X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=src%2Fsrc%2Fexim.c;h=8ab11bb4eea6ebbb6b945845937c0408d5c32d11;hb=8c513105fde2b8be3397216a0153f9b266fc7dfb;hp=75282f17301a408ea278885ae60cec92ac1113f9;hpb=157d73b585d3f7e0ae33a58b3e369b6ba6e6f7b6;p=exim.git diff --git a/src/src/exim.c b/src/src/exim.c index 75282f173..8ab11bb4e 100644 --- a/src/src/exim.c +++ b/src/src/exim.c @@ -140,14 +140,14 @@ regex_match_and_setup(const pcre *re, const uschar *subject, int options, int se int ovector[3*(EXPAND_MAXN+1)]; uschar * s = string_copy(subject); /* de-constifying */ int n = pcre_exec(re, NULL, CS s, Ustrlen(s), 0, - PCRE_EOPT | options, ovector, sizeof(ovector)/sizeof(int)); + PCRE_EOPT | options, ovector, nelem(ovector)); BOOL yield = n >= 0; if (n == 0) n = EXPAND_MAXN + 1; if (yield) { int nn; - expand_nmax = (setup < 0)? 0 : setup + 1; - for (nn = (setup < 0)? 0 : 2; nn < n*2; nn += 2) + expand_nmax = setup < 0 ? 0 : setup + 1; + for (nn = setup < 0 ? 0 : 2; nn < n*2; nn += 2) { expand_nstring[expand_nmax] = s + ovector[nn]; expand_nlength[expand_nmax++] = ovector[nn+1] - ovector[nn]; @@ -174,15 +174,22 @@ Returns: nothing void set_process_info(const char *format, ...) { -int len = sprintf(CS process_info, "%5d ", (int)getpid()); +gstring gs = { .size = PROCESS_INFO_SIZE - 2, .ptr = 0, .s = process_info }; +gstring * g; +int len; va_list ap; + +g = string_fmt_append(&gs, "%5d ", (int)getpid()); +len = g->ptr; va_start(ap, format); -if (!string_vformat(process_info + len, PROCESS_INFO_SIZE - len - 2, format, ap)) - Ustrcpy(process_info + len, "**** string overflowed buffer ****"); -len = Ustrlen(process_info); -process_info[len+0] = '\n'; -process_info[len+1] = '\0'; -process_info_len = len + 1; +if (!string_vformat(g, FALSE, format, ap)) + { + gs.ptr = len; + g = string_cat(&gs, US"**** string overflowed buffer ****"); + } +g = string_catn(g, US"\n", 1); +string_from_gstring(g); +process_info_len = g->ptr; DEBUG(D_process_info) debug_printf("set_process_info: %s", process_info); va_end(ap); } @@ -906,6 +913,9 @@ fprintf(fp, "Support for:"); #ifdef EXPERIMENTAL_REQUIRETLS fprintf(fp, " Experimental_REQUIRETLS"); #endif +#ifdef EXPERIMENTAL_PIPE_CONNECT + fprintf(fp, " Experimental_PIPE_CONNECT"); +#endif fprintf(fp, "\n"); fprintf(fp, "Lookups (built-in):"); @@ -1492,6 +1502,7 @@ int recipients_arg = argc; int sender_address_domain = 0; int test_retry_arg = -1; int test_rewrite_arg = -1; +gid_t original_egid; BOOL arg_queue_only = FALSE; BOOL bi_option = FALSE; BOOL checking = FALSE; @@ -1818,6 +1829,7 @@ if ((namelen == 10 && Ustrcmp(argv[0], "newaliases") == 0) || normally be root, but in some esoteric environments it may not be. */ original_euid = geteuid(); +original_egid = getegid(); /* Get the real uid and gid. If the caller is root, force the effective uid/gid to be the same as the real ones. This makes a difference only if Exim is setuid @@ -3546,6 +3558,11 @@ over a single group - the current group, which is always the first group in the list. Calling setgroups() with zero groups on a "different" system results in an error return. The following code should cope with both types of system. + Unfortunately, recent MacOS, which should be a FreeBSD, "helpfully" succeeds + the "setgroups() with zero groups" - and changes the egid. + Thanks to that we had to stash the original_egid above, for use below + in the call to exim_setugid(). + However, if this process isn't running as root, setgroups() can't be used since you have to be root to run it, even if throwing away groups. Not being root here happens only in some unusual configurations. We just ignore the @@ -3605,7 +3622,7 @@ the real uid to the effective so that subsequent re-execs of Exim are done by a privileged user. */ else - exim_setugid(geteuid(), getegid(), FALSE, US"forcing real = effective"); + exim_setugid(geteuid(), original_egid, FALSE, US"forcing real = effective"); /* If testing a filter, open the file(s) now, before wasting time doing other setups and reading the message. */