767);
- while (fgets(CS linebuffer, 32767, mbox_file) != NULL) {
-
- if ( mime_stream && mime_current_boundary /* check boundary */
- && Ustrncmp(linebuffer,"--",2) == 0
- && Ustrncmp((linebuffer+2),mime_current_boundary,Ustrlen(mime_current_boundary)) == 0)
- break; /* found boundary */
-
- if ((ret = matcher(re_list_head, linebuffer, (int)Ustrlen(linebuffer))) == OK)
- goto done;
+/* precompile our regexes */
+if (!(re_list_head = compile(*listptr)))
+ return FAIL; /* no regexes -> nothing to do */
+
+/* match each line against all regexes */
+linebuffer = store_get(32767);
+while (fgets(CS linebuffer, 32767, mbox_file))
+ {
+ if ( mime_stream && mime_current_boundary /* check boundary */
+ && Ustrncmp(linebuffer, "--", 2) == 0
+ && Ustrncmp((linebuffer+2), mime_current_boundary,
+ Ustrlen(mime_current_boundary)) == 0)
+ break; /* found boundary */
+
+ if ((ret = matcher(re_list_head, linebuffer, (int)Ustrlen(linebuffer))) == OK)
+ goto done;
}
- /* no matches ... */
+/* no matches ... */
done:
- if (mime_stream == NULL)
- (void)fclose(mbox_file);
- else {
- clearerr(mime_stream);
- fseek(mime_stream,f_pos,SEEK_SET);
- };
-
- return ret;
+if (!mime_stream)
+ (void)fclose(mbox_file);
+else
+ {
+ clearerr(mime_stream);
+ fseek(mime_stream, f_pos, SEEK_SET);
+ }
+
+return ret;
}
int
mime_regex(const uschar **listptr)
{
- pcre_list *re_list_head = NULL;
- FILE *f;
- uschar *mime_subject = NULL;
- int mime_subject_len = 0;
- int ret;
-
- /* reset expansion variable */
- regex_match_string = NULL;
-
- /* precompile our regexes */
- if (!(re_list_head = compile(*listptr)))
- return FAIL; /* no regexes -> nothing to do */
-
- /* check if the file is already decoded */
- if (mime_decoded_filename == NULL) {
- const uschar *empty = US"";
- /* no, decode it first */
- mime_decode(&empty);
- if (mime_decoded_filename == NULL) {
- /* decoding failed */
- log_write(0, LOG_MAIN,
- "mime_regex acl condition warning - could not decode MIME part to file.");
- return DEFER;
+pcre_list *re_list_head = NULL;
+FILE *f;
+uschar *mime_subject = NULL;
+int mime_subject_len = 0;
+int ret;
+
+/* reset expansion variable */
+regex_match_string = NULL;
+
+/* precompile our regexes */
+if (!(re_list_head = compile(*listptr)))
+ return FAIL; /* no regexes -> nothing to do */
+
+/* check if the file is already decoded */
+if (!mime_decoded_filename)
+ { /* no, decode it first */
+ const uschar *empty = US"";
+ mime_decode(&empty);
+ if (!mime_decoded_filename)
+ { /* decoding failed */
+ log_write(0, LOG_MAIN,
+ "mime_regex acl condition warning - could not decode MIME part to file");
+ return DEFER;
}
}
- /* open file */
- if (!(f = fopen(CS mime_decoded_filename, "rb"))) {
- log_write(0, LOG_MAIN,
- "mime_regex acl condition warning - can't open '%s' for reading.",
- mime_decoded_filename);
- return DEFER;
+/* open file */
+if (!(f = fopen(CS mime_decoded_filename, "rb")))
+ {
+ log_write(0, LOG_MAIN,
+ "mime_regex acl condition warning - can't open '%s' for reading",
+ mime_decoded_filename);
+ return DEFER;
}
- /* get 32k memory */
- mime_subject = (uschar *)store_get(32767);
+/* get 32k memory */
+mime_subject = store_get(32767);
- mime_subject_len = fread(mime_subject, 1, 32766, f);
+mime_subject_len = fread(mime_subject, 1, 32766, f);
- ret = matcher(re_list_head, mime_subject, mime_subject_len);
- (void)fclose(f);
- return ret;
+ret = matcher(re_list_head, mime_subject, mime_subject_len);
+(void)fclose(f);
+return ret;
}
#endif /* WITH_CONTENT_SCAN */
if (!expand_check(certs, US"tls_verify_certificates", &expcerts))
return DEFER;
-if (expcerts != NULL && *expcerts != '\0')
+if (expcerts && *expcerts)
{
- if (Ustrcmp(expcerts, "system") == 0)
- {
- /* Tell the library to use its compiled-in location for the system default
- CA bundle, only */
+ /* Tell the library to use its compiled-in location for the system default
+ CA bundle. Then add the ones specified in the config, if any. */
- if (!SSL_CTX_set_default_verify_paths(sctx))
- return tls_error(US"SSL_CTX_set_default_verify_paths", host, NULL);
- }
- else
+ if (!SSL_CTX_set_default_verify_paths(sctx))
+ return tls_error(US"SSL_CTX_set_default_verify_paths", host, NULL);
+
+ if (Ustrcmp(expcerts, "system") != 0)
{
struct stat statbuf;
- /* Tell the library to use its compiled-in location for the system default
- CA bundle. Those given by the exim config are additional to these */
-
- if (!SSL_CTX_set_default_verify_paths(sctx))
- return tls_error(US"SSL_CTX_set_default_verify_paths", host, NULL);
-
if (Ustat(expcerts, &statbuf) < 0)
{
log_write(0, LOG_MAIN|LOG_PANIC,
If a list isn't loaded into the server, but
some verify locations are set, the server end appears to make
a wildcard reqest for client certs.
- Meanwhile, the client library as deafult behaviour *ignores* the list
+ Meanwhile, the client library as default behaviour *ignores* the list
we send over the wire - see man SSL_CTX_set_client_cert_cb.
Because of this, and that the dir variant is likely only used for
the public-CA bundle (not for a private CA), not worth fixing.
/* Handle a certificate revocation list. */
- #if OPENSSL_VERSION_NUMBER > 0x00907000L
+#if OPENSSL_VERSION_NUMBER > 0x00907000L
/* This bit of code is now the version supplied by Lars Mainka. (I have
- * merely reformatted it into the Exim code style.)
+ merely reformatted it into the Exim code style.)
- * "From here I changed the code to add support for multiple crl's
- * in pem format in one file or to support hashed directory entries in
- * pem format instead of a file. This method now uses the library function
- * X509_STORE_load_locations to add the CRL location to the SSL context.
- * OpenSSL will then handle the verify against CA certs and CRLs by
- * itself in the verify callback." */
+ "From here I changed the code to add support for multiple crl's
+ in pem format in one file or to support hashed directory entries in
+ pem format instead of a file. This method now uses the library function
+ X509_STORE_load_locations to add the CRL location to the SSL context.
+ OpenSSL will then handle the verify against CA certs and CRLs by
+ itself in the verify callback." */
if (!expand_check(crl, US"tls_crl", &expcrl)) return DEFER;
- if (expcrl != NULL && *expcrl != 0)
+ if (expcrl && *expcrl)
{
struct stat statbufcrl;
if (Ustat(expcrl, &statbufcrl) < 0)
}
}
- #endif /* OPENSSL_VERSION_NUMBER > 0x00907000L */
+#endif /* OPENSSL_VERSION_NUMBER > 0x00907000L */
/* If verification is optional, don't fail if no certificate */