Track tainted data and refuse to expand it

[exim.git] / src / src / spool_mbox.c

diff --git a/src/src/spool_mbox.c b/src/src/spool_mbox.c
index 749484f2b0974bd891dffaf847033731de4f7b4d..caf1712cf7dde5619870e963826ed769e7b6dff5 100644 (file)
--- a/src/src/spool_mbox.c
+++ b/src/src/spool_mbox.c
@@ -35,19 +35,16 @@ uschar message_subdir[2];
 uschar buffer[16384];
 uschar *temp_string;
 uschar *mbox_path;
-FILE *mbox_file = NULL;
-FILE *data_file = NULL;
-FILE *yield = NULL;
-header_line *my_headerlist;
+FILE *mbox_file = NULL, *l_data_file = NULL, *yield = NULL;
 struct stat statbuf;
-int i, j;
-void *reset_point;
+int j;
+rmark reset_point;
 
 mbox_path = string_sprintf("%s/scan/%s/%s.eml",
   spool_directory, message_id, message_id);
 if (mbox_fname) *mbox_fname = mbox_path;
 
-reset_point = store_get(0);
+reset_point = store_mark();
 
 /* Skip creation if already spooled out as mbox file */
 if (!spool_mbox_ok)
@@ -90,7 +87,7 @@ if (!spool_mbox_ok)
 
   /* write all non-deleted header lines to mbox file */
 
-  for (my_headerlist = header_list; my_headerlist;
+  for (header_line * my_headerlist = header_list; my_headerlist;
       my_headerlist = my_headerlist->next)
     if (my_headerlist->type != '*')
       if (fwrite(my_headerlist->text, my_headerlist->slen, 1, mbox_file) != 1)
@@ -108,21 +105,25 @@ if (!spool_mbox_ok)
     goto OUT;
     }
 
-  /* copy body file */
-  if (!source_file_override)
+  /* Copy body file.  If the main receive still has it open then it is holding
+  a lock, and we must not close it (which releases the lock), so just use the
+  global file handle. */
+  if (source_file_override)
+    l_data_file = Ufopen(source_file_override, "rb");
+  else if (spool_data_file)
+    l_data_file = spool_data_file;
+  else
     {
     message_subdir[1] = '\0';
-    for (i = 0; i < 2; i++)
+    for (int i = 0; i < 2; i++)
       {
       message_subdir[0] = split_spool_directory == (i == 0) ? message_id[5] : 0;
       temp_string = spool_fname(US"input", message_subdir, message_id, US"-D");
-      if ((data_file = Ufopen(temp_string, "rb"))) break;
+      if ((l_data_file = Ufopen(temp_string, "rb"))) break;
       }
     }
-  else
-    data_file = Ufopen(source_file_override, "rb");
 
-  if (!data_file)
+  if (!l_data_file)
     {
     log_write(0, LOG_MAIN|LOG_PANIC, "Could not open datafile for message %s",
       message_id);
@@ -131,7 +132,7 @@ if (!spool_mbox_ok)
 
   /* The code used to use this line, but it doesn't work in Cygwin.
 
-      (void)fread(data_buffer, 1, 18, data_file);
+      (void)fread(data_buffer, 1, 18, l_data_file);
 
      What's happening is that spool_mbox used to use an fread to jump over the
      file header. That fails under Cygwin because the header is locked, but
@@ -139,23 +140,23 @@ if (!spool_mbox_ok)
      explicitly, because the one in the file is parted of the locked area.  */
 
   if (!source_file_override)
-    (void)fseek(data_file, SPOOL_DATA_START_OFFSET, SEEK_SET);
+    (void)fseek(l_data_file, SPOOL_DATA_START_OFFSET, SEEK_SET);
 
   do
     {
     uschar * s;
 
-    if (!spool_file_wireformat || source_file_override)
-      j = fread(buffer, 1, sizeof(buffer), data_file);
+    if (!f.spool_file_wireformat || source_file_override)
+      j = fread(buffer, 1, sizeof(buffer), l_data_file);
     else                                               /* needs CRLF -> NL */
-      if ((s = US fgets(CS buffer, sizeof(buffer), data_file)))
+      if ((s = US fgets(CS buffer, sizeof(buffer), l_data_file)))
        {
        uschar * p = s + Ustrlen(s) - 1;
 
        if (*p == '\n' && p[-1] == '\r')
          *--p = '\n';
        else if (*p == '\r')
-         ungetc(*p--, data_file);
+         ungetc(*p--, l_data_file);
 
        j = p - buffer;
        }
@@ -190,7 +191,7 @@ else
   *mbox_file_size = statbuf.st_size;
 
 OUT:
-if (data_file) (void)fclose(data_file);
+if (l_data_file && !spool_data_file) (void)fclose(l_data_file);
 if (mbox_file) (void)fclose(mbox_file);
 store_reset(reset_point);
 return yield;
@@ -207,14 +208,13 @@ unspool_mbox(void)
 spam_ok = 0;
 malware_ok = 0;
 
-if (spool_mbox_ok && !no_mbox_unspool)
+if (spool_mbox_ok && !f.no_mbox_unspool)
   {
-  uschar *mbox_path;
   uschar *file_path;
   struct dirent *entry;
   DIR *tempdir;
-
-  mbox_path = string_sprintf("%s/scan/%s", spool_directory, spooled_message_id);
+  rmark reset_point = store_mark();
+  uschar * mbox_path = string_sprintf("%s/scan/%s", spool_directory, spooled_message_id);
 
   if (!(tempdir = opendir(CS mbox_path)))
     {
@@ -239,7 +239,7 @@ if (spool_mbox_ok && !no_mbox_unspool)
 
   /* remove directory */
   rmdir(CS mbox_path);
-  store_reset(mbox_path);
+  store_reset(reset_point);
   }
 spool_mbox_ok = 0;
 }