JH/45 Fix cutthrough, when connection not opened by verify and target hard-
rejects a recipient: pass the reject to the originator.
+JH/46 Multiple issues raised by Coverity. Some were obvious or plausible bugs.
+ Many were false-positives and ignorable, but it's worth fixing the
+ former class.
+
Exim version 4.86
/* grep 1st option */
if ((dcc_acl_options = string_nextinlist(&list, &sep,
- dcc_acl_options_buffer,
- sizeof(dcc_acl_options_buffer))) != NULL)
- {
+ dcc_acl_options_buffer, sizeof(dcc_acl_options_buffer))))
+ {
/* parse 1st option */
- if ( (strcmpic(dcc_acl_options,US"false") == 0) ||
- (Ustrcmp(dcc_acl_options,"0") == 0) ) {
- /* explicitly no matching */
- return FAIL;
- };
-
- /* special cases (match anything except empty) */
- if ( (strcmpic(dcc_acl_options,US"true") == 0) ||
- (Ustrcmp(dcc_acl_options,"*") == 0) ||
- (Ustrcmp(dcc_acl_options,"1") == 0) ) {
- dcc_acl_options = dcc_acl_options;
- };
- }
- else {
- /* empty means "don't match anything" */
- return FAIL;
- };
+ if ( strcmpic(dcc_acl_options, US"false") == 0
+ || Ustrcmp(dcc_acl_options, "0") == 0
+ )
+ return FAIL; /* explicitly no matching */
+ }
+ else
+ return FAIL; /* empty means "don't match anything" */
sep = 0;
/* if we scanned this message last time, just return */
- if ( dcc_ok )
- return dcc_rc;
+ if (dcc_ok)
+ return dcc_rc;
/* open the spooled body */
message_subdir[1] = '\0';
- for (i = 0; i < 2; i++) {
+ for (i = 0; i < 2; i++)
+ {
message_subdir[0] = (split_spool_directory == (i == 0))? message_id[5] : 0;
sprintf(CS mbox_path, "%s/input/%s/%s-D", spool_directory, message_subdir, message_id);
data_file = Ufopen(mbox_path,"rb");
if (data_file != NULL)
break;
- };
+ }
- if (data_file == NULL) {
+ if (data_file == NULL)
+ {
/* error while spooling */
log_write(0, LOG_MAIN|LOG_PANIC,
"dcc acl condition: error while opening spool file");
return DEFER;
- };
+ }
/* Initialize the variables */
if (message_length > 0)
{
len = read(pfd[pipe_read], big_buffer, message_length);
+ big_buffer[big_buffer_size-1] = '\0'; /* guard byte */
if (len > 0) *sptr = string_copy(big_buffer);
}
}
rmt_dlv_checked_write(int fd, char id, char subid, void * buf, int size)
{
uschar writebuffer[PIPE_HEADER_SIZE + BIG_BUFFER_SIZE];
-int header_length;
+int header_length;
+int ret;
/* we assume that size can't get larger then BIG_BUFFER_SIZE which currently is set to 16k */
/* complain to log if someone tries with buffer sizes we can't handle*/
memcpy(writebuffer + PIPE_HEADER_SIZE, buf, size);
size += PIPE_HEADER_SIZE;
-int ret = write(fd, writebuffer, size);
-if(ret != size)
+if ((ret = write(fd, writebuffer, size)) != size)
log_write(0, LOG_MAIN|LOG_PANIC_DIE, "Failed writing transport result to pipe: %s\n",
ret == -1 ? strerror(errno) : "short write");
}
NEXT_MX_RR: continue;
}
+if (!last) /* No rr of correct type; give up */
+ {
+ yield = HOST_FIND_FAILED;
+ goto out;
+ }
+
/* If the list of hosts was obtained from SRV records, there are two things to
do. First, if there is only one host, and it's name is ".", it means there is
no SMTP service at this domain. Otherwise, we have to sort the hosts of equal
debug_printf(" %s P=%d W=%d\n", h->name, h->mx, h->sort_key % 1000);
}
- for (pptr = &host, h = host; h != last; pptr = &(h->next), h = h->next)
+ for (pptr = &host, h = host; h != last; pptr = &h->next, h = h->next)
{
int sum = 0;
host_item *hh;
for (h = host; h != last->next; h = h->next)
{
- if (h->address != NULL) continue; /* Inserted by a multihomed host */
+ if (h->address) continue; /* Inserted by a multihomed host */
+
rc = set_address_from_dns(h, &last, ignore_target_hosts, allow_mx_to_ip,
NULL, dnssec_request, dnssec_require);
if (rc != HOST_FOUND)
h->why = hwhy_deferred;
}
else
- h->why = (rc == HOST_IGNORED)? hwhy_ignored : hwhy_failed;
+ h->why = rc == HOST_IGNORED ? hwhy_ignored : hwhy_failed;
}
}
// eximsrs_db_set(FALSE, NULL);
*/
- if(ob->srs_alias != NULL ? (usedomain = expand_string(ob->srs_alias)) == NULL : 1)
- usedomain = deliver_domain;
+ if (!(usedomain = ob->srs_alias ? expand_string(ob->srs_alias) : NULL))
+ usedomain = string_copy(deliver_domain);
if((n_srs = eximsrs_forward(&res, sender_address, usedomain)) == OK)
{
if (Ustrncmp(p, "rozen", 5) == 0)
{
deliver_freeze = TRUE;
- sscanf(CS big_buffer+7, TIME_T_FMT, &deliver_frozen_at);
+ if (sscanf(CS big_buffer+7, TIME_T_FMT, &deliver_frozen_at) != 1)
+ goto SPOOL_READ_ERROR;
}
break;
/* Search the formats for a match */
-while ((s = string_nextinlist(&format,&sep,big_buffer,big_buffer_size))!= NULL)
+while ((s = string_nextinlist(&format,&sep,big_buffer,big_buffer_size)))
{
int slen = Ustrlen(s);
BOOL match = len >= slen && Ustrncmp(data, s, slen) == 0;
uschar *tp = string_nextinlist(&format, &sep, big_buffer, big_buffer_size);
- if (match)
+
+ if (match && tp)
{
transport_instance *tt;
- for (tt = transports; tt != NULL; tt = tt->next)
+ for (tt = transports; tt; tt = tt->next)
if (Ustrcmp(tp, tt->name) == 0)
{
DEBUG(D_transport)
git://git.exim.org / exim.git / commitdiff