X-Git-Url: https://git.exim.org/users/jgh/exim.git/blobdiff_plain/01603eec64d42431f182b33008206facfc7f800e..7b564712ff3a235ce9ef42ffa4036023057f295e:/src/src/verify.c

diff --git a/src/src/verify.c b/src/src/verify.c
index 7125a6da1..60579668b 100644
--- a/src/src/verify.c
+++ b/src/src/verify.c
@@ -98,7 +98,7 @@ if (type[0] == 'd' && cache_record->result != ccache_reject)
   {
   if (length == sizeof(dbdata_callout_cache_obs))
     {
-    dbdata_callout_cache *new = store_get(sizeof(dbdata_callout_cache));
+    dbdata_callout_cache *new = store_get(sizeof(dbdata_callout_cache), FALSE);
     memcpy(new, cache_record, length);
     new->postmaster_stamp = new->random_stamp = new->time_stamp;
     cache_record = new;
@@ -420,7 +420,7 @@ if (addr->transport == cutthrough.addr.transport)
 
 	if (done)
 	  {
-	  address_item * na = store_get(sizeof(address_item));
+	  address_item * na = store_get(sizeof(address_item), FALSE);
 	  *na = cutthrough.addr;
 	  cutthrough.addr = *addr;
 	  cutthrough.addr.host_used = &cutthrough.host;
@@ -976,8 +976,7 @@ no_conn:
 	{
 	extern int acl_where;	/* src/acl.c */
 	errno = 0;
-	addr->message = string_sprintf(
-	    "response to \"EHLO\" did not include SMTPUTF8");
+	addr->message = US"response to \"EHLO\" did not include SMTPUTF8";
 	addr->user_message = acl_where == ACL_WHERE_RCPT
 	  ? US"533 no support for internationalised mailbox name"
 	  : US"550 mailbox unavailable";
@@ -1002,6 +1001,26 @@ no_conn:
 	  string_sprintf("response to \"%s\" was: %s",
 			  big_buffer, string_printing(sx.buffer));
 
+	/* RFC 5321 section 4.2: the text portion of the response may have only
+	HT, SP, Printable US-ASCII.  Deal with awkward chars by cutting the
+	received message off before passing it onward.  Newlines are ok; they
+	just become a multiline response (but wrapped in the error code we
+	produce). */
+
+	for (uschar * s = sx.buffer;
+	     *s && s < sx.buffer + sizeof(sx.buffer);
+	     s++)
+	  {
+	  uschar c = *s;
+	  if (c != '\t' && c != '\n' && (c < ' ' || c > '~'))
+	    {
+	    if (s - sx.buffer < sizeof(sx.buffer) - 12)
+	      memcpy(s, "(truncated)", 12);
+	    else
+	      *s = '\0';
+	    break;
+	    }
+	  }
 	addr->user_message = options & vopt_is_recipient
 	  ? string_sprintf("Callout verification failed:\n%s", sx.buffer)
 	  : string_sprintf("Called:   %s\nSent:     %s\nResponse: %s",
@@ -1089,7 +1108,7 @@ no_conn:
       for (address_item * caddr = &cutthrough.addr, * parent = addr->parent;
 	   parent;
 	   caddr = caddr->parent, parent = parent->parent)
-        *(caddr->parent = store_get(sizeof(address_item))) = *parent;
+        *(caddr->parent = store_get(sizeof(address_item), FALSE)) = *parent;
 
       ctctx.outblock.buffer = ctbuffer;
       ctctx.outblock.buffersize = sizeof(ctbuffer);
@@ -1173,7 +1192,7 @@ if (!done)
 /* Come here from within the cache-reading code on fast-track exit. */
 
 END_CALLOUT:
-tls_modify_variables(&tls_in);
+tls_modify_variables(&tls_in);	/* return variables to inbound values */
 return yield;
 }
 
@@ -1529,6 +1548,8 @@ if (addr != vaddr)
   vaddr->basic_errno = addr->basic_errno;
   vaddr->more_errno = addr->more_errno;
   vaddr->prop.address_data = addr->prop.address_data;
+  vaddr->prop.variables = NULL;
+  tree_dup((tree_node **)&vaddr->prop.variables, addr->prop.variables);
   copyflag(vaddr, addr, af_pass_message);
   }
 return yield;
@@ -2089,6 +2110,8 @@ while (addr_new)
       of $address_data to be that of the child */
 
       vaddr->prop.address_data = addr->prop.address_data;
+      vaddr->prop.variables = NULL;
+      tree_dup((tree_node **)&vaddr->prop.variables, addr->prop.variables);
 
       /* If stopped because more than one new address, cannot cutthrough */
 
@@ -2190,7 +2213,7 @@ the -bv or -bt case). */
 
 out:
 verify_mode = NULL;
-tls_modify_variables(&tls_in);
+tls_modify_variables(&tls_in);	/* return variables to inbound values */
 
 return yield;
 }
@@ -2346,7 +2369,7 @@ for (header_line * h = header_list; h; h = h->next)
     if ((*s < 33) || (*s > 126))
       {
       *msgptr = string_sprintf("Invalid character in header \"%.*s\" found",
-			     colon - h->text, h->text);
+			     (int)(colon - h->text), h->text);
       return FAIL;
       }
   }
@@ -2745,7 +2768,7 @@ for (;;)
   int size = sizeof(buffer) - (p - buffer);
 
   if (size <= 0) goto END_OFF;   /* Buffer filled without seeing \n. */
-  count = ip_recv(&ident_conn_ctx, p, size, rfc1413_query_timeout);
+  count = ip_recv(&ident_conn_ctx, p, size, time(NULL) + rfc1413_query_timeout);
   if (count <= 0) goto END_OFF;  /* Read error or EOF */
 
   /* Scan what we just read, to see if we have reached the terminating \r\n. Be
@@ -3392,9 +3415,9 @@ else
 
   else
     {	/* Set up a tree entry to cache the lookup */
-    t = store_get(sizeof(tree_node) + Ustrlen(query));
+    t = store_get(sizeof(tree_node) + Ustrlen(query), is_tainted(query));
     Ustrcpy(t->name, query);
-    t->data.ptr = cb = store_get(sizeof(dnsbl_cache_block));
+    t->data.ptr = cb = store_get(sizeof(dnsbl_cache_block), FALSE);
     (void)tree_insertnode(&dnsbl_cache, t);
     }