From 14ca5d2ac6c3536fe189435269a302ef14e972cf Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Mon, 29 Jul 2019 15:48:05 +0100 Subject: [PATCH] Fix taint-checking on OpenBSD --- src/OS/Makefile-OpenBSD | 1 + src/src/functions.h | 1 + src/src/mytypes.h | 4 ++++ src/src/readconf.c | 22 +++++++++++----------- src/src/store.c | 29 +++++++++++++++++++++++++++++ src/src/transports/smtp.c | 4 ++++ src/src/verify.c | 2 +- 7 files changed, 51 insertions(+), 12 deletions(-) diff --git a/src/OS/Makefile-OpenBSD b/src/OS/Makefile-OpenBSD index 5a894789c..2b37a7373 100644 --- a/src/OS/Makefile-OpenBSD +++ b/src/OS/Makefile-OpenBSD @@ -5,6 +5,7 @@ CHGRP_COMMAND=/usr/sbin/chgrp CHMOD_COMMAND=/bin/chmod CFLAGS=-O2 -Wall -Wno-parentheses -Wno-self-assign -Wno-logical-op-parentheses +CFLAGS += -DTAINT_CHECK_SLOW LIBS=-lm diff --git a/src/src/functions.h b/src/src/functions.h index 060278959..6347b231f 100644 --- a/src/src/functions.h +++ b/src/src/functions.h @@ -285,6 +285,7 @@ extern int ip_unixsocket(const uschar *, uschar **); extern int ip_streamsocket(const uschar *, uschar **, int); extern int ipv6_nmtoa(int *, uschar *); +extern BOOL is_tainted_fn(const void *); extern uschar *local_part_quote(uschar *); extern int log_create(uschar *); diff --git a/src/src/mytypes.h b/src/src/mytypes.h index a68dc2817..f7551336c 100644 --- a/src/src/mytypes.h +++ b/src/src/mytypes.h @@ -136,6 +136,10 @@ is_tainted(const void * p) { #if defined(COMPILE_UTILITY) || defined(MACRO_PREDEF) return FALSE; + +#elif defined(TAINT_CHECK_SLOW) +return is_tainted_fn(p); + #else extern void * tainted_base, * tainted_top; return p >= tainted_base && p < tainted_top; diff --git a/src/src/readconf.c b/src/src/readconf.c index 6ed2ea409..d13d05142 100644 --- a/src/src/readconf.c +++ b/src/src/readconf.c @@ -3326,19 +3326,19 @@ if (f.trusted_config && Ustrcmp(filename, US"/dev/null")) log_write(0, LOG_MAIN|LOG_PANIC_DIE, "Exim configuration file %s has the " "wrong owner, group, or mode", big_buffer); - } -/* Do a dummy store-allocation of a size related to the (toplevel) file size. -This assumes we will need this much storage to handle all the allocations -during startup; it won't help when .include is being used. When it does, it -will cut down on the number of store blocks (and malloc calls, and sbrk -syscalls). It also assume we're on the relevant pool. */ + /* Do a dummy store-allocation of a size related to the (toplevel) file size. + This assumes we will need this much storage to handle all the allocations + during startup; it won't help when .include is being used. When it does, it + will cut down on the number of store blocks (and malloc calls, and sbrk + syscalls). It also assume we're on the relevant pool. */ -if (statbuf.st_size > 8192) - { - rmark r = store_mark(); - void * dummy = store_get((int)statbuf.st_size, FALSE); - store_reset(r); + if (statbuf.st_size > 8192) + { + rmark r = store_mark(); + void * dummy = store_get((int)statbuf.st_size, FALSE); + store_reset(r); + } } /* Process the main configuration settings. They all begin with a lower case diff --git a/src/src/store.c b/src/src/store.c index b7cf4cdee..045f27f8e 100644 --- a/src/src/store.c +++ b/src/src/store.c @@ -159,6 +159,35 @@ static void internal_store_free(void *, const char *, int linenumber); /******************************************************************************/ +/* Slower version check, for use when platform intermixes malloc and mmap area +addresses. */ + +BOOL +is_tainted_fn(const void * p) +{ +storeblock * b; +int pool; + +for (pool = 0; pool < nelem(chainbase); pool++) + if ((b = current_block[pool])) + { + char * bc = CS b + ALIGNED_SIZEOF_STOREBLOCK; + if (CS p >= bc && CS p <= bc + b->length) goto hit; + } + +for (pool = 0; pool < nelem(chainbase); pool++) + for (b = chainbase[pool]; b; b = b->next) + { + char * bc = CS b + ALIGNED_SIZEOF_STOREBLOCK; + if (CS p >= bc && CS p <= bc + b->length) goto hit; + } +return FALSE; + +hit: +return pool >= POOL_TAINT_BASE; +} + + void die_tainted(const uschar * msg, const uschar * func, int line) { diff --git a/src/src/transports/smtp.c b/src/src/transports/smtp.c index 617a55a16..03243f3fc 100644 --- a/src/src/transports/smtp.c +++ b/src/src/transports/smtp.c @@ -8,6 +8,10 @@ #include "../exim.h" #include "smtp.h" +#if defined(SUPPORT_DANE) && defined(DISABLE_TLS) +# error TLS is required for DANE +#endif + /* Options specific to the smtp transport. This transport also supports LMTP over TCP/IP. The options must be in alphabetic order (note that "_" comes diff --git a/src/src/verify.c b/src/src/verify.c index a1276068b..4422b4ad1 100644 --- a/src/src/verify.c +++ b/src/src/verify.c @@ -2349,7 +2349,7 @@ for (header_line * h = header_list; h; h = h->next) if ((*s < 33) || (*s > 126)) { *msgptr = string_sprintf("Invalid character in header \"%.*s\" found", - colon - h->text, h->text); + (int)(colon - h->text), h->text); return FAIL; } } -- 2.25.1