From e2be2df5c0760e2b6a7870c88ad486a23f5e4b01 Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Mon, 22 Feb 2021 21:24:01 +0000 Subject: [PATCH] Fix list-expansion for various domainlists, having included sublist elements. Bug 2701 --- doc/doc-txt/ChangeLog | 6 ++++++ src/src/acl.c | 6 +++--- src/src/deliver.c | 2 +- src/src/dns.c | 6 +++--- src/src/host.c | 46 +++++++++++++++++++++---------------------- src/src/readconf.c | 33 ++++++++++++++----------------- 6 files changed, 51 insertions(+), 48 deletions(-) diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 2c17877ab..6993499e9 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -207,6 +207,12 @@ JH/43 Bug 2694: Fix weighted distribution of work to multiple spamd servers. Previously the weighting was incorrectly applied. Similar fix for socks proxies. Found and fixed by Heiko Schlichting. +JH/44 Bug 2701: Fix list-expansion of dns_ipv4_lookup. Previously, it did + not handle sub-lists included using the +namedlist syntax. While + investigating, the same found for dns_trust_aa, dns_again_means_nonexist, + dnssec_require_domains, dnssec_request_domains, srv_fail_domains, + mx_fail_domains. + Exim version 4.94 ----------------- diff --git a/src/src/acl.c b/src/src/acl.c index aaf0ce63e..fff2ac042 100644 --- a/src/src/acl.c +++ b/src/src/acl.c @@ -3508,14 +3508,14 @@ for (; cb; cb = cb->next) case ACLC_DKIM_SIGNER: if (dkim_cur_signer) rc = match_isinlist(dkim_cur_signer, - &arg,0,NULL,NULL,MCL_STRING,TRUE,NULL); + &arg, 0, NULL, NULL, MCL_STRING, TRUE, NULL); else rc = FAIL; break; case ACLC_DKIM_STATUS: rc = match_isinlist(dkim_verify_status, - &arg,0,NULL,NULL,MCL_STRING,TRUE,NULL); + &arg, 0, NULL, NULL, MCL_STRING, TRUE, NULL); break; #endif @@ -3527,7 +3527,7 @@ for (; cb; cb = cb->next) /* used long way of dmarc_exim_expand_query() in case we need more * view into the process in the future. */ rc = match_isinlist(dmarc_exim_expand_query(DMARC_VERIFY_STATUS), - &arg,0,NULL,NULL,MCL_STRING,TRUE,NULL); + &arg, 0, NULL, NULL, MCL_STRING, TRUE, NULL); break; #endif diff --git a/src/src/deliver.c b/src/src/deliver.c index 238e33acc..833970c5a 100644 --- a/src/src/deliver.c +++ b/src/src/deliver.c @@ -6814,7 +6814,7 @@ while (addr_new) /* Loop until all addresses dealt with */ addr_route = addr->next; deliver_domain = addr->domain; /* set $domain */ - if ((rc = match_isinlist(addr->domain, (const uschar **)&queue_domains, 0, + if ((rc = match_isinlist(addr->domain, CUSS &queue_domains, 0, &domainlist_anchor, addr->domain_cache, MCL_DOMAIN, TRUE, NULL)) != OK) if (rc == DEFER) diff --git a/src/src/dns.c b/src/src/dns.c index a636f076d..c68698786 100644 --- a/src/src/dns.c +++ b/src/src/dns.c @@ -515,7 +515,7 @@ if ( !h->aa || !(trusted = expand_string(dns_trust_aa)) || !*trusted || !(auth_name = dns_extract_auth_name(dnsa)) - || OK != match_isinlist(auth_name, &trusted, 0, NULL, NULL, + || OK != match_isinlist(auth_name, &trusted, 0, &domainlist_anchor, NULL, MCL_DOMAIN, TRUE, NULL) ) return FALSE; @@ -904,8 +904,8 @@ if (dnsa->answerlen < 0) switch (h_errno) #ifndef STAND_ALONE save_domain = deliver_domain; deliver_domain = string_copy(name); /* set $domain */ - rc = match_isinlist(name, (const uschar **)&dns_again_means_nonexist, 0, NULL, NULL, - MCL_DOMAIN, TRUE, NULL); + rc = match_isinlist(name, CUSS &dns_again_means_nonexist, 0, + &domainlist_anchor, NULL, MCL_DOMAIN, TRUE, NULL); deliver_domain = save_domain; if (rc != OK) { diff --git a/src/src/host.c b/src/src/host.c index a31c09b65..5f254a28d 100644 --- a/src/src/host.c +++ b/src/src/host.c @@ -1971,8 +1971,8 @@ lookups here (except when testing standalone). */ #else if ( disable_ipv6 || dns_ipv4_lookup - && match_isinlist(host->name, CUSS &dns_ipv4_lookup, 0, NULL, NULL, - MCL_DOMAIN, TRUE, NULL) == OK) + && match_isinlist(host->name, CUSS &dns_ipv4_lookup, 0, + &domainlist_anchor, NULL, MCL_DOMAIN, TRUE, NULL) == OK) #endif { af = AF_INET; times = 1; } @@ -2191,12 +2191,12 @@ dns_again_means_nonexist, return permanent rather than temporary failure. */ RETURN_AGAIN: { - #ifndef STAND_ALONE +#ifndef STAND_ALONE int rc; const uschar *save = deliver_domain; deliver_domain = host->name; /* set $domain */ - rc = match_isinlist(host->name, CUSS &dns_again_means_nonexist, 0, NULL, NULL, - MCL_DOMAIN, TRUE, NULL); + rc = match_isinlist(host->name, CUSS &dns_again_means_nonexist, 0, + &domainlist_anchor, NULL, MCL_DOMAIN, TRUE, NULL); deliver_domain = save; if (rc == OK) { @@ -2204,7 +2204,7 @@ RETURN_AGAIN: "returning HOST_FIND_FAILED\n", host->name); return HOST_FIND_FAILED; } - #endif +#endif return HOST_FIND_AGAIN; } } @@ -2296,9 +2296,9 @@ On an IPv4 system, go round the loop once only, looking only for A records. */ #ifndef STAND_ALONE if ( disable_ipv6 || !(whichrrs & HOST_FIND_BY_AAAA) - || (dns_ipv4_lookup - && match_isinlist(host->name, CUSS &dns_ipv4_lookup, 0, NULL, NULL, - MCL_DOMAIN, TRUE, NULL) == OK) + || dns_ipv4_lookup + && match_isinlist(host->name, CUSS &dns_ipv4_lookup, 0, + &domainlist_anchor, NULL, MCL_DOMAIN, TRUE, NULL) == OK ) i = 0; /* look up A records only */ else @@ -2556,12 +2556,12 @@ int yield; dns_answer * dnsa = store_get_dns_answer(); dns_scan dnss; BOOL dnssec_require = dnssec_d - && match_isinlist(host->name, CUSS &dnssec_d->require, - 0, NULL, NULL, MCL_DOMAIN, TRUE, NULL) == OK; + && match_isinlist(host->name, CUSS &dnssec_d->require, + 0, &domainlist_anchor, NULL, MCL_DOMAIN, TRUE, NULL) == OK; BOOL dnssec_request = dnssec_require - || ( dnssec_d - && match_isinlist(host->name, CUSS &dnssec_d->request, - 0, NULL, NULL, MCL_DOMAIN, TRUE, NULL) == OK); + || ( dnssec_d + && match_isinlist(host->name, CUSS &dnssec_d->request, + 0, &domainlist_anchor, NULL, MCL_DOMAIN, TRUE, NULL) == OK); dnssec_status_t dnssec; /* Set the default fully qualified name to the incoming name, initialize the @@ -2626,13 +2626,13 @@ if (whichrrs & HOST_FIND_BY_SRV) } if (rc == DNS_FAIL || rc == DNS_AGAIN) { - #ifndef STAND_ALONE - if (match_isinlist(host->name, CUSS &srv_fail_domains, 0, NULL, NULL, - MCL_DOMAIN, TRUE, NULL) != OK) - #endif +#ifndef STAND_ALONE + if (match_isinlist(host->name, CUSS &srv_fail_domains, 0, + &domainlist_anchor, NULL, MCL_DOMAIN, TRUE, NULL) != OK) +#endif { yield = HOST_FIND_AGAIN; goto out; } DEBUG(D_host_lookup) debug_printf("DNS_%s treated as DNS_NODATA " - "(domain in srv_fail_domains)\n", (rc == DNS_FAIL)? "FAIL":"AGAIN"); + "(domain in srv_fail_domains)\n", rc == DNS_FAIL ? "FAIL":"AGAIN"); } } @@ -2678,8 +2678,8 @@ if (rc != DNS_SUCCEED && whichrrs & HOST_FIND_BY_MX) DEBUG(D_host_lookup) debug_printf("dnssec fail on MX for %.256s", host->name); #ifndef STAND_ALONE - if (match_isinlist(host->name, CUSS &mx_fail_domains, 0, NULL, NULL, - MCL_DOMAIN, TRUE, NULL) != OK) + if (match_isinlist(host->name, CUSS &mx_fail_domains, 0, + &domainlist_anchor, NULL, MCL_DOMAIN, TRUE, NULL) != OK) { yield = HOST_FIND_SECURITY; goto out; } #endif rc = DNS_FAIL; @@ -2688,8 +2688,8 @@ if (rc != DNS_SUCCEED && whichrrs & HOST_FIND_BY_MX) case DNS_FAIL: case DNS_AGAIN: #ifndef STAND_ALONE - if (match_isinlist(host->name, CUSS &mx_fail_domains, 0, NULL, NULL, - MCL_DOMAIN, TRUE, NULL) != OK) + if (match_isinlist(host->name, CUSS &mx_fail_domains, 0, + &domainlist_anchor, NULL, MCL_DOMAIN, TRUE, NULL) != OK) #endif { yield = HOST_FIND_AGAIN; goto out; } DEBUG(D_host_lookup) debug_printf("DNS_%s treated as DNS_NODATA " diff --git a/src/src/readconf.c b/src/src/readconf.c index 7f808def8..fb9164c9d 100644 --- a/src/src/readconf.c +++ b/src/src/readconf.c @@ -3350,10 +3350,11 @@ but if that yields an unqualified value, make a FQDN by using gethostbyname to canonize it. Some people like upper case letters in their host names, so we don't force the case. */ -if (primary_hostname == NULL) +if (!primary_hostname) { - const uschar *hostname; + const uschar * hostname; struct utsname uts; + if (uname(&uts) < 0) log_write(0, LOG_MAIN|LOG_PANIC_DIE, "uname() failed to yield host name"); hostname = US uts.nodename; @@ -3363,33 +3364,29 @@ if (primary_hostname == NULL) int af = AF_INET; struct hostent *hostdata; - #if HAVE_IPV6 - if (!disable_ipv6 && (dns_ipv4_lookup == NULL || - match_isinlist(hostname, CUSS &dns_ipv4_lookup, 0, NULL, NULL, +#if HAVE_IPV6 + if ( !disable_ipv6 + && ( !dns_ipv4_lookup + || match_isinlist(hostname, CUSS &dns_ipv4_lookup, 0, NULL, NULL, MCL_DOMAIN, TRUE, NULL) != OK)) af = AF_INET6; - #else - af = AF_INET; - #endif +#endif for (;;) { - #if HAVE_IPV6 - #if HAVE_GETIPNODEBYNAME +#if HAVE_IPV6 +# if HAVE_GETIPNODEBYNAME int error_num; hostdata = getipnodebyname(CS hostname, af, 0, &error_num); #else hostdata = gethostbyname2(CS hostname, af); - #endif - #else +# endif +#else hostdata = gethostbyname(CS hostname); - #endif +#endif - if (hostdata != NULL) - { - hostname = US hostdata->h_name; - break; - } + if (hostdata) + { hostname = US hostdata->h_name; break; } if (af == AF_INET) break; af = AF_INET; -- 2.30.2