GnuTLS: fix non-OCSP bulid

[exim.git] / src / src / deliver.c

diff --git a/src/src/deliver.c b/src/src/deliver.c
index 66e49d3712297f57489b3844ce82b73b1ab45bc8..72751c2dc5d415404356df594df10f61fbddc1e6 100644 (file)
--- a/src/src/deliver.c
+++ b/src/src/deliver.c
@@ -328,6 +328,10 @@ Returns:    a file descriptor, or -1 (with errno set)
 static int
 open_msglog_file(uschar *filename, int mode, uschar **error)
 {
+if (Ustrstr(filename, US"/../"))
+  log_write(0, LOG_MAIN|LOG_PANIC,
+    "Attempt to open msglog file path with upward-traversal: '%s'\n", filename);
+
 for (int i = 2; i > 0; i--)
   {
   int fd = Uopen(filename,
@@ -4794,7 +4798,6 @@ all pipes, so I do not see a reason to use non-blocking IO here
     for(; addr; addr = addr->next)
       {
       uschar *ptr;
-      retry_item *r;
 
       /* The certificate verification status goes into the flags */
       if (tls_out.certificate_verified) setflag(addr, af_cert_verified);
@@ -4827,7 +4830,7 @@ all pipes, so I do not see a reason to use non-blocking IO here
       if (addr->peercert)
        {
         ptr = big_buffer;
-       if (!tls_export_cert(ptr, big_buffer_size-2, addr->peercert))
+       if (tls_export_cert(ptr, big_buffer_size-2, addr->peercert))
          while(*ptr++);
        else
          *ptr++ = 0;
@@ -4836,7 +4839,7 @@ all pipes, so I do not see a reason to use non-blocking IO here
       if (addr->ourcert)
        {
         ptr = big_buffer;
-       if (!tls_export_cert(ptr, big_buffer_size-2, addr->ourcert))
+       if (tls_export_cert(ptr, big_buffer_size-2, addr->ourcert))
          while(*ptr++);
        else
          *ptr++ = 0;
@@ -4894,7 +4897,7 @@ all pipes, so I do not see a reason to use non-blocking IO here
 
       /* Retry information: for most success cases this will be null. */
 
-      for (r = addr->retries; r; r = r->next)
+      for (retry_item * r = addr->retries; r; r = r->next)
         {
         sprintf(CS big_buffer, "%c%.500s", r->flags, r->key);
         ptr = big_buffer + Ustrlen(big_buffer+2) + 3;