X-Git-Url: https://vcs.fsf.org/?p=exim.git;a=blobdiff_plain;f=src%2Fsrc%2Fverify.c;h=fba1f6e9e0a96d80c447a9201bddc00ad563cc38;hp=7b9d006f6ecd50236a37ed5b8282820913d15d10;hb=1e1ddfac79fbcd052f199500a6493c7f79cb8462;hpb=5fcc791a74a6f6933b3fb03f36e9ea3553152cf7 diff --git a/src/src/verify.c b/src/src/verify.c index 7b9d006f6..fba1f6e9e 100644 --- a/src/src/verify.c +++ b/src/src/verify.c @@ -3,6 +3,7 @@ *************************************************/ /* Copyright (c) University of Cambridge 1995 - 2018 */ +/* Copyright (c) The Exim Maintainers 2020 */ /* See the file NOTICE for conditions of use and distribution. */ /* Functions concerned with verifying things. The original code for callout @@ -2260,7 +2261,7 @@ for (header_line * h = header_list; h && yield == OK; h = h->next) colon = Ustrchr(h->text, ':'); s = colon + 1; - while (isspace(*s)) s++; + Uskip_whitespace(&s); /* Loop for multiple addresses in the header, enabling group syntax. Note that we have to reset this after the header has been scanned. */ @@ -2339,7 +2340,7 @@ for (header_line * h = header_list; h && yield == OK; h = h->next) /* Advance to the next address */ s = ss + (terminator ? 1 : 0); - while (isspace(*s)) s++; + Uskip_whitespace(&s); } /* Next address */ f.parse_allow_group = FALSE; @@ -2417,7 +2418,7 @@ for (int i = 0; i < recipients_count; i++) colon = Ustrchr(h->text, ':'); s = colon + 1; - while (isspace(*s)) s++; + Uskip_whitespace(&s); /* Loop for multiple addresses in the header, enabling group syntax. Note that we have to reset this after the header has been scanned. */ @@ -2455,7 +2456,7 @@ for (int i = 0; i < recipients_count; i++) /* Advance to the next address */ s = ss + (terminator ? 1:0); - while (isspace(*s)) s++; + Uskip_whitespace(&s); } /* Next address */ f.parse_allow_group = FALSE; @@ -2890,7 +2891,7 @@ BOOL iplookup = FALSE; BOOL isquery = FALSE; BOOL isiponly = cb->host_name != NULL && cb->host_name[0] == 0; const uschar *t; -uschar *semicolon; +uschar * semicolon, * endname, * opts; uschar **aliases; /* Optimize for the special case when the pattern is "*". */ @@ -2909,7 +2910,6 @@ provided that host name matching is permitted; if it's "@[]" match against the local host's IP addresses. */ if (*ss == '@') - { if (ss[1] == 0) { if (isiponly) return ERROR; @@ -2921,7 +2921,6 @@ if (*ss == '@') if (Ustrcmp(ip->address, cb->host_address) == 0) return OK; return FAIL; } - } /* If the pattern is an IP address, optionally followed by a bitmask count, do a (possibly masked) comparison with the current IP address. */ @@ -2947,17 +2946,26 @@ if (*t == 0 || (*t == '/' && t != ss)) return ERROR; } -/* See if there is a semicolon in the pattern */ +/* See if there is a semicolon in the pattern, separating a searchtype +prefix. If there is one then check for comma-sep options. */ -semicolon = Ustrchr(ss, ';'); +if ((semicolon = Ustrchr(ss, ';'))) + if ((opts = Ustrchr(ss, ',')) && opts < semicolon) + { + endname = opts++; + opts = string_copyn(opts, semicolon - opts); + } + else + { + endname = semicolon; + opts = NULL; + } /* If we are doing an IP address only match, then all lookups must be IP address lookups, even if there is no "net-". */ if (isiponly) - { iplookup = semicolon != NULL; - } /* Otherwise, if the item is of the form net[n]-lookup; then it is a lookup on a masked IP network, in textual form. We obey this code even if we @@ -2967,12 +2975,12 @@ key is implicit. For query-style lookups the key is specified in the query. From release 4.30, the use of net- for query style is no longer needed, but we retain it for backward compatibility. */ -if (Ustrncmp(ss, "net", 3) == 0 && semicolon != NULL) +if (Ustrncmp(ss, "net", 3) == 0 && semicolon) { mlen = 0; for (t = ss + 3; isdigit(*t); t++) mlen = mlen * 10 + *t - '0'; if (mlen == 0 && t == ss+3) mlen = -1; /* No mask supplied */ - iplookup = (*t++ == '-'); + iplookup = *t++ == '-'; } else t = ss; @@ -2990,7 +2998,7 @@ if (iplookup) /* Find the search type */ - search_type = search_findtype(t, semicolon - t); + search_type = search_findtype(t, endname - t); if (search_type < 0) log_write(0, LOG_MAIN|LOG_PANIC_DIE, "%s", search_error_message); @@ -3033,7 +3041,7 @@ if (iplookup) if (!(handle = search_open(filename, search_type, 0, NULL, NULL))) log_write(0, LOG_MAIN|LOG_PANIC_DIE, "%s", search_error_message); - result = search_find(handle, filename, key, -1, NULL, 0, 0, NULL); + result = search_find(handle, filename, key, -1, NULL, 0, 0, NULL, opts); if (valueptr) *valueptr = result; return result ? OK : f.search_find_defer ? DEFER: FAIL; } @@ -3091,7 +3099,7 @@ using the general string matching function. When this function is called for outgoing hosts, the name is always given explicitly. If it is NULL, it means we must use sender_host_name and its aliases, looking them up if necessary. */ -if (cb->host_name != NULL) /* Explicit host name given */ +if (cb->host_name) /* Explicit host name given */ return match_check_string(cb->host_name, ss, -1, TRUE, TRUE, TRUE, valueptr); @@ -3101,13 +3109,14 @@ query does not contain $sender_host_name. From release 4.23, a reference to $sender_host_name causes it to be looked up, so we don't need to do the lookup on spec. */ -if ((semicolon = Ustrchr(ss, ';')) != NULL) +if ((semicolon = Ustrchr(ss, ';'))) { - const uschar *affix; + const uschar * affix, * opts; int partial, affixlen, starflags, id; *semicolon = 0; - id = search_findtype_partial(ss, &partial, &affix, &affixlen, &starflags); + id = search_findtype_partial(ss, &partial, &affix, &affixlen, &starflags, + &opts); *semicolon=';'; if (id < 0) /* Unknown lookup type */ @@ -3383,11 +3392,13 @@ dns_scan dnss; tree_node *t; dnsbl_cache_block *cb; int old_pool = store_pool; -uschar query[256]; /* DNS domain max length */ +uschar * query; +int qlen; /* Construct the specific query domainname */ -if (!string_format(query, sizeof(query), "%s.%s", prepend, domain)) +query = string_sprintf("%s.%s", prepend, domain); +if ((qlen = Ustrlen(query)) >= 256) { log_write(0, LOG_MAIN|LOG_PANIC, "dnslist query is too long " "(ignored): %s...", query); @@ -3422,7 +3433,7 @@ else else { /* Set up a tree entry to cache the lookup */ - t = store_get(sizeof(tree_node) + Ustrlen(query), is_tainted(query)); + t = store_get(sizeof(tree_node) + qlen + 1 + 1, is_tainted(query)); Ustrcpy(t->name, query); t->data.ptr = cb = store_get(sizeof(dnsbl_cache_block), FALSE); (void)tree_insertnode(&dnsbl_cache, t); @@ -3529,7 +3540,6 @@ if (cb->rc == DNS_SUCCEED) for (da = cb->rhs; da; da = da->next) { int ipsep = ','; - uschar ip[46]; const uschar *ptr = iplist; uschar *res; @@ -3537,8 +3547,8 @@ if (cb->rc == DNS_SUCCEED) if (!bitmask) { - while ((res = string_nextinlist(&ptr, &ipsep, ip, sizeof(ip)))) - if (Ustrcmp(CS da->address, ip) == 0) + while ((res = string_nextinlist(&ptr, &ipsep, NULL, 0))) + if (Ustrcmp(CS da->address, res) == 0) break; } @@ -3560,9 +3570,9 @@ if (cb->rc == DNS_SUCCEED) /* Scan the returned addresses, skipping any that are IPv6 */ - while ((res = string_nextinlist(&ptr, &ipsep, ip, sizeof(ip)))) + while ((res = string_nextinlist(&ptr, &ipsep, NULL, 0))) { - if (host_aton(ip, address) != 1) continue; + if (host_aton(res, address) != 1) continue; if ((address[0] & mask) == address[0]) break; } } @@ -3732,7 +3742,6 @@ int sep = 0; int defer_return = FAIL; const uschar *list = *listptr; uschar *domain; -uschar buffer[1024]; uschar revadd[128]; /* Long enough for IPv6 address */ /* Indicate that the inverted IP address is not yet set up */ @@ -3745,7 +3754,7 @@ dns_init(FALSE, FALSE, FALSE); /*XXX dnssec? */ /* Loop through all the domains supplied, until something matches */ -while ((domain = string_nextinlist(&list, &sep, buffer, sizeof(buffer)))) +while ((domain = string_nextinlist(&list, &sep, NULL, 0))) { int rc; BOOL bitmask = FALSE;