Docs: PRVS validity. Bug 2033

diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index f3c7a060e8fbfd9da0dc3a6e0c657ee77cb23ae5..e3ac7f3b930bb2537b5c620d54a66ab98dbbdfda 100644 (file)
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -17133,6 +17133,9 @@ use when sending messages as a client, you must set the &%tls_certificate%&
 option in the relevant &(smtp)& transport.
 
 .new
+&*Note*&: If you use filenames based on IP addresses, change the list
+separator in the usual way to avoid confusion under IPv6.
+
 &*Note*&: Under current versions of OpenSSL, when a list of more than one
 file is used, the &$tls_in_ourcert$& veriable is unreliable.
 .wen
@@ -31327,6 +31330,7 @@ address and some time-based randomizing information. The &%prvs%& expansion
 item creates a signed address, and the &%prvscheck%& expansion item checks one.
 The syntax of these expansion items is described in section
 &<<SECTexpansionitems>>&.
+The validity period on signed addresses is seven days.
 
 As an example, suppose the secret per-address keys are stored in an MySQL
 database. A query to look up the key for an address could be defined as a macro

diff --git a/src/src/expand.c b/src/src/expand.c
index f44ddf8b828c2c8f60cd2a8976b5862dd671a736..881c5fb2a55416bc22ffc895f9f9f5bb34d29dad 100644 (file)
--- a/src/src/expand.c
+++ b/src/src/expand.c
@@ -4494,25 +4494,25 @@ while (*s != 0)
       if (skipping) continue;
 
       /* sub_arg[0] is the address */
-      domain = Ustrrchr(sub_arg[0],'@');
-      if ( (domain == NULL) || (domain == sub_arg[0]) || (Ustrlen(domain) == 1) )
+      if (  !(domain = Ustrrchr(sub_arg[0],'@'))
+        || domain == sub_arg[0] || Ustrlen(domain) == 1)
         {
         expand_string_message = US"prvs first argument must be a qualified email address";
         goto EXPAND_FAILED;
         }
 
-      /* Calculate the hash. The second argument must be a single-digit
+      /* Calculate the hash. The third argument must be a single-digit
       key number, or unset. */
 
-      if (sub_arg[2] != NULL &&
-          (!isdigit(sub_arg[2][0]) || sub_arg[2][1] != 0))
+      if (  sub_arg[2]
+         && (!isdigit(sub_arg[2][0]) || sub_arg[2][1] != 0))
         {
-        expand_string_message = US"prvs second argument must be a single digit";
+        expand_string_message = US"prvs third argument must be a single digit";
         goto EXPAND_FAILED;
         }
 
-      p = prvs_hmac_sha1(sub_arg[0],sub_arg[1],sub_arg[2],prvs_daystamp(7));
-      if (p == NULL)
+      p = prvs_hmac_sha1(sub_arg[0], sub_arg[1], sub_arg[2], prvs_daystamp(7));
+      if (!p)
         {
         expand_string_message = US"prvs hmac-sha1 conversion failed";
         goto EXPAND_FAILED;
@@ -4628,7 +4628,7 @@ while (*s != 0)
             prvscheck_result = US"1";
             DEBUG(D_expand) debug_printf_indent("prvscheck: success, $pvrs_result set to 1\n");
             }
-            else
+         else
             {
             prvscheck_result = NULL;
             DEBUG(D_expand) debug_printf_indent("prvscheck: signature expired, $pvrs_result unset\n");

diff --git a/test/stdout/0002 b/test/stdout/0002
index c7f8cce80a7f69aeeec7fe81cd4afdd283e6d84f..20f418360a956f087f8d4d229a4d452afc264834 100644 (file)
--- a/test/stdout/0002
+++ b/test/stdout/0002
@@ -736,9 +736,9 @@ xyz
 > 
 > # Syntax errors
 > 
-> Failed: prvs second argument must be a single digit
-> Failed: prvs second argument must be a single digit
-> Failed: prvs second argument must be a single digit
+> Failed: prvs third argument must be a single digit
+> Failed: prvs third argument must be a single digit
+> Failed: prvs third argument must be a single digit
 > 
 > # Correct checks; can't put explicit addresses in the tests, because they
 > # will change over time.