git://git.exim.org
/
users
/
heiko
/
exim.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
f39bb67
)
Fix list-expansion for various domainlists, having included sublist elements. Bug...
author
Jeremy Harris
<jgh146exb@wizmail.org>
Mon, 22 Feb 2021 21:24:01 +0000
(21:24 +0000)
committer
Jeremy Harris
<jgh146exb@wizmail.org>
Mon, 22 Feb 2021 21:24:01 +0000
(21:24 +0000)
doc/doc-txt/ChangeLog
patch
|
blob
|
history
src/src/acl.c
patch
|
blob
|
history
src/src/deliver.c
patch
|
blob
|
history
src/src/dns.c
patch
|
blob
|
history
src/src/host.c
patch
|
blob
|
history
src/src/readconf.c
patch
|
blob
|
history
diff --git
a/doc/doc-txt/ChangeLog
b/doc/doc-txt/ChangeLog
index 2c17877abd947b9dab2ae35a68112e27e7f14c9c..6993499e98f0c427843acea091c63788796e8857 100644
(file)
--- a/
doc/doc-txt/ChangeLog
+++ b/
doc/doc-txt/ChangeLog
@@
-207,6
+207,12
@@
JH/43 Bug 2694: Fix weighted distribution of work to multiple spamd servers.
Previously the weighting was incorrectly applied. Similar fix for socks
proxies. Found and fixed by Heiko Schlichting.
Previously the weighting was incorrectly applied. Similar fix for socks
proxies. Found and fixed by Heiko Schlichting.
+JH/44 Bug 2701: Fix list-expansion of dns_ipv4_lookup. Previously, it did
+ not handle sub-lists included using the +namedlist syntax. While
+ investigating, the same found for dns_trust_aa, dns_again_means_nonexist,
+ dnssec_require_domains, dnssec_request_domains, srv_fail_domains,
+ mx_fail_domains.
+
Exim version 4.94
-----------------
Exim version 4.94
-----------------
diff --git
a/src/src/acl.c
b/src/src/acl.c
index aaf0ce63e84a0b871b8f8356f0824f22c70d3d2f..fff2ac0425ceb75840c0cb577be6ba7c0bdee05f 100644
(file)
--- a/
src/src/acl.c
+++ b/
src/src/acl.c
@@
-3508,14
+3508,14
@@
for (; cb; cb = cb->next)
case ACLC_DKIM_SIGNER:
if (dkim_cur_signer)
rc = match_isinlist(dkim_cur_signer,
case ACLC_DKIM_SIGNER:
if (dkim_cur_signer)
rc = match_isinlist(dkim_cur_signer,
- &arg,
0,NULL,NULL,MCL_STRING,TRUE,
NULL);
+ &arg,
0, NULL, NULL, MCL_STRING, TRUE,
NULL);
else
rc = FAIL;
break;
case ACLC_DKIM_STATUS:
rc = match_isinlist(dkim_verify_status,
else
rc = FAIL;
break;
case ACLC_DKIM_STATUS:
rc = match_isinlist(dkim_verify_status,
- &arg,
0,NULL,NULL,MCL_STRING,TRUE,
NULL);
+ &arg,
0, NULL, NULL, MCL_STRING, TRUE,
NULL);
break;
#endif
break;
#endif
@@
-3527,7
+3527,7
@@
for (; cb; cb = cb->next)
/* used long way of dmarc_exim_expand_query() in case we need more
* view into the process in the future. */
rc = match_isinlist(dmarc_exim_expand_query(DMARC_VERIFY_STATUS),
/* used long way of dmarc_exim_expand_query() in case we need more
* view into the process in the future. */
rc = match_isinlist(dmarc_exim_expand_query(DMARC_VERIFY_STATUS),
- &arg,
0,NULL,NULL,MCL_STRING,TRUE,
NULL);
+ &arg,
0, NULL, NULL, MCL_STRING, TRUE,
NULL);
break;
#endif
break;
#endif
diff --git
a/src/src/deliver.c
b/src/src/deliver.c
index 238e33accf4b1cafd7442caea88aa40c24c31ed2..833970c5aec121e4491ea0d2bf91477942372bac 100644
(file)
--- a/
src/src/deliver.c
+++ b/
src/src/deliver.c
@@
-6814,7
+6814,7
@@
while (addr_new) /* Loop until all addresses dealt with */
addr_route = addr->next;
deliver_domain = addr->domain; /* set $domain */
addr_route = addr->next;
deliver_domain = addr->domain; /* set $domain */
- if ((rc = match_isinlist(addr->domain,
(const uschar **)
&queue_domains, 0,
+ if ((rc = match_isinlist(addr->domain,
CUSS
&queue_domains, 0,
&domainlist_anchor, addr->domain_cache, MCL_DOMAIN, TRUE, NULL))
!= OK)
if (rc == DEFER)
&domainlist_anchor, addr->domain_cache, MCL_DOMAIN, TRUE, NULL))
!= OK)
if (rc == DEFER)
diff --git
a/src/src/dns.c
b/src/src/dns.c
index a636f076da942af43b8139e3bc947f29e493c2b9..c68698786c3240f648a439a6740329d666689853 100644
(file)
--- a/
src/src/dns.c
+++ b/
src/src/dns.c
@@
-515,7
+515,7
@@
if ( !h->aa
|| !(trusted = expand_string(dns_trust_aa))
|| !*trusted
|| !(auth_name = dns_extract_auth_name(dnsa))
|| !(trusted = expand_string(dns_trust_aa))
|| !*trusted
|| !(auth_name = dns_extract_auth_name(dnsa))
- || OK != match_isinlist(auth_name, &trusted, 0,
NULL
, NULL,
+ || OK != match_isinlist(auth_name, &trusted, 0,
&domainlist_anchor
, NULL,
MCL_DOMAIN, TRUE, NULL)
)
return FALSE;
MCL_DOMAIN, TRUE, NULL)
)
return FALSE;
@@
-904,8
+904,8
@@
if (dnsa->answerlen < 0) switch (h_errno)
#ifndef STAND_ALONE
save_domain = deliver_domain;
deliver_domain = string_copy(name); /* set $domain */
#ifndef STAND_ALONE
save_domain = deliver_domain;
deliver_domain = string_copy(name); /* set $domain */
- rc = match_isinlist(name,
(const uschar **)&dns_again_means_nonexist, 0, NULL, NULL
,
- MCL_DOMAIN, TRUE, NULL);
+ rc = match_isinlist(name,
CUSS &dns_again_means_nonexist, 0
,
+
&domainlist_anchor, NULL,
MCL_DOMAIN, TRUE, NULL);
deliver_domain = save_domain;
if (rc != OK)
{
deliver_domain = save_domain;
if (rc != OK)
{
diff --git
a/src/src/host.c
b/src/src/host.c
index a31c09b659f15bee1740e210d49dd004634db492..5f254a28de0bddf7e3f98b6d7cd8b6d35f483243 100644
(file)
--- a/
src/src/host.c
+++ b/
src/src/host.c
@@
-1971,8
+1971,8
@@
lookups here (except when testing standalone). */
#else
if ( disable_ipv6
|| dns_ipv4_lookup
#else
if ( disable_ipv6
|| dns_ipv4_lookup
- && match_isinlist(host->name, CUSS &dns_ipv4_lookup, 0,
NULL, NULL,
- MCL_DOMAIN, TRUE, NULL) == OK)
+ && match_isinlist(host->name, CUSS &dns_ipv4_lookup, 0,
+
&domainlist_anchor, NULL,
MCL_DOMAIN, TRUE, NULL) == OK)
#endif
{ af = AF_INET; times = 1; }
#endif
{ af = AF_INET; times = 1; }
@@
-2191,12
+2191,12
@@
dns_again_means_nonexist, return permanent rather than temporary failure. */
RETURN_AGAIN:
{
RETURN_AGAIN:
{
-
#ifndef STAND_ALONE
+#ifndef STAND_ALONE
int rc;
const uschar *save = deliver_domain;
deliver_domain = host->name; /* set $domain */
int rc;
const uschar *save = deliver_domain;
deliver_domain = host->name; /* set $domain */
- rc = match_isinlist(host->name, CUSS &dns_again_means_nonexist, 0,
NULL, NULL,
- MCL_DOMAIN, TRUE, NULL);
+ rc = match_isinlist(host->name, CUSS &dns_again_means_nonexist, 0,
+
&domainlist_anchor, NULL,
MCL_DOMAIN, TRUE, NULL);
deliver_domain = save;
if (rc == OK)
{
deliver_domain = save;
if (rc == OK)
{
@@
-2204,7
+2204,7
@@
RETURN_AGAIN:
"returning HOST_FIND_FAILED\n", host->name);
return HOST_FIND_FAILED;
}
"returning HOST_FIND_FAILED\n", host->name);
return HOST_FIND_FAILED;
}
-
#endif
+#endif
return HOST_FIND_AGAIN;
}
}
return HOST_FIND_AGAIN;
}
}
@@
-2296,9
+2296,9
@@
On an IPv4 system, go round the loop once only, looking only for A records. */
#ifndef STAND_ALONE
if ( disable_ipv6
|| !(whichrrs & HOST_FIND_BY_AAAA)
#ifndef STAND_ALONE
if ( disable_ipv6
|| !(whichrrs & HOST_FIND_BY_AAAA)
- ||
(
dns_ipv4_lookup
- && match_isinlist(host->name, CUSS &dns_ipv4_lookup, 0,
NULL, NULL,
- MCL_DOMAIN, TRUE, NULL) == OK)
+ ||
dns_ipv4_lookup
+ && match_isinlist(host->name, CUSS &dns_ipv4_lookup, 0,
+ &domainlist_anchor, NULL, MCL_DOMAIN, TRUE, NULL) == OK
)
i = 0; /* look up A records only */
else
)
i = 0; /* look up A records only */
else
@@
-2556,12
+2556,12
@@
int yield;
dns_answer * dnsa = store_get_dns_answer();
dns_scan dnss;
BOOL dnssec_require = dnssec_d
dns_answer * dnsa = store_get_dns_answer();
dns_scan dnss;
BOOL dnssec_require = dnssec_d
-
&& match_isinlist(host->name, CUSS &dnssec_d->require,
-
0, NULL
, NULL, MCL_DOMAIN, TRUE, NULL) == OK;
+ && match_isinlist(host->name, CUSS &dnssec_d->require,
+
0, &domainlist_anchor
, NULL, MCL_DOMAIN, TRUE, NULL) == OK;
BOOL dnssec_request = dnssec_require
BOOL dnssec_request = dnssec_require
-
|| ( dnssec_d
-
&& match_isinlist(host->name, CUSS &dnssec_d->request,
-
0, NULL
, NULL, MCL_DOMAIN, TRUE, NULL) == OK);
+ || ( dnssec_d
+ && match_isinlist(host->name, CUSS &dnssec_d->request,
+
0, &domainlist_anchor
, NULL, MCL_DOMAIN, TRUE, NULL) == OK);
dnssec_status_t dnssec;
/* Set the default fully qualified name to the incoming name, initialize the
dnssec_status_t dnssec;
/* Set the default fully qualified name to the incoming name, initialize the
@@
-2626,13
+2626,13
@@
if (whichrrs & HOST_FIND_BY_SRV)
}
if (rc == DNS_FAIL || rc == DNS_AGAIN)
{
}
if (rc == DNS_FAIL || rc == DNS_AGAIN)
{
-
#ifndef STAND_ALONE
- if (match_isinlist(host->name, CUSS &srv_fail_domains, 0,
NULL, NULL,
- MCL_DOMAIN, TRUE, NULL) != OK)
-
#endif
+#ifndef STAND_ALONE
+ if (match_isinlist(host->name, CUSS &srv_fail_domains, 0,
+
&domainlist_anchor, NULL,
MCL_DOMAIN, TRUE, NULL) != OK)
+#endif
{ yield = HOST_FIND_AGAIN; goto out; }
DEBUG(D_host_lookup) debug_printf("DNS_%s treated as DNS_NODATA "
{ yield = HOST_FIND_AGAIN; goto out; }
DEBUG(D_host_lookup) debug_printf("DNS_%s treated as DNS_NODATA "
- "(domain in srv_fail_domains)\n",
(rc == DNS_FAIL)
? "FAIL":"AGAIN");
+ "(domain in srv_fail_domains)\n",
rc == DNS_FAIL
? "FAIL":"AGAIN");
}
}
}
}
@@
-2678,8
+2678,8
@@
if (rc != DNS_SUCCEED && whichrrs & HOST_FIND_BY_MX)
DEBUG(D_host_lookup)
debug_printf("dnssec fail on MX for %.256s", host->name);
#ifndef STAND_ALONE
DEBUG(D_host_lookup)
debug_printf("dnssec fail on MX for %.256s", host->name);
#ifndef STAND_ALONE
- if (match_isinlist(host->name, CUSS &mx_fail_domains, 0,
NULL, NULL,
- MCL_DOMAIN, TRUE, NULL) != OK)
+ if (match_isinlist(host->name, CUSS &mx_fail_domains, 0,
+
&domainlist_anchor, NULL,
MCL_DOMAIN, TRUE, NULL) != OK)
{ yield = HOST_FIND_SECURITY; goto out; }
#endif
rc = DNS_FAIL;
{ yield = HOST_FIND_SECURITY; goto out; }
#endif
rc = DNS_FAIL;
@@
-2688,8
+2688,8
@@
if (rc != DNS_SUCCEED && whichrrs & HOST_FIND_BY_MX)
case DNS_FAIL:
case DNS_AGAIN:
#ifndef STAND_ALONE
case DNS_FAIL:
case DNS_AGAIN:
#ifndef STAND_ALONE
- if (match_isinlist(host->name, CUSS &mx_fail_domains, 0,
NULL, NULL,
- MCL_DOMAIN, TRUE, NULL) != OK)
+ if (match_isinlist(host->name, CUSS &mx_fail_domains, 0,
+
&domainlist_anchor, NULL,
MCL_DOMAIN, TRUE, NULL) != OK)
#endif
{ yield = HOST_FIND_AGAIN; goto out; }
DEBUG(D_host_lookup) debug_printf("DNS_%s treated as DNS_NODATA "
#endif
{ yield = HOST_FIND_AGAIN; goto out; }
DEBUG(D_host_lookup) debug_printf("DNS_%s treated as DNS_NODATA "
diff --git
a/src/src/readconf.c
b/src/src/readconf.c
index 7f808def84c31cc1881e1108dac117fc593bfdf2..fb9164c9d608aa8224f942e6469f6556f84c3e68 100644
(file)
--- a/
src/src/readconf.c
+++ b/
src/src/readconf.c
@@
-3350,10
+3350,11
@@
but if that yields an unqualified value, make a FQDN by using gethostbyname to
canonize it. Some people like upper case letters in their host names, so we
don't force the case. */
canonize it. Some people like upper case letters in their host names, so we
don't force the case. */
-if (
primary_hostname == NULL
)
+if (
!primary_hostname
)
{
{
- const uschar *hostname;
+ const uschar *
hostname;
struct utsname uts;
struct utsname uts;
+
if (uname(&uts) < 0)
log_write(0, LOG_MAIN|LOG_PANIC_DIE, "uname() failed to yield host name");
hostname = US uts.nodename;
if (uname(&uts) < 0)
log_write(0, LOG_MAIN|LOG_PANIC_DIE, "uname() failed to yield host name");
hostname = US uts.nodename;
@@
-3363,33
+3364,29
@@
if (primary_hostname == NULL)
int af = AF_INET;
struct hostent *hostdata;
int af = AF_INET;
struct hostent *hostdata;
- #if HAVE_IPV6
- if (!disable_ipv6 && (dns_ipv4_lookup == NULL ||
- match_isinlist(hostname, CUSS &dns_ipv4_lookup, 0, NULL, NULL,
+#if HAVE_IPV6
+ if ( !disable_ipv6
+ && ( !dns_ipv4_lookup
+ || match_isinlist(hostname, CUSS &dns_ipv4_lookup, 0, NULL, NULL,
MCL_DOMAIN, TRUE, NULL) != OK))
af = AF_INET6;
MCL_DOMAIN, TRUE, NULL) != OK))
af = AF_INET6;
- #else
- af = AF_INET;
- #endif
+#endif
for (;;)
{
for (;;)
{
-
#if HAVE_IPV6
-
#
if HAVE_GETIPNODEBYNAME
+#if HAVE_IPV6
+
#
if HAVE_GETIPNODEBYNAME
int error_num;
hostdata = getipnodebyname(CS hostname, af, 0, &error_num);
#else
hostdata = gethostbyname2(CS hostname, af);
int error_num;
hostdata = getipnodebyname(CS hostname, af, 0, &error_num);
#else
hostdata = gethostbyname2(CS hostname, af);
-
#
endif
-
#else
+
#
endif
+#else
hostdata = gethostbyname(CS hostname);
hostdata = gethostbyname(CS hostname);
-
#endif
+#endif
- if (hostdata != NULL)
- {
- hostname = US hostdata->h_name;
- break;
- }
+ if (hostdata)
+ { hostname = US hostdata->h_name; break; }
if (af == AF_INET) break;
af = AF_INET;
if (af == AF_INET) break;
af = AF_INET;
git://git.exim.org / users / heiko / exim.git / commitdiff