From 2339c66a83ad30ebc59a8bf065a11c11f4158e7c Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Sun, 11 Jan 2015 18:40:05 +0000 Subject: [PATCH 1/1] Do RE compilations at daemon startup. Bug 1568 --- src/src/daemon.c | 9 ++++ src/src/deliver.c | 57 ++++++++++++++---------- src/src/dns.c | 14 ++++-- src/src/exim.c | 4 +- src/src/functions.h | 7 ++- src/src/malware.c | 104 +++++++++++++++++++++++++++++++++----------- src/src/regex.c | 2 +- 7 files changed, 141 insertions(+), 56 deletions(-) diff --git a/src/src/daemon.c b/src/src/daemon.c index 5c6420547..256cc9cb7 100644 --- a/src/src/daemon.c +++ b/src/src/daemon.c @@ -1700,6 +1700,15 @@ else readconf_printtime(queue_interval)); } +/* Do any work it might be useful to amortize over our children +(eg: compile regex) */ + +deliver_init(); +dns_pattern_init(); + +#ifdef WITH_CONTENT_SCAN +malware_init(); +#endif /* Close the log so it can be renamed and moved. In the few cases below where this long-running process writes to the log (always exceptional conditions), it diff --git a/src/src/deliver.c b/src/src/deliver.c index 462aaf49d..a0c48d652 100644 --- a/src/src/deliver.c +++ b/src/src/deliver.c @@ -6518,29 +6518,7 @@ if (addr_remote != NULL) /* Precompile some regex that are used to recognize parameters in response to an EHLO command, if they aren't already compiled. */ - if (regex_PIPELINING == NULL) regex_PIPELINING = - regex_must_compile(US"\\n250[\\s\\-]PIPELINING(\\s|\\n|$)", FALSE, TRUE); - - if (regex_SIZE == NULL) regex_SIZE = - regex_must_compile(US"\\n250[\\s\\-]SIZE(\\s|\\n|$)", FALSE, TRUE); - - if (regex_AUTH == NULL) regex_AUTH = - regex_must_compile(US"\\n250[\\s\\-]AUTH\\s+([\\-\\w\\s]+)(?:\\n|$)", - FALSE, TRUE); - -#ifdef SUPPORT_TLS - if (regex_STARTTLS == NULL) regex_STARTTLS = - regex_must_compile(US"\\n250[\\s\\-]STARTTLS(\\s|\\n|$)", FALSE, TRUE); -#endif - -#ifndef DISABLE_PRDR - if (regex_PRDR == NULL) regex_PRDR = - regex_must_compile(US"\\n250[\\s\\-]PRDR(\\s|\\n|$)", FALSE, TRUE); -#endif - - /* Set the regex to check for DSN support on remote MTA */ - if (regex_DSN == NULL) regex_DSN = - regex_must_compile(US"\\n250[\\s\\-]DSN(\\s|\\n|$)", FALSE, TRUE); + deliver_init(); /* Now sort the addresses if required, and do the deliveries. The yield of do_remote_deliveries is FALSE when mua_wrapper is set and all addresses @@ -7836,6 +7814,39 @@ acl_where = ACL_WHERE_UNKNOWN; return final_yield; } + + +void +deliver_init(void) +{ +if (!regex_PIPELINING) regex_PIPELINING = + regex_must_compile(US"\\n250[\\s\\-]PIPELINING(\\s|\\n|$)", FALSE, TRUE); + +if (!regex_SIZE) regex_SIZE = + regex_must_compile(US"\\n250[\\s\\-]SIZE(\\s|\\n|$)", FALSE, TRUE); + +if (!regex_AUTH) regex_AUTH = + regex_must_compile(US"\\n250[\\s\\-]AUTH\\s+([\\-\\w\\s]+)(?:\\n|$)", + FALSE, TRUE); + +#ifdef SUPPORT_TLS +if (!regex_STARTTLS) regex_STARTTLS = + regex_must_compile(US"\\n250[\\s\\-]STARTTLS(\\s|\\n|$)", FALSE, TRUE); +#endif + +#ifndef DISABLE_PRDR +if (!regex_PRDR) regex_PRDR = + regex_must_compile(US"\\n250[\\s\\-]PRDR(\\s|\\n|$)", FALSE, TRUE); +#endif + +if (!regex_DSN) regex_DSN = + regex_must_compile(US"\\n250[\\s\\-]DSN(\\s|\\n|$)", FALSE, TRUE); + +if (!regex_IGNOREQUOTA) regex_IGNOREQUOTA = + regex_must_compile(US"\\n250[\\s\\-]IGNOREQUOTA(\\s|\\n|$)", FALSE, TRUE); +} + + /* vi: aw ai sw=2 */ /* End of deliver.c */ diff --git a/src/src/dns.c b/src/src/dns.c index 542354db3..2968fba19 100644 --- a/src/src/dns.c +++ b/src/src/dns.c @@ -608,9 +608,7 @@ if (check_dns_names_pattern[0] != 0 && type != T_PTR && type != T_TXT) uschar *checkname = name; int ovector[3*(EXPAND_MAXN+1)]; - if (regex_check_dns_names == NULL) - regex_check_dns_names = - regex_must_compile(check_dns_names_pattern, FALSE, TRUE); + dns_pattern_init(); /* For an SRV lookup, skip over the first two components (the service and protocol names, which both start with an underscore). */ @@ -1272,6 +1270,16 @@ else return yield; } + + +void +dns_pattern_init(void) +{ +if (check_dns_names_pattern[0] != 0 && !regex_check_dns_names) + regex_check_dns_names = + regex_must_compile(check_dns_names_pattern, FALSE, TRUE); +} + /* vi: aw ai sw=2 */ /* End of dns.c */ diff --git a/src/src/exim.c b/src/src/exim.c index 907e9a5c1..6a4bf553f 100644 --- a/src/src/exim.c +++ b/src/src/exim.c @@ -88,7 +88,7 @@ Returns: pointer to the compiled pattern */ const pcre * -regex_must_compile(uschar *pattern, BOOL caseless, BOOL use_malloc) +regex_must_compile(const uschar *pattern, BOOL caseless, BOOL use_malloc) { int offset; int options = PCRE_COPT; @@ -100,7 +100,7 @@ if (use_malloc) pcre_free = function_store_free; } if (caseless) options |= PCRE_CASELESS; -yield = pcre_compile(CS pattern, options, (const char **)&error, &offset, NULL); +yield = pcre_compile(CCS pattern, options, (const char **)&error, &offset, NULL); pcre_malloc = function_store_get; pcre_free = function_dummy_free; if (yield == NULL) diff --git a/src/src/functions.h b/src/src/functions.h index ce78288fb..ee2fd39c6 100644 --- a/src/src/functions.h +++ b/src/src/functions.h @@ -126,6 +126,7 @@ extern void debug_vprintf(const char *, va_list); extern void decode_bits(unsigned int *, unsigned int *, int, int, uschar *, bit_table *, int, uschar *, int); extern address_item *deliver_make_addr(uschar *, BOOL); +extern void deliver_init(void); extern void delivery_log(int, address_item *, int, uschar *); extern int deliver_message(uschar *, BOOL, BOOL); extern void deliver_msglog(const char *, ...) PRINTF_FUNCTION(1,2); @@ -142,11 +143,12 @@ extern BOOL dkim_transport_write_message(address_item *, int, int, int, uschar *, uschar *, uschar *, uschar *, uschar *, uschar *); #endif extern dns_address *dns_address_from_rr(dns_answer *, dns_record *); +extern int dns_basic_lookup(dns_answer *, uschar *, int); extern void dns_build_reverse(uschar *, uschar *); extern void dns_init(BOOL, BOOL, BOOL); -extern int dns_basic_lookup(dns_answer *, uschar *, int); extern BOOL dns_is_secure(dns_answer *); extern int dns_lookup(dns_answer *, uschar *, int, uschar **); +extern void dns_pattern_init(void); extern int dns_special_lookup(dns_answer *, uschar *, int, uschar **); extern dns_record *dns_next_rr(dns_answer *, dns_scan *, int); extern uschar *dns_text_type(int); @@ -222,6 +224,7 @@ extern void log_close_all(void); #ifdef WITH_CONTENT_SCAN extern int malware(const uschar *, int); extern int malware_in_file(uschar *); +extern void malware_init(void); #endif extern int match_address_list(uschar *, BOOL, BOOL, uschar **, unsigned int *, int, int, uschar **); @@ -303,7 +306,7 @@ extern void receive_swallow_smtp(void); extern int regex(uschar **); #endif extern BOOL regex_match_and_setup(const pcre *, uschar *, int, int); -extern const pcre *regex_must_compile(uschar *, BOOL, BOOL); +extern const pcre *regex_must_compile(const uschar *, BOOL, BOOL); extern void retry_add_item(address_item *, uschar *, int); extern BOOL retry_check_address(uschar *, host_item *, uschar *, BOOL, uschar **, uschar **); diff --git a/src/src/malware.c b/src/src/malware.c index 659357633..365ef0350 100644 --- a/src/src/malware.c +++ b/src/src/malware.c @@ -64,6 +64,30 @@ typedef struct clamd_address_container { #define DERR_TIMEOUT (1<<9) /* scan timeout has run out */ #define DERR_BAD_CALL (1<<15) /* wrong command */ + +static const uschar * malware_regex_default = US ".+"; +static const pcre * malware_default_re = NULL; + +static const uschar * drweb_re_str = US "infected\\swith\\s*(.+?)$"; +static const pcre * drweb_re = NULL; + +static const uschar * fsec_re_str = US "\\S{0,5}INFECTED\\t[^\\t]*\\t([^\\t]+)\\t\\S*$"; +static const pcre * fsec_re = NULL; + +static const uschar * kav_re_sus_str = US "suspicion:\\s*(.+?)\\s*$"; +static const uschar * kav_re_inf_str = US "infected:\\s*(.+?)\\s*$"; +static const pcre * kav_re_sus = NULL; +static const pcre * kav_re_inf = NULL; + +static const uschar * ava_re_clean_str = US "(?!\\\\)\\t\\[\\+\\]"; +static const uschar * ava_re_virus_str = US "(?!\\\\)\\t\\[L\\]\\d\\.\\d\\t\\d\\s(.*)"; +static const pcre * ava_re_clean = NULL; +static const pcre * ava_re_virus = NULL; + + + +/******************************************************************************/ + /* Routine to check whether a system is big- or little-endian. Ripped from http://www.faqs.org/faqs/graphics/fileformats-faq/part4/section-7.html Needed for proper kavdaemon implementation. Sigh. */ @@ -425,7 +449,6 @@ malware_internal(const uschar * malware_re, const uschar * eml_filename, int sep = 0; uschar *av_scanner_work = av_scanner; uschar *scanner_name; -uschar malware_regex_default[] = ".+"; unsigned long mbox_size; FILE *mbox_file; const pcre *re; @@ -452,18 +475,25 @@ if (!malware_re) return FAIL; /* explicitly no matching */ /* special cases (match anything except empty) */ -if ( (strcmpic(malware_re,US"true") == 0) || - (Ustrcmp(malware_re,"*") == 0) || - (Ustrcmp(malware_re,"1") == 0) ) +if ( strcmpic(malware_re,US"true") == 0 + || Ustrcmp(malware_re,"*") == 0 + || Ustrcmp(malware_re,"1") == 0 + ) + { + if ( !malware_default_re + && !(malware_default_re = m_pcre_compile(malware_regex_default, &errstr))) + return malware_errlog_defer(errstr); malware_re = malware_regex_default; - -/* Reset sep that is set by previous string_nextinlist() call */ -sep = 0; + re = malware_default_re; + } /* compile the regex, see if it works */ -if (!(re = m_pcre_compile(malware_re, &errstr))) +else if (!(re = m_pcre_compile(malware_re, &errstr))) return malware_errlog_defer(errstr); +/* Reset sep that is set by previous string_nextinlist() call */ +sep = 0; + /* if av_scanner starts with a dollar, expand it first */ if (*av_scanner == '$') { @@ -577,7 +607,6 @@ if (!malware_ok) uschar * tmpbuf, *drweb_fbuf; int drweb_rc, drweb_cmd, drweb_flags = 0x0000, drweb_fd, drweb_vnum, drweb_slen, drweb_fin = 0x0000; - const pcre *drweb_re; /* prepare variables */ drweb_cmd = htonl(DRWEBD_SCAN_CMD); @@ -697,7 +726,8 @@ if (!malware_ok) malware_name = US"unknown"; /* set up match regex */ - drweb_re = m_pcre_compile(US"infected\\swith\\s*(.+?)$", &errstr); + if (!drweb_re) + drweb_re = m_pcre_compile(drweb_re_str, &errstr); /* read and concatenate virus names into one string */ for (i = 0; i < drweb_vnum; i++) @@ -833,7 +863,6 @@ if (!malware_ok) int i, j, bread = 0; uschar * file_name; uschar av_buffer[1024]; - const pcre * fs_inf; static uschar *cmdopt[] = { US"CONFIGURE\tARCHIVE\t1\n", US"CONFIGURE\tTIMEOUT\t0\n", US"CONFIGURE\tMAXARCH\t5\n", @@ -870,7 +899,8 @@ if (!malware_ok) /* set up match */ /* todo also SUSPICION\t */ - fs_inf = m_pcre_compile(US"\\S{0,5}INFECTED\\t[^\\t]*\\t([^\\t]+)\\t\\S*$", &errstr); + if (!fsec_re) + fsec_re = m_pcre_compile(fsec_re_str, &errstr); /* read report, linewise. Apply a timeout as the Fsecure daemon sometimes wants an answer to "PING" but they won't tell us what */ @@ -894,7 +924,7 @@ if (!malware_ok) /* Really search for virus again? */ if (!malware_name) /* try matcher on the line, grab substring */ - malware_name = m_pcre_exec(fs_inf, p); + malware_name = m_pcre_exec(fsec_re, p); if (Ustrstr(p, "OK\tScan ok.")) goto fsec_found; @@ -989,10 +1019,16 @@ if (!malware_ok) if (kav_reportlen > 0) { /* set up match regex, depends on retcode */ - kav_re = m_pcre_compile( kav_rc == 3 - ? US"suspicion:\\s*(.+?)\\s*$" - : US"infected:\\s*(.+?)\\s*$", - &errstr ); + if (kav_rc == 3) + { + if (!kav_re_sus) kav_re_sus = m_pcre_compile(kav_re_sus_str, &errstr); + kav_re = kav_re_sus; + } + else + { + if (!kav_re_inf) kav_re_inf = m_pcre_compile(kav_re_inf_str, &errstr); + kav_re = kav_re_inf; + } /* read report, linewise */ while (kav_reportlen > 0) @@ -1732,7 +1768,6 @@ if (!malware_ok) int ovector[1*3]; uschar buf[1024]; uschar * scanrequest; - const pcre * avast_clean_re, * avast_virus_re; enum {AVA_HELO, AVA_OPT, AVA_RSP, AVA_DONE} avast_stage; int nread; @@ -1745,11 +1780,10 @@ if (!malware_ok) [L] - infected [E] - some error occured Such marker follows the first non-escaped TAB. */ - if ( !(avast_clean_re = - m_pcre_compile(US"(?!\\\\)\\t\\[\\+\\]", &errstr)) - || !(avast_virus_re = - m_pcre_compile(US"(?!\\\\)\\t\\[L\\]\\d\\.\\d\\t\\d\\s(.*)", - &errstr)) + if ( ( !ava_re_clean + && !(ava_re_clean = m_pcre_compile(ava_re_clean_str, &errstr))) + || ( !ava_re_virus + && !(ava_re_virus = m_pcre_compile(ava_re_virus_str, &errstr))) ) return malware_errlog_defer(errstr); @@ -1808,11 +1842,11 @@ if (!malware_ok) if (Ustrncmp(buf, "210", 3) == 0) break; /* ignore the "210 SCAN DATA" message */ - if (pcre_exec(avast_clean_re, NULL, CS buf, slen, + if (pcre_exec(ava_re_clean, NULL, CS buf, slen, 0, 0, ovector, nelements(ovector)) > 0) break; - if ((malware_name = m_pcre_exec(avast_virus_re, buf))) + if ((malware_name = m_pcre_exec(ava_re_virus, buf))) { /* remove backslash in front of [whitespace|backslash] */ uschar * p, * p0; for (p = malware_name; *p; ++p) @@ -1952,6 +1986,26 @@ malware_in_file(uschar *eml_filename) return ret; } + +void +malware_init(void) +{ +if (!malware_default_re) + malware_default_re = regex_must_compile(malware_regex_default, FALSE, TRUE); +if (!drweb_re) + drweb_re = regex_must_compile(drweb_re_str, FALSE, TRUE); +if (!fsec_re) + fsec_re = regex_must_compile(fsec_re_str, FALSE, TRUE); +if (!kav_re_sus) + kav_re_sus = regex_must_compile(kav_re_sus_str, FALSE, TRUE); +if (!kav_re_inf) + kav_re_inf = regex_must_compile(kav_re_inf_str, FALSE, TRUE); +if (!ava_re_clean) + ava_re_clean = regex_must_compile(ava_re_clean_str, FALSE, TRUE); +if (!ava_re_virus) + ava_re_virus = regex_must_compile(ava_re_virus_str, FALSE, TRUE); +} + #endif /*WITH_CONTENT_SCAN*/ /* * vi: aw ai sw=2 diff --git a/src/src/regex.c b/src/src/regex.c index de8ec685f..94a867c65 100644 --- a/src/src/regex.c +++ b/src/src/regex.c @@ -242,4 +242,4 @@ int mime_regex(uschar **listptr) { return FAIL; } -#endif +#endif /* WITH_CONTENT_SCAN */ -- 2.30.2