X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=src%2Fsrc%2Fexim.c;h=2b6297bf5d73524fbc6ac0945e33797134c50b2e;hb=53738d6ab53ad3b53e5e8db08de4849168e5cc14;hp=1952d91a46fb4a1965c67cc117d36a31c4c67564;hpb=b10c87b38c2345d15d30da5c18c823355ac506a9;p=exim.git diff --git a/src/src/exim.c b/src/src/exim.c index 1952d91a4..2b6297bf5 100644 --- a/src/src/exim.c +++ b/src/src/exim.c @@ -42,7 +42,9 @@ regular expression for a long time; the other for short-term use. */ static void * function_store_get(size_t size) { -return store_get((int)size); +/* For now, regard all RE results as potentially tainted. We might need +more intelligence on this point. */ +return store_get((int)size, TRUE); } static void @@ -181,7 +183,7 @@ va_list ap; g = string_fmt_append(&gs, "%5d ", (int)getpid()); len = g->ptr; va_start(ap, format); -if (!string_vformat(g, FALSE, format, ap)) +if (!string_vformat(g, 0, format, ap)) { gs.ptr = len; g = string_cat(&gs, US"**** string overflowed buffer ****"); @@ -502,7 +504,7 @@ for (int i = 0; i <= 2; i++) { if (devnull < 0) devnull = open("/dev/null", O_RDWR); if (devnull < 0) log_write(0, LOG_MAIN|LOG_PANIC_DIE, "%s", - string_open_failed(errno, "/dev/null")); + string_open_failed(errno, "/dev/null", NULL)); if (devnull != i) (void)dup2(devnull, i); } } @@ -553,7 +555,7 @@ close_unwanted(void) { if (smtp_input) { -#ifdef SUPPORT_TLS +#ifndef DISABLE_TLS tls_close(NULL, TLS_NO_SHUTDOWN); /* Shut down the TLS library */ #endif (void)close(fileno(smtp_in)); @@ -666,6 +668,7 @@ void exim_exit(int rc, const uschar * process) { search_tidyup(); +store_exit(); DEBUG(D_any) debug_printf(">>>>>>>>>>>>>>>> Exim pid=%d %s%s%sterminating with rc=%d " ">>>>>>>>>>>>>>>>\n", (int)getpid(), @@ -674,6 +677,14 @@ exit(rc); } +void +exim_underbar_exit(int rc) +{ +store_exit(); +_exit(rc); +} + + /* Print error string, then die */ static void @@ -857,12 +868,11 @@ fprintf(fp, "Support for:"); #ifdef USE_TCP_WRAPPERS fprintf(fp, " TCPwrappers"); #endif -#ifdef SUPPORT_TLS -# ifdef USE_GNUTLS +#ifdef USE_GNUTLS fprintf(fp, " GnuTLS"); -# else +#endif +#ifdef USE_OPENSSL fprintf(fp, " OpenSSL"); -# endif #endif #ifdef SUPPORT_TRANSLATE_IP_ADDRESS fprintf(fp, " translate_ip_address"); @@ -891,6 +901,9 @@ fprintf(fp, "Support for:"); #ifndef DISABLE_OCSP fprintf(fp, " OCSP"); #endif +#ifdef SUPPORT_PIPE_CONNECT + fprintf(fp, " PIPE_CONNECT"); +#endif #ifndef DISABLE_PRDR fprintf(fp, " PRDR"); #endif @@ -903,6 +916,9 @@ fprintf(fp, "Support for:"); #ifdef SUPPORT_SPF fprintf(fp, " SPF"); #endif +#ifdef SUPPORT_DMARC + fprintf(fp, " DMARC"); +#endif #ifdef TCP_FASTOPEN deliver_init(); if (f.tcp_fastopen_ok) fprintf(fp, " TCP_Fast_Open"); @@ -925,15 +941,9 @@ fprintf(fp, "Support for:"); #ifdef EXPERIMENTAL_DCC fprintf(fp, " Experimental_DCC"); #endif -#ifdef EXPERIMENTAL_DMARC - fprintf(fp, " Experimental_DMARC"); -#endif #ifdef EXPERIMENTAL_DSN_INFO fprintf(fp, " Experimental_DSN_info"); #endif -#ifdef EXPERIMENTAL_PIPE_CONNECT - fprintf(fp, " Experimental_PIPE_CONNECT"); -#endif #ifdef EXPERIMENTAL_TLS_RESUME fprintf(fp, " Experimental_TLS_resume"); #endif @@ -1049,7 +1059,7 @@ DEBUG(D_any) do { show_db_version(fp); -#ifdef SUPPORT_TLS +#ifndef DISABLE_TLS tls_version_report(fp); #endif #ifdef SUPPORT_I18N @@ -1255,10 +1265,10 @@ for (int i = 0;; i++) #ifdef USE_READLINE char *readline_line = NULL; - if (fn_readline != NULL) + if (fn_readline) { - if ((readline_line = fn_readline((i > 0)? "":"> ")) == NULL) break; - if (*readline_line != 0 && fn_addhist != NULL) fn_addhist(readline_line); + if (!(readline_line = fn_readline((i > 0)? "":"> "))) break; + if (*readline_line != 0 && fn_addhist) fn_addhist(readline_line); p = US readline_line; } else @@ -1277,9 +1287,7 @@ for (int i = 0;; i++) while (ss > p && isspace(ss[-1])) ss--; if (i > 0) - { while (p < ss && isspace(*p)) p++; /* leading space after cont */ - } g = string_catn(g, p, ss - p); @@ -1376,7 +1384,7 @@ if ( ! ((real_uid == root_uid) } /* Get a list of macros which are whitelisted */ -whitelisted = string_copy_malloc(US WHITELIST_D_MACROS); +whitelisted = string_copy_perm(US WHITELIST_D_MACROS, FALSE); prev_char_item = FALSE; white_count = 0; for (p = whitelisted; *p != '\0'; ++p) @@ -1563,7 +1571,7 @@ uschar *malware_test_file = NULL; uschar *real_sender_address; uschar *originator_home = US"/"; size_t sz; -void *reset_point; +rmark reset_point; struct passwd *pw; struct stat statbuf; @@ -1585,6 +1593,10 @@ because some OS define it in /usr/include/unistd.h. */ extern char **environ; +#ifdef MEASURE_TIMING +(void)gettimeofday(×tamp_startup, NULL); +#endif + /* If the Exim user and/or group and/or the configuration file owner/group were defined by ref:name at build time, we must now find the actual uid/gid values. This is a feature to make the lives of binary distributors easier. */ @@ -1692,6 +1704,7 @@ big_buffer = store_malloc(big_buffer_size); /* Set up the handler for the data request signal, and set the initial descriptive text. */ +process_info = store_get(PROCESS_INFO_SIZE, TRUE); /* tainted */ set_process_info("initializing"); os_restarting_signal(SIGUSR1, usr1_handler); @@ -2319,7 +2332,7 @@ for (i = 1; i < argc; i++) else { /* Well, the trust list at least is up to scratch... */ - void *reset_point = store_get(0); + rmark reset_point = store_mark(); uschar *trusted_configs[32]; int nr_configs = 0; int i = 0; @@ -2349,30 +2362,22 @@ for (i = 1; i < argc; i++) &sep, big_buffer, big_buffer_size)) != NULL) { for (i=0; i < nr_configs; i++) - { if (Ustrcmp(filename, trusted_configs[i]) == 0) break; - } if (i == nr_configs) { f.trusted_config = FALSE; break; } } - store_reset(reset_point); } - else - { - /* No valid prefixes found in trust_list file. */ + else /* No valid prefixes found in trust_list file. */ f.trusted_config = FALSE; - } + store_reset(reset_point); } } - else - { - /* Could not open trust_list file. */ + else /* Could not open trust_list file. */ f.trusted_config = FALSE; - } } #else /* Not root; don't trust config */ @@ -2427,8 +2432,8 @@ for (i = 1; i < argc; i++) if (clmacro_count >= MAX_CLMACROS) exim_fail("exim: too many -D options on command line\n"); - clmacros[clmacro_count++] = string_sprintf("-D%s=%s", m->name, - m->replacement); + clmacros[clmacro_count++] = + string_sprintf("-D%s=%s", m->name, m->replacement); } #endif break; @@ -2538,7 +2543,7 @@ for (i = 1; i < argc; i++) { badarg = TRUE; break; } } if (*argrest == 0) - sender_address = string_sprintf(""); /* Ensure writeable memory */ + *(sender_address = store_get(1, FALSE)) = '\0'; /* Ensure writeable memory */ else { uschar *temp = argrest + Ustrlen(argrest) - 1; @@ -2551,6 +2556,7 @@ for (i = 1; i < argc; i++) #endif sender_address = parse_extract_address(argrest, &errmess, &dummy_start, &dummy_end, &sender_address_domain, TRUE); + sender_address = string_copy_taint(sender_address, TRUE); #ifdef SUPPORT_I18N message_smtputf8 = string_is_utf8(sender_address); allow_utf8_domains = FALSE; @@ -2663,7 +2669,7 @@ for (i = 1; i < argc; i++) exim_fail("exim: getsockname() failed after -MC option: %s\n", strerror(errno)); - if (f.running_in_test_harness) millisleep(500); + testharness_pause_ms(500); break; } @@ -2712,7 +2718,7 @@ for (i = 1; i < argc; i++) case 'S': smtp_peer_options |= OPTION_SIZE; break; -#ifdef SUPPORT_TLS +#ifndef DISABLE_TLS /* -MCt: similar to -MCT below but the connection is still open via a proxy process which handles the TLS context and coding. Require three arguments for the proxied local address and port, @@ -2996,11 +3002,13 @@ for (i = 1; i < argc; i++) /* -oMas: setting authenticated sender */ - else if (Ustrcmp(argrest, "Mas") == 0) authenticated_sender = argv[++i]; + else if (Ustrcmp(argrest, "Mas") == 0) + authenticated_sender = string_copy_taint(argv[++i], TRUE); /* -oMai: setting authenticated id */ - else if (Ustrcmp(argrest, "Mai") == 0) authenticated_id = argv[++i]; + else if (Ustrcmp(argrest, "Mai") == 0) + authenticated_id = string_copy_taint(argv[++i], TRUE); /* -oMi: Set incoming interface address */ @@ -3028,7 +3036,8 @@ for (i = 1; i < argc; i++) /* -oMs: Set sender host name */ - else if (Ustrcmp(argrest, "Ms") == 0) sender_host_name = argv[++i]; + else if (Ustrcmp(argrest, "Ms") == 0) + sender_host_name = string_copy_taint(argv[++i], TRUE); /* -oMt: Set sender ident */ @@ -3193,22 +3202,23 @@ for (i = 1; i < argc; i++) /* -q[f][f][l][G]: Run the queue, optionally forced, optionally local only, optionally named, optionally starting from a given message id. */ - if (*argrest == 0 && - (i + 1 >= argc || argv[i+1][0] == '-' || mac_ismsgid(argv[i+1]))) - { - queue_interval = 0; - if (i+1 < argc && mac_ismsgid(argv[i+1])) - start_queue_run_id = argv[++i]; - if (i+1 < argc && mac_ismsgid(argv[i+1])) - stop_queue_run_id = argv[++i]; - } + if (!(list_queue || count_queue)) + if (*argrest == 0 + && (i + 1 >= argc || argv[i+1][0] == '-' || mac_ismsgid(argv[i+1]))) + { + queue_interval = 0; + if (i+1 < argc && mac_ismsgid(argv[i+1])) + start_queue_run_id = argv[++i]; + if (i+1 < argc && mac_ismsgid(argv[i+1])) + stop_queue_run_id = argv[++i]; + } /* -q[f][f][l][G/]: Run the queue at regular intervals, optionally forced, optionally local only, optionally named. */ - else if ((queue_interval = readconf_readtime(*argrest ? argrest : argv[++i], - 0, FALSE)) <= 0) - exim_fail("exim: bad time value %s: abandoned\n", argv[i]); + else if ((queue_interval = readconf_readtime(*argrest ? argrest : argv[++i], + 0, FALSE)) <= 0) + exim_fail("exim: bad time value %s: abandoned\n", argv[i]); break; @@ -3312,7 +3322,7 @@ for (i = 1; i < argc; i++) /* -tls-on-connect: don't wait for STARTTLS (for old clients) */ - #ifdef SUPPORT_TLS + #ifndef DISABLE_TLS else if (Ustrcmp(argrest, "ls-on-connect") == 0) tls_in.on_connect = TRUE; #endif @@ -3458,7 +3468,7 @@ if (debug_selector != 0) debug_file = stderr; debug_fd = fileno(debug_file); f.background_daemon = FALSE; - if (f.running_in_test_harness) millisleep(100); /* lets caller finish */ + testharness_pause_ms(100); /* lets caller finish */ if (debug_selector != D_v) /* -v only doesn't show this */ { debug_printf("Exim version %s uid=%ld gid=%ld pid=%d D=%x\n", @@ -3680,7 +3690,18 @@ If any of these options is set, we suppress warnings about configuration issues (currently about tls_advertise_hosts and keep_environment not being defined) */ -readconf_main(checking || list_options); + { +#ifdef MEASURE_TIMING + struct timeval t0, diff; + (void)gettimeofday(&t0, NULL); +#endif + + readconf_main(checking || list_options); + +#ifdef MEASURE_TIMING + report_time_since(&t0, US"readconf_main (delta)"); +#endif + } /* Now in directory "/" */ @@ -3933,7 +3954,7 @@ if ( (debug_selector & D_any || LOGGING(arguments)) && f.really_exim && !list_options && !checking) { uschar *p = big_buffer; - Ustrcpy(p, "cwd= (failed)"); + Ustrcpy(p, US"cwd= (failed)"); if (!initial_cwd) p += 13; @@ -3955,9 +3976,9 @@ if ( (debug_selector & D_any || LOGGING(arguments)) uschar *quote; if (p + len + 8 >= big_buffer + big_buffer_size) { - Ustrcpy(p, " ..."); + Ustrcpy(p, US" ..."); log_write(0, LOG_MAIN, "%s", big_buffer); - Ustrcpy(big_buffer, "..."); + Ustrcpy(big_buffer, US"..."); p = big_buffer + 3; } printing = string_printing(argv[i]); @@ -4288,16 +4309,18 @@ if (msg_action_arg > 0 && msg_action != MSG_DELIVER && msg_action != MSG_LOAD) Now, since the intro of the ${acl } expansion, ACL definitions may be needed in transports so we lost the optimisation. */ -readconf_rest(); + { +#ifdef MEASURE_TIMING + struct timeval t0, diff; + (void)gettimeofday(&t0, NULL); +#endif -/* The configuration data will have been read into POOL_PERM because we won't -ever want to reset back past it. Change the current pool to POOL_MAIN. In fact, -this is just a bit of pedantic tidiness. It wouldn't really matter if the -configuration were read into POOL_MAIN, because we don't do any resets till -later on. However, it seems right, and it does ensure that both pools get used. -*/ + readconf_rest(); -store_pool = POOL_MAIN; +#ifdef MEASURE_TIMING + report_time_since(&t0, US"readconf_rest (delta)"); +#endif + } /* Handle the -brt option. This is for checking out retry configurations. The next three arguments are a domain name or a complete address, and @@ -4459,9 +4482,28 @@ if (list_config) /* Initialise subsystems as required */ #ifndef DISABLE_DKIM -dkim_exim_init(); + { +# ifdef MEASURE_TIMING + struct timeval t0; + gettimeofday(&t0, NULL); +# endif + dkim_exim_init(); +# ifdef MEASURE_TIMING + report_time_since(&t0, US"dkim_exim_init (delta)"); +# endif + } #endif -deliver_init(); + + { +#ifdef MEASURE_TIMING + struct timeval t0; + gettimeofday(&t0, NULL); +#endif + deliver_init(); +#ifdef MEASURE_TIMING + report_time_since(&t0, US"deliver_init (delta)"); +#endif + } /* Handle a request to deliver one or more messages that are already on the @@ -4495,7 +4537,7 @@ if (msg_action_arg > 0 && msg_action != MSG_LOAD) else if ((pid = fork()) == 0) { (void)deliver_message(argv[i], forced_delivery, deliver_give_up); - _exit(EXIT_SUCCESS); + exim_underbar_exit(EXIT_SUCCESS); } else if (pid < 0) { @@ -4664,8 +4706,8 @@ if (f.daemon_listen || f.inetd_wait_mode || queue_interval > 0) the caller. This will get overwritten below for an inetd call. If a trusted caller has set it empty, unset it. */ -if (sender_ident == NULL) sender_ident = originator_login; - else if (sender_ident[0] == 0) sender_ident = NULL; +if (!sender_ident) sender_ident = originator_login; +else if (!*sender_ident) sender_ident = NULL; /* Handle the -brw option, which is for checking out rewriting rules. Cause log writes (on errors) to go to stderr instead. Can't do this earlier, as want the @@ -4687,8 +4729,8 @@ if (test_rewrite_arg >= 0) unless a trusted caller supplies a sender address with -f, or is passing in the message via SMTP (inetd invocation or otherwise). */ -if ((sender_address == NULL && !smtp_input) || - (!f.trusted_caller && filter_test == FTEST_NONE)) +if ( !sender_address && !smtp_input + || !f.trusted_caller && filter_test == FTEST_NONE) { f.sender_local = TRUE; @@ -4696,10 +4738,10 @@ if ((sender_address == NULL && !smtp_input) || via -oMas and -oMai and if so, they will already be set. Otherwise, force defaults except when host checking. */ - if (authenticated_sender == NULL && !host_checking) + if (!authenticated_sender && !host_checking) authenticated_sender = string_sprintf("%s@%s", originator_login, qualify_domain_sender); - if (authenticated_id == NULL && !host_checking) + if (!authenticated_id && !host_checking) authenticated_id = originator_login; } @@ -4709,8 +4751,8 @@ is specified is the empty address. However, if a trusted caller does not specify a sender address for SMTP input, we leave sender_address unset. This causes the MAIL commands to be honoured. */ -if ((!smtp_input && sender_address == NULL) || - !receive_check_set_sender(sender_address)) +if ( !smtp_input && !sender_address + || !receive_check_set_sender(sender_address)) { /* Either the caller is not permitted to set a general sender, or this is non-SMTP input and the trusted caller has not set a sender. If there is no @@ -4736,8 +4778,7 @@ f.sender_set_untrusted = sender_address != originator_login && !f.trusted_caller address, which indicates an error message, or doesn't exist (root caller, smtp interface, no -f argument). */ -if (sender_address != NULL && sender_address[0] != 0 && - sender_address_domain == 0) +if (sender_address && *sender_address && sender_address_domain == 0) sender_address = string_sprintf("%s@%s", local_part_quote(sender_address), qualify_domain_sender); @@ -4927,7 +4968,7 @@ if (host_checking) it. The code works for both IPv4 and IPv6, as it happens. */ size = host_aton(sender_host_address, x); - sender_host_address = store_get(48); /* large enough for full IPv6 */ + sender_host_address = store_get(48, FALSE); /* large enough for full IPv6 */ (void)host_nmtoa(size, x, -1, sender_host_address, ':'); /* Now set up for testing */ @@ -4957,7 +4998,7 @@ if (host_checking) if (smtp_start_session()) { - for (reset_point = store_get(0); ; store_reset(reset_point)) + for (; (reset_point = store_mark()); store_reset(reset_point)) { if (smtp_setup_msg() <= 0) break; if (!receive_msg(FALSE)) break; @@ -5200,7 +5241,6 @@ if (!f.synchronous_delivery) /* Save the current store pool point, for resetting at the start of each message, and save the real sender address, if any. */ -reset_point = store_get(0); real_sender_address = sender_address; /* Loop to receive messages; receive_msg() returns TRUE if there are more @@ -5209,6 +5249,7 @@ collapsed). */ while (more) { + reset_point = store_mark(); message_id[0] = 0; /* Handle the SMTP case; call smtp_setup_mst() to deal with the initial SMTP @@ -5358,7 +5399,7 @@ while (more) } } - receive_add_recipient(recipient, -1); + receive_add_recipient(string_copy_taint(recipient, TRUE), -1); s = ss; if (!finished) while (*(++s) != 0 && (*s == ',' || isspace(*s))); @@ -5580,8 +5621,8 @@ while (more) rc = deliver_message(message_id, FALSE, FALSE); search_tidyup(); - _exit((!mua_wrapper || rc == DELIVER_MUA_SUCCEEDED)? - EXIT_SUCCESS : EXIT_FAILURE); + exim_underbar_exit(!mua_wrapper || rc == DELIVER_MUA_SUCCEEDED + ? EXIT_SUCCESS : EXIT_FAILURE); } if (pid < 0)