exim.git
3 years agoSECURITY: Avoid decrement of dkim_collect_input if already at 0
Heiko Schlittermann (HS12-RIPE) [Wed, 25 Nov 2020 21:58:58 +0000 (22:58 +0100)]
SECURITY: Avoid decrement of dkim_collect_input if already at 0

Credits: Qualys

    5/ receive_msg() calls dkim_exim_verify_finish(), which sets
    dkim_collect_input to 0 and calls pdkim_feed_finish(), which calls
    pdkim_header_complete(), which decreases dkim_collect_input to UINT_MAX,
    which reactivates the DKIM code.

    As a result, pdkim_feed() is called again (through receive_getc at the
    end of receive_msg()), but functions like pdkim_finish_bodyhash() and
    exim_sha_finish() have already been called (in pdkim_feed_finish()).
    This suggests a use-after-free.

    But it seems that a use-after-free would happen only with
    EVP_DigestFinal() (in exim_sha_finish()), which does not seem to be
    reachable via DKIM (no SHA3). But we checked OpenSSL only, not GnuTLS.

    Here is a proof of concept that triggers the bug (which came very close
    to a security vulnerability):

    (sleep 10; echo 'EHLO test'; sleep 3; echo 'MAIL FROM:<>'; sleep 3; echo 'RCPT TO:postmaster'; sleep 3; echo 'BDAT 42 LAST'; date >&2; sleep 30; printf 'not a valid header line\r\nDKIM-Signature:\r\nXXX'; sleep 30) | nc -n -v 192.168.56.102 25

    (gdb) print &dkim_collect_input
    $2 = (unsigned int *) 0x55e180386d90 <dkim_collect_input>
    (gdb) watch *(unsigned int *) 0x55e180386d90

    Hardware watchpoint 1: *(unsigned int *) 0x55e180386d90
    Old value = 0
    New value = 4294967295
    #0  0x000055e18031f805 in pdkim_header_complete (ctx=ctx@entry=0x55e181b9e8e0) at pdkim.c:1006
    #1  0x000055e18032106c in pdkim_feed_finish (ctx=0x55e181b9e8e0, return_signatures=0x55e180386d78 <dkim_signatures>, err=err@entry=0x7ffe443e1d00) at pdkim.c:1490
    #2  0x000055e1802a3280 in dkim_exim_verify_finish () at dkim.c:328
    #3  0x000055e1802c9d1d in receive_msg (extract_recip=extract_recip@entry=0) at receive.c:3409

(cherry picked from commit e3674091056ac05eb7ef1c504accce790c434bd7)

3 years agoSECURITY: Check overrun rcpt_count integer
Heiko Schlittermann (HS12-RIPE) [Wed, 25 Nov 2020 21:26:53 +0000 (22:26 +0100)]
SECURITY: Check overrun rcpt_count integer

Credits: Qualys

    4/ In src/smtp_in.c:

    4966     case RCPT_CMD:
    4967       HAD(SCH_RCPT);
    4968       rcpt_count++;
    ....
    5123       if (rcpt_count > recipients_max && recipients_max > 0)

    In theory this recipients_max check can be bypassed, because the int
    rcpt_count can overflow (become negative). In practice this would either
    consume too much memory or generate too much network traffic, but maybe
    it should be fixed anyway.

(cherry picked from commit 04139ca809fbe56d8fe9c55a77640ea9fa93b8f1)

3 years agoSECURITY: Fix safeguard against upward traversal in msglog files.
Heiko Schlittermann (HS12-RIPE) [Sat, 21 Nov 2020 21:41:28 +0000 (22:41 +0100)]
SECURITY: Fix safeguard against upward traversal in msglog files.

Credits: Qualys

    3/ In src/deliver.c:

     333 static int
     334 open_msglog_file(uschar *filename, int mode, uschar **error)
     335 {
     336 if (Ustrstr(filename, US"/../"))
     337   log_write(0, LOG_MAIN|LOG_PANIC,
     338     "Attempt to open msglog file path with upward-traversal: '%s'\n", filename);

    Should this be LOG_PANIC_DIE instead of LOG_PANIC? Right now it will log
    the /../ attempt but will open the file anyway.

(cherry picked from commit 742c27f02d83792937dcb1719b380d3dde6228bf)

3 years agoSECURITY: Don't miss the very last byte when reading long lines from -H
Heiko Schlittermann (HS12-RIPE) [Sat, 21 Nov 2020 21:18:56 +0000 (22:18 +0100)]
SECURITY: Don't miss the very last byte when reading long lines from -H

Credits: Qualys

    2/ In src/spool_in.c:

     462   while (  (len = Ustrlen(big_buffer)) == big_buffer_size-1
     463         && big_buffer[len-1] != '\n'
     464         )
     465     {   /* buffer not big enough for line; certs make this possible */
     466     uschar * buf;
     467     if (big_buffer_size >= BIG_BUFFER_SIZE*4) goto SPOOL_READ_ERROR;
     468     buf = store_get_perm(big_buffer_size *= 2, FALSE);
     469     memcpy(buf, big_buffer, --len);

    The --len in memcpy() chops off a useful byte (we know for sure that
    big_buffer[len-1] is not a '\n' because we entered the while loop).

(cherry picked from commit 58454ea01c2e817481770954edf09ad82f3cd417)

3 years agoSECURITY: off-by-one in smtp transport (read response)
Heiko Schlittermann (HS12-RIPE) [Sat, 21 Nov 2020 21:03:03 +0000 (22:03 +0100)]
SECURITY: off-by-one in smtp transport (read response)

Credits: Qualys

    1/ In src/transports/smtp.c:

    2281       int n = sizeof(sx->buffer);
    2282       uschar * rsp = sx->buffer;
    2283
    2284       if (sx->esmtp_sent && (n = Ustrlen(sx->buffer)) < sizeof(sx->buffer)/2)
    2285         { rsp = sx->buffer + n + 1; n = sizeof(sx->buffer) - n; }

    This should probably be either:

    rsp = sx->buffer + n + 1; n = sizeof(sx->buffer) - n - 1;

    or:

    rsp = sx->buffer + n; n = sizeof(sx->buffer) - n;

    (not sure which) to avoid an off-by-one.

(cherry picked from commit d2c44ef5dd94f1f43ba1d1a02bc4594f4fba5e38)

3 years agoStart documenting the things we changed incompatibly.
Phil Pennock [Mon, 2 Nov 2020 07:39:38 +0000 (02:39 -0500)]
Start documenting the things we changed incompatibly.

(cherry picked from commit 8dad4da53bad2ed3b29fa6a3b9ef59bfec73dc0e)

3 years agoInline four often-called new functions
Phil Pennock [Mon, 2 Nov 2020 07:23:14 +0000 (02:23 -0500)]
Inline four often-called new functions

The BDAT state switchers should happen so often during SMTP reception that a
compiler hint to inline seems wise.

The length filter checks happen on every start-up, which for Exim is often
enough that I think an inline these is warranted too.

(cherry picked from commit 6e3d0e3f1c8228ef19a3d1ba61f131cef3172ceb)

3 years agoFixes for compilation
Jeremy Harris [Sat, 31 Oct 2020 14:36:55 +0000 (14:36 +0000)]
Fixes for compilation

(cherry picked from commit 85a90771a373aaaced64b92d7176a8a310490b9e)

3 years agoSECURITY: rework BDAT receive function handling
Phil Pennock [Fri, 30 Oct 2020 03:21:36 +0000 (23:21 -0400)]
SECURITY: rework BDAT receive function handling

(cherry picked from commit dd1b9b753bb7c42df2b8f48d726b82928b67940b)

3 years agoSECURITY: fix SMTP verb option parsing
Phil Pennock [Fri, 30 Oct 2020 02:40:59 +0000 (22:40 -0400)]
SECURITY: fix SMTP verb option parsing

A boundary case in looking for an opening quote before the closing quote could
walk off the front of the buffer.

(cherry picked from commit 515d8d43a18481d23d7cf410b8dc71b4e254ebb8)

3 years agoSECURITY: Avoid integer overflow on too many recipients
Phil Pennock [Fri, 30 Oct 2020 01:48:05 +0000 (21:48 -0400)]
SECURITY: Avoid integer overflow on too many recipients

(cherry picked from commit 323ff55e67b44e95f9d3cfaba155e385aa33c4bd)

3 years agoSECURITY: default recipients_max to 50,000
Phil Pennock [Fri, 30 Oct 2020 01:38:25 +0000 (21:38 -0400)]
SECURITY: default recipients_max to 50,000

A default of "unlimited" can have unfortunate consequences when people start
putting many millions of recipients on a message.

(cherry picked from commit 1d7780722a66cea8da5fa4ae0775e85d185fbf7e)

3 years agoSECURITY: a second negative store guard
Phil Pennock [Fri, 30 Oct 2020 01:30:04 +0000 (21:30 -0400)]
SECURITY: a second negative store guard

(cherry picked from commit 706864e934c70941ce7a327f97b7649a1e5f5556)

3 years agoSECURITY: refuse too small store allocations
Phil Pennock [Fri, 30 Oct 2020 00:49:49 +0000 (20:49 -0400)]
SECURITY: refuse too small store allocations

Negative sizes are definitely bad.
Optimistically, I'm saying that zero is bad too.  But perhaps we have something
doing that, expecting to be able to grow.  In which case we'll have to amend
this.

(cherry picked from commit 1c9afcec0043e2fb72607b2addb0613763705549)

3 years agoSECURITY: fix Qualys CVE-2020-PFPZA
Phil Pennock [Fri, 30 Oct 2020 00:42:40 +0000 (20:42 -0400)]
SECURITY: fix Qualys CVE-2020-PFPZA

(cherry picked from commit 29d7a8c25f182c91d5d30f124f9e296dce5c018e)

3 years agoSECURITY: fix Qualys CVE-2020-PFPSN
Phil Pennock [Thu, 29 Oct 2020 23:00:51 +0000 (19:00 -0400)]
SECURITY: fix Qualys CVE-2020-PFPSN

(cherry picked from commit 93b6044e1636404f3463f3e1113098742e295542)

3 years agoSECURITY: fix Qualys CVE-2020-SLCWD
Phil Pennock [Thu, 29 Oct 2020 15:47:58 +0000 (11:47 -0400)]
SECURITY: fix Qualys CVE-2020-SLCWD

(cherry picked from commit bf5f9d56fadf9be8d947f141d31f7e0e8fa63762)

3 years agoSECURITY: pick up more argv length checks
Phil Pennock [Thu, 29 Oct 2020 22:40:37 +0000 (18:40 -0400)]
SECURITY: pick up more argv length checks

(cherry picked from commit f28a6a502c7973d8844d11d4b0990d4b0359fb3f)

3 years agoSECURITY: length limits on many cmdline options
Phil Pennock [Thu, 29 Oct 2020 22:11:35 +0000 (18:11 -0400)]
SECURITY: length limits on many cmdline options

We'll also now abort upon, rather than silently truncate, a driver name
(router, transport, ACL, etc) encountered in the config which is longer than
the 64-char limit.

(cherry picked from commit ff8bef9ae2370db4a7873fe2ce573a607fe6999f)

3 years agoRe-ran the conversion of all DH parameters
Phil Pennock [Fri, 18 Sep 2020 14:25:42 +0000 (10:25 -0400)]
Re-ran the conversion of all DH parameters

I get different results now to those I got before.

Now, using gen_pkcs3 linked against OpenSSL 1.1.1f-1ubuntu2 on Focal Fossa, I
get the results below.  The ffdhe2048 value now matches that at
<https://ssl-config.mozilla.org/ffdhe2048.txt>.

I ran the same code yesterday for just the ffdhe2048 item and got code which
seemed to me then to match what was already in the C file.  Something hinky is
going on, perhaps with my sanity.

(the commit IDs changee because of heavy rebasing (heiko))

(cherry picked from commit 76ed8115182e2daaadb437ec9655df8000796ec5)

3 years agogen_pkcs3: Terminate string before calling BH_hex2bn()
Simon Arlott [Thu, 24 Sep 2020 22:03:14 +0000 (23:03 +0100)]
gen_pkcs3: Terminate string before calling BH_hex2bn()

Signed-off-by: Phil Pennock <pdp@exim.org>
(cherry picked from commit 1cf66e5872d517b620c308af634e4e26e3547f06)

3 years agoDefault config: reject on too many bad RCPT
Phil Pennock [Fri, 30 Oct 2020 02:14:45 +0000 (22:14 -0400)]
Default config: reject on too many bad RCPT

An example exploit failed against my system, because I had this sanity guard in
place; it's not a real security fix since a careful attacker could find enough
valid recipients to hit that problem, but it highlights that this is a useful
enough pattern that we should encourage its wider use.

(cherry picked from commit 2a636a39fff29b7c3da1798767a510dfed982a62)

3 years agoHandle SIGINT as we do with SIGTERM
Heiko Schlittermann (HS12-RIPE) [Thu, 18 Mar 2021 06:56:59 +0000 (07:56 +0100)]
Handle SIGINT as we do with SIGTERM

(cherry picked from commit cdc5c672e1c309294626cd5ed90acdccb05baaa1)

3 years agoEnforce pid_file_path start at "/"
Heiko Schlittermann (HS12-RIPE) [Thu, 18 Mar 2021 06:59:21 +0000 (07:59 +0100)]
Enforce pid_file_path start at "/"

(cherry picked from commit 60f2a8e797d9ebaea1e3eac4ad28ff64e11bab40)

3 years agotestsuite: tidy logs/4520 and confs/4520
Heiko Schlittermann (HS12-RIPE) [Mon, 29 Mar 2021 16:17:55 +0000 (18:17 +0200)]
testsuite: tidy logs/4520 and confs/4520

This fixed 4520 failure en-passant, but I'm sure it's a timing issue
here (the order of the mainlog output lines didn't exactly match the
logs/4520)

(cherry picked from commit 95306ca61531d9d79c5dac808a5a571158acd29c)

3 years agotidy
Heiko Schlittermann (HS12-RIPE) [Tue, 16 Mar 2021 22:44:29 +0000 (23:44 +0100)]
tidy

(cherry picked from commit 7973b58af7db0fb8fddb54b366dcf43c7ce131ec)

3 years agoDocs: fix description of hosts_try_dane. Bug 2704
Jeremy Harris [Sat, 27 Feb 2021 19:25:26 +0000 (19:25 +0000)]
Docs: fix description of hosts_try_dane.  Bug 2704

Cherry-picked from: 725900cda2

3 years agoBulid: fix DISABLE_PIPE_CONNECT build. Bug 2703
Jeremy Harris [Tue, 23 Feb 2021 18:55:33 +0000 (18:55 +0000)]
Bulid: fix DISABLE_PIPE_CONNECT build.  Bug 2703

(cherry picked from commit a842359f622190904ceccfff1afff021570566eb)

3 years agoFix list-expansion for various domainlists, having included sublist elements. Bug...
Jeremy Harris [Mon, 22 Feb 2021 21:48:19 +0000 (21:48 +0000)]
Fix list-expansion for various domainlists, having included sublist elements.  Bug 2701

(cherry picked from commit e2be2df5c0760e2b6a7870c88ad486a23f5e4b01)

3 years agoFix build for platforms not having ulong
Jeremy Harris [Sat, 13 Feb 2021 17:26:14 +0000 (17:26 +0000)]
Fix build for platforms not having ulong

(cherry picked from commit be839a2609381f535f263ed0c459a4ebf3fd5d1d)

3 years agoFix weight calculation for socks_proxy. Bug 2694
Heiko Schlichting [Fri, 19 Feb 2021 11:14:36 +0000 (11:14 +0000)]
Fix weight calculation for socks_proxy.  Bug 2694

(cherry picked from commit 83811e3c1b8189c0a725ec53df699730e7767263)

3 years agoFix weight calculation for spamd_address. Bug 2694
Heiko Schlichting [Fri, 19 Feb 2021 11:11:51 +0000 (11:11 +0000)]
Fix weight calculation for spamd_address.  Bug 2694

(cherry picked from commit 6296a393aeab9fecc38916dfcbf1c94d54691650)

3 years agoFix FreeBSD 13 build
Jeremy Harris [Fri, 12 Feb 2021 17:40:28 +0000 (17:40 +0000)]
Fix FreeBSD 13 build

(cherry picked from commit e8fd2c45ddd6f59f159baaa2c154ced5ce36f3df)

3 years ago Fix handling of server which follows a RCPT 452 with a 250. Bug 26092
Jeremy Harris [Sat, 6 Feb 2021 22:01:23 +0000 (22:01 +0000)]
   Fix handling of server which follows a RCPT 452 with a 250.  Bug 26092

    (cherry picked from commit d6870e76cf0b838eab1929e5d5afb486c4e7b448)

3 years agoFix daemon-SIGHUP on FreeBSD
Jeremy Harris [Sat, 6 Feb 2021 17:30:37 +0000 (17:30 +0000)]
Fix daemon-SIGHUP on FreeBSD

Cherry-picked from: beb5d85c7d

3 years agoTestsuite: missing files
Jeremy Harris [Fri, 29 Jan 2021 21:36:15 +0000 (21:36 +0000)]
Testsuite: missing files

Broken-by: 2a57e74079
3 years ago Lookups: fix $local_part_data for a match on a filename list element. Bug 2691
Jeremy Harris [Fri, 29 Jan 2021 19:54:02 +0000 (19:54 +0000)]
Lookups: fix $local_part_data for a match on a filename list element.  Bug 2691

    (cherry picked from commit 0c70e694cf1a703798c0778a3236079e1b25c91d)

3 years agoAuths: in plaintext authenticator, fix parsing of consecutive circuflex. Bug 2687
Jeremy Harris [Tue, 12 Jan 2021 15:36:09 +0000 (15:36 +0000)]
Auths: in plaintext authenticator, fix parsing of consecutive circuflex.  Bug 2687

(cherry picked from commit ca22cc0abe93c28f3d296d99c239413bb0d079c4)

3 years agoUtilities: harden exim_tidydb against corrupt wait-records. Bug 2343
Jeremy Harris [Sat, 9 Jan 2021 13:08:35 +0000 (13:08 +0000)]
Utilities: harden exim_tidydb against corrupt wait-records.  Bug 2343

(cherry picked from commit fc96555ab63243de9d468325aeaaa14cd77b9943)

3 years agoFix build on GNU/Hurd [supports openat()]. Bug 2608
Jeremy Harris [Sat, 26 Dec 2020 18:55:29 +0000 (18:55 +0000)]
Fix build on GNU/Hurd [supports openat()].  Bug 2608

(cherry picked from commit 5f4ca3541f228b0b9b880406e70342dea5a2a7a9)

3 years agoFix build warning on 32-bit int platfowms. Bug 2678
Jeremy Harris [Sat, 26 Dec 2020 18:18:33 +0000 (18:18 +0000)]
Fix build warning on 32-bit int platfowms.  Bug 2678

(cherry picked from commit abca11df7f354c123b0ff8a9bfb89a669d7742d4)

3 years agoFix ${listextract } from a tainted list
Jeremy Harris [Wed, 23 Dec 2020 22:35:04 +0000 (22:35 +0000)]
Fix ${listextract } from a tainted list

(cherry picked from commit 942f0be6c2cd3ec8c39ca234a449561d9d3c1075)

3 years agoFix local delivery delay when combined with remote callout/hold. Bug 2599
Jeremy Harris [Sun, 20 Dec 2020 15:55:59 +0000 (15:55 +0000)]
Fix local delivery delay when combined with remote callout/hold.  Bug 2599

(cherry picked from commit 94ecf089d68ac5b85c2a99177a8e4b4d35d5aa2e)

3 years agoFix the PIPE_CONNECT feature control in the template Makefile, the
Jeremy Harris [Thu, 17 Dec 2020 09:59:23 +0000 (09:59 +0000)]
Fix the PIPE_CONNECT feature control in the template Makefile, the
default having changed to "included" for 4.93

Broken-by: 81344b40e3
(cherry picked from commit 46694b802ce0302f3c3344be933cc9737d4d4f4c)

3 years agoRemove the X_ prefix from the PIPE_CONNECT SMTP service extension keyword.
Jeremy Harris [Thu, 17 Dec 2020 09:39:59 +0000 (09:39 +0000)]
Remove the X_ prefix from the PIPE_CONNECT SMTP service extension keyword.

(cherry picked from commit 958af3bdb77dc5c190b7f5117c68d2b0acd7b5bc)

3 years ago Fix matching of long addresses. Bug 2677
Jeremy Harris [Wed, 16 Dec 2020 20:05:07 +0000 (20:05 +0000)]
Fix matching of long addresses.  Bug 2677
    (cherry picked from commit 183389fae10672e8d5ffb1f14f23a179798f483a)

4 years agoPass authenticator pubname through spool. Bug 2648
Jeremy Harris [Sat, 31 Oct 2020 23:58:11 +0000 (23:58 +0000)]
Pass authenticator pubname through spool.  Bug 2648

(cherry picked from commit a75ebe0dcc5faeb915cacb0d9db66d2475789116)

4 years ago LDAP: fix taint-check in server list walk. Bug 2646
Jeremy Harris [Fri, 30 Oct 2020 13:58:01 +0000 (13:58 +0000)]
LDAP: fix taint-check in server list walk.  Bug 2646

    (cherry picked from commit 51b611aa81d7ee01243b196abc34a0e2eabd293c)

4 years agoeximon: fix FreeBSD build
Richard Clayton [Sat, 12 Sep 2020 21:10:04 +0000 (22:10 +0100)]
eximon: fix FreeBSD build

(cherry picked from commit ba00bdd4609501dd3ffe187074ff7f8197a9059f)

4 years agoFix non-TLS build
Jeremy Harris [Thu, 27 Aug 2020 20:15:19 +0000 (21:15 +0100)]
Fix non-TLS build

(cherry picked from commit b38a477da0a5248ed1d2b7590922c89c6337ec3b)

4 years agoGnuTLS: clear errno before any data i/o op, so error logging does not see stale values
Jeremy Harris [Sun, 6 Sep 2020 11:15:10 +0000 (12:15 +0100)]
GnuTLS: clear errno before any data i/o op, so error logging does not see stale values

(cherry picked from commit d52a8ce8499fbb88f4670623df9f52d3e790292b)

4 years agoFix utilities indexing
Phil Pennock [Fri, 28 Aug 2020 23:58:36 +0000 (19:58 -0400)]
Fix utilities indexing

It looks like there used to be another level of hierarchy here, with all three
of the hints database commands described in one section.  They're now distinct
sections in their own right, so fix how they're linked to.

Reported by: Peter Gervai
Part-fixes: 2637

(cherry picked from commit d79247e6321bd44f4f21bc1234e0424d0fa558eb)

4 years agoFix non-DANE build
Jeremy Harris [Wed, 26 Aug 2020 22:59:28 +0000 (23:59 +0100)]
Fix non-DANE build

(cherry picked from commit 651946cbf8e3849687332049730e5fa23d42b4b7)

4 years agoDANE: Fix 2 messages from queue case
Jeremy Harris [Wed, 26 Aug 2020 22:43:54 +0000 (23:43 +0100)]
DANE: Fix 2 messages from queue case

(cherry picked from commit b6054898ace169a0e5143117397a4f666a5e7283)

4 years agoFix non-DANE build
Jeremy Harris [Sun, 23 Aug 2020 16:27:30 +0000 (17:27 +0100)]
Fix non-DANE build

(cherry picked from commit 79b19a30d9fc64a7b7f70928cdefe4f51064280b)

4 years agoDANE: Fix 2-rcpt message, diff domins case. Bug 2265
Jeremy Harris [Sun, 23 Aug 2020 14:32:48 +0000 (15:32 +0100)]
DANE: Fix 2-rcpt message, diff domins case.  Bug 2265

(cherry picked from commit 99350dede64ad634300ddf15d0d97a81fd75d330)

4 years agoDANE: force SNI to use $domain. Bug 2265
Jeremy Harris [Wed, 19 Aug 2020 20:09:04 +0000 (21:09 +0100)]
DANE: force SNI to use $domain.  Bug 2265

Note: this is not a complete fix for the issue
(cherry picked from commit 7044dd8fd62e215572ecf5a2c7f1bb9581cf6628)

4 years agoTaint: fix off-by-one in is_tainted(). Bug 2634
Gavan [Fri, 21 Aug 2020 14:46:01 +0000 (15:46 +0100)]
Taint: fix off-by-one in is_tainted().  Bug 2634

(cherry picked from commit e0ae68c8ee6788508da4989ee0d6fcbaf40c7b97)

4 years agoBuild: ifdef guard for EXPERIMENTAL_QUEUEFILE
Jeremy Harris [Mon, 24 Aug 2020 19:14:34 +0000 (20:14 +0100)]
Build: ifdef guard for EXPERIMENTAL_QUEUEFILE

(cherry picked from commit 1f5d0a9551205febf6729c7ee36c27626a76b4a4)

4 years agoTaint: fix off-by-one in is_tainted(). Bug 2634
Gavan [Fri, 21 Aug 2020 14:46:01 +0000 (15:46 +0100)]
Taint: fix off-by-one in is_tainted().  Bug 2634

(cherry picked from commit e0ae68c8ee6788508da4989ee0d6fcbaf40c7b97)

4 years agoFix ${readsocket } eol-replacement. Bug 2630
Jeremy Harris [Fri, 14 Aug 2020 12:09:53 +0000 (13:09 +0100)]
Fix ${readsocket } eol-replacement.  Bug 2630

(cherry picked from commit 7f83b348ccf4cd815e9758ab9ca1012e66324e9d)

4 years agoFix spelling of local_part_data in docs and debug output
Jeremy Harris [Sun, 9 Aug 2020 00:38:00 +0000 (01:38 +0100)]
Fix spelling of local_part_data in docs and debug output

(cherry picked from commit ccec2d82e2fda6d764f6cd1a9dd21c4f6285b614)

4 years agodebug_print_socket(): output formatting
Heiko Schlittermann (HS12-RIPE) [Thu, 16 Jul 2020 21:53:27 +0000 (23:53 +0200)]
debug_print_socket(): output formatting

4 years agoFix debug_print_socket()
Heiko Schlittermann (HS12-RIPE) [Thu, 16 Jul 2020 21:45:55 +0000 (23:45 +0200)]
Fix debug_print_socket()

debug_print_socket() crashed on AF_UNIX sockets

4 years agoTaint: fix ACL "spam" condition, to permit tainted name arguments
Jeremy Harris [Mon, 13 Jul 2020 12:46:14 +0000 (13:46 +0100)]
Taint: fix ACL "spam" condition, to permit tainted name arguments

Follow-on from: 62b2ccce05

(cherry picked from commit 532800c8bf0e4bc2c27739477e70e0d7eef7df21)

4 years agoFix taint trap in parse_fix_phrase(). Bug 2617
Jeremy Harris [Thu, 9 Jul 2020 14:30:55 +0000 (15:30 +0100)]
Fix taint trap in parse_fix_phrase().  Bug 2617

(cherry picked from commit 3c90bbcdc7cf73298156f7bcd5f5e750e7814e72)

4 years agoFix DKIM signing to always ;-terminate. Bug 2295
Guillaume Outters [Mon, 6 Jul 2020 21:31:51 +0000 (22:31 +0100)]
Fix DKIM signing to always ;-terminate.  Bug 2295

(cherry picked from commit 65fe780259d0009354b5dfc9a4f1b48ad6513db2)

4 years agotypoes
Jeremy Harris [Fri, 3 Jul 2020 19:35:58 +0000 (20:35 +0100)]
typoes

4 years agoFix message-reception clock usage. Bug 2615
Jeremy Harris [Tue, 30 Jun 2020 20:16:42 +0000 (21:16 +0100)]
Fix message-reception clock usage.  Bug 2615

Broken-by: 6906c131d1 (4.94)
(cherry picked from commit c9bce82e3064126be34d85280d0a7fbf65b3abec)

4 years agoTaint: fix ACL "spam" condition, to permit tainted name arguments.
Jeremy Harris [Mon, 29 Jun 2020 16:26:36 +0000 (17:26 +0100)]
Taint: fix ACL "spam" condition, to permit tainted name arguments.

Cherry-picked from: 62b2ccce05

4 years agoSqlite: fix segfault on bad/missing sqlite_dbfile. Bug 2606
Jeremy Harris [Sun, 28 Jun 2020 14:24:21 +0000 (15:24 +0100)]
Sqlite: fix segfault on bad/missing sqlite_dbfile.  Bug 2606

(cherry picked from commit 3d0472791a0928963a3f8184fe28479e80d1a47d)

4 years agoDocs: list further ways $domain_data &c may be filled in
Jeremy Harris [Thu, 25 Jun 2020 20:30:43 +0000 (21:30 +0100)]
Docs: list further ways $domain_data &c may be filled in

(cherry picked from commit f5ee670dc5eb90c68ee684f478598bd9af6fbf36)

4 years agoLookups: Fix "subdir" filter on a dsearch.
Jeremy Harris [Thu, 25 Jun 2020 10:16:54 +0000 (11:16 +0100)]
Lookups: Fix "subdir" filter on a dsearch.

(cherry picked from commit e0e21929b7426b9b5bbf5e3747797043801b1151)

4 years agoCutthrough: handle request when a callout-hold is active. Bug 2604
Jeremy Harris [Mon, 22 Jun 2020 16:27:18 +0000 (17:27 +0100)]
Cutthrough: handle request when a callout-hold is active.  Bug 2604

(cherry picked from commit 99bfcf2b678e7bd8125a7eb44409e46549bfc111)

4 years agoFix string_copy() macro to not multiple-eval args. Bug 2603
Jeremy Harris [Fri, 19 Jun 2020 23:54:05 +0000 (00:54 +0100)]
Fix string_copy() macro to not multiple-eval args. Bug 2603

Broken-by: a76d120aed
(cherry picked from commit 80c2ec2e47c556daff00c79ee068ce68f25fd264)

4 years agoTaint: fix verify. Bug 2598
Jeremy Harris [Sun, 14 Jun 2020 21:14:11 +0000 (22:14 +0100)]
Taint: fix verify.  Bug 2598

(cherry-picked from 2b60ac1021 and 9eed571fd7)

4 years agosmtp_accept_map_per_host: call search_tidyup in fail path. Bug 2597
Jeremy Harris [Fri, 12 Jun 2020 19:43:43 +0000 (20:43 +0100)]
smtp_accept_map_per_host: call search_tidyup in fail path.  Bug 2597

(cherry-picked from: d3a538c8fe)

4 years agoTaint: fix radius expansion condition
Jeremy Harris [Thu, 11 Jun 2020 23:46:34 +0000 (00:46 +0100)]
Taint: fix radius expansion condition

(cherry picked from commit f91219c114a3d95792d052555664a5a7a3984a8d)

4 years ago TLS: use RFC 6125 rules for certifucate name checks when CNAMES are present....
Jeremy Harris [Thu, 11 Jun 2020 19:45:05 +0000 (20:45 +0100)]
TLS: use RFC 6125 rules for certifucate name checks when CNAMES are present. Bug 2594

    (cherry picked from commit 0851a3bbf4667081d47f5d85b6b3a5cb33cbdba6)

4 years agoFilters: fix "vacation" in Exim filter. Bug 2593
Jeremy Harris [Mon, 8 Jun 2020 12:00:55 +0000 (13:00 +0100)]
Filters: fix "vacation" in Exim filter.  Bug 2593

Broken-by: cfb9cf20cb (4.90)
(cherry picked from commit 59eee1bc902f106d20f507ba16f37cb8ab5a5e8d)

4 years ago Fix -bi. Bug 2590
Jeremy Harris [Thu, 4 Jun 2020 14:28:15 +0000 (15:28 +0100)]
Fix -bi.  Bug 2590

    Actual fix from pierre.labastie@neuf.fr ; additional coding and testcase bu jgh
Broken-by: bdcc6f2bd5
    (Cherry-picked from: 0e0e171628)

4 years agoTaint: fix multiple ACL actions to properly manage tainted argument data
Jeremy Harris [Wed, 3 Jun 2020 10:40:17 +0000 (11:40 +0100)]
Taint: fix multiple ACL actions to properly manage tainted argument data

(cherry picked from commit 12b7f811de4a540d0724585aecfa33b5881e2a30)

4 years agoDocs: typoes
Jeremy Harris [Tue, 2 Jun 2020 15:34:42 +0000 (16:34 +0100)]
Docs: typoes

Cherry-picked from: 1195f8f2a4

4 years agoDocs: fix layout
Jeremy Harris [Tue, 2 Jun 2020 14:39:27 +0000 (15:39 +0100)]
Docs: fix layout

(cherry picked from commit 7090df68161b4ed1c86e5adde7800d9049c47433)

4 years agoDocs: fix mistaken variable name
Patrick Boutilier [Tue, 2 Jun 2020 14:16:10 +0000 (15:16 +0100)]
Docs: fix mistaken variable name

(cherry picked from commit eb55cb1d2c5552209e24345e9d21f83ec1eaccf6)

4 years agoTaint: fix listcount expansion operator. Bug 2586
Jeremy Harris [Tue, 2 Jun 2020 14:03:36 +0000 (15:03 +0100)]
Taint: fix listcount expansion operator.  Bug 2586

(cherry picked from commit 44644c2e404a3ea0191db0b0458e86924fb240bb)

4 years agoTaint: fix pam expansion condition. Bug 2587
Jeremy Harris [Tue, 2 Jun 2020 13:50:31 +0000 (14:50 +0100)]
Taint: fix pam expansion condition.  Bug 2587

(cherry picked from commit f7f933a199be8bb7362c715e0040545b514cddca)

4 years agoDocs: ${listitem }
Jeremy Harris [Tue, 2 Jun 2020 12:35:06 +0000 (13:35 +0100)]
Docs: ${listitem }

(cherry picked from commit 29f5141e7cb1ee65369d8e49250134edc4e6120a)

4 years agoTestsuite: munge for Postgres version exim-4.94
Jeremy Harris [Sat, 30 May 2020 20:35:38 +0000 (21:35 +0100)]
Testsuite: munge for Postgres version

4 years agoTestsuite: MySQL: use password on account used for test access
Jeremy Harris [Sat, 30 May 2020 20:05:25 +0000 (21:05 +0100)]
Testsuite: MySQL: use password on account used for test access

Forced on us by security tightning in Mariadb 10.4

4 years agoMake def:<var> compatible between "static" and "dynamic" vars.
Heiko Schlittermann (HS12-RIPE) [Tue, 26 May 2020 10:28:43 +0000 (12:28 +0200)]
Make def:<var> compatible between "static" and "dynamic" vars.

Some variables are simple pointers to internal memory (e.g.
vtype_stringptr), other variables are dynamically filled with content
(e.g. vtype_string_func).

The static variables contain "" if they're not defined yet.
At least on dynamic variable (recipients, backed by fn_recipients())
returned NULL instead of "", which lead to unexpected results on
def:recipients.

To keep the functions usable in places where it makes sense to return
NULL and "" as distinct values, I didn't touch the functions, but the
evaluation logic in find_variable().

4 years agoTestsuite: avoid fail on non-TLS bulid
Jeremy Harris [Mon, 25 May 2020 11:41:20 +0000 (12:41 +0100)]
Testsuite: avoid fail on non-TLS bulid

4 years agoFix listquote expansion item to handle empty-string input
Jeremy Harris [Mon, 25 May 2020 10:38:25 +0000 (11:38 +0100)]
Fix listquote expansion item to handle empty-string input

4 years agoEDITME: Shorten the explanation of <osname> and <build>
Heiko Schlittermann (HS12-RIPE) [Sun, 24 May 2020 20:53:01 +0000 (22:53 +0200)]
EDITME: Shorten the explanation of <osname> and <build>

4 years agoDocs: SPF options
Jeremy Harris [Sun, 24 May 2020 18:17:59 +0000 (19:17 +0100)]
Docs: SPF options

4 years agoDoc: Clarify variables for spf_smtp_comment_template
Heiko Schlittermann (HS12-RIPE) [Sat, 23 May 2020 13:50:23 +0000 (15:50 +0200)]
Doc: Clarify variables for spf_smtp_comment_template

4 years agoSPF: Add main config option "spf_smtp_comment_template exim-4.94-RC2
Heiko Schlittermann (HS12-RIPE) [Fri, 22 May 2020 15:32:33 +0000 (17:32 +0200)]
SPF: Add main config option "spf_smtp_comment_template

4 years agoSPF: Remove the parameters of the broken explanation link
Heiko Schlittermann (HS12-RIPE) [Mon, 18 May 2020 20:40:24 +0000 (22:40 +0200)]
SPF: Remove the parameters of the broken explanation link

The complete www.open-spf.org is a static copy of the formerly working
openspf.org page. The explanation form doesn't work anymore.

4 years agoOpenSSL: clear error stack before avery I/O operation
Jeremy Harris [Wed, 20 May 2020 21:14:59 +0000 (22:14 +0100)]
OpenSSL: clear error stack before avery I/O operation

4 years agoDocs: remove reduundant transport configu lines
Jeremy Harris [Tue, 19 May 2020 00:14:55 +0000 (01:14 +0100)]
Docs: remove reduundant transport configu lines