From: Jeremy Harris Date: Mon, 22 Feb 2021 21:48:19 +0000 (+0000) Subject: Fix list-expansion for various domainlists, having included sublist elements. Bug... X-Git-Tag: exim-4.94.1~59 X-Git-Url: https://git.exim.org/exim.git/commitdiff_plain/e059caafd40201b8addb1f7237d8bdc3f8ea01f3?ds=sidebyside;hp=b099c4cea4ade08e8428b31ded5947b8386aab32 Fix list-expansion for various domainlists, having included sublist elements. Bug 2701 (cherry picked from commit e2be2df5c0760e2b6a7870c88ad486a23f5e4b01) --- diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index a458b4721..0792062ba 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -157,6 +157,12 @@ JH/43 Bug 2694: Fix weighted distribution of work to multiple spamd servers. Previously the weighting was incorrectly applied. Similar fix for socks proxies. Found and fixed by Heiko Schlichting. +JH/44 Bug 2701: Fix list-expansion of dns_ipv4_lookup. Previously, it did + not handle sub-lists included using the +namedlist syntax. While + investigating, the same found for dns_trust_aa, dns_again_means_nonexist, + dnssec_require_domains, dnssec_request_domains, srv_fail_domains, + mx_fail_domains. + Exim version 4.94 ----------------- diff --git a/src/src/acl.c b/src/src/acl.c index 105b1b473..90e1ce81d 100644 --- a/src/src/acl.c +++ b/src/src/acl.c @@ -3438,14 +3438,14 @@ for (; cb; cb = cb->next) case ACLC_DKIM_SIGNER: if (dkim_cur_signer) rc = match_isinlist(dkim_cur_signer, - &arg,0,NULL,NULL,MCL_STRING,TRUE,NULL); + &arg, 0, NULL, NULL, MCL_STRING, TRUE, NULL); else rc = FAIL; break; case ACLC_DKIM_STATUS: rc = match_isinlist(dkim_verify_status, - &arg,0,NULL,NULL,MCL_STRING,TRUE,NULL); + &arg, 0, NULL, NULL, MCL_STRING, TRUE, NULL); break; #endif @@ -3457,7 +3457,7 @@ for (; cb; cb = cb->next) /* used long way of dmarc_exim_expand_query() in case we need more * view into the process in the future. */ rc = match_isinlist(dmarc_exim_expand_query(DMARC_VERIFY_STATUS), - &arg,0,NULL,NULL,MCL_STRING,TRUE,NULL); + &arg, 0, NULL, NULL, MCL_STRING, TRUE, NULL); break; #endif diff --git a/src/src/dns.c b/src/src/dns.c index b567c3e71..806838e02 100644 --- a/src/src/dns.c +++ b/src/src/dns.c @@ -516,7 +516,7 @@ if ( !h->aa || !(trusted = expand_string(dns_trust_aa)) || !*trusted || !(auth_name = dns_extract_auth_name(dnsa)) - || OK != match_isinlist(auth_name, &trusted, 0, NULL, NULL, + || OK != match_isinlist(auth_name, &trusted, 0, &domainlist_anchor, NULL, MCL_DOMAIN, TRUE, NULL) ) return FALSE; @@ -908,8 +908,8 @@ if (dnsa->answerlen < 0) switch (h_errno) #ifndef STAND_ALONE save_domain = deliver_domain; deliver_domain = string_copy(name); /* set $domain */ - rc = match_isinlist(name, (const uschar **)&dns_again_means_nonexist, 0, NULL, NULL, - MCL_DOMAIN, TRUE, NULL); + rc = match_isinlist(name, CUSS &dns_again_means_nonexist, 0, + &domainlist_anchor, NULL, MCL_DOMAIN, TRUE, NULL); deliver_domain = save_domain; if (rc != OK) { diff --git a/src/src/host.c b/src/src/host.c index 817d4446c..dbc7ce20d 100644 --- a/src/src/host.c +++ b/src/src/host.c @@ -1946,9 +1946,7 @@ host_find_byname(host_item *host, const uschar *ignore_target_hosts, int flags, int yield, times; host_item *last = NULL; BOOL temp_error = FALSE; -#if HAVE_IPV6 int af; -#endif #ifndef DISABLE_TLS /* Copy the host name at this point to the value which is used for @@ -1974,10 +1972,10 @@ lookups here (except when testing standalone). */ #ifdef STAND_ALONE if (disable_ipv6) #else - if (disable_ipv6 || - (dns_ipv4_lookup != NULL && - match_isinlist(host->name, CUSS &dns_ipv4_lookup, 0, NULL, NULL, - MCL_DOMAIN, TRUE, NULL) == OK)) + if ( disable_ipv6 + || dns_ipv4_lookup + && match_isinlist(host->name, CUSS &dns_ipv4_lookup, 0, + &domainlist_anchor, NULL, MCL_DOMAIN, TRUE, NULL) == OK) #endif { af = AF_INET; times = 1; } @@ -1987,7 +1985,7 @@ lookups here (except when testing standalone). */ /* No IPv6 support */ #else /* HAVE_IPV6 */ - times = 1; + af = AF_INET; times = 1; #endif /* HAVE_IPV6 */ /* Initialize the flag that gets set for DNS syntax check errors, so that the @@ -2029,7 +2027,7 @@ for (int i = 1; i <= times; #else /* not HAVE_IPV6 */ if (f.running_in_test_harness) - hostdata = host_fake_gethostbyname(host->name, AF_INET, &error_num); + hostdata = host_fake_gethostbyname(host->name, af, &error_num); else { hostdata = gethostbyname(CS host->name); @@ -2202,8 +2200,8 @@ RETURN_AGAIN: int rc; const uschar *save = deliver_domain; deliver_domain = host->name; /* set $domain */ - rc = match_isinlist(host->name, CUSS &dns_again_means_nonexist, 0, NULL, NULL, - MCL_DOMAIN, TRUE, NULL); + rc = match_isinlist(host->name, CUSS &dns_again_means_nonexist, 0, + &domainlist_anchor, NULL, MCL_DOMAIN, TRUE, NULL); deliver_domain = save; if (rc == OK) { @@ -2303,9 +2301,9 @@ On an IPv4 system, go round the loop once only, looking only for A records. */ #ifndef STAND_ALONE if ( disable_ipv6 || !(whichrrs & HOST_FIND_BY_AAAA) - || (dns_ipv4_lookup - && match_isinlist(host->name, CUSS &dns_ipv4_lookup, 0, NULL, NULL, - MCL_DOMAIN, TRUE, NULL) == OK) + || dns_ipv4_lookup + && match_isinlist(host->name, CUSS &dns_ipv4_lookup, 0, + &domainlist_anchor, NULL, MCL_DOMAIN, TRUE, NULL) == OK ) i = 0; /* look up A records only */ else @@ -2563,12 +2561,12 @@ int yield; dns_answer * dnsa = store_get_dns_answer(); dns_scan dnss; BOOL dnssec_require = dnssec_d - && match_isinlist(host->name, CUSS &dnssec_d->require, - 0, NULL, NULL, MCL_DOMAIN, TRUE, NULL) == OK; + && match_isinlist(host->name, CUSS &dnssec_d->require, + 0, &domainlist_anchor, NULL, MCL_DOMAIN, TRUE, NULL) == OK; BOOL dnssec_request = dnssec_require - || ( dnssec_d - && match_isinlist(host->name, CUSS &dnssec_d->request, - 0, NULL, NULL, MCL_DOMAIN, TRUE, NULL) == OK); + || ( dnssec_d + && match_isinlist(host->name, CUSS &dnssec_d->request, + 0, &domainlist_anchor, NULL, MCL_DOMAIN, TRUE, NULL) == OK); dnssec_status_t dnssec; /* Set the default fully qualified name to the incoming name, initialize the @@ -2633,10 +2631,10 @@ if (whichrrs & HOST_FIND_BY_SRV) } if (rc == DNS_FAIL || rc == DNS_AGAIN) { - #ifndef STAND_ALONE - if (match_isinlist(host->name, CUSS &srv_fail_domains, 0, NULL, NULL, - MCL_DOMAIN, TRUE, NULL) != OK) - #endif +#ifndef STAND_ALONE + if (match_isinlist(host->name, CUSS &srv_fail_domains, 0, + &domainlist_anchor, NULL, MCL_DOMAIN, TRUE, NULL) != OK) +#endif { yield = HOST_FIND_AGAIN; goto out; } DEBUG(D_host_lookup) debug_printf("DNS_%s treated as DNS_NODATA " "(domain in srv_fail_domains)\n", (rc == DNS_FAIL)? "FAIL":"AGAIN"); @@ -2685,8 +2683,8 @@ if (rc != DNS_SUCCEED && whichrrs & HOST_FIND_BY_MX) DEBUG(D_host_lookup) debug_printf("dnssec fail on MX for %.256s", host->name); #ifndef STAND_ALONE - if (match_isinlist(host->name, CUSS &mx_fail_domains, 0, NULL, NULL, - MCL_DOMAIN, TRUE, NULL) != OK) + if (match_isinlist(host->name, CUSS &mx_fail_domains, 0, + &domainlist_anchor, NULL, MCL_DOMAIN, TRUE, NULL) != OK) { yield = HOST_FIND_SECURITY; goto out; } #endif rc = DNS_FAIL; @@ -2695,8 +2693,8 @@ if (rc != DNS_SUCCEED && whichrrs & HOST_FIND_BY_MX) case DNS_FAIL: case DNS_AGAIN: #ifndef STAND_ALONE - if (match_isinlist(host->name, CUSS &mx_fail_domains, 0, NULL, NULL, - MCL_DOMAIN, TRUE, NULL) != OK) + if (match_isinlist(host->name, CUSS &mx_fail_domains, 0, + &domainlist_anchor, NULL, MCL_DOMAIN, TRUE, NULL) != OK) #endif { yield = HOST_FIND_AGAIN; goto out; } DEBUG(D_host_lookup) debug_printf("DNS_%s treated as DNS_NODATA "