git://git.exim.org
/
users
/
jgh
/
exim.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Fix buffer overrun in spam= acl condition. Bug 1552
[users/jgh/exim.git]
/
src
/
src
/
acl.c
diff --git
a/src/src/acl.c
b/src/src/acl.c
index 42b9091c3af4d9fae0de85fe70325899d7c25f93..4ee70bf319814c2bc9743a2dde295ed487320f12 100644
(file)
--- a/
src/src/acl.c
+++ b/
src/src/acl.c
@@
-397,7
+397,7
@@
static unsigned int cond_forbids[] = {
(unsigned int)
~((1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_RCPT)| /* add_header */
(1<<ACL_WHERE_PREDATA)|(1<<ACL_WHERE_DATA)|
(unsigned int)
~((1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_RCPT)| /* add_header */
(1<<ACL_WHERE_PREDATA)|(1<<ACL_WHERE_DATA)|
- #if
def EXPERIMENTAL
_PRDR
+ #if
ndef DISABLE
_PRDR
(1<<ACL_WHERE_PRDR)|
#endif
(1<<ACL_WHERE_MIME)|(1<<ACL_WHERE_NOTSMTP)|
(1<<ACL_WHERE_PRDR)|
#endif
(1<<ACL_WHERE_MIME)|(1<<ACL_WHERE_NOTSMTP)|
@@
-412,7
+412,7
@@
static unsigned int cond_forbids[] = {
(1<<ACL_WHERE_AUTH)| /* bmi_optin */
(1<<ACL_WHERE_CONNECT)|(1<<ACL_WHERE_HELO)|
(1<<ACL_WHERE_DATA)|(1<<ACL_WHERE_MIME)|
(1<<ACL_WHERE_AUTH)| /* bmi_optin */
(1<<ACL_WHERE_CONNECT)|(1<<ACL_WHERE_HELO)|
(1<<ACL_WHERE_DATA)|(1<<ACL_WHERE_MIME)|
- #if
def EXPERIMENTAL
_PRDR
+ #if
ndef DISABLE
_PRDR
(1<<ACL_WHERE_PRDR)|
#endif
(1<<ACL_WHERE_ETRN)|(1<<ACL_WHERE_EXPN)|
(1<<ACL_WHERE_PRDR)|
#endif
(1<<ACL_WHERE_ETRN)|(1<<ACL_WHERE_EXPN)|
@@
-434,9
+434,9
@@
static unsigned int cond_forbids[] = {
#ifdef EXPERIMENTAL_DCC
(unsigned int)
~((1<<ACL_WHERE_DATA)| /* dcc */
#ifdef EXPERIMENTAL_DCC
(unsigned int)
~((1<<ACL_WHERE_DATA)| /* dcc */
- #if
def EXPERIMENTAL
_PRDR
+ #if
ndef DISABLE
_PRDR
(1<<ACL_WHERE_PRDR)|
(1<<ACL_WHERE_PRDR)|
- #endif
/* EXPERIMENTAL_PRDR */
+ #endif
(1<<ACL_WHERE_NOTSMTP)),
#endif
(1<<ACL_WHERE_NOTSMTP)),
#endif
@@
-450,9
+450,9
@@
static unsigned int cond_forbids[] = {
#ifdef WITH_OLD_DEMIME
(unsigned int)
~((1<<ACL_WHERE_DATA)| /* demime */
#ifdef WITH_OLD_DEMIME
(unsigned int)
~((1<<ACL_WHERE_DATA)| /* demime */
- #if
def EXPERIMENTAL
_PRDR
+ #if
ndef DISABLE
_PRDR
(1<<ACL_WHERE_PRDR)|
(1<<ACL_WHERE_PRDR)|
- #endif
/* EXPERIMENTAL_PRDR */
+ #endif
(1<<ACL_WHERE_NOTSMTP)),
#endif
(1<<ACL_WHERE_NOTSMTP)),
#endif
@@
-474,7
+474,7
@@
static unsigned int cond_forbids[] = {
(unsigned int)
~((1<<ACL_WHERE_RCPT) /* domains */
(unsigned int)
~((1<<ACL_WHERE_RCPT) /* domains */
- #if
def EXPERIMENTAL
_PRDR
+ #if
ndef DISABLE
_PRDR
|(1<<ACL_WHERE_PRDR)
#endif
),
|(1<<ACL_WHERE_PRDR)
#endif
),
@@
-491,7
+491,7
@@
static unsigned int cond_forbids[] = {
(unsigned int)
~((1<<ACL_WHERE_RCPT) /* local_parts */
(unsigned int)
~((1<<ACL_WHERE_RCPT) /* local_parts */
- #if
def EXPERIMENTAL
_PRDR
+ #if
ndef DISABLE
_PRDR
|(1<<ACL_WHERE_PRDR)
#endif
),
|(1<<ACL_WHERE_PRDR)
#endif
),
@@
-505,9
+505,9
@@
static unsigned int cond_forbids[] = {
#ifdef WITH_CONTENT_SCAN
(unsigned int)
~((1<<ACL_WHERE_DATA)| /* malware */
#ifdef WITH_CONTENT_SCAN
(unsigned int)
~((1<<ACL_WHERE_DATA)| /* malware */
- #if
def EXPERIMENTAL
_PRDR
+ #if
ndef DISABLE
_PRDR
(1<<ACL_WHERE_PRDR)|
(1<<ACL_WHERE_PRDR)|
- #endif
/* EXPERIMENTAL_PRDR */
+ #endif
(1<<ACL_WHERE_NOTSMTP)),
#endif
(1<<ACL_WHERE_NOTSMTP)),
#endif
@@
-526,9
+526,9
@@
static unsigned int cond_forbids[] = {
#ifdef WITH_CONTENT_SCAN
(unsigned int)
~((1<<ACL_WHERE_DATA)| /* regex */
#ifdef WITH_CONTENT_SCAN
(unsigned int)
~((1<<ACL_WHERE_DATA)| /* regex */
- #if
def EXPERIMENTAL
_PRDR
+ #if
ndef DISABLE
_PRDR
(1<<ACL_WHERE_PRDR)|
(1<<ACL_WHERE_PRDR)|
- #endif
/* EXPERIMENTAL_PRDR */
+ #endif
(1<<ACL_WHERE_NOTSMTP)|
(1<<ACL_WHERE_MIME)),
#endif
(1<<ACL_WHERE_NOTSMTP)|
(1<<ACL_WHERE_MIME)),
#endif
@@
-536,7
+536,7
@@
static unsigned int cond_forbids[] = {
(unsigned int)
~((1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_RCPT)| /* remove_header */
(1<<ACL_WHERE_PREDATA)|(1<<ACL_WHERE_DATA)|
(unsigned int)
~((1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_RCPT)| /* remove_header */
(1<<ACL_WHERE_PREDATA)|(1<<ACL_WHERE_DATA)|
- #if
def EXPERIMENTAL
_PRDR
+ #if
ndef DISABLE
_PRDR
(1<<ACL_WHERE_PRDR)|
#endif
(1<<ACL_WHERE_MIME)|(1<<ACL_WHERE_NOTSMTP)|
(1<<ACL_WHERE_PRDR)|
#endif
(1<<ACL_WHERE_MIME)|(1<<ACL_WHERE_NOTSMTP)|
@@
-559,9
+559,9
@@
static unsigned int cond_forbids[] = {
#ifdef WITH_CONTENT_SCAN
(unsigned int)
~((1<<ACL_WHERE_DATA)| /* spam */
#ifdef WITH_CONTENT_SCAN
(unsigned int)
~((1<<ACL_WHERE_DATA)| /* spam */
- #if
def EXPERIMENTAL
_PRDR
+ #if
ndef DISABLE
_PRDR
(1<<ACL_WHERE_PRDR)|
(1<<ACL_WHERE_PRDR)|
- #endif
/* EXPERIMENTAL_PRDR */
+ #endif
(1<<ACL_WHERE_NOTSMTP)),
#endif
(1<<ACL_WHERE_NOTSMTP)),
#endif
@@
-608,9
+608,9
@@
static unsigned int control_forbids[] = {
#ifndef DISABLE_DKIM
(1<<ACL_WHERE_DATA)|(1<<ACL_WHERE_NOTSMTP)| /* dkim_disable_verify */
#ifndef DISABLE_DKIM
(1<<ACL_WHERE_DATA)|(1<<ACL_WHERE_NOTSMTP)| /* dkim_disable_verify */
- #if
def EXPERIMENTAL
_PRDR
+ #if
ndef DISABLE
_PRDR
(1<<ACL_WHERE_PRDR)|
(1<<ACL_WHERE_PRDR)|
- #endif
/* EXPERIMENTAL_PRDR */
+ #endif
(1<<ACL_WHERE_NOTSMTP_START),
#endif
(1<<ACL_WHERE_NOTSMTP_START),
#endif
@@
-674,17
+674,17
@@
static unsigned int control_forbids[] = {
(unsigned int)
~((1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_RCPT)| /* fakedefer */
(1<<ACL_WHERE_PREDATA)|(1<<ACL_WHERE_DATA)|
(unsigned int)
~((1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_RCPT)| /* fakedefer */
(1<<ACL_WHERE_PREDATA)|(1<<ACL_WHERE_DATA)|
- #if
def EXPERIMENTAL
_PRDR
+ #if
ndef DISABLE
_PRDR
(1<<ACL_WHERE_PRDR)|
(1<<ACL_WHERE_PRDR)|
- #endif
/* EXPERIMENTAL_PRDR */
+ #endif
(1<<ACL_WHERE_MIME)),
(unsigned int)
~((1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_RCPT)| /* fakereject */
(1<<ACL_WHERE_PREDATA)|(1<<ACL_WHERE_DATA)|
(1<<ACL_WHERE_MIME)),
(unsigned int)
~((1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_RCPT)| /* fakereject */
(1<<ACL_WHERE_PREDATA)|(1<<ACL_WHERE_DATA)|
- #if
def EXPERIMENTAL
_PRDR
+ #if
ndef DISABLE
_PRDR
(1<<ACL_WHERE_PRDR)|
(1<<ACL_WHERE_PRDR)|
- #endif
/* EXPERIMENTAL_PRDR */
+ #endif
(1<<ACL_WHERE_MIME)),
(1<<ACL_WHERE_NOTSMTP)| /* no_multiline */
(1<<ACL_WHERE_MIME)),
(1<<ACL_WHERE_NOTSMTP)| /* no_multiline */
@@
-1550,7
+1550,7
@@
for (rr = dns_next_rr(&dnsa, &dnss, RESET_ANSWERS);
assertion: legitimate SMTP clients are all explicitly authorized with CSA
SRV records of their own. */
assertion: legitimate SMTP clients are all explicitly authorized with CSA
SRV records of their own. */
- if (
found != domain
)
+ if (
Ustrcmp(found, domain) != 0
)
{
if (port & 1)
return t->data.val = CSA_FAIL_EXPLICIT;
{
if (port & 1)
return t->data.val = CSA_FAIL_EXPLICIT;
@@
-4129,7
+4129,11
@@
while (acl != NULL)
switch(acl->verb)
{
case ACL_ACCEPT:
switch(acl->verb)
{
case ACL_ACCEPT:
- if (cond == OK || cond == DISCARD) return cond;
+ if (cond == OK || cond == DISCARD)
+ {
+ HDEBUG(D_acl) debug_printf("end of %s: ACCEPT\n", acl_name);
+ return cond;
+ }
if (endpass_seen)
{
HDEBUG(D_acl) debug_printf("accept: endpass encountered - denying access\n");
if (endpass_seen)
{
HDEBUG(D_acl) debug_printf("accept: endpass encountered - denying access\n");
@@
-4140,17
+4144,26
@@
while (acl != NULL)
case ACL_DEFER:
if (cond == OK)
{
case ACL_DEFER:
if (cond == OK)
{
+ HDEBUG(D_acl) debug_printf("end of %s: DEFER\n", acl_name);
acl_temp_details = TRUE;
return DEFER;
}
break;
case ACL_DENY:
acl_temp_details = TRUE;
return DEFER;
}
break;
case ACL_DENY:
- if (cond == OK) return FAIL;
+ if (cond == OK)
+ {
+ HDEBUG(D_acl) debug_printf("end of %s: DENY\n", acl_name);
+ return FAIL;
+ }
break;
case ACL_DISCARD:
break;
case ACL_DISCARD:
- if (cond == OK || cond == DISCARD) return DISCARD;
+ if (cond == OK || cond == DISCARD)
+ {
+ HDEBUG(D_acl) debug_printf("end of %s: DISCARD\n", acl_name);
+ return DISCARD;
+ }
if (endpass_seen)
{
HDEBUG(D_acl) debug_printf("discard: endpass encountered - denying access\n");
if (endpass_seen)
{
HDEBUG(D_acl) debug_printf("discard: endpass encountered - denying access\n");
@@
-4159,11
+4172,19
@@
while (acl != NULL)
break;
case ACL_DROP:
break;
case ACL_DROP:
- if (cond == OK) return FAIL_DROP;
+ if (cond == OK)
+ {
+ HDEBUG(D_acl) debug_printf("end of %s: DROP\n", acl_name);
+ return FAIL_DROP;
+ }
break;
case ACL_REQUIRE:
break;
case ACL_REQUIRE:
- if (cond != OK) return cond;
+ if (cond != OK)
+ {
+ HDEBUG(D_acl) debug_printf("end of %s: not OK\n", acl_name);
+ return cond;
+ }
break;
case ACL_WARN:
break;
case ACL_WARN:
@@
-4319,7
+4340,7
@@
sender_verified_failed = NULL;
ratelimiters_cmd = NULL;
log_reject_target = LOG_MAIN|LOG_REJECT;
ratelimiters_cmd = NULL;
log_reject_target = LOG_MAIN|LOG_REJECT;
-#if
def EXPERIMENTAL
_PRDR
+#if
ndef DISABLE
_PRDR
if (where == ACL_WHERE_RCPT || where == ACL_WHERE_PRDR )
#else
if (where == ACL_WHERE_RCPT )
if (where == ACL_WHERE_RCPT || where == ACL_WHERE_PRDR )
#else
if (where == ACL_WHERE_RCPT )
@@
-4363,7
+4384,7
@@
If conn-failure, no action (and keep the spooled copy).
switch (where)
{
case ACL_WHERE_RCPT:
switch (where)
{
case ACL_WHERE_RCPT:
-#if
def EXPERIMENTAL
_PRDR
+#if
ndef DISABLE
_PRDR
case ACL_WHERE_PRDR:
#endif
if( rcpt_count > 1 )
case ACL_WHERE_PRDR:
#endif
if( rcpt_count > 1 )
git://git.exim.org / users / jgh / exim.git / blobdiff