X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;ds=sidebyside;f=src%2Fsrc%2Ftransports%2Fautoreply.c;h=4c2c08b70281e336e9ebcbec982320b510fb6afa;hb=1e1ddfac79fbcd052f199500a6493c7f79cb8462;hp=7c1af15098c774c05a795c9e6947029e900f2aad;hpb=0d7eb84a5719dda876c4b7def944d721cd259e19;p=exim.git diff --git a/src/src/transports/autoreply.c b/src/src/transports/autoreply.c index 7c1af1509..4c2c08b70 100644 --- a/src/src/transports/autoreply.c +++ b/src/src/transports/autoreply.c @@ -1,10 +1,9 @@ -/* $Cambridge: exim/src/src/transports/autoreply.c,v 1.3 2005/06/07 15:20:56 ph10 Exp $ */ - /************************************************* * Exim - an Internet mail transport agent * *************************************************/ -/* Copyright (c) University of Cambridge 1995 - 2005 */ +/* Copyright (c) University of Cambridge 1995 - 2018 */ +/* Copyright (c) The Exim Maintainers 2020 */ /* See the file NOTICE for conditions of use and distribution. */ @@ -18,44 +17,27 @@ order (note that "_" comes before the lower case letters). Those starting with "*" are not settable by the user but are used by the option-reading software for alternative value types. Some options are publicly visible and so are stored in the driver instance block. These are flagged with opt_public. */ +#define LOFF(field) OPT_OFF(autoreply_transport_options_block, field) optionlist autoreply_transport_options[] = { - { "bcc", opt_stringptr, - (void *)offsetof(autoreply_transport_options_block, bcc) }, - { "cc", opt_stringptr, - (void *)offsetof(autoreply_transport_options_block, cc) }, - { "file", opt_stringptr, - (void *)offsetof(autoreply_transport_options_block, file) }, - { "file_expand", opt_bool, - (void *)offsetof(autoreply_transport_options_block, file_expand) }, - { "file_optional", opt_bool, - (void *)offsetof(autoreply_transport_options_block, file_optional) }, - { "from", opt_stringptr, - (void *)offsetof(autoreply_transport_options_block, from) }, - { "headers", opt_stringptr, - (void *)offsetof(autoreply_transport_options_block, headers) }, - { "log", opt_stringptr, - (void *)offsetof(autoreply_transport_options_block, logfile) }, - { "mode", opt_octint, - (void *)offsetof(autoreply_transport_options_block, mode) }, - { "never_mail", opt_stringptr, - (void *)offsetof(autoreply_transport_options_block, never_mail) }, - { "once", opt_stringptr, - (void *)offsetof(autoreply_transport_options_block, oncelog) }, - { "once_file_size", opt_int, - (void *)offsetof(autoreply_transport_options_block, once_file_size) }, - { "once_repeat", opt_stringptr, - (void *)offsetof(autoreply_transport_options_block, once_repeat) }, - { "reply_to", opt_stringptr, - (void *)offsetof(autoreply_transport_options_block, reply_to) }, - { "return_message", opt_bool, - (void *)offsetof(autoreply_transport_options_block, return_message) }, - { "subject", opt_stringptr, - (void *)offsetof(autoreply_transport_options_block, subject) }, - { "text", opt_stringptr, - (void *)offsetof(autoreply_transport_options_block, text) }, - { "to", opt_stringptr, - (void *)offsetof(autoreply_transport_options_block, to) }, + { "bcc", opt_stringptr, LOFF(bcc) }, + { "cc", opt_stringptr, LOFF(cc) }, + { "file", opt_stringptr, LOFF(file) }, + { "file_expand", opt_bool, LOFF(file_expand) }, + { "file_optional", opt_bool, LOFF(file_optional) }, + { "from", opt_stringptr, LOFF(from) }, + { "headers", opt_stringptr, LOFF(headers) }, + { "log", opt_stringptr, LOFF(logfile) }, + { "mode", opt_octint, LOFF(mode) }, + { "never_mail", opt_stringptr, LOFF(never_mail) }, + { "once", opt_stringptr, LOFF(oncelog) }, + { "once_file_size", opt_int, LOFF(once_file_size) }, + { "once_repeat", opt_stringptr, LOFF(once_repeat) }, + { "reply_to", opt_stringptr, LOFF(reply_to) }, + { "return_message", opt_bool, LOFF(return_message) }, + { "subject", opt_stringptr, LOFF(subject) }, + { "text", opt_stringptr, LOFF(text) }, + { "to", opt_stringptr, LOFF(to) }, }; /* Size of the options list. An extern variable has to be used so that its @@ -64,6 +46,17 @@ address can appear in the tables drtables.c. */ int autoreply_transport_options_count = sizeof(autoreply_transport_options)/sizeof(optionlist); + +#ifdef MACRO_PREDEF + +/* Dummy values */ +autoreply_transport_options_block autoreply_transport_option_defaults = {0}; +void autoreply_transport_init(transport_instance *tblock) {} +BOOL autoreply_transport_entry(transport_instance *tblock, address_item *addr) {return FALSE;} + +#else /*!MACRO_PREDEF*/ + + /* Default private options block for the autoreply transport. */ autoreply_transport_options_block autoreply_transport_option_defaults = { @@ -145,10 +138,9 @@ Returns: expanded string if expansion succeeds; static uschar * checkexpand(uschar *s, address_item *addr, uschar *name, int type) { -uschar *t; uschar *ss = expand_string(s); -if (ss == NULL) +if (!ss) { addr->transport_return = FAIL; addr->message = string_sprintf("Expansion of \"%s\" failed in %s transport: " @@ -156,15 +148,16 @@ if (ss == NULL) return NULL; } -if (type != cke_text) for (t = ss; *t != 0; t++) +if (type != cke_text) for (uschar * t = ss; *t != 0; t++) { int c = *t; + const uschar * sp; if (mac_isprint(c)) continue; if (type == cke_hdr && c == '\n' && (t[1] == ' ' || t[1] == '\t')) continue; - s = string_printing(s); + sp = string_printing(s); addr->transport_return = FAIL; addr->message = string_sprintf("Expansion of \"%s\" in %s transport " - "contains non-printing character %d", s, name, c); + "contains non-printing character %d", sp, name, c); return NULL; } @@ -189,7 +182,7 @@ Returns: nothing */ static void -check_never_mail(uschar **listptr, uschar *never_mail) +check_never_mail(uschar **listptr, const uschar *never_mail) { uschar *s = *listptr; @@ -210,7 +203,7 @@ while (*s != 0) /* If there is some kind of syntax error, just give up on this header line. */ - if (next == NULL) break; + if (!next) break; /* See if the address is on the never_mail list */ @@ -268,7 +261,6 @@ autoreply_transport_entry( { int fd, pid, rc; int cache_fd = -1; -int log_fd = -1; int cache_size = 0; int add_size = 0; EXIM_DB *dbm_file = NULL; @@ -277,10 +269,11 @@ uschar *from, *reply_to, *to, *cc, *bcc, *subject, *headers, *text, *file; uschar *logfile, *oncelog; uschar *cache_buff = NULL; uschar *cache_time = NULL; +uschar *message_id = NULL; header_line *h; time_t now = time(NULL); time_t once_repeat_sec = 0; -FILE *f; +FILE *fp; FILE *ff = NULL; autoreply_transport_options_block *ob = @@ -298,7 +291,7 @@ from that block. It has typically been set up by a mail filter processing router. Otherwise, the data must be supplied by this transport, and it has to be expanded here. */ -if (addr->reply != NULL) +if (addr->reply) { DEBUG(D_transport) debug_printf("taking data from address\n"); from = addr->reply->from; @@ -336,33 +329,22 @@ else file_expand = ob->file_expand; return_message = ob->return_message; - if ((from != NULL && - (from = checkexpand(from, addr, tblock->name, cke_hdr)) == NULL) || - (reply_to != NULL && - (reply_to = checkexpand(reply_to, addr, tblock->name, cke_hdr)) == NULL) || - (to != NULL && - (to = checkexpand(to, addr, tblock->name, cke_hdr)) == NULL) || - (cc != NULL && - (cc = checkexpand(cc, addr, tblock->name, cke_hdr)) == NULL) || - (bcc != NULL && - (bcc = checkexpand(bcc, addr, tblock->name, cke_hdr)) == NULL) || - (subject != NULL && - (subject = checkexpand(subject, addr, tblock->name, cke_hdr)) == NULL) || - (headers != NULL && - (headers = checkexpand(headers, addr, tblock->name, cke_text)) == NULL) || - (text != NULL && - (text = checkexpand(text, addr, tblock->name, cke_text)) == NULL) || - (file != NULL && - (file = checkexpand(file, addr, tblock->name, cke_file)) == NULL) || - (logfile != NULL && - (logfile = checkexpand(logfile, addr, tblock->name, cke_file)) == NULL) || - (oncelog != NULL && - (oncelog = checkexpand(oncelog, addr, tblock->name, cke_file)) == NULL) || - (oncerepeat != NULL && - (oncerepeat = checkexpand(oncerepeat, addr, tblock->name, cke_file)) == NULL)) + if ( from && !(from = checkexpand(from, addr, tblock->name, cke_hdr)) + || reply_to && !(reply_to = checkexpand(reply_to, addr, tblock->name, cke_hdr)) + || to && !(to = checkexpand(to, addr, tblock->name, cke_hdr)) + || cc && !(cc = checkexpand(cc, addr, tblock->name, cke_hdr)) + || bcc && !(bcc = checkexpand(bcc, addr, tblock->name, cke_hdr)) + || subject && !(subject = checkexpand(subject, addr, tblock->name, cke_hdr)) + || headers && !(headers = checkexpand(headers, addr, tblock->name, cke_text)) + || text && !(text = checkexpand(text, addr, tblock->name, cke_text)) + || file && !(file = checkexpand(file, addr, tblock->name, cke_file)) + || logfile && !(logfile = checkexpand(logfile, addr, tblock->name, cke_file)) + || oncelog && !(oncelog = checkexpand(oncelog, addr, tblock->name, cke_file)) + || oncerepeat && !(oncerepeat = checkexpand(oncerepeat, addr, tblock->name, cke_file)) + ) return FALSE; - if (oncerepeat != NULL) + if (oncerepeat) { once_repeat_sec = readconf_readtime(oncerepeat, 0, FALSE); if (once_repeat_sec < 0) @@ -378,11 +360,11 @@ else /* If the never_mail option is set, we have to scan all the recipients and remove those that match. */ -if (ob->never_mail != NULL) +if (ob->never_mail) { - uschar *never_mail = expand_string(ob->never_mail); + const uschar *never_mail = expand_string(ob->never_mail); - if (never_mail == NULL) + if (!never_mail) { addr->transport_return = FAIL; addr->message = string_sprintf("Failed to expand \"%s\" for " @@ -390,11 +372,11 @@ if (ob->never_mail != NULL) return FALSE; } - if (to != NULL) check_never_mail(&to, never_mail); - if (cc != NULL) check_never_mail(&cc, never_mail); - if (bcc != NULL) check_never_mail(&bcc, never_mail); + if (to) check_never_mail(&to, never_mail); + if (cc) check_never_mail(&cc, never_mail); + if (bcc) check_never_mail(&bcc, never_mail); - if (to == NULL && cc == NULL && bcc == NULL) + if (!to && !cc && !bcc) { DEBUG(D_transport) debug_printf("*** all recipients removed by never_mail\n"); @@ -404,7 +386,7 @@ if (ob->never_mail != NULL) /* If the -N option is set, can't do any more. */ -if (dont_deliver) +if (f.dont_deliver) { DEBUG(D_transport) debug_printf("*** delivery by %s transport bypassed by -N option\n", @@ -420,25 +402,34 @@ recipient, the effect might not be quite as envisaged. If once_file_size is set, instead of a dbm file, we use a regular file containing a circular buffer recipient cache. */ -if (oncelog != NULL && to != NULL) +if (oncelog && *oncelog && to) { time_t then = 0; + if (is_tainted(oncelog)) + { + addr->transport_return = DEFER; + addr->basic_errno = EACCES; + addr->message = string_sprintf("Tainted '%s' (once file for %s transport)" + " not permitted", oncelog, tblock->name); + goto END_OFF; + } + /* Handle fixed-size cache file. */ if (ob->once_file_size > 0) { - uschar *p; + uschar * nextp; struct stat statbuf; - cache_fd = Uopen(oncelog, O_CREAT|O_RDWR, ob->mode); + cache_fd = Uopen(oncelog, O_CREAT|O_RDWR, ob->mode); if (cache_fd < 0 || fstat(cache_fd, &statbuf) != 0) { addr->transport_return = DEFER; + addr->basic_errno = errno; addr->message = string_sprintf("Failed to %s \"once\" file %s when " "sending message from %s transport: %s", - (cache_fd < 0)? "open" : "stat", oncelog, tblock->name, - strerror(errno)); + cache_fd < 0 ? "open" : "stat", oncelog, tblock->name, strerror(errno)); goto END_OFF; } @@ -448,7 +439,7 @@ if (oncelog != NULL && to != NULL) cache_size = statbuf.st_size; add_size = sizeof(time_t) + Ustrlen(to) + 1; - cache_buff = store_get(cache_size + add_size); + cache_buff = store_get(cache_size + add_size, is_tainted(oncelog)); if (read(cache_fd, cache_buff, cache_size) != cache_size) { @@ -465,18 +456,16 @@ if (oncelog != NULL && to != NULL) zero. If we find a match, put the time into "then", and the place where it was found into "cache_time". Otherwise, "then" is left at zero. */ - p = cache_buff; - while (p < cache_buff + cache_size) + for (uschar * p = cache_buff; p < cache_buff + cache_size; p = nextp) { uschar *s = p + sizeof(time_t); - uschar *nextp = s + Ustrlen(s) + 1; + nextp = s + Ustrlen(s) + 1; if (Ustrcmp(to, s) == 0) { memcpy(&then, p, sizeof(time_t)); cache_time = p; break; } - p = nextp; } } @@ -485,10 +474,15 @@ if (oncelog != NULL && to != NULL) else { EXIM_DATUM key_datum, result_datum; - EXIM_DBOPEN(oncelog, O_RDWR|O_CREAT, ob->mode, &dbm_file); - if (dbm_file == NULL) + uschar * dirname = string_copy(oncelog); + uschar * s; + + if ((s = Ustrrchr(dirname, '/'))) *s = '\0'; + EXIM_DBOPEN(oncelog, dirname, O_RDWR|O_CREAT, ob->mode, &dbm_file); + if (!dbm_file) { addr->transport_return = DEFER; + addr->basic_errno = errno; addr->message = string_sprintf("Failed to open %s file %s when sending " "message from %s transport: %s", EXIM_DBTYPE, oncelog, tblock->name, strerror(errno)); @@ -510,10 +504,9 @@ if (oncelog != NULL && to != NULL) can be abolished. */ if (EXIM_DATUM_SIZE(result_datum) == sizeof(time_t)) - { memcpy(&then, EXIM_DATUM_DATA(result_datum), sizeof(time_t)); - } - else then = now; + else + then = now; } } @@ -522,16 +515,28 @@ if (oncelog != NULL && to != NULL) if (then != 0 && (once_repeat_sec <= 0 || now - then < once_repeat_sec)) { + int log_fd; + if (is_tainted(logfile)) + { + addr->transport_return = DEFER; + addr->basic_errno = EACCES; + addr->message = string_sprintf("Tainted '%s' (logfile for %s transport)" + " not permitted", logfile, tblock->name); + goto END_OFF; + } + DEBUG(D_transport) debug_printf("message previously sent to %s%s\n", to, (once_repeat_sec > 0)? " and repeat time not reached" : ""); - log_fd = Uopen(logfile, O_WRONLY|O_APPEND|O_CREAT, ob->mode); + log_fd = logfile ? Uopen(logfile, O_WRONLY|O_APPEND|O_CREAT, ob->mode) : -1; if (log_fd >= 0) { uschar *ptr = log_buffer; sprintf(CS ptr, "%s\n previously sent to %.200s\n", tod_stamp(tod_log), to); while(*ptr) ptr++; - write(log_fd, log_buffer, ptr - log_buffer); - close(log_fd); + if(write(log_fd, log_buffer, ptr - log_buffer) != ptr-log_buffer + || close(log_fd)) + DEBUG(D_transport) debug_printf("Problem writing log file %s for %s " + "transport\n", logfile, tblock->name); } goto END_OFF; } @@ -541,13 +546,20 @@ if (oncelog != NULL && to != NULL) } /* We are going to send a message. Ensure any requested file is available. */ - -if (file != NULL) +if (file) { - ff = Ufopen(file, "rb"); - if (ff == NULL && !ob->file_optional) + if (is_tainted(file)) { addr->transport_return = DEFER; + addr->basic_errno = EACCES; + addr->message = string_sprintf("Tainted '%s' (file for %s transport)" + " not permitted", file, tblock->name); + return FALSE; + } + if (!(ff = Ufopen(file, "rb")) && !ob->file_optional) + { + addr->transport_return = DEFER; + addr->basic_errno = errno; addr->message = string_sprintf("Failed to open file %s when sending " "message from %s transport: %s", file, tblock->name, strerror(errno)); return FALSE; @@ -556,16 +568,16 @@ if (file != NULL) /* Make a subprocess to send the message */ -pid = child_open_exim(&fd); - -/* Creation of child failed; defer this delivery. */ - -if (pid < 0) +if ((pid = child_open_exim(&fd, US"autoreply")) < 0) { + /* Creation of child failed; defer this delivery. */ + addr->transport_return = DEFER; + addr->basic_errno = errno; addr->message = string_sprintf("Failed to create child process to send " "message from %s transport: %s", tblock->name, strerror(errno)); DEBUG(D_transport) debug_printf("%s\n", addr->message); + if (dbm_file) EXIM_DBCLOSE(dbm_file); return FALSE; } @@ -573,44 +585,46 @@ if (pid < 0) as the -t option is used. The "headers" stuff *must* be last in case there are newlines in it which might, if placed earlier, screw up other headers. */ -f = fdopen(fd, "wb"); +fp = fdopen(fd, "wb"); -if (from != NULL) fprintf(f, "From: %s\n", from); -if (reply_to != NULL) fprintf(f, "Reply-To: %s\n", reply_to); -if (to != NULL) fprintf(f, "To: %s\n", to); -if (cc != NULL) fprintf(f, "Cc: %s\n", cc); -if (bcc != NULL) fprintf(f, "Bcc: %s\n", bcc); -if (subject != NULL) fprintf(f, "Subject: %s\n", subject); +if (from) fprintf(fp, "From: %s\n", from); +if (reply_to) fprintf(fp, "Reply-To: %s\n", reply_to); +if (to) fprintf(fp, "To: %s\n", to); +if (cc) fprintf(fp, "Cc: %s\n", cc); +if (bcc) fprintf(fp, "Bcc: %s\n", bcc); +if (subject) fprintf(fp, "Subject: %s\n", subject); /* Generate In-Reply-To from the message_id header; there should always be one, but code defensively. */ -for (h = header_list; h != NULL; h = h->next) +for (h = header_list; h; h = h->next) if (h->type == htype_id) break; -if (h != NULL) +if (h) { - uschar *s = Ustrchr(h->text, ':') + 1; - while (isspace(*s)) s++; - fprintf(f, "In-Reply-To: %s", s); + message_id = Ustrchr(h->text, ':') + 1; + while (isspace(*message_id)) message_id++; + fprintf(fp, "In-Reply-To: %s", message_id); } +moan_write_references(fp, message_id); + /* Add an Auto-Submitted: header */ -fprintf(f, "Auto-Submitted: auto-replied\n"); +fprintf(fp, "Auto-Submitted: auto-replied\n"); /* Add any specially requested headers */ -if (headers != NULL) fprintf(f, "%s\n", headers); -fprintf(f, "\n"); +if (headers) fprintf(fp, "%s\n", headers); +fprintf(fp, "\n"); -if (text != NULL) +if (text) { - fprintf(f, "%s", CS text); - if (text[Ustrlen(text)-1] != '\n') fprintf(f, "\n"); + fprintf(fp, "%s", CS text); + if (text[Ustrlen(text)-1] != '\n') fprintf(fp, "\n"); } -if (ff != NULL) +if (ff) { while (Ufgets(big_buffer, big_buffer_size, ff) != NULL) { @@ -619,55 +633,66 @@ if (ff != NULL) uschar *s = expand_string(big_buffer); DEBUG(D_transport) { - if (s == NULL) + if (!s) debug_printf("error while expanding line from file:\n %s\n %s\n", big_buffer, expand_string_message); } - fprintf(f, "%s", (s == NULL)? CS big_buffer : CS s); + fprintf(fp, "%s", s ? CS s : CS big_buffer); } - else fprintf(f, "%s", CS big_buffer); + else fprintf(fp, "%s", CS big_buffer); } + (void) fclose(ff); } /* Copy the original message if required, observing the return size -limit. */ +limit if we are returning the body. */ if (return_message) { - if (bounce_return_size_limit > 0) + uschar *rubric = (tblock->headers_only)? + US"------ This is a copy of the message's header lines.\n" + : (tblock->body_only)? + US"------ This is a copy of the body of the message, without the headers.\n" + : + US"------ This is a copy of the message, including all the headers.\n"; + transport_ctx tctx = { + .u = {.fd = fileno(fp)}, + .tblock = tblock, + .addr = addr, + .check_string = NULL, + .escape_string = NULL, + .options = (tblock->body_only ? topt_no_headers : 0) + | (tblock->headers_only ? topt_no_body : 0) + | (tblock->return_path_add ? topt_add_return_path : 0) + | (tblock->delivery_date_add ? topt_add_delivery_date : 0) + | (tblock->envelope_to_add ? topt_add_envelope_to : 0) + | topt_not_socket + }; + + if (bounce_return_size_limit > 0 && !tblock->headers_only) { struct stat statbuf; int max = (bounce_return_size_limit/DELIVER_IN_BUFFER_SIZE + 1) * DELIVER_IN_BUFFER_SIZE; if (fstat(deliver_datafile, &statbuf) == 0 && statbuf.st_size > max) { - fprintf(f, "\n" -"------ This is a copy of the message, including all the headers.\n" -"------ The body of the message is %.30g characters long; only the first\n" -"------ %d or so are included here.\n\n", (double)statbuf.st_size, + fprintf(fp, "\n%s" +"------ The body of the message is " OFF_T_FMT " characters long; only the first\n" +"------ %d or so are included here.\n\n", rubric, statbuf.st_size, (max/1000)*1000); } - else fprintf(f, "\n" -"------ This is a copy of the message, including all the headers. ------\n\n"); + else fprintf(fp, "\n%s\n", rubric); } - else fprintf(f, "\n" -"------ This is a copy of the message, including all the headers. ------\n\n"); + else fprintf(fp, "\n%s\n", rubric); - fflush(f); + fflush(fp); transport_count = 0; - transport_write_message(addr, fileno(f), - (tblock->body_only? topt_no_headers : 0) | - (tblock->headers_only? topt_no_body : 0) | - (tblock->return_path_add? topt_add_return_path : 0) | - (tblock->delivery_date_add? topt_add_delivery_date : 0) | - (tblock->envelope_to_add? topt_add_envelope_to : 0), - bounce_return_size_limit, tblock->add_headers, tblock->remove_headers, - NULL, NULL, tblock->rewrite_rules, tblock->rewrite_existflags); + transport_write_message(&tctx, bounce_return_size_limit); } /* End the message and wait for the child process to end; no timeout. */ -fclose(f); +(void)fclose(fp); rc = child_close(pid, 0); /* Update the "sent to" log whatever the yield. This errs on the side of @@ -686,28 +711,32 @@ if (cache_fd >= 0) { uschar *from = cache_buff; int size = cache_size; - (void)lseek(cache_fd, 0, SEEK_SET); - if (cache_time == NULL) + if (lseek(cache_fd, 0, SEEK_SET) == 0) { - cache_time = from + size; - memcpy(cache_time + sizeof(time_t), to, add_size - sizeof(time_t)); - size += add_size; - - if (cache_size > 0 && size > ob->once_file_size) + if (!cache_time) { - from += sizeof(time_t) + Ustrlen(from + sizeof(time_t)) + 1; - size -= (from - cache_buff); + cache_time = from + size; + memcpy(cache_time + sizeof(time_t), to, add_size - sizeof(time_t)); + size += add_size; + + if (cache_size > 0 && size > ob->once_file_size) + { + from += sizeof(time_t) + Ustrlen(from + sizeof(time_t)) + 1; + size -= (from - cache_buff); + } } - } - memcpy(cache_time, &now, sizeof(time_t)); - write(cache_fd, from, size); + memcpy(cache_time, &now, sizeof(time_t)); + if(write(cache_fd, from, size) != size) + DEBUG(D_transport) debug_printf("Problem writing cache file %s for %s " + "transport\n", oncelog, tblock->name); + } } /* Update DBM file */ -else if (dbm_file != NULL) +else if (dbm_file) { EXIM_DATUM key_datum, value_datum; EXIM_DATUM_INIT(key_datum); /* Some DBM libraries need to have */ @@ -729,7 +758,6 @@ try will skip, of course. However, if there were no recipients in the message, we do not fail. */ if (rc != 0) - { if (rc == EXIT_NORECIPIENTS) { DEBUG(D_any) debug_printf("%s transport: message contained no recipients\n", @@ -742,7 +770,6 @@ if (rc != 0) "transport (%d)", tblock->name, rc); goto END_OFF; } - } /* Log the sending of the message if successful and required. If the file fails to open, it's hard to know what to do. We cannot write to the Exim @@ -753,65 +780,46 @@ file opened for appending, in order to avoid interleaving of output from different processes. The log_buffer can be used exactly as for main log writing. */ -if (logfile != NULL) +if (logfile) { int log_fd = Uopen(logfile, O_WRONLY|O_APPEND|O_CREAT, ob->mode); if (log_fd >= 0) { - uschar *ptr = log_buffer; + gstring gs = { .size = LOG_BUFFER_SIZE, .ptr = 0, .s = log_buffer }, *g = &gs; + + /* Use taint-unchecked routines for writing into log_buffer, trusting + that we'll never expand it. */ + DEBUG(D_transport) debug_printf("logging message details\n"); - sprintf(CS ptr, "%s\n", tod_stamp(tod_log)); - while(*ptr) ptr++; - if (from != NULL) - { - (void)string_format(ptr, LOG_BUFFER_SIZE - (ptr-log_buffer), - " From: %s\n", from); - while(*ptr) ptr++; - } - if (to != NULL) - { - (void)string_format(ptr, LOG_BUFFER_SIZE - (ptr-log_buffer), - " To: %s\n", to); - while(*ptr) ptr++; - } - if (cc != NULL) - { - (void)string_format(ptr, LOG_BUFFER_SIZE - (ptr-log_buffer), - " Cc: %s\n", cc); - while(*ptr) ptr++; - } - if (bcc != NULL) - { - (void)string_format(ptr, LOG_BUFFER_SIZE - (ptr-log_buffer), - " Bcc: %s\n", bcc); - while(*ptr) ptr++; - } - if (subject != NULL) - { - (void)string_format(ptr, LOG_BUFFER_SIZE - (ptr-log_buffer), - " Subject: %s\n", subject); - while(*ptr) ptr++; - } - if (headers != NULL) - { - (void)string_format(ptr, LOG_BUFFER_SIZE - (ptr-log_buffer), - " %s\n", headers); - while(*ptr) ptr++; - } - write(log_fd, log_buffer, ptr - log_buffer); - close(log_fd); + g = string_fmt_append_f(g, SVFMT_TAINT_NOCHK, "%s\n", tod_stamp(tod_log)); + if (from) + g = string_fmt_append_f(g, SVFMT_TAINT_NOCHK, " From: %s\n", from); + if (to) + g = string_fmt_append_f(g, SVFMT_TAINT_NOCHK, " To: %s\n", to); + if (cc) + g = string_fmt_append_f(g, SVFMT_TAINT_NOCHK, " Cc: %s\n", cc); + if (bcc) + g = string_fmt_append_f(g, SVFMT_TAINT_NOCHK, " Bcc: %s\n", bcc); + if (subject) + g = string_fmt_append_f(g, SVFMT_TAINT_NOCHK, " Subject: %s\n", subject); + if (headers) + g = string_fmt_append_f(g, SVFMT_TAINT_NOCHK, " %s\n", headers); + if(write(log_fd, g->s, g->ptr) != g->ptr || close(log_fd)) + DEBUG(D_transport) debug_printf("Problem writing log file %s for %s " + "transport\n", logfile, tblock->name); } else DEBUG(D_transport) debug_printf("Failed to open log file %s for %s " "transport: %s\n", logfile, tblock->name, strerror(errno)); } END_OFF: -if (dbm_file != NULL) EXIM_DBCLOSE(dbm_file); -if (cache_fd > 0) close(cache_fd); +if (dbm_file) EXIM_DBCLOSE(dbm_file); +if (cache_fd > 0) (void)close(cache_fd); DEBUG(D_transport) debug_printf("%s transport succeeded\n", tblock->name); return FALSE; } +#endif /*!MACRO_PREDEF*/ /* End of transport/autoreply.c */