From: Jeremy Harris Date: Tue, 5 May 2020 17:47:29 +0000 (+0100) Subject: Ensure lookup-result variables are dropped between messages on a connection X-Git-Tag: exim-4.94-RC1~19 X-Git-Url: https://git.exim.org/exim.git/commitdiff_plain/0f9c36e64b3ded09b1972515fc62a673e1be2b8d Ensure lookup-result variables are dropped between messages on a connection --- diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 9fd526b08..1d685a130 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -179,6 +179,11 @@ JH/38 Fix $dkim_key_length. This should, after a DKIM verification, present JH/39 DKIM verification: the RFC 8301 restriction on sizes of RSA keys is now the default. See the (new) dkim_verify_min_keysizes option. +JH/40 Fix a memory-handling bug: when a connection carried multiple messages + and an ACL use a lookup for checking either the local_part or domain, + stale data could be accessed. Ensure that variable references are + dropped between messages. + Exim version 4.93 ----------------- diff --git a/src/src/exim.c b/src/src/exim.c index 6bc95d241..920e9e226 100644 --- a/src/src/exim.c +++ b/src/src/exim.c @@ -5115,6 +5115,8 @@ if (host_checking) deliver_localpart_orig = NULL; deliver_domain_orig = NULL; callout_address = sending_ip_address = NULL; + deliver_localpart_data = deliver_domain_data = + recipient_data = sender_data = NULL; sender_rate = sender_rate_limit = sender_rate_period = NULL; } smtp_log_no_mail(); @@ -5767,6 +5769,8 @@ moreloop: #endif callout_address = NULL; sending_ip_address = NULL; + deliver_localpart_data = deliver_domain_data = + recipient_data = sender_data = NULL; acl_var_m = NULL; for(int i = 0; i < REGEX_VARS; i++) regex_vars[i] = NULL; diff --git a/src/src/smtp_in.c b/src/src/smtp_in.c index d72adc15c..b3d1acbf9 100644 --- a/src/src/smtp_in.c +++ b/src/src/smtp_in.c @@ -2056,7 +2056,8 @@ f.active_local_from_check = local_from_check; /* Can be set by ACL */ f.active_local_sender_retain = local_sender_retain; /* Can be set by ACL */ sending_ip_address = NULL; return_path = sender_address = NULL; -sender_data = NULL; /* Can be set by ACL */ +deliver_localpart_data = deliver_domain_data = +recipient_data = sender_data = NULL; /* Can be set by ACL */ deliver_localpart_parent = deliver_localpart_orig = NULL; deliver_domain_parent = deliver_domain_orig = NULL; callout_address = NULL; diff --git a/test/aux-fixed/0623.list b/test/aux-fixed/0623.list new file mode 100644 index 000000000..737a751a0 --- /dev/null +++ b/test/aux-fixed/0623.list @@ -0,0 +1,4 @@ +fred: yes +jim: him also +good1.ex: yup +good2.ex: ok diff --git a/test/confs/0623 b/test/confs/0623 new file mode 100644 index 000000000..7ac0ad3c5 --- /dev/null +++ b/test/confs/0623 @@ -0,0 +1,23 @@ +# Exim test configuration 0623 + +.include DIR/aux-var/std_conf_prefix + + +# ----- Main settings ----- + +domainlist local_domains = @ + +acl_smtp_rcpt = chk_rcpt + +queue_only + + +# ----- ACL ----- + +begin acl + +chk_rcpt: + accept local_parts = lsearch;DIR/aux-fixed/TESTNUM.list + domains = lsearch;DIR/aux-fixed/TESTNUM.list + +# End diff --git a/test/log/0623 b/test/log/0623 new file mode 100644 index 000000000..c84f87428 --- /dev/null +++ b/test/log/0623 @@ -0,0 +1,6 @@ +1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@the.local.host.name U=CALLER P=local-smtp S=sss + +******** SERVER ******** +1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D +1999-03-02 09:44:33 10HmaY-0005vi-00 <= a@test.ex H=(tester) [127.0.0.1] P=smtp S=sss +1999-03-02 09:44:33 10HmaZ-0005vi-00 <= b@test.ex H=(tester) [127.0.0.1] P=smtp S=sss diff --git a/test/scripts/0000-Basic/0623 b/test/scripts/0000-Basic/0623 new file mode 100644 index 000000000..d43d13ca6 --- /dev/null +++ b/test/scripts/0000-Basic/0623 @@ -0,0 +1,57 @@ +# free of local_part_data, domain_data, sender_data +# +exim -bh 99.99.99.99 +HELO tester +MAIL FROM: +RCPT TO: +DATA +. +RSET +MAIL FROM: +RCPT TO: +DATA +. +QUIT +**** +# +# +exim -bd -DSERVER=server -oX PORT_D +**** +client 127.0.0.1 PORT_D +??? 220 +HELO tester +??? 250 +MAIL FROM: +??? 250 +RCPT TO: +??? 250 +DATA +??? 354 +. +??? 250 +RSET +??? 250 +MAIL FROM: +??? 250 +RCPT TO: +??? 250 +DATA +??? 354 +. +??? 250 +QUIT +**** +killdaemon +# +# +exim -bs +HELO tester +MAIL FROM: +RCPT TO: +DATA +. +QUIT +**** +# +# +no_msglog_check diff --git a/test/stderr/0623 b/test/stderr/0623 new file mode 100644 index 000000000..21ac5f241 --- /dev/null +++ b/test/stderr/0623 @@ -0,0 +1,29 @@ +>>> host in hosts_connection_nolog? no (option unset) +>>> host in host_lookup? no (option unset) +>>> host in host_reject_connection? no (option unset) +>>> host in sender_unqualified_hosts? no (option unset) +>>> host in recipient_unqualified_hosts? no (option unset) +>>> host in helo_verify_hosts? no (option unset) +>>> host in helo_try_verify_hosts? no (option unset) +>>> host in helo_accept_junk_hosts? no (option unset) +>>> tester in helo_lookup_domains? no (end of list) +>>> using ACL "chk_rcpt" +>>> processing "accept" (TESTSUITE/test-config 20) +>>> check local_parts = lsearch;TESTSUITE/aux-fixed/0623.list +>>> fred in "lsearch;TESTSUITE/aux-fixed/0623.list"? yes (matched "lsearch;TESTSUITE/aux-fixed/0623.list") +>>> check domains = lsearch;TESTSUITE/aux-fixed/0623.list +>>> good1.ex in "lsearch;TESTSUITE/aux-fixed/0623.list"? yes (matched "lsearch;TESTSUITE/aux-fixed/0623.list") +>>> accept: condition test succeeded in ACL "chk_rcpt" +>>> end of ACL "chk_rcpt": ACCEPT +LOG: 10HmbA-0005vi-00 <= a@test.ex H=(tester) [99.99.99.99] P=smtp S=sss +>>> using ACL "chk_rcpt" +>>> processing "accept" (TESTSUITE/test-config 20) +>>> check local_parts = lsearch;TESTSUITE/aux-fixed/0623.list +>>> jim in "lsearch;TESTSUITE/aux-fixed/0623.list"? yes (matched "lsearch;TESTSUITE/aux-fixed/0623.list") +>>> check domains = lsearch;TESTSUITE/aux-fixed/0623.list +>>> good2.ex in "lsearch;TESTSUITE/aux-fixed/0623.list"? yes (matched "lsearch;TESTSUITE/aux-fixed/0623.list") +>>> accept: condition test succeeded in ACL "chk_rcpt" +>>> end of ACL "chk_rcpt": ACCEPT +LOG: 10HmbB-0005vi-00 <= b@test.ex H=(tester) [99.99.99.99] P=smtp S=sss + +******** SERVER ******** diff --git a/test/stdout/0623 b/test/stdout/0623 new file mode 100644 index 000000000..27103d94f --- /dev/null +++ b/test/stdout/0623 @@ -0,0 +1,65 @@ + +**** SMTP testing session as if from host 99.99.99.99 +**** but without any ident (RFC 1413) callback. +**** This is not for real! + +220 the.local.host.name ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 +250 the.local.host.name Hello tester [99.99.99.99] +250 OK +250 Accepted +354 Enter message, ending with "." on a line by itself +250 OK id=10HmbA-0005vi-00 + +**** SMTP testing: that is not a real message id! + +250 Reset OK +250 OK +250 Accepted +354 Enter message, ending with "." on a line by itself +250 OK id=10HmbB-0005vi-00 + +**** SMTP testing: that is not a real message id! + +221 the.local.host.name closing connection +Connecting to 127.0.0.1 port 1225 ... connected +??? 220 +<<< 220 the.local.host.name ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 +>>> HELO tester +??? 250 +<<< 250 the.local.host.name Hello tester [127.0.0.1] +>>> MAIL FROM: +??? 250 +<<< 250 OK +>>> RCPT TO: +??? 250 +<<< 250 Accepted +>>> DATA +??? 354 +<<< 354 Enter message, ending with "." on a line by itself +>>> . +??? 250 +<<< 250 OK id=10HmaY-0005vi-00 +>>> RSET +??? 250 +<<< 250 Reset OK +>>> MAIL FROM: +??? 250 +<<< 250 OK +>>> RCPT TO: +??? 250 +<<< 250 Accepted +>>> DATA +??? 354 +<<< 354 Enter message, ending with "." on a line by itself +>>> . +??? 250 +<<< 250 OK id=10HmaZ-0005vi-00 +>>> QUIT +End of script +220 the.local.host.name ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 +250 the.local.host.name Hello CALLER at tester +250 OK +250 Accepted +354 Enter message, ending with "." on a line by itself +250 OK id=10HmaX-0005vi-00 +221 the.local.host.name closing connection