extern void cancel_cutthrough_connection(BOOL, const uschar *);
extern int check_host(void *, const uschar *, const uschar **, uschar **);
extern uschar **child_exec_exim(int, BOOL, int *, BOOL, int, ...);
+extern pid_t child_open_exim_function(int *, const uschar *);
+extern pid_t child_open_exim2_function(int *, uschar *, uschar *,
+ const uschar *);
extern pid_t child_open_uid(const uschar **, const uschar **, int,
uid_t *, gid_t *, int *, int *, uschar *, BOOL);
extern BOOL cleanup_environment(void);
extern uschar *deliver_get_sender_address (uschar *id);
extern void delivery_re_exec(int);
+extern void die_tainted(const uschar *, const uschar *, int);
extern BOOL directory_make(const uschar *, const uschar *, int, BOOL);
#ifndef DISABLE_DKIM
extern uschar *dkim_exim_query_dns_txt(const uschar *);
extern void exim_exit(int, const uschar *) NORETURN;
extern void exim_nullstd(void);
extern void exim_setugid(uid_t, gid_t, BOOL, uschar *);
-extern void exim_underbar_exit(int);
+extern void exim_underbar_exit(int, const uschar *);
extern void exim_wait_tick(struct timeval *, int);
extern int exp_bool(address_item *addr,
uschar *mtype, uschar *mname, unsigned dgb_opt, uschar *oname, BOOL bvalue,
extern int ip_recv(client_conn_ctx *, uschar *, int, time_t);
extern int ip_socket(int, int);
-extern int ip_tcpsocket(const uschar *, uschar **, int);
+extern int ip_tcpsocket(const uschar *, uschar **, int, host_item *);
extern int ip_unixsocket(const uschar *, uschar **);
-extern int ip_streamsocket(const uschar *, uschar **, int);
+extern int ip_streamsocket(const uschar *, uschar **, int, host_item *);
extern int ipv6_nmtoa(int *, uschar *);
extern BOOL queue_action(uschar *, int, uschar **, int, int);
extern void queue_check_only(void);
+extern unsigned queue_count(void);
+extern unsigned queue_count_cached(void);
extern void queue_list(int, uschar **, int);
-extern void queue_count(void);
+#ifdef EXPERIMENTAL_QUEUE_RAMP
+extern void queue_notify_daemon(const uschar * hostname);
+#endif
extern void queue_run(uschar *, uschar *, BOOL);
extern int random_number(int);
uschar **);
extern int route_address(address_item *, address_item **, address_item **,
address_item **, address_item **, int);
-extern int route_check_prefix(const uschar *, const uschar *);
-extern int route_check_suffix(const uschar *, const uschar *);
+extern int route_check_prefix(const uschar *, const uschar *, unsigned *);
+extern int route_check_suffix(const uschar *, const uschar *, unsigned *);
extern BOOL route_findgroup(uschar *, gid_t *);
extern BOOL route_finduser(const uschar *, struct passwd **, uid_t *);
extern BOOL route_find_expanded_group(uschar *, uschar *, uschar *, gid_t *,
extern ssize_t write_to_fd_buf(int, const uschar *, size_t);
+/******************************************************************************/
+/* Predicate: if an address is in a tainted pool.
+By extension, a variable pointing to this address is tainted.
+*/
+
+static inline BOOL
+is_tainted(const void * p)
+{
+#if defined(COMPILE_UTILITY) || defined(MACRO_PREDEF) || defined(EM_VERSION_C)
+return FALSE;
+
+#else
+extern BOOL is_tainted_fn(const void *);
+return is_tainted_fn(p);
+#endif
+}
+
+/******************************************************************************/
+/* String functions */
+static inline uschar * __Ustrcat(uschar * dst, const uschar * src, const char * func, int line)
+{
+#if !defined(COMPILE_UTILITY) && !defined(MACRO_PREDEF)
+if (!is_tainted(dst) && is_tainted(src)) die_tainted(US"Ustrcat", CUS func, line);
+#endif
+return US strcat(CS dst, CCS src);
+}
+static inline uschar * __Ustrcpy(uschar * dst, const uschar * src, const char * func, int line)
+{
+#if !defined(COMPILE_UTILITY) && !defined(MACRO_PREDEF)
+if (!is_tainted(dst) && is_tainted(src)) die_tainted(US"Ustrcpy", CUS func, line);
+#endif
+return US strcpy(CS dst, CCS src);
+}
+static inline uschar * __Ustrncat(uschar * dst, const uschar * src, size_t n, const char * func, int line)
+{
+#if !defined(COMPILE_UTILITY) && !defined(MACRO_PREDEF)
+if (!is_tainted(dst) && is_tainted(src)) die_tainted(US"Ustrncat", CUS func, line);
+#endif
+return US strncat(CS dst, CCS src, n);
+}
+static inline uschar * __Ustrncpy(uschar * dst, const uschar * src, size_t n, const char * func, int line)
+{
+#if !defined(COMPILE_UTILITY) && !defined(MACRO_PREDEF)
+if (!is_tainted(dst) && is_tainted(src)) die_tainted(US"Ustrncpy", CUS func, line);
+#endif
+return US strncpy(CS dst, CCS src, n);
+}
+/*XXX will likely need unchecked copy also */
+
+
+/******************************************************************************/
+
#if !defined(MACRO_PREDEF) && !defined(COMPILE_UTILITY)
/* exim_chown - in some NFSv4 setups *seemes* to be an issue with
chown(<exim-uid>, <exim-gid>).
return chown(CCS name, owner, group)
? exim_chown_failure(-1, name, owner, group) : 0;
}
-
#endif /* !MACRO_PREDEF && !COMPILE_UTILITY */
+
/******************************************************************************/
/* String functions */
string_copy_taint_trc((s), tainted, __FUNCTION__, __LINE__)
static inline uschar *
-string_copy(const uschar * s)
+string_copy_trc(const uschar * s, const char * func, int line)
{
-return string_copy_taint((s), is_tainted(s));
+return string_copy_taint_trc((s), is_tainted(s), func, line);
}
+#define string_copy(s) \
+ string_copy_trc((s), __FUNCTION__, __LINE__)
+
/*************************************************
* Copy, lowercase and save string *
return g->s;
}
+static inline unsigned
+gstring_length(const gstring * g)
+{
+return g ? (unsigned)g->ptr : 0;
+}
+
#define gstring_release_unused(g) \
gstring_release_unused_trc(g, __FUNCTION__, __LINE__)
return g;
}
+
+/* Copy the content of a string to tainted memory */
+
+static inline void
+gstring_rebuffer(gstring * g)
+{
+uschar * s = store_get(g->size, TRUE);
+memcpy(s, g->s, g->ptr);
+g->s = s;
+}
+
+
/******************************************************************************/
#define store_get_dns_answer() store_get_dns_answer_trc(CUS __FUNCTION__, __LINE__)
}
/******************************************************************************/
+/* Time calculations */
+
static inline void
timesince(struct timeval * diff, const struct timeval * then)
{
testharness_pause_ms(int millisec)
{
#ifndef MEASURE_TIMING
-if (f.running_in_test_harness) millisleep(millisec);
+if (f.running_in_test_harness && f.testsuite_delays) millisleep(millisec);
#endif
}
+/******************************************************************************/
+/* Taint-checked file opens */
+
+static inline int
+exim_open2(const char *pathname, int flags)
+{
+if (!is_tainted(pathname)) return open(pathname, flags);
+log_write(0, LOG_MAIN|LOG_PANIC, "Tainted filename '%s'\n", pathname);
+errno = EACCES;
+return -1;
+}
+static inline int
+exim_open(const char *pathname, int flags, mode_t mode)
+{
+if (!is_tainted(pathname)) return open(pathname, flags, mode);
+log_write(0, LOG_MAIN|LOG_PANIC, "Tainted filename '%s'\n", pathname);
+errno = EACCES;
+return -1;
+}
+static inline int
+exim_openat(int dirfd, const char *pathname, int flags)
+{
+if (!is_tainted(pathname)) return openat(dirfd, pathname, flags);
+log_write(0, LOG_MAIN|LOG_PANIC, "Tainted filename '%s'\n", pathname);
+errno = EACCES;
+return -1;
+}
+static inline int
+exim_openat4(int dirfd, const char *pathname, int flags, mode_t mode)
+{
+if (!is_tainted(pathname)) return openat(dirfd, pathname, flags, mode);
+log_write(0, LOG_MAIN|LOG_PANIC, "Tainted filename '%s'\n", pathname);
+errno = EACCES;
+return -1;
+}
+
+static inline FILE *
+exim_fopen(const char *pathname, const char *mode)
+{
+if (!is_tainted(pathname)) return fopen(pathname, mode);
+log_write(0, LOG_MAIN|LOG_PANIC, "Tainted filename '%s'\n", pathname);
+errno = EACCES;
+return NULL;
+}
+
+/******************************************************************************/
+/* Process manipulation */
+
+static inline pid_t
+exim_fork(const unsigned char * purpose)
+{
+pid_t pid = fork();
+if (pid == 0) process_purpose = purpose;
+return pid;
+}
+
+#define child_open_exim(p, r) child_open_exim_function((p), (r))
+#define child_open_exim2(p, s, a, r) child_open_exim2_function((p), (s), (a), (r))
+
+/******************************************************************************/
#endif /* !MACRO_PREDEF */
#endif /* _FUNCTIONS_H_ */
projects / exim.git / blobdiff