Docs: fix validation

[users/jgh/exim.git] / src / src / expand.c

diff --git a/src/src/expand.c b/src/src/expand.c
index 1cd08df899eecdf4b31754be6488dd25da9be8f1..7986bbd141c570915d58de06bc73b5f7c9484685 100644 (file)
--- a/src/src/expand.c
+++ b/src/src/expand.c
@@ -213,6 +213,7 @@ static uschar *op_table_main[] = {
   US"base62d",
   US"base64",
   US"base64d",
+  US"bless",
   US"domain",
   US"escape",
   US"escape8bit",
@@ -260,6 +261,7 @@ enum {
   EOP_BASE62D,
   EOP_BASE64,
   EOP_BASE64D,
+  EOP_BLESS,
   EOP_DOMAIN,
   EOP_ESCAPE,
   EOP_ESCAPE8BIT,
@@ -587,6 +589,7 @@ static var_entry var_table[] = {
   { "local_part_data",     vtype_stringptr,   &deliver_localpart_data },
   { "local_part_prefix",   vtype_stringptr,   &deliver_localpart_prefix },
   { "local_part_suffix",   vtype_stringptr,   &deliver_localpart_suffix },
+  { "local_part_verified", vtype_stringptr,   &deliver_localpart_verified },
 #ifdef HAVE_LOCAL_SCAN
   { "local_scan_data",     vtype_stringptr,   &local_scan_data },
 #endif
@@ -776,6 +779,7 @@ static var_entry var_table[] = {
 #ifndef DISABLE_TLS
   { "tls_in_sni",          vtype_stringptr,   &tls_in.sni },
 #endif
+  { "tls_in_ver",          vtype_stringptr,   &tls_in.ver },
   { "tls_out_bits",        vtype_int,         &tls_out.bits },
   { "tls_out_certificate_verified", vtype_int,&tls_out.certificate_verified },
   { "tls_out_cipher",      vtype_stringptr,   &tls_out.cipher },
@@ -796,6 +800,7 @@ static var_entry var_table[] = {
 #ifdef SUPPORT_DANE
   { "tls_out_tlsa_usage",  vtype_int,         &tls_out.tlsa_usage },
 #endif
+  { "tls_out_ver",         vtype_stringptr,   &tls_out.ver },
 
   { "tls_peerdn",          vtype_stringptr,   &tls_in.peerdn },        /* mind the alphabetical order! */
 #ifndef DISABLE_TLS
@@ -1625,8 +1630,8 @@ for (header_line * h = header_list; h; h = h->next)
 
       /* Trim the header roughly if we're approaching limits */
       inc = t - s;
-      if ((g ? g->ptr : 0) + inc > header_insert_maxlen)
-       inc = header_insert_maxlen - (g ? g->ptr : 0);
+      if (gstring_length(g) + inc > header_insert_maxlen)
+       inc = header_insert_maxlen - gstring_length(g);
 
       /* For raw just copy the data; for a list, add the data as a colon-sep
       list-element; for comma-list add as an unchecked comma,newline sep
@@ -1638,17 +1643,12 @@ for (header_line * h = header_list; h; h = h->next)
       if (flags & FH_WANT_LIST)
         g = string_append_listele_n(g, ':', s, (unsigned)inc);
       else if (flags & FH_WANT_RAW)
-       {
        g = string_catn(g, s, (unsigned)inc);
-       (void) string_from_gstring(g);
-       }
       else if (inc > 0)
-       if (comma)
-         g = string_append2_listele_n(g, US",\n", s, (unsigned)inc);
-       else
-         g = string_append2_listele_n(g, US"\n", s, (unsigned)inc);
+       g = string_append2_listele_n(g, comma ? US",\n" : US"\n",
+         s, (unsigned)inc);
 
-      if (g && g->ptr >= header_insert_maxlen) break;
+      if (gstring_length(g) >= header_insert_maxlen) break;
       }
 
 if (!found) return NULL;       /* No header found */
@@ -1658,7 +1658,7 @@ if (!g) return US"";
 
 *newsize = g->size;
 if (flags & FH_WANT_RAW)
-  return g->s;
+  return string_from_gstring(g);
 
 /* Otherwise do RFC 2047 decoding, translating the charset if requested.
 The rfc2047_decode2() function can return an error with decoded data if the
@@ -1666,16 +1666,12 @@ charset translation fails. If decoding fails, it returns NULL. */
 
 else
   {
-  uschar *decoded, *error;
-
-  decoded = rfc2047_decode2(g->s, check_rfc2047_length, charset, '?', NULL,
-    newsize, &error);
+  uschar * error, * decoded = rfc2047_decode2(string_from_gstring(g),
+    check_rfc2047_length, charset, '?', NULL, newsize, &error);
   if (error)
-    {
     DEBUG(D_any) debug_printf("*** error in RFC 2047 decoding: %s\n"
       "    input was: %s\n", error, g->s);
-    }
-  return decoded ? decoded : g->s;
+  return decoded ? decoded : string_from_gstring(g);
   }
 }
 
@@ -2890,7 +2886,7 @@ switch(cond_type = identify_operator(&s, &opname))
     break;
 
     case ECOND_MATCH:   /* Regular expression match */
-    if (!(re = pcre_compile(CS sub[1], PCRE_COPT, (const char **)&rerror,
+    if (!(re = pcre_compile(CS sub[1], PCRE_COPT, CCSS &rerror,
                            &roffset, NULL)))
       {
       expand_string_message = string_sprintf("regular expression error in "
@@ -5831,7 +5827,7 @@ while (*s != 0)
 
       /* Compile the regular expression */
 
-      if (!(re = pcre_compile(CS sub[1], PCRE_COPT, (const char **)&rerror,
+      if (!(re = pcre_compile(CS sub[1], PCRE_COPT, CCSS &rerror,
                              &roffset, NULL)))
         {
         expand_string_message = string_sprintf("regular expression error in "
@@ -7056,6 +7052,20 @@ while (*s != 0)
         continue;
         }
 
+      case EOP_BLESS:
+       /* This is purely for the convenience of the test harness.  Do not enable
+       it otherwise as it defeats the taint-checking security. */
+
+       if (f.running_in_test_harness)
+         yield = string_cat(yield, is_tainted(sub)
+                                   ? string_copy_taint(sub, FALSE) : sub);
+       else
+         {
+         DEBUG(D_expand) debug_printf_indent("bless operator not supported\n");
+         yield = string_cat(yield, sub);
+         }
+       continue;
+
       case EOP_EXPAND:
         {
         uschar *expanded = expand_string_internal(sub, FALSE, NULL, skipping, TRUE, &resetok);
@@ -8531,7 +8541,7 @@ expand_file_big_buffer(const uschar * filename)
 {
 int fd, off = 0, len;
 
-if ((fd = open(CS filename, O_RDONLY)) < 0)
+if ((fd = exim_open2(CS filename, O_RDONLY)) < 0)
   {
   log_write(0, LOG_MAIN | LOG_PANIC, "unable to open file for reading: %s",
             filename);