Apply timeout to Fsecure malware response. Bug 1549

[exim.git] / src / src / verify.c

diff --git a/src/src/verify.c b/src/src/verify.c
index 82dc5cc722f322a8e933b6470600ba22d9ec1b7b..96740f8f382acdf44f13ac99e940005efbfe992a 100644 (file)
--- a/src/src/verify.c
+++ b/src/src/verify.c
@@ -491,14 +491,13 @@ else
       tls_out.dane_verified = FALSE;
       tls_out.tlsa_usage = 0;
 
-      dane_required = verify_check_this_host(&ob->hosts_require_dane, NULL,
-                               host->name, host->address, NULL) == OK;
+      dane_required =
+       verify_check_given_host(&ob->hosts_require_dane, host) == OK;
 
       if (host->dnssec == DS_YES)
        {
        if(  dane_required
-         || verify_check_this_host(&ob->hosts_try_dane, NULL,
-                               host->name, host->address, NULL) == OK
+         || verify_check_given_host(&ob->hosts_try_dane, host) == OK
          )
          if ((rc = tlsa_lookup(host, &tlsa_dnsa, dane_required, &dane)) != OK)
            return rc;
@@ -584,18 +583,21 @@ else
         goto RESPONSE_FAILED;
 
 #ifdef EXPERIMENTAL_EVENT
+      lookup_dnssec_authenticated = host->dnssec==DS_YES ? US"yes"
+       : host->dnssec==DS_NO ? US"no" : NULL;
       if (event_raise(addr->transport->event_action,
                            US"smtp:connect", responsebuffer))
        {
+       lookup_dnssec_authenticated = NULL;
        /* Logging?  Debug? */
        goto RESPONSE_FAILED;
        }
+      lookup_dnssec_authenticated = NULL;
 #endif
       }
 
     /* Not worth checking greeting line for ESMTP support */
-    if (!(esmtp = verify_check_this_host(&(ob->hosts_avoid_esmtp), NULL,
-      host->name, host->address, NULL) != OK))
+    if (!(esmtp = verify_check_given_host(&(ob->hosts_avoid_esmtp), host) != OK))
       DEBUG(D_transport)
         debug_printf("not sending EHLO (host matches hosts_avoid_esmtp)\n");
 
@@ -653,11 +655,9 @@ else
     for error analysis. */
 
 #ifdef SUPPORT_TLS
-    if (tls_offered &&
-       verify_check_this_host(&(ob->hosts_avoid_tls), NULL, host->name,
-         host->address, NULL) != OK &&
-       verify_check_this_host(&(ob->hosts_verify_avoid_tls), NULL, host->name,
-         host->address, NULL) != OK
+    if (  tls_offered
+       && verify_check_given_host(&ob->hosts_avoid_tls, host) != OK
+       && verify_check_given_host(&ob->hosts_verify_avoid_tls, host) != OK
        )
       {
       uschar buffer2[4096];
@@ -705,8 +705,7 @@ else
          if (  rc == DEFER
             && ob->tls_tempfail_tryclear
             && !smtps
-            && verify_check_this_host(&(ob->hosts_require_tls), NULL,
-              host->name, host->address, NULL) != OK
+            && verify_check_given_host(&ob->hosts_require_tls, host) != OK
             )
            {
            (void)close(inblock.sock);
@@ -745,8 +744,7 @@ else
 #ifdef EXPERIMENTAL_DANE
         dane ||
 #endif
-         verify_check_this_host(&(ob->hosts_require_tls), NULL, host->name,
-             host->address, NULL) == OK
+         verify_check_given_host(&ob->hosts_require_tls, host) == OK
         )
         {
         /*save_errno = ERRNO_TLSREQUIRED;*/
@@ -3158,6 +3156,15 @@ return rc;
 
 
 
+/*************************************************
+*      Check the given host item matches a list  *
+*************************************************/
+int
+verify_check_given_host(uschar **listptr, host_item *host)
+{
+return verify_check_this_host(listptr, NULL, host->name, host->address, NULL);
+}
+
 /*************************************************
 *      Check the remote host matches a list      *
 *************************************************/