the file with the proof had an unchanged name, the new proof(s) were
loaded on top of the old ones (and nover used; the old ones were stapled).
+JH/08 Bug 2915: Fix use-after-free for $regex<n> variables. Previously when
+ more than one message arrived in a single connection a reference from
+ the earlier message could be re-used. Often a sigsegv resulted.
+ These variables were introduced in Exim 4.87.
+ Debug help from Graeme Fowler.
+
Exim version 4.96
-----------------
-JH/01 Move the wait-for-next-tick (needed for unique messmage IDs) from
+JH/01 Move the wait-for-next-tick (needed for unique message IDs) from
after reception to before a subsequent reception. This should
mean slightly faster delivery, and also confirmation of reception
to senders.
regex_must_compile(US"^[A-Za-z0-9_/.-]*$", MCS_NOFLAGS, TRUE);
#endif
-for (i = 0; i < REGEX_VARS; i++) regex_vars[i] = NULL;
-
/* If the program is called as "mailq" treat it as equivalent to "exim -bp";
this seems to be a generally accepted convention, since one finds symbolic
links called "mailq" in standard OS configurations. */
deliver_localpart_data = deliver_domain_data =
recipient_data = sender_data = NULL;
acl_var_m = NULL;
- for(int i = 0; i < REGEX_VARS; i++) regex_vars[i] = NULL;
+ regex_vars_clear();
store_reset(reset_point);
}
return node ? node->data.ptr : strict_acl_vars ? NULL : US"";
}
-/* Handle $auth<n> variables. */
+/* Handle $auth<n>, $regex<n> variables. */
if (Ustrncmp(name, "auth", 4) == 0)
{
extern const pcre2_code *regex_compile(const uschar *, mcs_flags, uschar **,
pcre2_compile_context *);
extern const pcre2_code *regex_must_compile(const uschar *, mcs_flags, BOOL);
+extern void regex_vars_clear(void);
extern void retry_add_item(address_item *, uschar *, int);
extern BOOL retry_check_address(const uschar *, host_item *, uschar *, BOOL,
uschar **, uschar **);
int regex_cachesize = 0;
const pcre2_code *regex_ismsgid = NULL;
const pcre2_code *regex_smtp_code = NULL;
-const uschar *regex_vars[REGEX_VARS];
+const uschar *regex_vars[REGEX_VARS] = { 0 };;
#ifdef WHITELIST_D_MACROS
const pcre2_code *regex_whitelisted_macro = NULL;
#endif
}
+/* reset expansion variables */
+void
+regex_vars_clear(void)
+{
+regex_match_string = NULL;
+for (int i = 0; i < REGEX_VARS; i++) regex_vars[i] = NULL;
+}
+
+
int
-regex(const uschar **listptr, BOOL cacheable)
+regex(const uschar ** listptr, BOOL cacheable)
{
unsigned long mbox_size;
-FILE *mbox_file;
-pcre_list *re_list_head;
-uschar *linebuffer;
+FILE * mbox_file;
+pcre_list * re_list_head;
+uschar * linebuffer;
long f_pos = 0;
int ret = FAIL;
-/* reset expansion variable */
-regex_match_string = NULL;
+regex_vars_clear();
if (!mime_stream) /* We are in the DATA ACL */
{
int
mime_regex(const uschar **listptr, BOOL cacheable)
{
-pcre_list *re_list_head = NULL;
-FILE *f;
-uschar *mime_subject = NULL;
+pcre_list * re_list_head = NULL;
+FILE * f;
+uschar * mime_subject = NULL;
int mime_subject_len = 0;
int ret;
-/* reset expansion variable */
-regex_match_string = NULL;
+regex_vars_clear();
/* precompile our regexes */
if (!(re_list_head = compile(*listptr, cacheable)))
#ifdef SUPPORT_I18N
message_smtputf8 = FALSE;
#endif
+regex_vars_clear();
body_linecount = body_zerocount = 0;
+lookup_value = NULL; /* Can be set by ACL */
sender_rate = sender_rate_limit = sender_rate_period = NULL;
ratelimiters_mail = NULL; /* Updated by ratelimit ACL condition */
/* Note that ratelimiters_conn persists across resets. */
acl_smtp_rcpt = check_rcpt
acl_smtp_data = check_data
+acl_smtp_mime = check_mime
acl_not_smtp = check_data
check_rcpt:
accept
+check_mime:
+ warn condition = ${if match{$mime_content_type}{text}}
+ mime_regex = \N(?s)([\w.+=-]+@\w[\w-]*\.[\w.-]+\w)\
+ (.+?([\w.+=-]+@\w[\w-]*\.[\w.-]+\w))?\
+ (.+?([\w.+=-]+@\w[\w-]*\.[\w.-]+\w))?\
+ (.+?([\w.+=-]+@\w[\w-]*\.[\w.-]+\w))?\
+ (.+?([\w.+=-]+@\w[\w-]*\.[\w.-]+\w))?\N
+ accept
+
check_data:
warn regex = \N(THIS\s((\w+)\s)?REGEX)\N
message = X-Regex: Regex matched <$regex1> <$regex3>
Date: Tue, 2 Mar 1999 09:44:33 +0000
Message-ID: <41C2F849.3060203@projectile.test.ex>
FakeReject: test fakereject
+MIME-Version: 1.0
+Content-Type: text/plain
Sender: CALLER_NAME <CALLER@myhost.test.ex>
X-Regex: Regex matched <THIS gazornenplaz REGEX> <gazornenplaz>
OK, this should look like a genuine message, but
it will trip on THIS gazornenplaz REGEX.
+This checks proper release of variable used for mime_regex
+firstname@foobar.com
+secondname@blaz.com
+thirdname@blaz.com
+
Date: Fri, 17 Dec 2004 16:13:04 +0100
Message-ID: <41C2F849.3060203@projectile.test.ex>
FakeReject: test fakereject
+MIME-Version: 1.0
+Content-Type: text/plain
OK, this should look like a genuine message, but
it will trip on THIS gazornenplaz REGEX.
+
+This checks proper release of variable used for mime_regex
+firstname@foobar.com
+secondname@blaz.com
+thirdname@blaz.com
.
quit
****
git://git.exim.org / exim.git / commitdiff