Attachment #13372 for bug #46381

View | Details | Raw Unified | Return to bug 46381
Collapse All | Expand All




*************************************************/

/* Copyright (c) University of Cambridge 1995 - 2018 */
/* Copyright (c) The Exim Maintainers 2021 */
/* See the file NOTICE for conditions of use and distribution. */



int     queue_update = 60;
int     queue_width = 600;

pcre2_code   *yyyymmdd_regex;

uschar *size_stripchart = NULL;
uschar *size_stripchart_name = NULL;

int     start_small = FALSE;
int     stripchart_height = 90;
int     stripchart_number = 1;
pcre2_code  **stripchart_regex;
uschar **stripchart_title;
int    *stripchart_total;
int     stripchart_update = 60;

int     received_count         = 0;
uschar *received_protocol      = NULL;
struct timeval received_time   = { 0, 0 };
struct timeval received_time_complete = { 0, 0 };
int     recipients_count       = 0;
recipient_item *recipients_list = NULL;
int     recipients_list_max    = 0;




*************************************************/

/* Copyright (c) University of Cambridge 1995 - 2009 */
/* Copyright (c) The Exim Maintainers 2021 - 2022 */
/* See the file NOTICE for conditions of use and distribution. */




/* Regular expression include */

#define PCRE2_CODE_UNIT_WIDTH 8
#include <pcre2.h>

/* Includes from the main source of Exim.  One of these days I should tidy up
this interface so that this kind of kludge isn't needed. */

#ifndef NS_MAXMSG
# define NS_MAXMSG 65535
#endif
typedef void * hctx;

#include "local_scan.h"
#include "macros.h"
#include "structs.h"
#include "blob.h"
#include "globals.h"
#include "hintsdb.h"
#include "hintsdb_structs.h"
#include "functions.h"
#include "osfunctions.h"


extern int     queue_update;        /* update interval */
extern int     queue_width;         /* width of queue window */

extern pcre2_code   *yyyymmdd_regex;    /* for matching yyyy-mm-dd */

extern uschar *size_stripchart;     /* path for size monitoring */
extern uschar *size_stripchart_name; /* name for size stripchart */

extern int     start_small;         /* True to start with small window */
extern int     stripchart_height;   /* height of stripcharts */
extern int     stripchart_number;   /* number of stripcharts */
extern pcre2_code  **stripchart_regex;  /* vector of regexps */
extern uschar **stripchart_title;    /* vector of titles */
extern int    *stripchart_total;    /* vector of accumulating values */
extern int     stripchart_update;   /* update interval */




*************************************************/

/* Copyright (c) University of Cambridge 1995 - 2009 */
/* Copyright (c) The Exim Maintainers 2020 - 2021 */
/* See the file NOTICE for conditions of use and distribution. */

/* This module contains code to initialize things from the

work. */

for (i = 0; i <= 1; i++)

  {
  int first = 1;
  int count = 0;

      buffer[p-pp] = 0;
      if (first)
        {
        size_t offset;
        int err;

        if (!(stripchart_regex[indx] =
		pcre2_compile((PCRE2_SPTR)buffer,
		      PCRE2_ZERO_TERMINATED, PCRE_COPT,
		      &err, &offset, NULL)))
          {
	  uschar errbuf[128];
	  pcre2_get_error_message(err, errbuf, sizeof(errbuf));
          printf("regular expression error: %s at offset %ld "
            "while compiling %s\n", errbuf, (long)offset, buffer);
          exit(99);
          }
        }

  if (i == 0)
    {
    stripchart_number += count;
    stripchart_regex = (pcre2_code **)store_malloc(stripchart_number * sizeof(pcre2_code *));
    stripchart_title = (uschar **)store_malloc(stripchart_number * sizeof(uschar *));
    }
  }

void init(int argc, uschar **argv)
{
int x;
size_t erroroffset;
uschar *s;
const uschar *error;

argc = argc;     /* These are currently unused. */
argv = argv;

/* Deal with simple values in the environment. */

if ((s = US getenv("ACTION_OUTPUT")))
if (s != NULL)
  {
  if (Ustrcmp(s, "no") == 0) action_output = FALSE;
  if (Ustrcmp(s, "yes") == 0) action_output = TRUE;
  }

if ((s = US getenv("ACTION_QUEUE_UPDATE")))
if (s != NULL)
  {
  if (Ustrcmp(s, "no") == 0) action_queue_update = FALSE;
  if (Ustrcmp(s, "yes") == 0) action_queue_update = TRUE;
  }

s = US getenv("BODY_MAX");
if (s && (x = Uatoi(s)) != 0) body_max = x;

if ((s = US getenv("EXIM_PATH")))
  exim_path = string_copy(s);

if ((s = US getenv("EXIMON_EXIM_CONFIG")))
  alternate_config = string_copy(s);

if ((s = US getenv("LOG_BUFFER")))
if (s != NULL)
  {
  uschar c[1];
  if (sscanf(CS s, "%d%c", &x, c) > 0)

  }

s = US getenv("LOG_DEPTH");
if (s && (x = Uatoi(s)) != 0) log_depth = x;

if ((s = US getenv("LOG_FILE_NAME")))
  log_file = string_copy(s);

if ((s = US getenv("LOG_FONT")))
  log_font = string_copy(s);

s = US getenv("LOG_WIDTH");
if (s && (x = Uatoi(s)) != 0) log_width = x;

if ((s = US getenv("MENU_EVENT")))
  menu_event = string_copy(s);

s = US getenv("MIN_HEIGHT");
if (s && (x = Uatoi(s)) > 0) min_height = x;

s = US getenv("MIN_WIDTH");
if (s && (x = Uatoi(s)) > 0) min_width = x;

if ((s = US getenv("QUALIFY_DOMAIN")))
  qualify_domain = string_copy(s);
else
  qualify_domain = US"";  /* Don't want NULL */

s = US getenv("QUEUE_DEPTH");
if (s && (x = Uatoi(s)) != 0) queue_depth = x;

if ((s = US getenv("QUEUE_FONT")))
  queue_font = string_copy(s);

s = US getenv("QUEUE_INTERVAL");
if (s && (x = Uatoi(s)) != 0) queue_update = x;

s = US getenv("QUEUE_MAX_ADDRESSES");
if (s && (x = Uatoi(s)) != 0) queue_max_addresses = x;

s = US getenv("QUEUE_WIDTH");
if (s && (x = Uatoi(s)) != 0) queue_width = x;

if ((s = US getenv("SPOOL_DIRECTORY")))
  spool_directory = string_copy(s);

s = US getenv("START_SMALL");
if (s && Ustrcmp(s, "yes") == 0) start_small = 1;

s = US getenv("TEXT_DEPTH");
if (s && (x = Uatoi(s)) != 0) text_depth = x;

if ((s = US getenv("WINDOW_TITLE")))
  window_title = string_copy(s);

/* Deal with stripchart configuration. First see if we are monitoring
the size of a partition, then deal with log stripcharts in a separate
function */

s = US getenv("SIZE_STRIPCHART");
if (s && *s)
  {
  stripchart_number++;
  stripchart_varstart++;

  if (s != NULL && *s != 0) size_stripchart_name = string_copy(s);
  }

if ((s = US getenv("LOG_STRIPCHARTS")))
  decode_stripchart_config(s);

s = US getenv("STRIPCHART_INTERVAL");
if (s && (x = Uatoi(s)) != 0) stripchart_update = x;

s = US getenv("QUEUE_STRIPCHART_NAME");
queue_stripchart_name = s ? string_copy(s) : US"queue";

/* Compile the regex for matching yyyy-mm-dd at the start of a string. */

yyyymmdd_regex = pcre2_compile((PCRE2_SPTR)"^\\d{4}-\\d\\d-\\d\\d\\s",
  PCRE2_ZERO_TERMINATED, PCRE_COPT, &x, &erroroffset, NULL);
}

/* End of em_init.c */




*************************************************/

/* Copyright (c) University of Cambridge 1995 - 2018 */
/* Copyright (c) The Exim Maintainters 2021 - 2022 */
/* See the file NOTICE for conditions of use and distribution. */

/* This module contains code for scanning the main log,

    uschar *p = buffer;
    rmark reset_point;
    int length = Ustrlen(buffer);
    pcre2_match_data * md = pcre2_match_data_create(1, NULL);

    /* Skip totally blank lines (paranoia: there shouldn't be any) */


    stripchart is the queue length, which is handled elsewhere, and the
    1st may the a size monitor. */

    for (int i = stripchart_varstart; i < stripchart_number; i++)
      if (pcre2_match(stripchart_regex[i], (PCRE2_SPTR)buffer, length,
			0, PCRE_EOPT, md, NULL) >= 0)
            NULL, 0) >= 0)
        stripchart_total[i]++;
      }

    /* Munge the log entry and display shortened form on one line.
    We omit the date and show only the time. Remove any time zone offset.
    Take note of the presence of [pid]. */

    if (pcre2_match(yyyymmdd_regex, (PCRE2_SPTR) buffer, length, 0, PCRE_EOPT,
		      md, NULL) >= 0)
      {
      int pidlength = 0;
      if (  (buffer[20] == '+' || buffer[20] == '-')
         && isdigit(buffer[21]) && buffer[25] == ' ')
        memmove(buffer + 20, buffer + 26, Ustrlen(buffer + 26) + 1);
      if (buffer[20] == '[')
        while (Ustrchr("[]0123456789", buffer[20+pidlength++]) != NULL)
	  ;
        }
      id = string_copyn(buffer + 20 + pidlength, MESSAGE_ID_LENGTH);
      show_log("%s", buffer+11);
      }

      id = US"";
      show_log("%s", buffer);
      }
    pcre2_match_data_free(md);

    /* Deal with frozen and unfrozen messages */


    if ((p = Ustrstr(buffer, "==")) != NULL)
      {
      queue_item *qq = find_queue(id, queue_noop, 0);
      if (qq)
        {
        dest_item *d;
        uschar *q, *r;




*************************************************/

/* Copyright (c) University of Cambridge 1995 - 2018 */
/* Copyright (c) The Exim Maintainers 2021 - 2022 */
/* See the file NOTICE for conditions of use and distribution. */



vfprintf(stderr, format, ap);
fprintf(stderr, "\n");
va_end(ap);
selector = selector;     /* Keep picky compilers happy */
flags = flags;
}



*/

int
host_address_extract_port(uschar * address)
{
int port = 0;
uschar *endptr;

/* Handle the "bracketed with colon on the end" format */

if (*address == '[')
  {
  uschar *rb = address + 1;
  while (*rb != 0 && *rb != ']') rb++;
  if (*rb++ == 0) return 0;		/* Missing ]; leave invalid address */
  if (*rb == ':')
    {
    port = Ustrtol(rb + 1, &endptr, 10);
    if (*endptr != 0) return 0;		/* Invalid port; leave invalid address */
    }
  else if (*rb != 0) return 0;		/* Bad syntax; leave invalid address */
  memmove(address, address + 1, rb - address - 2);
  rb[-2] = 0;
  }

/* Handle the "dot on the end" format */

else
  {
  int skip = -3;			/* Skip 3 dots in IPv4 addresses */
  address--;
  while (*(++address) != 0)
    {
    int ch = *address;
    if (ch == ':') skip = 0;		/* Skip 0 dots in IPv6 addresses */
      else if (ch == '.' && skip++ >= 0) break;
    }
  if (*address == 0) return 0;
  port = Ustrtol(address + 1, &endptr, 10);
  if (*endptr != 0) return 0;		/* Invalid port; leave invalid address */
  *address = 0;
  }

return port;
}




void updateAction(Widget w, XtPointer client_data, XtPointer call_data)
{
w = w;       /* Keep picky compilers happy */
client_data = client_data;
call_data = call_data;
scan_spool_input(TRUE);
queue_display();
tick_queue_accumulator = 0;


void hideAction(Widget w, XtPointer client_data, XtPointer call_data)
{
w = w;       /* Keep picky compilers happy */
client_data = client_data;
call_data = call_data;
actioned_message[0] = 0;
dialog_ref_widget = w;
dialog_action = da_hide;

{
skip_item *sk = queue_skip;

while (sk)
client_data = client_data;
call_data = call_data;

while (sk != NULL)
  {
  skip_item *next = sk->next;
  store_free(sk);


void quitAction(Widget w, XtPointer client_data, XtPointer call_data)
{
w = w;       /* Keep picky compilers happy */
client_data = client_data;
call_data = call_data;
exit(0);
}


XWindowAttributes a;
Window w = XtWindow(toplevel_widget);

button = button;    /* Keep picky compilers happy */
client_data = client_data;
call_data = call_data;

/* Get the position and size of the top level widget. */

sizepos_args[0].value = (XtArgVal)(&width);

tick_stripchart_accumulator += tick_interval;
read_log();

pt = pt;    /* Keep picky compilers happy */
i = i;

/* If we have passed the queue update time, we must do a full
scan of the queue, checking for new arrivals, etc. This will
as a by-product set the count of items for use by the stripchart

*               Initialize                       *
*************************************************/

int
main(int argc, char **argv)
{
int i;
struct stat statdata;

constructing file names and things. This call will initialize
the store_get() function. */

store_init();
big_buffer = store_get(big_buffer_size, GET_UNTAINTED);

/* Set up the version string and date and output them */





*************************************************/

/* Copyright (c) University of Cambridge 1995 - 2018 */
/* Copyright (c) The Exim Maintainers 2021 */
/* See the file NOTICE for conditions of use and distribution. */



*        Destroy the menu when popped down       *
*************************************************/

static void
popdownAction(Widget w, XtPointer client_data, XtPointer call_data)
{
client_data = client_data;    /* Keep picky compilers happy */
call_data = call_data;
if (highlighted_x >= 0)
  XawTextSinkDisplayText(queue_text_sink,
    highlighted_x, highlighted_y,

static void
msglogAction(Widget w, XtPointer client_data, XtPointer call_data)
{
int i;
Widget text = text_create(US client_data, text_depth);
uschar * fname = NULL;
FILE * f = NULL;

w = w;      /* Keep picky compilers happy */
call_data = call_data;

/* End up with the split version, so message looks right when non-exist */

for (int i = 0; i < (spool_is_split ? 2:1); i++)
  {
  message_subdir[0] = i != 0 ? (US client_data)[5] : 0;
  fname = spool_fname(US"msglog", message_subdir, US client_data, US"");

static void
bodyAction(Widget w, XtPointer client_data, XtPointer call_data)
{
int i;
Widget text = text_create(US client_data, text_depth);
FILE *f = NULL;

for (int i = 0; i < (spool_is_split? 2:1); i++)
call_data = call_data;

for (i = 0; i < (spool_is_split? 2:1); i++)
  {
  uschar * fname;
  message_subdir[0] = i != 0 ? (US client_data)[5] : 0;

    break;
  }

if (!f)
  text_showf(text, "Failed to open file: %s\n", strerror(errno));
else
  {

the command whether we want the output or not, so the pipe has to be set up in
all cases. */

static void
ActOnMessage(uschar *id, uschar *action, uschar *address_arg)
{
int pid;
int pipe_fd[2];

*        Cause a message to be delivered         *
*************************************************/

static void
deliverAction(Widget w, XtPointer client_data, XtPointer call_data)
{
w = w;      /* Keep picky compilers happy */
call_data = call_data;
ActOnMessage(US client_data, US"-v -M", US"");
}



/*************************************************
*        Cause a message to be Frozen            *
*************************************************/

static void
freezeAction(Widget w, XtPointer client_data, XtPointer call_data)
{
w = w;      /* Keep picky compilers happy */
call_data = call_data;
ActOnMessage(US client_data, US"-Mf", US"");
}



/*************************************************
*        Cause a message to be thawed            *
*************************************************/

static void
thawAction(Widget w, XtPointer client_data, XtPointer call_data)
{
w = w;      /* Keep picky compilers happy */
call_data = call_data;
ActOnMessage(US client_data, US"-Mt", US"");
}



/*************************************************
*          Take action using dialog data         *
*************************************************/

in. It is global because it is set up in the action table at
start-up time. If the string is empty, do nothing. */

XtActionProc
dialogAction(Widget w, XEvent *event, String *ss, Cardinal *c)
{
uschar *s = US XawDialogGetValueString(dialog_widget);

w = w;      /* Keep picky compilers happy */
event = event;
ss = ss;
c = c;

XtPopdown((Widget)dialog_shell);
XtDestroyWidget((Widget)dialog_shell);
while (isspace(*s)) s++;
if (s[0] != 0)
  {
  if (actioned_message[0] != 0)
    ActOnMessage(actioned_message, action_required, s);
  else
    NonMessageDialogue(s);    /* When called from somewhere else */
  }
return NULL;
}


be done to the application until the box is filled in. This
function is also used by the Hide button handler. */

void
create_dialog(uschar *label, uschar *value)
{
Arg warg[4];
Dimension x, y, xx, yy;

}





/*************************************************
*        Cause a recipient to be added           *
*************************************************/

/* This just sets up the dialog box; the action happens when it has been filled
in. */

static void
addrecipAction(Widget w, XtPointer client_data, XtPointer call_data)
{
w = w;      /* Keep picky compilers happy */
call_data = call_data;
Ustrncpy(actioned_message, client_data, 24);
actioned_message[23] = '\0';
action_required = US"-Mar";

create_dialog(US"Recipient address to add?", US"");
}



/*************************************************
*    Cause an address to be marked delivered     *
*************************************************/

static void
markdelAction(Widget w, XtPointer client_data, XtPointer call_data)
{
w = w;      /* Keep picky compilers happy */
call_data = call_data;
Ustrncpy(actioned_message, client_data, 24);
actioned_message[23] = '\0';
action_required = US"-Mmd";

create_dialog(US"Recipient address to mark delivered?", US"");
}


/*************************************************
*   Cause all addresses to be marked delivered   *
*************************************************/

static void
markalldelAction(Widget w, XtPointer client_data, XtPointer call_data)
{
w = w;      /* Keep picky compilers happy */
call_data = call_data;
ActOnMessage(US client_data, US"-Mmad", US"");
}


/*************************************************
*        Edit the message's sender               *
*************************************************/

static void
editsenderAction(Widget w, XtPointer client_data, XtPointer call_data)
{
queue_item *q;
uschar *sender;

call_data = call_data;
Ustrncpy(actioned_message, client_data, 24);
actioned_message[23] = '\0';
q = find_queue(actioned_message, queue_noop, 0);

create_dialog(US"New sender address?", sender);
}


/*************************************************
*    Cause a message to be returned to sender    *
*************************************************/

static void
giveupAction(Widget w, XtPointer client_data, XtPointer call_data)
{
w = w;      /* Keep picky compilers happy */
call_data = call_data;
ActOnMessage(US client_data, US"-v -Mg", US"");
}



/*************************************************
*      Cause a message to be cancelled           *
*************************************************/

static void
removeAction(Widget w, XtPointer client_data, XtPointer call_data)
{
w = w;      /* Keep picky compilers happy */
call_data = call_data;
ActOnMessage(US client_data, US"-Mrm", US"");
}



/*************************************************
*             Display a message's headers        *
*************************************************/

static void
headersAction(Widget w, XtPointer client_data, XtPointer call_data)
{
uschar buffer[256];
header_line *h, *next;
Widget text = text_create(US client_data, text_depth);
rmark reset_point;

w = w;      /* Keep picky compilers happy */
call_data = call_data;

/* Remember the point in the dynamic store so we can recover to it afterwards.
Then use Exim's function to read the header. */


  return;
  }

if (sender_address)
  {
  text_showf(text, "%s sender: <%s>\n", f.sender_local ? "Local" : "Remote",
    sender_address);
  }

if (recipients_list)
  {
  int i;
  text_show(text, US"Recipients:\n");
  for (int i = 0; i < recipients_count; i++)
    {
    text_showf(text, "  %s %s\n",
      tree_search(tree_nonrecipients, recipients_list[i].address)
        ? "*" : " ",
      recipients_list[i].address);
  text_show(text, US"\n");
  }

for (header_line * next, * h = header_list; h; h = next)
  {
  next = h->next;
  text_showf(text, "%c ", h->type);   /* Don't push h->text through a %s */

store_reset(reset_point);
}




/*************************************************
*              Dismiss a text window             *
*************************************************/

static void
dismissAction(Widget w, XtPointer client_data, XtPointer call_data)
{
pipe_item *p = pipe_chain;

w = w;      /* Keep picky compilers happy */
call_data = call_data;

XtPopdown((Widget)client_data);
XtDestroyWidget((Widget)client_data);


to search the parents of the saved widget to see if one of them
is what we have just destroyed. */

for (pipe_item * p = pipe_chain; p; p = p->next)
  for (Widget pp = p->widget; pp; pp = XtParent(pp))
  Widget pp = p->widget;
  while (pp != NULL)
    {
    if (pp == (Widget)client_data) { p->widget = NULL; return; }
    pp = XtParent(pp);
    }
  p = p->next;
  }
}



*             Set up popup text window           *
*************************************************/

static Widget
text_create(uschar *name, int height)
{
Widget textshell, form, text, button;


return text;
}




/*************************************************
*            Set up menu in queue window         *
*************************************************/

/* We have added an action table that causes this function to
be called, and set up button 2 in the text widgets to call it. */

void
menu_create(Widget w, XEvent *event, String *actargs, Cardinal *count)
{
int line;
int i;

   <BtnUp>:         MenuPopdown()notify()unhighlight()\n\
  ");

actargs = actargs;   /* Keep picky compilers happy */
count = count;

/* Get the sink and source and the current text pointer */

queue_get_arg[0].value = (XtArgVal)(&queue_text_sink);

Lines 3-9 Link Here

(-)exim.orig/exim_monitor/em_queue.c (-3 / +3 lines)
3	*************************************************/	3	*************************************************/
4		4
5	/* Copyright (c) University of Cambridge 1995 - 2018 */	5	/* Copyright (c) University of Cambridge 1995 - 2018 */
6	/* Copyright (c) The Exim Maintainers 2020 */	6	/* Copyright (c) The Exim Maintainers 2020 - 2022 */
7	/* See the file NOTICE for conditions of use and distribution. */	7	/* See the file NOTICE for conditions of use and distribution. */
8		8
9		9
Lines 138-145 Link Here
138	acl_var_create(uschar *name)	138	acl_var_create(uschar *name)
139	{	139	{
140	tree_node node, *root;	140	tree_node node, *root;
141	root = (name[0] == 'c')? &acl_var_c : &acl_var_m;	141	root = name[0] == 'c' ? &acl_var_c : &acl_var_m;
142	node = store_get(sizeof(tree_node) + Ustrlen(name), FALSE);	142	node = store_get(sizeof(tree_node) + Ustrlen(name), GET_UNTAINTED);
143	Ustrcpy(node->name, name);	143	Ustrcpy(node->name, name);
144	node->data.ptr = NULL;	144	node->data.ptr = NULL;
145	(void)tree_insertnode(root, node);	145	(void)tree_insertnode(root, node);




/***********************************************************
Copyright (c) The Exim Maintainers 2022
Copyright 1989 by the Massachusetts Institute of Technology,
Cambridge, Massachusetts.


  Arg args[1];

#ifdef notdef
  if (!ctx->text.source->Search) {
      XBell(XtDisplay(w), 0);
      return;
  }

    return;
  }

  if (!ctx->text.search) {
    ctx->text.search = XtNew(struct SearchAndReplace);
    ctx->text.search->search_popup = CreateDialog(w, ptr, "search",
						  AddSearchChildren);
    XtRealizeWidget(ctx->text.search->search_popup);
    SetWMProtocolTranslations(ctx->text.search->search_popup);
  }
  else if (*num_params > 1)
    XtVaSetValues(ctx->text.search->search_text, XtNstring, ptr, NULL);
  }

  XtSetArg(args[0], XtNeditType,&edit_mode);
  XtGetValues(ctx->text.source, args, ONE);

Lines 3-9 Link Here

(-)exim.orig/exim_monitor/em_version.c (-1 / +1 lines)
3	*************************************************/	3	*************************************************/
4		4
5	/* Copyright (c) University of Cambridge 1995 - 2018 */	5	/* Copyright (c) University of Cambridge 1995 - 2018 */
6	/* Copyright (c) The Exim Maintainers 2020 */	6	/* Copyright (c) The Exim Maintainers 2020 - 2021 */
7	/* See the file NOTICE for conditions of use and distribution. */	7	/* See the file NOTICE for conditions of use and distribution. */
8		8
9	#define EM_VERSION_C	9	#define EM_VERSION_C

Lines 2-7 Link Here

(-)exim.orig/Makefile (+2 lines)
2	# appropriate links, and then creating and running the main makefile in that	2	# appropriate links, and then creating and running the main makefile in that
3	# directory.	3	# directory.
4		4
		5	# Copyright (c) The Exim Maintainers 2022
5	# Copyright (c) University of Cambridge, 1995 - 2018	6	# Copyright (c) University of Cambridge, 1995 - 2018
6	# See the file NOTICE for conditions of use and distribution.	7	# See the file NOTICE for conditions of use and distribution.
7		8
Lines 102-107 Link Here
102	cscope.files: FRC	103	cscope.files: FRC
103	echo "-q" > $@	104	echo "-q" > $@
104	echo "-p3" >> $@	105	echo "-p3" >> $@
		106	-bd=build-$(buildname); [ -d $$bd ] && echo -e "$$bd/config.h\n$$bd/Makefile" >> $@
105	find src Local OS exim_monitor -name "*.[cshyl]" -print \	107	find src Local OS exim_monitor -name "*.[cshyl]" -print \
106	-o -name "os.[ch]*" -print \	108	-o -name "os.[ch]*" -print \
107	-o -name "akefile" -print \	109	-o -name "akefile" -print \




# optional, Local/* files at the front of this file, to create Makefile in the
# build directory.
#
# Copyright (c) The Exim Maintainers 1995 - 2022
# Copyright (c) The Exim Maintainers 2020

SHELL      = $(MAKE_SHELL)
SCRIPTS    = ../scripts

# Build (link) the os.h file

os.h:	$(SCRIPTS)/Configure-os.h \
	$(O)/os.h-Darwin	\
	$(O)/os.h-FreeBSD	\
	$(O)/os.h-GNU		\
	$(O)/os.h-Linux		\


OBJ_MACRO = macro_predef.o \
	macro-globals.o macro-readconf.o macro-route.o macro-transport.o macro-drtables.o \
	macro-acl.o macro-tls.o \
	macro-appendfile.o macro-autoreply.o macro-lmtp.o macro-pipe.o macro-queuefile.o \
	macro-smtp.o macro-accept.o macro-dnslookup.o macro-ipliteral.o macro-iplookup.o \
	macro-manualroute.o macro-queryprogram.o macro-redirect.o \

macro-drtables.o :	drtables.c
	@echo "$(CC) -DMACRO_PREDEF drtables.c"
	$(FE)$(CC) -c $(CFLAGS) -DMACRO_PREDEF $(INCLUDE) -o $@ drtables.c
macro-acl.o:	acl.c
	@echo "$(CC) -DMACRO_PREDEF acl.c"
	$(FE)$(CC) -c $(CFLAGS) -DMACRO_PREDEF $(INCLUDE) -o $@ acl.c
macro-tls.o:	tls.c tls-gnu.c tls-openssl.c
	@echo "$(CC) -DMACRO_PREDEF tls.c"
	$(FE)$(CC) -c $(CFLAGS) -DMACRO_PREDEF $(INCLUDE) -o $@ tls.c

			dmarc.o \
			imap_utf7.o \
			spf.o \
			srs.o \
			utf8.o

# Targets for final binaries; the main one has a build number which is


OBJ_EXIM = acl.o base64.o child.o crypt16.o daemon.o dbfn.o debug.o deliver.o \
        directory.o dns.o drtables.o enq.o exim.o expand.o filter.o \
        filtertest.o globals.o dkim.o dkim_transport.o dnsbl.o hash.o \
        header.o host.o ip.o log.o lss.o match.o md5.o moan.o \
        os.o parse.o priv.o queue.o \
        rda.o readconf.o receive.o retry.o rewrite.o rfc2047.o \

HDRS  =	blob.h \
	config.h \
	dbfunctions.h \
	dbstuff.h \
	exim.h \
	functions.h \
	globals.h \
	hash.h \
	hintsdb.h \
	hintsdb_structs.h \
	local_scan.h \
	macros.h \
	mytypes.h \

	os.h
PHDRS = ../config.h \
	../dbfunctions.h \
	../dbstuff.h \
	../exim.h \
	../functions.h \
	../globals.h \
	../hintsdb.h \
	../hintsdb_structs.h \
	../local_scan.h \
	../macros.h \
	../mytypes.h \

deliver.o:       $(HDRS) transports/smtp.h deliver.c
directory.o:     $(HDRS) directory.c
dns.o:           $(HDRS) dns.c
dnsbl.o:         $(HDRS) dnsbl.c
enq.o:           $(HDRS) enq.c
exim.o:          $(HDRS) exim.c
expand.o:        $(HDRS) expand.c

dmarc.o:	$(HDRS) pdkim/pdkim.h dmarc.h dmarc.c
imap_utf7.o:	$(HDRS) imap_utf7.c
spf.o:		$(HDRS) spf.h spf.c
srs.o:		$(HDRS) srs.h srs.c
utf8.o:		$(HDRS) utf8.c

# The module containing tables of available lookups, routers, auths, and

Lines 89-95 Link Here

(-)exim.orig/OS/Makefile-Default (-1 / +1 lines)
89		89
90	# PCRE_LIBS contains the library to be linked for PCRE	90	# PCRE_LIBS contains the library to be linked for PCRE
91		91
92	PCRE_LIBS=-lpcre	92	PCRE_LIBS=-lpcre2-8
93		93
94		94
95	# LIBS and EXTRALIBS contain library settings that are used on linking	95	# LIBS and EXTRALIBS contain library settings that are used on linking

Lines 2-8 Link Here

(-)exim.orig/OS/Makefile-FreeBSD (-1 / +1 lines)
2	# Copyright (c) The Exim Maintainers 2020	2	# Copyright (c) The Exim Maintainers 2020
3		3
4	CHOWN_COMMAND=/usr/sbin/chown	4	CHOWN_COMMAND=/usr/sbin/chown
5	STRIP_COMMAND=/usr/bin/strip	5	#STRIP_COMMAND=/usr/bin/strip
6	CHMOD_COMMAND=/bin/chmod	6	CHMOD_COMMAND=/bin/chmod
7		7
8		8

Lines 1-5 Link Here

(-)exim.orig/OS/Makefile-OpenBSD (-3 / +3 lines)
1	# Exim: OS-specific make file for OpenBSD	1	# Exim: OS-specific make file for OpenBSD
2	# Copyright (c) The Exim Maintainers 2020	2	# Copyright (c) The Exim Maintainers 2022
3		3
4	CHOWN_COMMAND=/usr/sbin/chown	4	CHOWN_COMMAND=/usr/sbin/chown
5	CHGRP_COMMAND=/usr/sbin/chgrp	5	CHGRP_COMMAND=/usr/sbin/chgrp
Lines 24-30 Link Here
24		24
25	HAVE_IPV6=YES	25	HAVE_IPV6=YES
26		26
27	# OpenBSD always ships with Berkeley DB	27	# OpenBSD ships with a too-old Berkeley DB. NDBM is the default if we don't specify one.
28	USE_DB=yes	28	#USE_DB=yes
29		29
30	# End	30	# End




*************************************************/

/* Copyright (c) Jeremy Harris 1995 - 2020 */
/* Copyright (c) The Exim Maintainers 2021 */
/* See the file NOTICE for conditions of use and distribution. */

/* FreeBSD-specific code. This is concatenated onto the generic

ssize_t
os_sendfile(int out, int in, off_t * offp, size_t cnt)
{
off_t loff = offp ? *offp : 0;
off_t written;

if (sendfile(in, out, loff, cnt, NULL, &written, 0) < 0) return (ssize_t)-1;
if (offp) *offp = loff + written;
return (ssize_t)written;
}


Lines 1-6 Link Here

(-)exim.orig/OS/os.h-FreeBSD (-1 / +11 lines)
1	/* Exim: OS-specific C header file for FreeBSD */	1	/* Exim: OS-specific C header file for FreeBSD */
2	/* Copyright (c) University of Cambridge 1995 - 2018 */	2	/* Copyright (c) University of Cambridge 1995 - 2018 */
3	/* Copyright (c) The Exim Maintainers 2020 */	3	/* Copyright (c) The Exim Maintainers 2020 - 2021 */
4	/* See the file NOTICE for conditions of use and distribution. */	4	/* See the file NOTICE for conditions of use and distribution. */
5		5
6		6
Lines 11-19 Link Here
11	#define HAVE_SETCLASSRESOURCES	11	#define HAVE_SETCLASSRESOURCES
12	#define HAVE_MMAP	12	#define HAVE_MMAP
13	#define HAVE_SYS_MOUNT_H	13	#define HAVE_SYS_MOUNT_H
		14	#define HAVE_GETIFADDRS
14	#define SIOCGIFCONF_GIVES_ADDR	15	#define SIOCGIFCONF_GIVES_ADDR
15	#define HAVE_SRANDOMDEV	16	#define HAVE_SRANDOMDEV
16	#define HAVE_ARC4RANDOM	17	#define HAVE_ARC4RANDOM
		18	#define EXIM_HAVE_OPENAT
		19	#define EXIM_HAVE_FUTIMENS
17		20
18	/* Applications should not call arc4random_stir() explicitly after	21	/* Applications should not call arc4random_stir() explicitly after
19	* FreeBSD r227520 (approximately 1000002).	22	* FreeBSD r227520 (approximately 1000002).
Lines 55-60 Link Here
55	#define OS_SENDFILE	58	#define OS_SENDFILE
56	extern ssize_t os_sendfile(int, int, off_t *, size_t);	59	extern ssize_t os_sendfile(int, int, off_t *, size_t);
57		60
		61	#ifdef PID_T_FMT
		62	# undef PID_T_FMT
		63	#endif
		64	#define PID_T_FMT "%d"
		65
58		66
59	/*******************/	67	/*******************/
60		68
Lines 68-71 Link Here
68		76
69	/*******************/	77	/*******************/
70		78
		79	#define EXIM_HAVE_KEVENT
		80
71	/* End */	81	/* End */

Lines 1-5 Link Here

(-)exim.orig/OS/os.h-GNU (-1 / +1 lines)
1	/* Exim: OS-specific C header file for GNU/Hurd */	1	/* Exim: OS-specific C header file for GNU/Hurd */
2	/* Copyright (c) The Exim Maintainers 2020 */	2	/* Copyright (c) The Exim Maintainers 2020 - 2021 */
3		3
4	#include <features.h>	4	#include <features.h>
5		5




/* Exim: OS-specific C header file for Linux */
/* Copyright (c) University of Cambridge 1995 - 2020 */
/* Copyright (c) The Exim Maintainers 2021 */
/* See the file NOTICE for conditions of use and distribution. */



#define HAVE_MMAP
#define HAVE_BSD_GETLOADAVG
#define HAVE_SYS_STATVFS_H
#define HAVE_GETIFADDRS
#define NO_IP_VAR_H
#define SIG_IGN_WORKS


# define LLONG_MAX LONG_LONG_MAX
#endif

#if _POSIX_C_SOURCE >= 200809L || _ATFILE_SOURCE
# define EXIM_HAVE_OPENAT
# define EXIM_HAVE_FUTIMENS
#endif

/* TCP Fast Open support */

/* "Abstract" Unix-socket names */
#define EXIM_HAVE_ABSTRACT_UNIX_SOCKETS

/* inotify(7) etc syscalls */
#define EXIM_HAVE_INOTIFY

/* Needed for uClibc */
#ifndef NS_MAXMSG
# define NS_MAXMSG 65535
#endif

/* End */

Lines 1-12 Link Here

(-)exim.orig/OS/os.h-OpenBSD (-1 / +6 lines)
1	/* Exim: OS-specific C header file for OpenBSD */	1	/* Exim: OS-specific C header file for OpenBSD */
2	/* Copyright (c) University of Cambridge 1995 - 2018 */	2	/* Copyright (c) University of Cambridge 1995 - 2018 */
		3	/* Copyright (c) The Exim Maintainers 2021 */
3	/* See the file NOTICE for conditions of use and distribution. */	4	/* See the file NOTICE for conditions of use and distribution. */
4		5
5		6
6	#define HAVE_BSD_GETLOADAVG	7	#define HAVE_BSD_GETLOADAVG
7	#define HAVE_MMAP	8	#define HAVE_MMAP
8	#define HAVE_SYS_MOUNT_H	9	#define HAVE_SYS_MOUNT_H
9	#define SIOCGIFCONF_GIVES_ADDR	10	#define HAVE_GETIFADDRS
		11	#define EXIM_HAVE_OPENAT
		12	#define EXIM_HAVE_FUTIMENS
10	#define HAVE_ARC4RANDOM	13	#define HAVE_ARC4RANDOM
11	/* In May 2014, OpenBSD 5.5 was released which cleaned up the arc4random_* API	14	/* In May 2014, OpenBSD 5.5 was released which cleaned up the arc4random_* API
12	which removed the arc4random_stir() function. Set NOT_HAVE_ARC4RANDOM_STIR	15	which removed the arc4random_stir() function. Set NOT_HAVE_ARC4RANDOM_STIR
Lines 57-60 Link Here
57	Space-constrained devices could use much smaller; a few k. */	60	Space-constrained devices could use much smaller; a few k. */
58	#define NS_MAXMSG 65535	61	#define NS_MAXMSG 65535
59		62
		63	#define EXIM_HAVE_KEVENT
		64
60	/* End */	65	/* End */

Lines 1-4 Link Here

(-)exim.orig/OS/os.h-SunOS5 (+7 lines)
1	/* Exim: OS-specific C header file for SunOS5 aka Solaris */	1	/* Exim: OS-specific C header file for SunOS5 aka Solaris */
		2	/* Copyright (c) The Exim Maintainers 2021 */
2		3
3	#define CRYPT_H	4	#define CRYPT_H
4	#define HAVE_MMAP	5	#define HAVE_MMAP
Lines 8-13 Link Here
8		9
9	#define HAVE_GETIPNODEBYNAME 1	10	#define HAVE_GETIPNODEBYNAME 1
10	#define HAVE_GETIPNODEBYADDR 1	11	#define HAVE_GETIPNODEBYADDR 1
		12	#define EXIM_HAVE_OPENAT
		13	#define EXIM_HAVE_FUTIMENS
11		14
12	#define HAVE_KSTAT	15	#define HAVE_KSTAT
13	#define LOAD_AVG_KSTAT "system_misc"	16	#define LOAD_AVG_KSTAT "system_misc"
Lines 36-41 Link Here
36	# define MISSING_UNSETENV_3	39	# define MISSING_UNSETENV_3
37	#endif	40	#endif
38		41
		42	#if _POSIX_C_SOURCE < 200809L
		43	# define MISSING_POSIX_MEMALIGN
		44	#endif
		45
39		46
40	/* SunOS5 doesn't accept getcwd(NULL, 0) to auto-allocate	47	/* SunOS5 doesn't accept getcwd(NULL, 0) to auto-allocate
41	a buffer */	48	a buffer */

Lines 2-7 Link Here

(-)exim.orig/OS/unsupported/os.c-IRIX (-1 / +2 lines)
2	* Exim - an Internet mail transport agent *	2	* Exim - an Internet mail transport agent *
3	*************************************************/	3	*************************************************/
4		4
		5	/* Copyright (c) The Exim Maintainers 2022 */
5	/* Copyright (c) University of Cambridge 2001 */	6	/* Copyright (c) University of Cambridge 2001 */
6	/* See the file NOTICE for conditions of use and distribution. */	7	/* See the file NOTICE for conditions of use and distribution. */
7		8
Lines 59-65 Link Here
59	log_write(0, LOG_PANIC_DIE, "iflist-sysctl-estimate failed: %s",	60	log_write(0, LOG_PANIC_DIE, "iflist-sysctl-estimate failed: %s",
60	strerror(errno));	61	strerror(errno));
61		62
62	buf = store_get(needed, FALSE);	63	buf = store_get(needed, GET_UNTAINTED);
63		64
64	if (sysctl(mib, 6, buf, &needed, NULL, 0) < 0)	65	if (sysctl(mib, 6, buf, &needed, NULL, 0) < 0)
65	log_write(0, LOG_PANIC_DIE, "sysctl of ifnet list failed: %s",	66	log_write(0, LOG_PANIC_DIE, "sysctl of ifnet list failed: %s",

Lines 2-7 Link Here

(-)exim.orig/OS/unsupported/os.c-IRIX6 (-1 / +2 lines)
2	* Exim - an Internet mail transport agent *	2	* Exim - an Internet mail transport agent *
3	*************************************************/	3	*************************************************/
4		4
		5	/* Copyright (c) The Exim Maintainers 2022 */
5	/* Copyright (c) University of Cambridge 2001 */	6	/* Copyright (c) University of Cambridge 2001 */
6	/* See the file NOTICE for conditions of use and distribution. */	7	/* See the file NOTICE for conditions of use and distribution. */
7		8
Lines 59-65 Link Here
59	log_write(0, LOG_PANIC_DIE, "iflist-sysctl-estimate failed: %s",	60	log_write(0, LOG_PANIC_DIE, "iflist-sysctl-estimate failed: %s",
60	strerror(errno));	61	strerror(errno));
61		62
62	buf = store_get(needed, FALSE);	63	buf = store_get(needed, GET_UNTAINTED);
63		64
64	if (sysctl(mib, 6, buf, &needed, NULL, 0) < 0)	65	if (sysctl(mib, 6, buf, &needed, NULL, 0) < 0)
65	log_write(0, LOG_PANIC_DIE, "sysctl of ifnet list failed: %s",	66	log_write(0, LOG_PANIC_DIE, "sysctl of ifnet list failed: %s",

Lines 2-7 Link Here

(-)exim.orig/OS/unsupported/os.c-IRIX632 (-1 / +2 lines)
2	* Exim - an Internet mail transport agent *	2	* Exim - an Internet mail transport agent *
3	*************************************************/	3	*************************************************/
4		4
		5	/* Copyright (c) The Exim Maintainers 2022 */
5	/* Copyright (c) University of Cambridge 2001 */	6	/* Copyright (c) University of Cambridge 2001 */
6	/* See the file NOTICE for conditions of use and distribution. */	7	/* See the file NOTICE for conditions of use and distribution. */
7		8
Lines 59-65 Link Here
59	log_write(0, LOG_PANIC_DIE, "iflist-sysctl-estimate failed: %s",	60	log_write(0, LOG_PANIC_DIE, "iflist-sysctl-estimate failed: %s",
60	strerror(errno));	61	strerror(errno));
61		62
62	buf = store_get(needed, FALSE);	63	buf = store_get(needed, GET_UNTAINTED);
63		64
64	if (sysctl(mib, 6, buf, &needed, NULL, 0) < 0)	65	if (sysctl(mib, 6, buf, &needed, NULL, 0) < 0)
65	log_write(0, LOG_PANIC_DIE, "sysctl of ifnet list failed: %s",	66	log_write(0, LOG_PANIC_DIE, "sysctl of ifnet list failed: %s",

Lines 2-7 Link Here

(-)exim.orig/OS/unsupported/os.c-IRIX65 (-1 / +2 lines)
2	* Exim - an Internet mail transport agent *	2	* Exim - an Internet mail transport agent *
3	*************************************************/	3	*************************************************/
4		4
		5	/* Copyright (c) The Exim Maintainers 2022 */
5	/* Copyright (c) University of Cambridge 2001 */	6	/* Copyright (c) University of Cambridge 2001 */
6	/* See the file NOTICE for conditions of use and distribution. */	7	/* See the file NOTICE for conditions of use and distribution. */
7		8
Lines 59-65 Link Here
59	log_write(0, LOG_PANIC_DIE, "iflist-sysctl-estimate failed: %s",	60	log_write(0, LOG_PANIC_DIE, "iflist-sysctl-estimate failed: %s",
60	strerror(errno));	61	strerror(errno));
61		62
62	buf = store_get(needed, FALSE);	63	buf = store_get(needed, GET_UNTAINTED);
63		64
64	if (sysctl(mib, 6, buf, &needed, NULL, 0) < 0)	65	if (sysctl(mib, 6, buf, &needed, NULL, 0) < 0)
65	log_write(0, LOG_PANIC_DIE, "sysctl of ifnet list failed: %s",	66	log_write(0, LOG_PANIC_DIE, "sysctl of ifnet list failed: %s",

Lines 1-4 Link Here

(-)exim.orig/OS/unsupported/os.h-NetBSD (+3 lines)
1	/* Exim: OS-specific C header file for NetBSD */	1	/* Exim: OS-specific C header file for NetBSD */
		2	/* Copyright (c) The Exim Maintainers 2021 */
2		3
3	#define HAVE_BSD_GETLOADAVG	4	#define HAVE_BSD_GETLOADAVG
4	#define HAVE_GETIFADDRS	5	#define HAVE_GETIFADDRS
Lines 25-28 Link Here
25	/* default is non-const */	26	/* default is non-const */
26	#define ICONV_ARG2_TYPE const char **	27	#define ICONV_ARG2_TYPE const char **
27		28
		29	#define EXIM_HAVE_KEVENT
		30
28	/* End */	31	/* End */




# just got too horrendous to get it right in "make", because of the optionally
# existing configuration files.
#
# Copyright (c) The Exim Maintainers 1995 - 2021


# First off, get the OS type, and check that there is a make file for it.

egrep "^[$st]*(AUTH|LOOKUP)_[A-Z0-9_]*[$st]*=[$st]*" $mft | \
  sed "s/[$st]*=/='/" | \
  sed "s/\$/'/" > $mftt
egrep "^[$st]*((USE_(OPENSSL|GNUTLS)_PC)|SUPPORT_TLS|USE_GNUTLS|PCRE2?_CONFIG|AVOID_GNUTLS_PKCS11)[$st]*=[$st]*" $mft | \
  sed "s/[$st]*=/='/" | \
  sed "s/\$/'/" >> $mftt
if test -s $mftt

      PCRE_CONFIG)
        case $PCRE_CONFIG in
          yes|YES|y|Y)
	     echo >&2 "pcre is no longer supported; migrate to pcre2"
	     exit 1

#            cflags=`pcre-config --cflags`
#            if [ $? -ne 0 ]; then
#              echo >&2 "*** Missing pcre-config for regular expression support"
#              exit 1
#            fi
#            libs=`pcre-config --libs`
#            if [ ".$cflags" != "." ]; then
#              echo "INCLUDE += $cflags"
#            fi
#            echo "PCRE_LIBS=$libs"
            ;;
        esac
        ;;

      PCRE2_CONFIG)
        case $PCRE2_CONFIG in
          yes|YES|y|Y)
            cflags=`pcre2-config --cflags`
            if [ $? -ne 0 ]; then
              echo >&2 "*** Missing pcre2-config for regular expression support"
              exit 1
            fi
            libs=`pcre2-config --libs8`
            if [ ".$cflags" != "." ]; then
              echo "INCLUDE += $cflags"
            fi

Lines 1-5 Link Here

(-)exim.orig/scripts/lookups-Makefile (-6 / +3 lines)
1	#! /bin/sh	1	#! /bin/sh
2		2
		3	# Copyright (c) The Exim Maintainers 1995 - 2021
		4
3	# We turn the configure-built build-$foo/lookups/Makefile.predynamic into Makefile	5	# We turn the configure-built build-$foo/lookups/Makefile.predynamic into Makefile
4		6
5	# We always re-exec ourselves at least once, because it's the cleanest and	7	# We always re-exec ourselves at least once, because it's the cleanest and
Lines 160-166 Link Here
160	sed -n "1,/$tag_marker/p" < "$input"	162	sed -n "1,/$tag_marker/p" < "$input"
161		163
162	for name_mod in \	164	for name_mod in \
163	CDB DBM:dbmdb DNSDB DSEARCH IBASE JSON LSEARCH MYSQL NIS NISPLUS ORACLE \	165	CDB DBM:dbmdb DNSDB DSEARCH IBASE JSON LMDB LSEARCH MYSQL NIS NISPLUS ORACLE \
164	PASSWD PGSQL REDIS SQLITE TESTDB WHOSON	166	PASSWD PGSQL REDIS SQLITE TESTDB WHOSON
165	do	167	do
166	emit_module_rule $name_mod	168	emit_module_rule $name_mod
Lines 177-187 Link Here
177		179
178	OBJ="${OBJ} spf.o"	180	OBJ="${OBJ} spf.o"
179		181
180	if want_experimental LMDB
181	then
182	OBJ="${OBJ} lmdb.o"
183	fi
184
185	# readsock is always wanted as it implements the ${readsock } expansion	182	# readsock is always wanted as it implements the ${readsock } expansion
186	OBJ="${OBJ} readsock.o"	183	OBJ="${OBJ} readsock.o"
187		184




# Script to build links for all the exim source files from the system-
# specific build directory. It should be run from within that directory.
#
# Copyright (c) The Exim Maintainers 1995 - 2022

test ! -d ../src && \
  echo "*** $0 should be run in a system-specific subdirectory." && \

# but local_scan.c does not, because its location is taken from the build-time
# configuration. Likewise for the os.c file, which gets build dynamically.

for f in blob.h dbfunctions.h exim.h functions.h globals.h \
  hash.h hintsdb.h hintsdb_structs.h local_scan.h \
  macros.h mytypes.h osfunctions.h store.h structs.h lookupapi.h sha_ver.h \
  \
  acl.c buildconfig.c base64.c child.c crypt16.c daemon.c dbfn.c debug.c \
  deliver.c directory.c dns.c dnsbl.c drtables.c dummies.c enq.c exim.c \
  exim_dbmbuild.c exim_dbutil.c exim_lock.c expand.c filter.c filtertest.c \
  globals.c hash.c header.c host.c ip.c log.c lss.c match.c md5.c moan.c \
  parse.c perl.c priv.c queue.c rda.c readconf.c receive.c retry.c rewrite.c \

Lines 1-5 Link Here

(-)exim.orig/scripts/reversion (-4 / +11 lines)
1	#!/bin/sh	1	#!/bin/sh
2	# Copyright (c) The Exim Maintainers 1995 - 2018	2	# Copyright (c) The Exim Maintainers 1995 - 2021
3		3
4	set -e	4	set -e
5	LC_ALL=C	5	LC_ALL=C
Lines 29-35 Link Here
29	# Read version information that was generated by a previous run of	29	# Read version information that was generated by a previous run of
30	# this script, or during the release process.	30	# this script, or during the release process.
31		31
32	if [ -f ./version.sh ]; then	32	# Override, used for automated testing w/o access to the
		33	# .git directory (w.g. inside a git worktree)
		34	if [ -n "$EXIM_RELEASE_VERSION" ]; then
		35	:
		36	elif [ -f ./version.sh ]; then
33	. ./version.sh	37	. ./version.sh
34	elif [ -f ../src/version.sh ]; then	38	elif [ -f ../src/version.sh ]; then
35	. ../src/version.sh	39	. ../src/version.sh
Lines 51-59 Link Here
51	EXIM_VARIANT_VERSION="$3"	55	EXIM_VARIANT_VERSION="$3"
52	rm -f version.h	56	rm -f version.h
53	fi	57	fi
54	else	58	fi
		59
		60	if [ -z "$EXIM_RELEASE_VERSION" ]; then
55	echo "Cannot determine the release number" >&2	61	echo "Cannot determine the release number" >&2
56	exit	62	echo "You may want to override it with EXIM_RELEASE_VERSION" >&2
		63	exit 1
57	fi	64	fi
58		65
59	# If you are maintaining a patched version of Exim, you can either	66	# If you are maintaining a patched version of Exim, you can either




*     Exim - an Internet mail transport agent    *
*************************************************/

/* Copyright (c) The Exim Maintainers 2020 - 2022 */
/* Copyright (c) University of Cambridge 1995 - 2018 */
/* Copyright (c) The Exim Maintainers 2020 */
/* See the file NOTICE for conditions of use and distribution. */

/* Code for handling Access Control Lists (ACLs) */

#include "exim.h"

#ifndef MACRO_PREDEF

/* Default callout timeout */

#define CALLOUT_TIMEOUT_DEFAULT 30

/* Default quota cache TTLs */

#define QUOTA_POS_DEFAULT (5*60)
#define QUOTA_NEG_DEFAULT (60*60)


/* ACL verb codes - keep in step with the table of verbs that follows */

enum { ACL_ACCEPT, ACL_DEFER, ACL_DENY, ACL_DISCARD, ACL_DROP, ACL_REQUIRE,

  [ACL_WARN] =		BIT(OK)
  };

#endif

/* ACL condition and modifier codes - keep in step with the table that
follows.
down. */

       ACLC_REGEX,
#endif
       ACLC_REMOVE_HEADER,
       ACLC_SEEN,
       ACLC_SENDER_DOMAINS,
       ACLC_SENDERS,
       ACLC_SET,

				    ACL_BIT_MIME | ACL_BIT_NOTSMTP |
				    ACL_BIT_NOTSMTP_START),
  },
  [ACLC_SEEN] =			{ US"seen",		TRUE, FALSE,	0 },
  [ACLC_SENDER_DOMAINS] =	{ US"sender_domains",	FALSE, FALSE,
				  ACL_BIT_AUTH | ACL_BIT_CONNECT |
				    ACL_BIT_HELO |

};


#ifdef MACRO_PREDEF
# include "macro_predef.h"
void
features_acl(void)
{
for (condition_def * c = conditions; c < conditions + nelem(conditions); c++)
  {
  uschar buf[64], * p, * s;
  int n = sprintf(CS buf, "_ACL_%s_", c->is_modifier ? "MOD" : "COND");
  for (p = buf + n, s = c->name; *s; s++) *p++ = toupper(*s);
  *p = '\0';
  builtin_macro_create(buf);
  }
}
#endif


#ifndef MACRO_PREDEF

/* Return values from decode_control(); used as index so keep in step
with the controls_list table that follows! */

static int acl_check_wargs(int, address_item *, const uschar *, uschar **,
    uschar **);

static acl_block * acl_current = NULL;


/*************************************************
*            Find control in list                *

      *error = string_sprintf("malformed ACL line \"%s\"", saveline);
      return NULL;
      }
    this = store_get(sizeof(acl_block), GET_UNTAINTED);
    *lastp = this;
    lastp = &(this->next);
    this->next = NULL;

    return NULL;
    }

  cond = store_get(sizeof(acl_condition_block), GET_UNTAINTED);
  cond->next = NULL;
  cond->type = c;
  cond->u.negated = negated;

    {
    /* The header_line struct itself is not tainted, though it points to
    possibly tainted data. */
    header_line * h = store_get(sizeof(header_line), GET_UNTAINTED);
    h->text = hdr;
    h->next = NULL;
    h->type = newtype;

{
int rc;

user_msgptr = user_msgptr;  /* stop compiler warning */

/* Previous success */

if (sender_host_name) return OK;

/* Previous failure */


tree_node *t;
const uschar *found;
int priority, weight, port;
dns_answer * dnsa;
dns_scan dnss;
dns_record *rr;
int rc, type, yield;
#define TARGET_SIZE 256
uschar * target = store_get(TARGET_SIZE, GET_TAINTED);

/* Work out the domain we are using for the CSA lookup. The default is the
client's HELO domain. If the client has not said HELO, use its IP address


while (isspace(*domain) && *domain != '\0') ++domain;
if (*domain == '\0') domain = sender_helo_name;
if (!domain) domain = sender_host_address;
if (!sender_host_address) return CSA_UNKNOWN;

/* If we have an address literal, strip off the framing ready for turning it
into a domain. The framing consists of matched square brackets possibly

for this domain. The name is filled in now, and the value is filled in when
we return from this function. */

if ((t = tree_search(csa_cache, domain)))
  return t->data.val;

t = store_get_perm(sizeof(tree_node) + Ustrlen(domain), domain);
Ustrcpy(t->name, domain);
(void)tree_insertnode(&csa_cache, t);

/* Now we are ready to do the actual DNS lookup(s). */

found = domain;
dnsa = store_get_dns_answer();
switch (dns_special_lookup(dnsa, domain, T_CSA, &found))
  {
  /* If something bad happened (most commonly DNS_AGAIN), defer. */

  default:
    yield = CSA_DEFER_SRV;
    goto out;

  /* If we found nothing, the client's authorization is unknown. */

  case DNS_NOMATCH:
  case DNS_NODATA:
    yield = CSA_UNKNOWN;
    goto out;

  /* We got something! Go on to look at the reply in more detail. */

  case DNS_SUCCEED:
    break;
  }

/* Scan the reply for well-formed CSA SRV records. */

  SRV records of their own. */

  if (Ustrcmp(found, domain) != 0)
    {
    yield = port & 1 ? CSA_FAIL_EXPLICIT : CSA_UNKNOWN;
    goto out;
    }

  /* This CSA SRV record refers directly to our domain, so we check the value
  in the weight field to work out the domain's authorization. 0 and 1 are

  address in order to authenticate it, so we treat it as unknown; values
  greater than 3 are undefined. */

  if (weight < 2)
    {
    yield = CSA_FAIL_DOMAIN;
    goto out;
    }

  if (weight > 2) continue;


  target hostname then break to scan the additional data for its addresses. */

  (void)dn_expand(dnsa->answer, dnsa->answer + dnsa->answerlen, p,
    (DN_EXPAND_ARG4_TYPE)target, TARGET_SIZE);

  DEBUG(D_acl) debug_printf_indent("CSA target is %s\n", target);



/* If we didn't break the loop then no appropriate records were found. */

if (!rr)
  {
  yield = CSA_UNKNOWN;
  goto out;
  }

/* Do not check addresses if the target is ".", in accordance with RFC 2782.
A target of "." indicates there are no valid addresses, so the client cannot

equivalent to weight=1, but we check for it in order to keep load off the
root name servers.) Note that dn_expand() turns "." into "". */

if (Ustrcmp(target, "") == 0)
  {
  yield = CSA_FAIL_NOADDR;
  goto out;
  }

/* Scan the additional section of the CSA SRV reply for addresses belonging
to the target. If the name server didn't return any additional data (e.g.

to obtain the target addresses; otherwise we have a definitive result. */

rc = acl_verify_csa_address(dnsa, &dnss, RESET_ADDITIONAL, target);
if (rc != CSA_FAIL_NOADDR)
  {
  yield = rc;
  goto out;
  }

/* The DNS lookup type corresponds to the IP version used by the client. */


  /* If something bad happened (most commonly DNS_AGAIN), defer. */

  default:
    yield = CSA_DEFER_ADDR;
    break;

  /* If the query succeeded, scan the addresses and return the result. */

  case DNS_SUCCEED:
    rc = acl_verify_csa_address(dnsa, &dnss, RESET_ANSWERS, target);
    if (rc != CSA_FAIL_NOADDR)
      {
      yield = rc;
      break;
      }
    /* else fall through */

  /* If the target has no IP addresses, the client cannot have an authorized


  case DNS_NOMATCH:
  case DNS_NODATA:
    yield = CSA_FAIL_NOADDR;
    break;
  }

out:

store_free_dns_answer(dnsa);
return t->data.val = yield;
}



    { US"certificate",	  	VERIFY_CERT,	 	(unsigned)~0,	TRUE,  0 },
    { US"helo",	  		VERIFY_HELO,	 	(unsigned)~0,	TRUE,  0 },
    { US"csa",	  		VERIFY_CSA,	 	(unsigned)~0,	FALSE, 0 },
    { US"header_syntax",	VERIFY_HDR_SYNTAX,	ACL_BITS_HAVEDATA, TRUE, 0 },
    { US"not_blind",	  	VERIFY_NOT_BLIND,	ACL_BITS_HAVEDATA, FALSE, 0 },
    { US"header_sender",	VERIFY_HDR_SNDR,	ACL_BITS_HAVEDATA, FALSE, 0 },
    { US"sender",	  	VERIFY_SNDR,		ACL_BIT_MAIL | ACL_BIT_RCPT
			| ACL_BIT_PREDATA | ACL_BIT_DATA | ACL_BIT_NOTSMTP,
										FALSE, 6 },
    { US"recipient",	  	VERIFY_RCPT,	 	ACL_BIT_RCPT,	FALSE, 0 },
    { US"header_names_ascii",	VERIFY_HDR_NAMES_ASCII, ACL_BITS_HAVEDATA, TRUE, 0 },
#ifdef EXPERIMENTAL_ARC
    { US"arc",			VERIFY_ARC,	 	ACL_BIT_DATA,	FALSE , 0 },
#endif




static int
v_period(const uschar * s, const uschar * arg, uschar ** log_msgptr)
{
int period;
if ((period = readconf_readtime(s, 0, FALSE)) < 0)
  {
  *log_msgptr = string_sprintf("bad time value in ACL condition "
    "\"verify %s\"", arg);
  }
return period;
}



/* This function implements the "verify" condition. It is called when
encountered in any ACL, because some tests are almost always permitted. Some
just don't make sense, and always fail (for example, an attempt to test a host

BOOL callout_defer_ok = FALSE;
BOOL no_details = FALSE;
BOOL success_on_redirect = FALSE;
BOOL quota = FALSE;
int quota_pos_cache = QUOTA_POS_DEFAULT, quota_neg_cache = QUOTA_NEG_DEFAULT;
address_item *sender_vaddr = NULL;
uschar *verify_sender_address = NULL;
uschar *pm_mailfrom = NULL;

    in place of the actual sender (rare special-case requirement). */
    {
    uschar *s = ss + 6;
    if (!*s)
      verify_sender_address = sender_address;
    else
      {

  else if (strncmpic(ss, US"callout", 7) == 0)
    {
    callout = CALLOUT_TIMEOUT_DEFAULT;
    if (*(ss += 7))
    if (*ss != 0)
      {
      while (isspace(*ss)) ss++;
      if (*ss++ == '=')
        {
	const uschar * sublist = ss;
        int optsep = ',';
        uschar buffer[256];
	uschar * opt;

        while (isspace(*sublist)) sublist++;
        for (uschar * opt; opt = string_nextinlist(&sublist, &optsep, NULL, 0); )
          {
	  callout_opt_t * op;
	  double period = 1.0F;

              }
            while (isspace(*opt)) opt++;
	    }
	  if (op->timeval && (period = v_period(opt, arg, log_msgptr)) < 0)
	    {
	    *log_msgptr = string_sprintf("bad time value in ACL condition "
	      "\"verify %s\"", arg);
	    return ERROR;
	    }

	  switch(op->value)
	    {

      }
    }

  /* The quota option has sub-options, comma-separated */

  else if (strncmpic(ss, US"quota", 5) == 0)
    {
    quota = TRUE;
    if (*(ss += 5))
      {
      while (isspace(*ss)) ss++;
      if (*ss++ == '=')
        {
	const uschar * sublist = ss;
        int optsep = ',';
	int period;

        while (isspace(*sublist)) sublist++;
        for (uschar * opt; opt = string_nextinlist(&sublist, &optsep, NULL, 0); )
	  if (Ustrncmp(opt, "cachepos=", 9) == 0)
	    if ((period = v_period(opt += 9, arg, log_msgptr)) < 0)
	      return ERROR;
	    else
	      quota_pos_cache = period;
	  else if (Ustrncmp(opt, "cacheneg=", 9) == 0)
	    if ((period = v_period(opt += 9, arg, log_msgptr)) < 0)
	      return ERROR;
	    else
	      quota_neg_cache = period;
	  else if (Ustrcmp(opt, "no_cache") == 0)
	    quota_pos_cache = quota_neg_cache = 0;
	}
      }
    }

  /* Option not recognized */

  else

  return ERROR;
  }

/* Handle quota verification */
if (quota)
  {
  if (vp->value != VERIFY_RCPT)
    {
    *log_msgptr = US"can only verify quota of recipient";
    return ERROR;
    }

  if ((rc = verify_quota_call(addr->address,
	      quota_pos_cache, quota_neg_cache, log_msgptr)) != OK)
    {
    *basic_errno = errno;
    if (smtp_return_error_details)
      {
      if (!*user_msgptr && *log_msgptr)
        *user_msgptr = string_sprintf("Rejected after %s: %s",
	    smtp_names[smtp_connection_had[SMTP_HBUFF_PREV(smtp_ch_index)]],
	    *log_msgptr);
      if (rc == DEFER) f.acl_temp_details = TRUE;
      }
    }

  return rc;
  }

/* Handle sender-in-header verification. Default the user message to the log
message if giving out verification details. */


    }

  sender_vaddr = verify_checked_sender(verify_sender_address);
  if (   sender_vaddr				/* Previously checked */
      && callout <= 0)				/* No callout needed this time */
    {
    /* If the "routed" flag is set, it means that routing worked before, so
    this check can give OK (the saved return code value, if set, belongs to a

        *basic_errno = sender_vaddr->basic_errno;
      else
	DEBUG(D_acl)
	  {
	  if (Ustrcmp(sender_vaddr->address, verify_sender_address) != 0)
	    debug_printf_indent("sender %s verified ok as %s\n",
	      verify_sender_address, sender_vaddr->address);
	  else
	    debug_printf_indent("sender %s verified ok\n",
	      verify_sender_address);
	  }
      }
    else
      rc = OK;  /* Null sender */


  *basic_errno = addr2.basic_errno;
  *log_msgptr = addr2.message;
  *user_msgptr = addr2.user_message ? addr2.user_message : addr2.message;
    addr2.user_message : addr2.message;

  /* Allow details for temporary error if the address is so flagged. */
  if (testflag((&addr2), af_pass_message)) f.acl_temp_details = TRUE;


/* We have a result from the relevant test. Handle defer overrides first. */

if (  rc == DEFER
   && (  defer_ok
      || callout_defer_ok && *basic_errno == ERRNO_CALLOUTDEFER
   )  )
  {
  HDEBUG(D_acl) debug_printf_indent("verify defer overridden by %s\n",
    defer_ok? "defer_ok" : "callout_defer_ok");

/* If we've failed a sender, set up a recipient message, and point
sender_verified_failed to the address item that actually failed. */

if (rc != OK && verify_sender_address)
  {
  if (rc != DEFER)
    *log_msgptr = *user_msgptr = US"Sender verify failed";

/* Verifying an address messes up the values of $domain and $local_part,
so reset them before returning if this is a RCPT ACL. */

if (addr)
  {
  deliver_domain = addr->domain;
  deliver_localpart = addr->local_part;

    /* No Bloom filter. This basic ratelimit block is initialized below. */
    HDEBUG(D_acl) debug_printf_indent("ratelimit creating new rate data block\n");
    dbdb_size = sizeof(*dbd);
    dbdb = store_get(dbdb_size, GET_UNTAINTED);
    }
  else
    {

    extra = (int)limit * 2 - sizeof(dbdb->bloom);
    if (extra < 0) extra = 0;
    dbdb_size = sizeof(*dbdb) + extra;
    dbdb = store_get(dbdb_size, GET_UNTAINTED);
    dbdb->bloom_epoch = tv.tv_sec;
    dbdb->bloom_size = sizeof(dbdb->bloom) + extra;
    memset(dbdb->bloom, 0, dbdb->bloom_size);

/* Store the result in the tree for future reference.  Take the taint status
from the key for consistency even though it's unlikely we'll ever expand this. */

t = store_get(sizeof(tree_node) + Ustrlen(key), key);
t->data.ptr = dbd;
Ustrcpy(t->name, key);
(void)tree_insertnode(anchor, t);



/*************************************************
*      Handle a check for previously-seen        *
*************************************************/

/*
ACL clauses like:   seen = -5m / key=$foo / readonly

Return is true for condition-true - but the semantics
depend heavily on the actual use-case.

Negative times test for seen-before, positive for seen-more-recently-than
(the given interval before current time).

All are subject to history not having been cleaned from the DB.

Default for seen-before is to create if not present, and to
update if older than 10d (with the seen-test time).
Default for seen-since is to always create or update.

Options:
  key=value.  Default key is $sender_host_address
  readonly
  write
  refresh=<interval>:  update an existing DB entry older than given
			amount.  Default refresh lacking this option is 10d.
			The update sets the record timestamp to the seen-test time.

XXX do we need separate nocreate, noupdate controls?

Arguments:
  arg         the option string for seen=
  where       ACL_WHERE_xxxx indicating which ACL this is
  log_msgptr  for error messages

Returns:       OK        - Condition is true
               FAIL      - Condition is false
               DEFER     - Problem opening history database
               ERROR     - Syntax error in options
*/

static int
acl_seen(const uschar * arg, int where, uschar ** log_msgptr)
{
enum { SEEN_DEFAULT, SEEN_READONLY, SEEN_WRITE };

const uschar * list = arg;
int slash = '/', interval, mode = SEEN_DEFAULT, yield = FAIL;
BOOL before;
int refresh = 10 * 24 * 60 * 60;	/* 10 days */
const uschar * ele, * key = sender_host_address;
open_db dbblock, * dbm;
dbdata_seen * dbd;
time_t now;

/* Parse the first element, the time-relation. */

if (!(ele = string_nextinlist(&list, &slash, NULL, 0)))
  goto badparse;
if ((before = *ele == '-'))
  ele++;
if ((interval = readconf_readtime(ele, 0, FALSE)) < 0)
  goto badparse;

/* Remaining elements are options */

while ((ele = string_nextinlist(&list, &slash, NULL, 0)))
  if (Ustrncmp(ele, "key=", 4) == 0)
    key = ele + 4;
  else if (Ustrcmp(ele, "readonly") == 0)
    mode = SEEN_READONLY;
  else if (Ustrcmp(ele, "write") == 0)
    mode = SEEN_WRITE;
  else if (Ustrncmp(ele, "refresh=", 8) == 0)
    {
    if ((refresh = readconf_readtime(ele + 8, 0, FALSE)) < 0)
      goto badparse;
    }
  else
    goto badopt;

if (!(dbm = dbfn_open(US"seen", O_RDWR, &dbblock, TRUE, TRUE)))
  {
  HDEBUG(D_acl) debug_printf_indent("database for 'seen' not available\n");
  *log_msgptr = US"database for 'seen' not available";
  return DEFER;
  }

dbd = dbfn_read_with_length(dbm, key, NULL);
now = time(NULL);
if (dbd)		/* an existing record */
  {
  time_t diff = now - dbd->time_stamp;	/* time since the record was written */

  if (before ? diff >= interval : diff < interval)
    yield = OK;

  if (mode == SEEN_READONLY)
    { HDEBUG(D_acl) debug_printf_indent("seen db not written (readonly)\n"); }
  else if (mode == SEEN_WRITE || !before)
    {
    dbd->time_stamp = now;
    dbfn_write(dbm, key, dbd, sizeof(*dbd));
    HDEBUG(D_acl) debug_printf_indent("seen db written (update)\n");
    }
  else if (diff >= refresh)
    {
    dbd->time_stamp = now - interval;
    dbfn_write(dbm, key, dbd, sizeof(*dbd));
    HDEBUG(D_acl) debug_printf_indent("seen db written (refresh)\n");
    }
  }
else
  {			/* No record found, yield always FAIL */
  if (mode != SEEN_READONLY)
    {
    dbdata_seen d = {.time_stamp = now};
    dbfn_write(dbm, key, &d, sizeof(*dbd));
    HDEBUG(D_acl) debug_printf_indent("seen db written (create)\n");
    }
  else
    HDEBUG(D_acl) debug_printf_indent("seen db not written (readonly)\n");
  }

dbfn_close(dbm);
return yield;


badparse:
  *log_msgptr = string_sprintf("failed to parse '%s'", arg);
  return ERROR;
badopt:
  *log_msgptr = string_sprintf("unrecognised option '%s' in '%s'", ele, arg);
  return ERROR;
}



/*************************************************
*            The udpsend ACL modifier            *
*************************************************/


  }

/* Make a single-item host list. */
h = store_get(sizeof(host_item), GET_UNTAINTED);
memset(h, 0, sizeof(host_item));
h->name = hostname;
h->port = portnum;


	case CONTROL_FAKEREJECT:
	  cancel_cutthrough_connection(TRUE, US"fakereject");
	case CONTROL_FAKEDEFER:
	  fake_response = (control_type == CONTROL_FAKEDEFER) ? DEFER : FAIL;
	  if (*p == '/')
	    {
	    const uschar *pp = p + 1;
	    while (*pp) pp++;
	    /* The entire control= line was expanded at top so no need to expand
	    the part after the / */
	    fake_response_text = string_copyn(p+1, pp-p-1);
	    p = pp;
	    }
	   else /* Explicitly reset to default string */


	case CONTROL_DEBUG:
	  {
	  uschar * debug_tag = NULL, * debug_opts = NULL;
	  BOOL kill = FALSE, stop = FALSE;
	  BOOL kill = FALSE;

	  while (*p == '/')
	    {

	      }
	    else if (Ustrncmp(pp, "kill", 4) == 0)
	      {
	      pp += 4;
	      kill = TRUE;
	      }
	    else if (Ustrncmp(pp, "stop", 4) == 0)
	      {
	      pp += 4;
	      stop = TRUE;
	      }
	    else if (Ustrncmp(pp, "pretrigger=", 11) == 0)
		debug_pretrigger_setup(pp+11);
	    else if (Ustrncmp(pp, "trigger=", 8) == 0)
	      {
	      if (Ustrncmp(pp += 8, "now", 3) == 0)
		{
		pp += 3;
		debug_trigger_fire();
		}
	      else if (Ustrncmp(pp, "paniclog", 8) == 0)
		{
		pp += 8;
		dtrigger_selector |= BIT(DTi_panictrigger);
		}
	      }
	    while (*pp && *pp != '/') pp++;
	    p = pp;
	    }

	  if (kill)
	    debug_logging_stop(TRUE);
	  else if (stop)
	    debug_logging_stop(FALSE);
	  else if (debug_tag || debug_opts)
	    debug_logging_activate(debug_tag, debug_opts);
	  break;
	  }


      }
    break;

#ifndef DISABLE_DKIM
    case ACLC_DKIM_SIGNER:
    if (dkim_cur_signer)
      rc = match_isinlist(dkim_cur_signer,

    rc = match_isinlist(dkim_verify_status,
                        &arg, 0, NULL, NULL, MCL_STRING, TRUE, NULL);
    break;
#endif

#ifdef SUPPORT_DMARC
    case ACLC_DMARC_STATUS:

    setup_remove_header(arg);
    break;

    case ACLC_SEEN:
    rc = acl_seen(arg, where, log_msgptr);
    break;

    case ACLC_SENDER_DOMAINS:
      {
      uschar *sdomain;




/************************************************/
/* For error messages, a string describing the config location
associated with current processing. NULL if not in an ACL. */

uschar *
acl_current_verb(void)
{
if (acl_current) return string_sprintf(" (ACL %s, %s %d)",
    verbs[acl_current->verb], acl_current->srcfile, acl_current->srcline);
return NULL;
}

/*************************************************
*        Check access using an ACL               *
*************************************************/


acl_text = ss;

if (is_tainted(acl_text) && !f.running_in_test_harness)
  {
  log_write(0, LOG_MAIN|LOG_PANIC,
    "attempt to use tainted ACL text \"%s\"", acl_text);
  /* Avoid leaking info to an attacker */
  *log_msgptr = US"internal configuration error";
  return ERROR;
  }

/* Handle the case of a string that does not contain any spaces. Look for a
named ACL among those read from the configuration, or a previously read file.
It is possible that the pointer to the ACL is NULL if the configuration

  else if (*ss == '/')
    {
    struct stat statbuf;
    if (is_tainted(ss))
      {
      log_write(0, LOG_MAIN|LOG_PANIC,
	"attempt to open tainted ACL file name \"%s\"", ss);
      /* Avoid leaking info to an attacker */
      *log_msgptr = US"internal configuration error";
      return ERROR;
      }
    if ((fd = Uopen(ss, O_RDONLY, 0)) < 0)
      {
      *log_msgptr = string_sprintf("failed to open ACL file \"%s\": %s", ss,

      }

    /* If the string being used as a filename is tainted, so is the file content */
    acl_text = store_get(statbuf.st_size + 1, ss);
    acl_text_end = acl_text + statbuf.st_size + 1;

    if (read(fd, acl_text, statbuf.st_size) != statbuf.st_size)

  if (!acl && *log_msgptr) return ERROR;
  if (fd >= 0)
    {
    tree_node * t = store_get_perm(sizeof(tree_node) + Ustrlen(ss), ss);
    Ustrcpy(t->name, ss);
    t->data.ptr = acl;
    (void)tree_insertnode(&acl_anchor, t);


/* Now we have an ACL to use. It's possible it may be NULL. */

while ((acl_current = acl))
  {
  int cond;
  int basic_errno = 0;

      else if (cond == DEFER && LOGGING(acl_warn_skipped))
	log_write(0, LOG_MAIN, "%s Warning: ACL \"warn\" statement skipped: "
	  "condition test deferred%s%s", host_and_ident(TRUE),
	  *log_msgptr ? US": " : US"",
	  *log_msgptr ? *log_msgptr : US"");
      *log_msgptr = *user_msgptr = NULL;  /* In case implicit DENY follows */
      break;


tree_node * node, ** root = name[0] == 'c' ? &acl_var_c : &acl_var_m;
if (!(node = tree_search(*root, name)))
  {
  node = store_get(sizeof(tree_node) + Ustrlen(name), name);
  Ustrcpy(node->name, name);
  (void)tree_insertnode(root, node);
  }

*/

void
acl_var_write(uschar * name, uschar * value, void * ctx)
{
FILE * f = (FILE *)ctx;
putc('-', f);
if (is_tainted(value))
  {
  int q = quoter_for_address(value);
  putc('-', f);
  if (is_real_quoter(q)) fprintf(f, "(%s)", lookup_list[q]->name);
  }
fprintf(f, "acl%c %s %d\n%s\n", name[0], name+1, Ustrlen(value), value);
}

#endif	/* !MACRO_PREDEF */
/* vi: aw ai sw=2
*/
/* End of acl.c */




*************************************************/
/* Experimental ARC support for Exim
   Copyright (c) Jeremy Harris 2018 - 2020
   Copyright (c) The Exim Maintainers 2021 - 2022
   License: GPL
*/


  }

DEBUG(D_acl) debug_printf("ARC: new instance %u\n", i);
*pas = as = store_get(sizeof(arc_set), GET_UNTAINTED);
memset(as, 0, sizeof(arc_set));
as->next = next;
as->prev = prev;


if (!instance_only)
  {
  al->rawsig_no_b_val.data = store_get(h->slen + 1, GET_TAINTED);
  memcpy(al->rawsig_no_b_val.data, h->text, off);	/* copy the header name blind */
  r = al->rawsig_no_b_val.data + off;
  al->rawsig_no_b_val.len = off;

{
unsigned i;
arc_set * as;
arc_line * al = store_get(sizeof(arc_line), GET_UNTAINTED), ** alp;
uschar * e;

memset(al, 0, sizeof(arc_line));

DEBUG(D_acl) debug_printf("ARC: collecting arc sets\n");
for (h = header_list; h; h = h->next)
  {
  r = store_get(sizeof(hdr_rlist), GET_UNTAINTED);
  r->prev = rprev;
  r->used = FALSE;
  r->h = h;


      len = Ustrlen(s);
      DEBUG(D_acl) pdkim_quoteprint(s, len);
      exim_sha_update_string(&hhash_ctx, s);
      r->used = TRUE;
      break;
      }

static hdr_rlist *
arc_rlist_entry(hdr_rlist * list, const uschar * s, int len)
{
hdr_rlist * r = store_get(sizeof(hdr_rlist) + sizeof(header_line), GET_UNTAINTED);
header_line * h = r->h = (header_line *)(r+1);

r->prev = list;

h->slen = len;
h->text = US s;

/* This works for either NL or CRLF lines; also nul-termination */
while (*++s)
  if (*s == '\n' && s[1] != '\t' && s[1] != ' ') break;
s++;		/* move past end of line */

return r;
}


{
int aar_off = gstring_length(g);
arc_set * as =
  store_get(sizeof(arc_set) + sizeof(arc_line) + sizeof(header_line), GET_UNTAINTED);
arc_line * al = (arc_line *)(as+1);
header_line * h = (header_line *)(al+1);


int hashtype = pdkim_hashname_to_hashtype(US"sha256", 6);	/*XXX hardwired */
blob sig;
int ams_off;
arc_line * al = store_get(sizeof(header_line) + sizeof(arc_line), GET_UNTAINTED);
header_line * h = (header_line *)(al+1);

/* debug_printf("%s\n", __FUNCTION__); */

{
gstring * arcset;
uschar * status = arc_ar_cv_status(ar);
arc_line * al = store_get(sizeof(header_line) + sizeof(arc_line), GET_UNTAINTED);
header_line * h = (header_line *)(al+1);
uschar * badline_str;


arc_sign_init(void)
{
memset(&arc_sign_ctx, 0, sizeof(arc_sign_ctx));
headers_rlist = NULL;
}






/* Per RFCs 6376, 7489 the only allowed chars in either an ADMD id
or a selector are ALPHA/DIGGIT/'-'/'.'

Check, to help catch misconfigurations such as a missing selector
element in the arc_sign list.
*/

static BOOL
arc_valid_id(const uschar * s)
{
for (uschar c; c = *s++; )
  if (!isalnum(c) && c != '-' && c != '.') return FALSE;
return TRUE;
}



/* ARC signing.  Called from the smtp transport, if the arc_sign option is set.
The dkim_exim_sign() function has already been called, so will have hashed the
message body for us so long as we requested a hash previously.


/* Parse the signing specification */

if (!(identity = string_nextinlist(&signspec, &sep, NULL, 0)) || !*identity)
  { s = US"identity"; goto bad_arg_ret; }
if (!(selector = string_nextinlist(&signspec, &sep, NULL, 0)) || !*selector)
  { s = US"selector"; goto bad_arg_ret; }
if (!(privkey = string_nextinlist(&signspec, &sep, NULL, 0))  || !*privkey)
  { s = US"privkey"; goto bad_arg_ret; }
if (!arc_valid_id(identity))
  { s = US"identity"; goto bad_arg_ret; }
if (!arc_valid_id(selector))
  { s = US"selector"; goto bad_arg_ret; }
if (*privkey == '/' && !(privkey = expand_file_big_buffer(privkey)))
  goto ret_sigheaders;

if ((opts = string_nextinlist(&signspec, &sep, NULL, 0)))
  {

if (!(arc_sign_find_ar(headers, identity, &ar)))
  {
  log_write(0, LOG_MAIN, "ARC: no Authentication-Results header for signing");
  goto ret_sigheaders;
  }

/* We previously built the data-struct for the existing ARC chain, if any, using a headers

/* Finally, append the dkim headers and return the lot. */

if (sigheaders) g = string_catn(g, sigheaders->s, sigheaders->ptr);

out:
  if (!g) return string_get(1);
  (void) string_from_gstring(g);
  gstring_release_unused(g);
  return g;


bad_arg_ret:
  log_write(0, LOG_MAIN, "ARC: bad signing-specification (%s)", s);
ret_sigheaders:
  g = sigheaders;
  goto out;
}



Lines 8-13 Link Here

(-)exim.orig/src/auths/auth-spa.c (-2 / +2 lines)
8		8
9	* All the original code used here was torn by Marc Prud'hommeaux out of the	9	* All the original code used here was torn by Marc Prud'hommeaux out of the
10	* Samba project (by Andrew Tridgell, Jeremy Allison, and others).	10	* Samba project (by Andrew Tridgell, Jeremy Allison, and others).
		11	*
		12	* Copyright (c) The Exim Maintainers 2021
11		13
12	* Tom Kistner provided additional code, adding spa_build_auth_challenge() to	14	* Tom Kistner provided additional code, adding spa_build_auth_challenge() to
13	* support server authentication mode.	15	* support server authentication mode.
Lines 1395-1402 Link Here
1395	int p = (int)getpid();	1397	int p = (int)getpid();
1396	int random_seed = (int)time(NULL) ^ ((p << 16) \| p);	1398	int random_seed = (int)time(NULL) ^ ((p << 16) \| p);
1397		1399
1398	request = request; /* Added by PH to stop compilers whinging */
1399
1400	/* Ensure challenge data is cleared, in case it isn't all used. This	1400	/* Ensure challenge data is cleared, in case it isn't all used. This
1401	patch added by PH on suggestion of Russell King */	1401	patch added by PH on suggestion of Russell King */
1402		1402

Lines 3-9 Link Here

(-)exim.orig/src/auths/call_pam.c (-2 / +2 lines)
3	*************************************************/	3	*************************************************/
4		4
5	/* Copyright (c) University of Cambridge 1995 - 2018 */	5	/* Copyright (c) University of Cambridge 1995 - 2018 */
6	/* Copyright (c) The Exim Maintainers 2020 */	6	/* Copyright (c) The Exim Maintainers 2020 - 2021 */
7	/* See the file NOTICE for conditions of use and distribution. */	7	/* See the file NOTICE for conditions of use and distribution. */
8		8
9	#include "../exim.h"	9	#include "../exim.h"
Lines 88-94 Link Here
88	arg = US"";	88	arg = US"";
89	pam_arg_ended = TRUE;	89	pam_arg_ended = TRUE;
90	}	90	}
91	reply[i].resp = CS string_copy_malloc(arg); /* PAM frees resp */	91	reply[i].resp = strdup(CCS arg); /* Use libc malloc, PAM frees resp directly*/
92	reply[i].resp_retcode = PAM_SUCCESS;	92	reply[i].resp_retcode = PAM_SUCCESS;
93	break;	93	break;
94		94




*     Exim - an Internet mail transport agent    *
*************************************************/

/* Copyright (c) The Exim Maintainers 2020 - 2022 */
/* Copyright (c) University of Cambridge 1995 - 2016 */
/* See the file NOTICE for conditions of use and distribution. */

/* This file was originally supplied by Ian Kirk. The libradius support came
from Alex Kiernan. */

/* ugly hack to work around redefinition of ENV by radiusclient.h and
 * db.h: define _DB_H_ so the db.h include thinks it's already included,
 * we can get away with it like this, since this file doesn't use any db
 * functions. */
#ifndef _DB_H_
# define _DB_H_ 1
# define _DB_EXT_PROT_IN_ 1
# define DB void
#endif

#include "../exim.h"

/* This module contains functions that call the Radius authentication

using its original API. At release 0.4.0 the API changed. */

#ifdef RADIUS_LIB_RADLIB
# include <radlib.h>
#else
# if !defined(RADIUS_LIB_RADIUSCLIENT) && !defined(RADIUS_LIB_RADIUSCLIENTNEW)
#  define RADIUS_LIB_RADIUSCLIENT
# endif

# ifdef RADIUS_LIB_RADIUSCLIENTNEW
#  define ENV FREERADIUSCLIENT_ENV	/* Avoid clash with Berkeley DB */
#  include <freeradius-client.h>
# else
#  include <radiusclient.h>
# endif
#endif






*     Exim - an Internet mail transport agent    *
*************************************************/

/* Copyright (c) The Exim Maintainers 2020 - 2022 */
/* Copyright (c) University of Cambridge 1995 - 2018 */
/* Copyright (c) The Exim Maintainers 2020 */
/* See the file NOTICE for conditions of use and distribution. */

/* This code was originally contributed by Matthew Byng-Maddick */

int auth_cyrus_sasl_server(auth_instance *ablock, uschar *data) {return 0;}
int auth_cyrus_sasl_client(auth_instance *ablock, void * sx,
  int timeout, uschar *buffer, int buffsize) {return 0;}
gstring * auth_cyrus_sasl_version_report(gstring * g) {return NULL;}

#else   /*!MACRO_PREDEF*/


    HDEBUG(D_auth)
      debug_printf("Cyrus SASL library will not tell us the username: %s\n",
	  sasl_errstring(rc, NULL, NULL));
    log_write(0, LOG_REJECT, "%s authenticator (%s): "
       "Cyrus SASL username fetch problem: %s", ablock->name, ob->server_mech,
       sasl_errstring(rc, NULL, NULL));
    sasl_dispose(&conn);

      /* these are considered permanent failure codes */
      HDEBUG(D_auth)
	debug_printf("Cyrus SASL permanent failure %d (%s)\n", rc, sasl_errstring(rc, NULL, NULL));
      log_write(0, LOG_REJECT, "%s authenticator (%s): "
	 "Cyrus SASL permanent failure: %s", ablock->name, ob->server_mech,
	 sasl_errstring(rc, NULL, NULL));
      sasl_dispose(&conn);

	HDEBUG(D_auth)
	  debug_printf("Cyrus SASL library will not tell us the SSF: %s\n",
	      sasl_errstring(rc, NULL, NULL));
	log_write(0, LOG_REJECT, "%s authenticator (%s): "
	    "Cyrus SASL SSF value not available: %s", ablock->name, ob->server_mech,
	    sasl_errstring(rc, NULL, NULL));
	sasl_dispose(&conn);

	{
	HDEBUG(D_auth)
	  debug_printf("Exim does not implement SASL wrapping (needed for SSF %d).\n", negotiated_ssf);
	log_write(0, LOG_REJECT, "%s authenticator (%s): "
	    "Cyrus SASL SSF %d not supported by Exim", ablock->name, ob->server_mech, negotiated_ssf);
	sasl_dispose(&conn);
	sasl_done();

*                Diagnostic API                  *
*************************************************/

gstring *
auth_cyrus_sasl_version_report(gstring * g)
{
const char * implementation, * version;
sasl_version_info(&implementation, &version, NULL, NULL, NULL, NULL);
g = string_fmt_append(g,
	"Library version: Cyrus SASL: Compile: %d.%d.%d\n"
	"                             Runtime: %s [%s]\n",
	SASL_VERSION_MAJOR, SASL_VERSION_MINOR, SASL_VERSION_STEP,
	version, implementation);
return g;
}

/*************************************************

Lines 2-7 Link Here

(-)exim.orig/src/auths/cyrus_sasl.h (-1 / +2 lines)
2	* Exim - an Internet mail transport agent *	2	* Exim - an Internet mail transport agent *
3	*************************************************/	3	*************************************************/
4		4
		5	/* Copyright (c) The Exim Maintainers 2022 */
5	/* Copyright (c) University of Cambridge 1995 - 2012 */	6	/* Copyright (c) University of Cambridge 1995 - 2012 */
6	/* See the file NOTICE for conditions of use and distribution. */	7	/* See the file NOTICE for conditions of use and distribution. */
7		8
Lines 30-35 Link Here
30	extern void auth_cyrus_sasl_init(auth_instance *);	31	extern void auth_cyrus_sasl_init(auth_instance *);
31	extern int auth_cyrus_sasl_server(auth_instance , uschar );	32	extern int auth_cyrus_sasl_server(auth_instance , uschar );
32	extern int auth_cyrus_sasl_client(auth_instance , void , int, uschar *, int);	33	extern int auth_cyrus_sasl_client(auth_instance , void , int, uschar *, int);
33	extern void auth_cyrus_sasl_version_report(FILE *f);	34	extern gstring * auth_cyrus_sasl_version_report(gstring *);
34		35
35	/* End of cyrus_sasl.h */	36	/* End of cyrus_sasl.h */




/*
 * Copyright (c) The Exim Maintainers 2006 - 2022
 * Copyright (c) 2004 Andrey Panin <pazke@donpac.ru>
 * Copyright (c) 2006-2020 The Exim Maintainers
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published

# ifndef DISABLE_TLS
if (ob->server_tls)
  {
  union sockaddr_46 interface_sock;
  EXIM_SOCKLEN_T size = sizeof(interface_sock);
  smtp_connect_args conn_args = { .host = &host };
  tls_support tls_dummy = { .sni = NULL };
  uschar * errstr;

  if (getsockname(cctx->sock, (struct sockaddr *) &interface_sock, &size) == 0)
    conn_args.sending_ip_address = host_ntoa(-1, &interface_sock, NULL, NULL);
  else
    {
    *errmsg = string_sprintf("getsockname failed: %s", strerror(errno));
    goto bad;
    }

  if (!tls_client_start(&cctx, &conn_args, NULL, &tls_dummy, &errstr))
    {
    auth_defer_msg = string_sprintf("TLS connect failed: %s", errstr);

Lines 3-9 Link Here

(-)exim.orig/src/auths/get_data.c (-1 / +1 lines)
3	*************************************************/	3	*************************************************/
4		4
5	/* Copyright (c) University of Cambridge 1995 - 2018 */	5	/* Copyright (c) University of Cambridge 1995 - 2018 */
6	/* Copyright (c) The Exim Maintainers 2020 */	6	/* Copyright (c) The Exim Maintainers 2020 - 2021 */
7	/* See the file NOTICE for conditions of use and distribution. */	7	/* See the file NOTICE for conditions of use and distribution. */
8		8
9	#include "../exim.h"	9	#include "../exim.h"




*     Exim - an Internet mail transport agent    *
*************************************************/

/* Copyright (c) The Exim Maintainers 2019 - 2022 */
/* Copyright (c) University of Cambridge 1995 - 2018 */
/* See the file NOTICE for conditions of use and distribution. */


*/

#include "../exim.h"
#define CHANNELBIND_HACK

#ifndef AUTH_GSASL
/* dummy function to satisfy compilers when we link in an "empty" file. */

#include "gsasl_exim.h"


#if GSASL_VERSION_MINOR >= 10
# define EXIM_GSASL_HAVE_SCRAM_SHA_256
# define EXIM_GSASL_SCRAM_S_KEY

#elif GSASL_VERSION_MINOR == 9
# define EXIM_GSASL_HAVE_SCRAM_SHA_256

# if GSASL_VERSION_PATCH >= 1
#  define EXIM_GSASL_SCRAM_S_KEY
# endif
# if GSASL_VERSION_PATCH < 2
#  define CHANNELBIND_HACK
# endif

#else
# define CHANNELBIND_HACK
#endif

/* Convenience for testing strings */

#define STREQIC(Foo, Bar) (strcmpic((Foo), (Bar)) == 0)


/* Authenticator-specific options. */
/* I did have server_*_condition options for various mechanisms, but since

int auth_gsasl_server(auth_instance *ablock, uschar *data) {return 0;}
int auth_gsasl_client(auth_instance *ablock, void * sx,
  int timeout, uschar *buffer, int buffsize) {return 0;}
gstring * auth_gsasl_version_report(gstring * g) {return NULL;}

void
auth_gsasl_macros(void)

	    "GNU SASL does not support mechanism \"%s\"",
	    ablock->name, ob->server_mech);

if (ablock->server_condition)
  ablock->server = TRUE;
else if(  ob->server_mech
       && !STREQIC(ob->server_mech, US"EXTERNAL")
       && !STREQIC(ob->server_mech, US"ANONYMOUS")
       && !STREQIC(ob->server_mech, US"PLAIN")
       && !STREQIC(ob->server_mech, US"LOGIN")
       )
  {
  /* At present, for mechanisms we don't panic on absence of server_condition;
  need to figure out the most generically correct approach to deciding when
  it's critical and when it isn't.  Eg, for simple validation (PLAIN mechanism,
  etc) it clearly is critical.
  */

if (  !ablock->server_condition
   && (  streqic(ob->server_mech, US"EXTERNAL")
      || streqic(ob->server_mech, US"ANONYMOUS")
      || streqic(ob->server_mech, US"PLAIN")
      || streqic(ob->server_mech, US"LOGIN")
   )  )
  {
  ablock->server = FALSE;
  HDEBUG(D_auth) debug_printf("%s authenticator:  "
	    "Need server_condition for %s mechanism\n",

which properties will be needed. */

if (  !ob->server_realm
   && STREQIC(ob->server_mech, US"DIGEST-MD5"))
  {
  ablock->server = FALSE;
  HDEBUG(D_auth) debug_printf("%s authenticator:  "

	    ablock->name, ob->server_mech);
  }

/* At present, for mechanisms we don't panic on absence of server_condition;
need to figure out the most generically correct approach to deciding when
it's critical and when it isn't.  Eg, for simple validation (PLAIN mechanism,
etc) it clearly is critical.
*/

ablock->client = ob->client_username && ob->client_password;
}


{
switch (prop)
  {
  case GSASL_AUTHID:			return US"AUTHID";
  case GSASL_AUTHZID:			return US"AUTHZID";
  case GSASL_PASSWORD:			return US"PASSWORD";
  case GSASL_ANONYMOUS_TOKEN:		return US"ANONYMOUS_TOKEN";
  case GSASL_SERVICE:			return US"SERVICE";
  case GSASL_HOSTNAME:			return US"HOSTNAME";
  case GSASL_GSSAPI_DISPLAY_NAME:	return US"GSSAPI_DISPLAY_NAME";
  case GSASL_PASSCODE:			return US"PASSCODE";
  case GSASL_SUGGESTED_PIN:		return US"SUGGESTED_PIN";
  case GSASL_PIN:			return US"PIN";
  case GSASL_REALM:			return US"REALM";
  case GSASL_DIGEST_MD5_HASHED_PASSWORD:	return US"DIGEST_MD5_HASHED_PASSWORD";
  case GSASL_QOPS:			return US"QOPS";
  case GSASL_QOP:			return US"QOP";
  case GSASL_SCRAM_ITER:		return US"SCRAM_ITER";
  case GSASL_SCRAM_SALT:		return US"SCRAM_SALT";
  case GSASL_SCRAM_SALTED_PASSWORD:	return US"SCRAM_SALTED_PASSWORD";
#ifdef EXIM_GSASL_SCRAM_S_KEY
  case GSASL_SCRAM_STOREDKEY: return US"SCRAM_STOREDKEY";
  case GSASL_SCRAM_SERVERKEY: return US"SCRAM_SERVERKEY";
#endif
  case GSASL_CB_TLS_UNIQUE: return US"CB_TLS_UNIQUE";
  case GSASL_SAML20_IDP_IDENTIFIER: return US"SAML20_IDP_IDENTIFIER";
  case GSASL_SAML20_REDIRECT_URL: return US"SAML20_REDIRECT_URL";
  case GSASL_OPENID20_REDIRECT_URL: return US"OPENID20_REDIRECT_URL";
  case GSASL_OPENID20_OUTCOME_DATA: return US"OPENID20_OUTCOME_DATA";
  case GSASL_SAML20_AUTHENTICATE_IN_BROWSER: return US"SAML20_AUTHENTICATE_IN_BROWSER";
  case GSASL_OPENID20_AUTHENTICATE_IN_BROWSER: return US"OPENID20_AUTHENTICATE_IN_BROWSER";
#ifdef EXIM_GSASL_SCRAM_S_KEY
  case GSASL_SCRAM_STOREDKEY:		return US"SCRAM_STOREDKEY";
  case GSASL_SCRAM_SERVERKEY:		return US"SCRAM_SERVERKEY";
#endif
  case GSASL_CB_TLS_UNIQUE:		return US"CB_TLS_UNIQUE";
  case GSASL_SAML20_IDP_IDENTIFIER:	return US"SAML20_IDP_IDENTIFIER";
  case GSASL_SAML20_REDIRECT_URL:	return US"SAML20_REDIRECT_URL";
  case GSASL_OPENID20_REDIRECT_URL:	return US"OPENID20_REDIRECT_URL";
  case GSASL_OPENID20_OUTCOME_DATA:	return US"OPENID20_OUTCOME_DATA";
  case GSASL_SAML20_AUTHENTICATE_IN_BROWSER:	return US"SAML20_AUTHENTICATE_IN_BROWSER";
  case GSASL_OPENID20_AUTHENTICATE_IN_BROWSER:	return US"OPENID20_AUTHENTICATE_IN_BROWSER";
  case GSASL_VALIDATE_SIMPLE:		return US"VALIDATE_SIMPLE";
  case GSASL_VALIDATE_EXTERNAL:		return US"VALIDATE_EXTERNAL";
  case GSASL_VALIDATE_ANONYMOUS:	return US"VALIDATE_ANONYMOUS";
  case GSASL_VALIDATE_GSSAPI:		return US"VALIDATE_GSSAPI";
  case GSASL_VALIDATE_SECURID:		return US"VALIDATE_SECURID";
  case GSASL_VALIDATE_SAML20:		return US"VALIDATE_SAML20";
  case GSASL_VALIDATE_OPENID20:		return US"VALIDATE_OPENID20";
  }
return CUS string_sprintf("(unknown prop: %d)", (int)prop);
}

#ifndef DISABLE_TLS
if (tls_in.channelbinding && ob->server_channelbinding)
  {
# ifndef DISABLE_TLS_RESUME
  if (!tls_in.ext_master_secret && tls_in.resumption == RESUME_USED)
    {		/* per RFC 7677 section 4 */
    HDEBUG(D_auth) debug_printf(

    }
# endif
# ifdef CHANNELBIND_HACK
/* This is a gross hack to get around the library before 1.9.2
a) requiring that c-b was already set, at the _start() call, and
b) caching a b64'd version of the binding then which it never updates. */

  gsasl_callback_hook_set(gsasl_ctx, tls_in.channelbinding);
# endif

  would then result in mechanism name changes on a library update, we
  have little choice but to default it off and let the admin choose to
  enable it.  *sigh*

  Earlier library versions need this set early, during the _start() call,
  so we had to misuse gsasl_callback_hook_set/get() as a data transfer
  mech for the callback done at that time to get the bind-data.  More recently
  the callback is done (if needed) during the first gsasl_stop().  We know
  the bind-data here so can set it (and should not get a callback).
  */
  if (ob->server_channelbinding)
    {

}


/* Set the "next" $auth[n] and increment expand_nmax */

static void
set_exim_authvar_from_prop(Gsasl_session * sctx, Gsasl_property prop)
{
uschar * propval = US gsasl_property_fast(sctx, prop);
int i = expand_nmax, j = i + 1;
propval = propval ? string_copy(propval) : US"";
HDEBUG(D_auth) debug_printf("auth[%d] <=  %s'%s'\n",
			    j, gsasl_prop_code_to_name(prop), propval);
expand_nstring[j] = propval;
expand_nlength[j] = Ustrlen(propval);
if (i < AUTH_VARS) auth_vars[i] = propval;
expand_nmax = j;
}


server_callback(Gsasl *ctx, Gsasl_session *sctx, Gsasl_property prop,
  auth_instance *ablock)
{
char * tmps;
uschar * s;
int cbrc = GSASL_NO_CALLBACK;
auth_gsasl_options_block * ob =
  (auth_gsasl_options_block *)(ablock->options_block);

HDEBUG(D_auth) debug_printf("GNU SASL callback %s for %s/%s as server\n",

    for memory wiping, so expanding strings will leave stuff laying around.
    But no need to compound the problem, so get rid of the one we can. */

    if (US tmps != s) memset(tmps, '\0', strlen(tmps));
    cbrc = GSASL_OK;
    break;


  unsigned flags, uschar * buffer, int buffsize)
{
uschar * s;
int rc;

if (!val) return !!(flags & PROP_OPTIONAL);
if (!(s = expand_string(val)) || !(flags & PROP_OPTIONAL) && !*s)

#ifndef DISABLE_TLS
if (tls_out.channelbinding && ob->client_channelbinding)
  {
# ifndef DISABLE_TLS_RESUME
  if (!tls_out.ext_master_secret && tls_out.resumption == RESUME_USED)
    {	/* Per RFC 7677 section 4.  See also RFC 7627, "Triple Handshake"
	vulnerability, and https://www.mitls.org/pages/attacks/3SHAKE */
    string_format(buffer, buffsize, "%s",
      "channel binding not usable on resumed TLS without extended-master-secret");
    return FAIL;
    }
# endif
# ifdef CHANNELBIND_HACK
  /* This is a gross hack to get around the library before 1.9.2
  a) requiring that c-b was already set, at the _start() call, and
  b) caching a b64'd version of the binding then which it never updates. */

  gsasl_callback_hook_set(gsasl_ctx, tls_out.channelbinding);
# endif


/* Set properties */

if (  !set_client_prop(sctx, GSASL_PASSWORD, ob->client_password,
		  0, buffer, buffsize)
      &&
      !set_client_prop(sctx, GSASL_PASSWORD, ob->client_password,
		  0, buffer, buffsize)
   || !set_client_prop(sctx, GSASL_AUTHID, ob->client_username,
		  0, buffer, buffsize)

for(s = NULL; ;)
  {
  uschar * outstr;
  BOOL fail = TRUE;

  rc = gsasl_step64(sctx, CS s, CSS &outstr);

  if (rc == GSASL_NEEDS_MORE || rc == GSASL_OK)
    ? smtp_write_command(sx, SCMD_FLUSH,
			outstr ? "AUTH %s %s\r\n" : "AUTH %s\r\n",
			ablock->public_name, outstr) <= 0
    : outstr
    ? smtp_write_command(sx, SCMD_FLUSH, "%s\r\n", outstr) <= 0
    : FALSE;
  if (outstr && *outstr) free(outstr);
  if (fail)
    {
    fail = initial
      ? smtp_write_command(sx, SCMD_FLUSH,
			  outstr ? "AUTH %s %s\r\n" : "AUTH %s\r\n",
			  ablock->public_name, outstr) <= 0
      : outstr
      ? smtp_write_command(sx, SCMD_FLUSH, "%s\r\n", outstr) <= 0
      : FALSE;
    free(outstr);
    if (fail)
      {
      yield = FAIL_SEND;
      goto done;
      }
    initial = FALSE;
    }
  initial = FALSE;

  if (rc != GSASL_NEEDS_MORE)
    {

  }

done:
if (yield == OK)
  {
  expand_nmax = 0;
  set_exim_authvar_from_prop(sctx, GSASL_AUTHID);
  set_exim_authvar_from_prop(sctx, GSASL_SCRAM_ITER);
  set_exim_authvar_from_prop(sctx, GSASL_SCRAM_SALT);
  set_exim_authvar_from_prop(sctx, GSASL_SCRAM_SALTED_PASSWORD);
  }

gsasl_finish(sctx);

	    gsasl_prop_code_to_name(prop), ablock->name, ablock->public_name);
switch (prop)
  {
  case GSASL_CB_TLS_UNIQUE:	/*XXX should never get called for this */
    HDEBUG(D_auth)
      debug_printf(" filling in\n");
    gsasl_property_set(sctx, GSASL_CB_TLS_UNIQUE, CCS tls_out.channelbinding);
    return GSASL_OK;
  case GSASL_SCRAM_SALTED_PASSWORD:
    {
    uschar * client_spassword =
      ((auth_gsasl_options_block *) ablock->options_block)->client_spassword;
    uschar dummy[4];
    HDEBUG(D_auth) if (!client_spassword)
      debug_printf(" client_spassword option unset\n");
    if (client_spassword)
      {
      expand_nmax = 0;
      set_exim_authvar_from_prop(sctx, GSASL_AUTHID);
      set_exim_authvar_from_prop(sctx, GSASL_SCRAM_ITER);
      set_exim_authvar_from_prop(sctx, GSASL_SCRAM_SALT);
      set_client_prop(sctx, GSASL_SCRAM_SALTED_PASSWORD, client_spassword,
		  0, dummy, sizeof(dummy));
      for (int i = 0; i < AUTH_VARS; i++) auth_vars[i] = NULL;
      expand_nmax = 0;
      }
    break;
    }
  default:
    HDEBUG(D_auth)
      debug_printf(" not providing one\n");

*                Diagnostic API                  *
*************************************************/

gstring *
auth_gsasl_version_report(gstring * g)
{
return string_fmt_append(g, "Library version: GNU SASL: Compile: %s\n"
			    "                           Runtime: %s\n",
	GSASL_VERSION, gsasl_check_version(NULL));
	   "                           Runtime: %s\n",
	GSASL_VERSION, runtime);
}






*     Exim - an Internet mail transport agent    *
*************************************************/

/* Copyright (c) The Exim Maintainers 2019 - 2022 */
/* Copyright (c) University of Cambridge 1995 - 2012 */
/* Copyright (c) The Exim Maintainers 2019-2020 */
/* See the file NOTICE for conditions of use and distribution. */

/* Copyright (c) Twitter Inc 2012 */

extern int auth_gsasl_server(auth_instance *, uschar *);
extern int auth_gsasl_client(auth_instance *, void *,
				int, uschar *, int);
extern gstring * auth_gsasl_version_report(gstring *);
extern void auth_gsasl_macros(void);

/* End of gsasl_exim.h */




*     Exim - an Internet mail transport agent    *
*************************************************/

/* Copyright (c) The Exim Maintainers 2020 - 2022 */
/* Copyright (c) University of Cambridge 1995 - 2018 */
/* Copyright (c) The Exim Maintainers 2020 */
/* See the file NOTICE for conditions of use and distribution. */

/* Copyright (c) Twitter Inc 2012

int auth_heimdal_gssapi_server(auth_instance *ablock, uschar *data) {return 0;}
int auth_heimdal_gssapi_client(auth_instance *ablock, void * sx,
  int timeout, uschar *buffer, int buffsize) {return 0;}
gstring * auth_heimdal_gssapi_version_report(gstring * g) {}

#else   /*!MACRO_PREDEF*/


*                Diagnostic API                  *
*************************************************/

gstring *
auth_heimdal_gssapi_version_report(gstring * g)
{
/* No build-time constants available unless we link against libraries at
build-time and export the result as a string into a header ourselves. */

return string_fmt_append(g, "Library version: Heimdal: Runtime: %s\n"
			    " Build Info: %s\n",
	heimdal_version, heimdal_long_version));
}

#endif   /*!MACRO_PREDEF*/

Lines 2-7 Link Here

(-)exim.orig/src/auths/heimdal_gssapi.h (-1 / +2 lines)
2	* Exim - an Internet mail transport agent *	2	* Exim - an Internet mail transport agent *
3	*************************************************/	3	*************************************************/
4		4
		5	/* Copyright (c) The Exim Maintainers 2022 */
5	/* Copyright (c) University of Cambridge 1995 - 2012 */	6	/* Copyright (c) University of Cambridge 1995 - 2012 */
6	/* See the file NOTICE for conditions of use and distribution. */	7	/* See the file NOTICE for conditions of use and distribution. */
7		8
Lines 33-38 Link Here
33	extern void auth_heimdal_gssapi_init(auth_instance *);	34	extern void auth_heimdal_gssapi_init(auth_instance *);
34	extern int auth_heimdal_gssapi_server(auth_instance , uschar );	35	extern int auth_heimdal_gssapi_server(auth_instance , uschar );
35	extern int auth_heimdal_gssapi_client(auth_instance , void , int, uschar *, int);	36	extern int auth_heimdal_gssapi_client(auth_instance , void , int, uschar *, int);
36	extern void auth_heimdal_gssapi_version_report(FILE *f);	37	extern void auth_heimdal_gssapi_version_report(BOOL);
37		38
38	/* End of heimdal_gssapi.h */	39	/* End of heimdal_gssapi.h */

Lines 3-9 Link Here

(-)exim.orig/src/auths/plaintext.c (-2 / +2 lines)
3	*************************************************/	3	*************************************************/
4		4
5	/* Copyright (c) University of Cambridge 1995 - 2018 */	5	/* Copyright (c) University of Cambridge 1995 - 2018 */
6	/* Copyright (c) The Exim Maintainers 2020 */	6	/* Copyright (c) The Exim Maintainers 2020 - 2021 */
7	/* See the file NOTICE for conditions of use and distribution. */	7	/* See the file NOTICE for conditions of use and distribution. */
8		8
9	#include "../exim.h"	9	#include "../exim.h"
Lines 109-115 Link Here
109	out as prompts, and get a data item back. If the data item is "*", abandon the	109	out as prompts, and get a data item back. If the data item is "*", abandon the
110	authentication attempt. Otherwise, split it into items as above. */	110	authentication attempt. Otherwise, split it into items as above. */
111		111
112	while ( (s = string_nextinlist(&prompts, &sep, big_buffer, big_buffer_size))	112	while ( (s = string_nextinlist(&prompts, &sep, NULL, 0))
113	&& expand_nmax < EXPAND_MAXN)	113	&& expand_nmax < EXPAND_MAXN)
114	if (number++ > expand_nmax)	114	if (number++ > expand_nmax)
115	if ((rc = auth_prompt(CUS s)) != OK)	115	if ((rc = auth_prompt(CUS s)) != OK)




 * Tim Martin
 * $Id: checkpw.c,v 1.49 2002/03/07 19:14:04 ken3 Exp $
 */
/* Copyright (c) The Exim Maintainers 2021 - 2022 */
/*
 * Copyright (c) 2001 Carnegie Mellon University.  All rights reserved.
 *

                            const char *passwd,
                            const char **reply)
{
userid = userid;  /* Keep picky compilers happy */
passwd = passwd;
*reply = "pwcheck support is not included in this Exim binary";
return PWCHECK_FAIL;
}

                const uschar *realm,
                const uschar **reply)
{
userid = userid;  /* Keep picky compilers happy */
passwd = passwd;
service = service;
realm = realm;
*reply = US"saslauthd support is not included in this Exim binary";
return PWCHECK_FAIL;
}

            return -1;
        } else {
	    /* Assume the file is trusted, so no tainting */
            *retval = store_get(count + 1, GET_UNTAINTED);
            rc = (retry_read(fd, *retval, count) < (int) count);
            (*retval)[count] = '\0';
            return count;

Lines 2-7 Link Here

(-)exim.orig/src/auths/xtextdecode.c (-1 / +2 lines)
2	* Exim - an Internet mail transport agent *	2	* Exim - an Internet mail transport agent *
3	*************************************************/	3	*************************************************/
4		4
		5	/* Copyright (c) The Exim Maintainers 2022 */
5	/* Copyright (c) University of Cambridge 1995 - 2009 */	6	/* Copyright (c) University of Cambridge 1995 - 2009 */
6	/* See the file NOTICE for conditions of use and distribution. */	7	/* See the file NOTICE for conditions of use and distribution. */
7		8
Lines 33-39 Link Here
33	auth_xtextdecode(uschar code, uschar *ptr)	34	auth_xtextdecode(uschar code, uschar *ptr)
34	{	35	{
35	register int x;	36	register int x;
36	uschar *result = store_get(Ustrlen(code) + 1, is_tainted(code));	37	uschar * result = store_get(Ustrlen(code) + 1, code);
37	*ptr = result;	38	*ptr = result;
38		39
39	while ((x = (*code++)) != 0)	40	while ((x = (*code++)) != 0)

Lines 2-7 Link Here

(-)exim.orig/src/auths/xtextencode.c (-1 / +2 lines)
2	* Exim - an Internet mail transport agent *	2	* Exim - an Internet mail transport agent *
3	*************************************************/	3	*************************************************/
4		4
		5	/* Copyright (c) The Exim Maintainers 2022 */
5	/* Copyright (c) University of Cambridge 1995 - 2018 */	6	/* Copyright (c) University of Cambridge 1995 - 2018 */
6	/* See the file NOTICE for conditions of use and distribution. */	7	/* See the file NOTICE for conditions of use and distribution. */
7		8
Lines 40-46 Link Here
40	while (c -- > 0)	41	while (c -- > 0)
41	count += ((x = *p++) < 33 \|\| x > 127 \|\| x == '+' \|\| x == '=')? 3 : 1;	42	count += ((x = *p++) < 33 \|\| x > 127 \|\| x == '+' \|\| x == '=')? 3 : 1;
42		43
43	pp = code = store_get(count, is_tainted(clear));	44	pp = code = store_get(count, clear);
44		45
45	p = US clear;	46	p = US clear;
46	c = len;	47	c = len;




/* License: GPL */

/* Copyright (c) University of Cambridge 1995 - 2018 */
/* Copyright (c) The Exim Maintainers 2020 - 2022 */
/* See the file NOTICE for conditions of use and distribution. */



int x, y;
uschar *result;

 {
  int l = Ustrlen(code);
  *ptr = result = store_get(1 + l/4 * 3 + l%4, code);
 }

/* Each cycle of the loop handles a quantum of 4 input bytes. For the last
quantum this may decode to 1, 2, or 3 output bytes. */

Arguments:
  clear       points to the clear text bytes
  len         the number of bytes to encode
  proto_mem   taint indicator

Returns:      a pointer to the zero-terminated base 64 string, which
              is in working store

  US"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";

uschar *
b64encode_taint(const uschar * clear, int len, const void * proto_mem)
{
uschar * code = store_get(4*((len+2)/3) + 1, proto_mem);
uschar * p = code;

while (len-- >0)
  {

uschar *
b64encode(const uschar * clear, int len)
{
return b64encode_taint(clear, len, clear);
}






/* Code for calling Brightmail AntiSpam.
   Copyright (c) Tom Kistner <tom@duncanthrax.net> 2004
   License: GPL */
/* Copyright (c) The Exim Maintainers 2021 - 2022 */

#include "exim.h"
#ifdef EXPERIMENTAL_BRIGHTMAIL

  /* Get store for the verdict string.  Since we are processing message data, assume that
  the verdict is tainted.  XXX this should use a growable-string  */

  verdicts = store_get(1, GET_TAINTED);
  *verdicts = '\0';

  for ( err = bmiAccessFirstVerdict(message, &verdict);
        verdict;
        err = bmiAccessNextVerdict(message, verdict, &verdict) ) {
    char *verdict_str;

    err = bmiCreateStrFromVerdict(verdict,&verdict_str);
    if (!store_extend(verdicts,
	  Ustrlen(verdicts)+1, Ustrlen(verdicts)+1+strlen(verdict_str)+1)) {
      /* can't allocate more store */
      return NULL;

  }
  else {
    /* deliver to alternate location */
    rc = store_get(strlen(bmiVerdictAccessDestination(verdict))+1, GET_TAINTED);
    Ustrcpy(rc, bmiVerdictAccessDestination(verdict));
    rc[strlen(bmiVerdictAccessDestination(verdict))] = '\0';
  };

    return NULL;

  /* allocate room for the b64 verdict string */
  verdict_buffer = store_get(Ustrlen(bmi_verdicts)+1, GET_TAINTED);

  /* loop through verdicts */
  verdict_ptr = bmi_verdicts;

  }

  /* loop through numbers */
  /* option_list doesn't seem to be expanded so cannot be tainted.  If it ever is we
  will trap here */
  rule_ptr = option_list;
  while ((rule_num = string_nextinlist(&rule_ptr, &sep,
                                       rule_buffer, sizeof(rule_buffer)))) {
    int rule_int = -1;

    /* try to translate to int */




*     Exim - an Internet mail transport agent    *
*************************************************/

/* Copyright (c) The Exim Maintainers 2022 */
/* Copyright (c) University of Cambridge 1995 - 2018 */
/* See the file NOTICE for conditions of use and distribution. */


  char *data;
} save_item;

static const char *db_opts[] = { "", "USE_DB", "USE_GDBM", "USE_TDB", "USE_NDBM" };

static int have_ipv6 = 0;
static int have_iconv = 0;


/* Now search the makefile for certain settings */

if (!(base = fopen("Makefile", "rb")))
if (base == NULL)
  {
  printf("*** Buildconfig: failed to open Makefile\n");
  (void)fclose(new);

  encountered. */

  for (i = 1; i < sizeof(db_opts)/sizeof(char *); i++)
    {
    if (strcmp(name, db_opts[i]) == 0)
      {
      if (use_which_db == i)

        fprintf(new, "/* %s not set */\n", name);
      break;
      }
    }
  if (i < sizeof(db_opts)/sizeof(char *)) continue;

  /* EXIM_USER is a special case. We look in the environment for EXIM_USER or




*     Exim - an Internet mail transport agent    *
*************************************************/

/* Copyright (c) The Exim Maintainers 2020 - 2022 */
/* Copyright (c) University of Cambridge 1995 - 2015 */
/* Copyright (c) The Exim Maintainers 2020 */
/* See the file NOTICE for conditions of use and distribution. */



Returns:       nothing
*/

void
force_fd(int oldfd, int newfd)
{
if (oldfd == newfd) return;

int extra = pcount ? *pcount : 0;
uschar **argv;

argv = store_get((extra + acount + MAX_CLMACROS + 24) * sizeof(char *), GET_UNTAINTED);

/* In all case, the list starts out with the path, any macros, and a changed
config file. */

argv[n++] = exim_path;		/* assume untainted */
if (clmacro_count > 0)
  {
  memcpy(argv + n, clmacros, clmacro_count * sizeof(uschar *));
  n += clmacro_count;
  }
if (f.config_changed)
  { argv[n++] = US"-C"; argv[n++] = config_main_filename; }
  argv[n++] = US"-C";
  argv[n++] = config_main_filename;
  }

/* These values are added only for non-minimal cases. If debug_selector is
precisely D_v, we have to assume this was started by a non-admin user, and

  else
    {
    if (debug_selector != 0)
      {
      argv[n++] = string_sprintf("-d=0x%x", debug_selector);
      if (debug_fd > 2)
	{
	int flags = fcntl(debug_fd, F_GETFD);
	if (flags != -1) (void)fcntl(debug_fd, F_SETFD, flags & ~FD_CLOEXEC);
	close(2);
	dup2(debug_fd, 2);
	close(debug_fd);
	}
      }
    }
  if (debug_pretrigger_buf)
    { argv[n++] = US"-dp"; argv[n++] = string_sprintf("0x%x", debug_pretrigger_bsize); }
  if (dtrigger_selector != 0)
    argv[n++] = string_sprintf("-dt=0x%x", dtrigger_selector);
  DEBUG(D_any)
    {
    argv[n++] = US"-MCd";
    argv[n++] = US process_purpose;
    }
  if (!f.testsuite_delays)	argv[n++] = US"-odd";
  if (f.dont_deliver)		argv[n++] = US"-N";
  if (f.queue_smtp)		argv[n++] = US"-odqs";
  if (f.synchronous_delivery)	argv[n++] = US"-odi";
  if (connection_max_messages >= 0)
    argv[n++] = string_sprintf("-oB%d", connection_max_messages);
  if (*queue_name)
    { argv[n++] = US"-MCG"; argv[n++] = queue_name; }
    argv[n++] = US"-MCG";
    argv[n++] = queue_name;
    }
  }

/* Now add in any others that are in the call. Remember which they were,

execv(CS argv[0], (char *const *)argv);

log_write(0,
  LOG_MAIN | (exec_type == CEE_EXEC_EXIT ? LOG_PANIC : LOG_PANIC_DIE),
  "re-exec of exim (%s) with %s failed: %s", exim_path, argv[first_special],
  strerror(errno));


    }
  }

testharness_pause_ms(100); /* let child work even longer, for exec */

/* Parent process. Save fork() errno and close the reading end of the stdin
pipe. */


int inpfd[2], outpfd[2];
pid_t pid;

if (is_tainted(argv[0]))
  {
  log_write(0, LOG_MAIN | LOG_PANIC, "Attempt to exec tainted path: '%s'", argv[0]);
  errno = EPERM;
  return (pid_t)(-1);
  }

/* Create the pipes. */

if (pipe(inpfd) != 0) return (pid_t)(-1);

Lines 2-9 Link Here

(-)exim.orig/src/config.h.defaults (-8 / +11 lines)
2	* Exim - an Internet mail transport agent *	2	* Exim - an Internet mail transport agent *
3	*************************************************/	3	*************************************************/
4		4
		5	/* Copyright (c) The Exim Maintainers 2018 - 2022 */
5	/* Copyright (c) University of Cambridge 1995 - 2018 */	6	/* Copyright (c) University of Cambridge 1995 - 2018 */
6	/* Copyright (c) The Exim Maintainers 2018-2020 */
7	/* See the file NOTICE for conditions of use and distribution. */	7	/* See the file NOTICE for conditions of use and distribution. */
8		8
9	/* The default settings for Exim configuration variables. A #define without	9	/* The default settings for Exim configuration variables. A #define without
Lines 31-37 Link Here
31	#define AUTH_SPA	31	#define AUTH_SPA
32	#define AUTH_TLS	32	#define AUTH_TLS
33		33
34	#define AUTH_VARS 3	34	#define AUTH_VARS 4
35		35
36	#define BIN_DIRECTORY	36	#define BIN_DIRECTORY
37		37
Lines 46-59 Link Here
46	#define DEFAULT_CRYPT crypt	46	#define DEFAULT_CRYPT crypt
47	#define DELIVER_IN_BUFFER_SIZE 8192	47	#define DELIVER_IN_BUFFER_SIZE 8192
48	#define DELIVER_OUT_BUFFER_SIZE 8192	48	#define DELIVER_OUT_BUFFER_SIZE 8192
		49
		50	#define DISABLE_CLIENT_CMD_LOG
		51	#define DISABLE_D_OPTION
49	#define DISABLE_DNSSEC	52	#define DISABLE_DNSSEC
50	#define DISABLE_DKIM	53	#define DISABLE_DKIM
51	#define DISABLE_EVENT	54	#define DISABLE_EVENT
52	#define DISABLE_OCSP	55	#define DISABLE_OCSP
53	#define DISABLE_PIPE_CONNECT	56	#define DISABLE_PIPE_CONNECT
54	#define DISABLE_PRDR	57	#define DISABLE_PRDR
		58	#define DISABLE_QUEUE_RAMP
55	#define DISABLE_TLS	59	#define DISABLE_TLS
56	#define DISABLE_D_OPTION	60	#define DISABLE_TLS_RESUME
57		61
58	#define ENABLE_DISABLE_FSYNC	62	#define ENABLE_DISABLE_FSYNC
59		63
Lines 97-102 Link Here
97	#define LOOKUP_IBASE	101	#define LOOKUP_IBASE
98	#define LOOKUP_JSON	102	#define LOOKUP_JSON
99	#define LOOKUP_LDAP	103	#define LOOKUP_LDAP
		104	#define LOOKUP_LMDB
100	#define LOOKUP_LSEARCH	105	#define LOOKUP_LSEARCH
101	#define LOOKUP_MYSQL	106	#define LOOKUP_MYSQL
102	#define LOOKUP_NIS	107	#define LOOKUP_NIS
Lines 156-161 Link Here
156	#define SUPPORT_PROXY	161	#define SUPPORT_PROXY
157	#define SUPPORT_SOCKS	162	#define SUPPORT_SOCKS
158	#define SUPPORT_SPF	163	#define SUPPORT_SPF
		164	#define SUPPORT_SRS
159	#define SUPPORT_TRANSLATE_IP_ADDRESS	165	#define SUPPORT_TRANSLATE_IP_ADDRESS
160		166
161	#define SYSLOG_LOG_PID	167	#define SYSLOG_LOG_PID
Lines 175-180 Link Here
175	#define USE_GDBM	181	#define USE_GDBM
176	#define USE_GNUTLS	182	#define USE_GNUTLS
177	#define AVOID_GNUTLS_PKCS11	183	#define AVOID_GNUTLS_PKCS11
		184	#define USE_NDBM
178	#define USE_OPENSSL	185	#define USE_OPENSSL
179	#define USE_READLINE	186	#define USE_READLINE
180	#define USE_TCP_WRAPPERS	187	#define USE_TCP_WRAPPERS
Lines 201-212 Link Here
201	#define EXPERIMENTAL_BRIGHTMAIL	208	#define EXPERIMENTAL_BRIGHTMAIL
202	#define EXPERIMENTAL_DCC	209	#define EXPERIMENTAL_DCC
203	#define EXPERIMENTAL_DSN_INFO	210	#define EXPERIMENTAL_DSN_INFO
204	#define EXPERIMENTAL_LMDB	211	#define EXPERIMENTAL_ESMTP_LIMITS
205	#define EXPERIMENTAL_QUEUE_RAMP
206	#define EXPERIMENTAL_QUEUEFILE	212	#define EXPERIMENTAL_QUEUEFILE
207	#define EXPERIMENTAL_SRS
208	#define EXPERIMENTAL_SRS_NATIVE
209	#define EXPERIMENTAL_TLS_RESUME
210		213
211		214
212	/* For developers */	215	/* For developers */




# spamd_address = 127.0.0.1 783


# If Exim is compiled with support for TLS, you may want to change the
# following option so that Exim disallows certain clients from makeing encrypted
# connections. The default is to allow all.
# In the authenticators section below, there are template configurations for
# plaintext username/password authentication. This kind of authentication is
# only safe when used within a TLS connection, so the authenticators will only
# work if TLS is allowed here.

# This is equivalent to the default.

# tls_advertise_hosts = *


# tls_privatekey = /etc/ssl/exim.pem

# For OpenSSL, prefer EC- over RSA-authenticated ciphers
.ifdef _HAVE_OPENSSL
tls_require_ciphers = ECDSA:RSA:!COMPLEMENTOFDEFAULT
.endif

# Don't offer resumption to (most) MUAs, who we don't want to reuse
# tickets.  Once the TLS extension for vended ticket numbers comes
# though, re-examine since resumption on a single-use ticket is still a benefit.
.ifdef _HAVE_TLS_RESUME
tls_resumption_hosts = ${if inlist {$received_port}{587:465} {:}{*}}
.endif

# In order to support roaming users who wish to send email from anywhere,
# you may want to make Exim listen on other ports as well as port 25, in

          control       = submission
          control       = dkim_disable_verify

  # Insist that a HELO/EHLO was accepted.

  require message       = nice hosts say HELO first
          condition     = ${if def:sender_helo_name}

  # Insist that any other recipient address that we accept is either in one of
  # our local domains, or is in a domain for which we explicitly allow
  # relaying. Any other domain is rejected as being unacceptable for relaying.

  # to the first recipient must be deferred unless the sender talks PRDR.
  #
  # defer  !condition     = $prdr_requested
  #        condition      = ${if > {0}{$recipients_count}}
  #        condition      = ${if !eq {$acl_m_content_filter} \
  #                                  {${lookup PER_RCPT_CONTENT_FILTER}}}
  # warn   !condition     = $prdr_requested
  #        condition      = ${if > {0}{$recipients_count}}
  #        set acl_m_content_filter = ${lookup PER_RCPT_CONTENT_FILTER}
  #############################################################################




# This transport is used for delivering messages over SMTP connections.
# Refuse to send any message with over-long lines, which could have
# been received other than via SMTP. The use of message_size_limit to
# enforce this is a red herring.

remote_smtp:
  driver = smtp
.ifdef _HAVE_TLS_RESUME
  tls_resumption_hosts = *
.endif


# This transport is used for delivering messages to a smarthost, if the


smarthost_smtp:
  driver = smtp
  message_size_limit = ${if > {$max_received_linelength}{998} {1}{0}}
  multi_domain
  #
.ifdef _HAVE_TLS

  # request with your smarthost provider to get things fixed:
  hosts_require_tls = *
  tls_verify_hosts = *
  # As long as tls_verify_hosts is enabled, this this will have no effect,
  # but if you have to comment it out then this will at least log whether
  # you succeed or not:
  tls_try_verify_hosts = *
  #
  # The SNI name should match the name which we'll expect to verify;

.ifdef _HAVE_GNUTLS
  tls_require_ciphers = SECURE192:-VERS-SSL3.0:-VERS-TLS1.0:-VERS-TLS1.1
.endif
.ifdef _HAVE_TLS_RESUME
  tls_resumption_hosts = *
.endif
.endif






*     Exim - an Internet mail transport agent    *
*************************************************/

/* Copyright (c) The Exim Maintainers 2020 - 2022 */
/* Copyright (c) University of Cambridge 1995 - 2018 */
/* Copyright (c) The Exim Maintainers 2020 */
/* See the file NOTICE for conditions of use and distribution. */

/* Functions concerned with running Exim as a daemon */

static void
sighup_handler(int sig)
{
sig = sig;    /* Keep picky compilers happy */
sighup_seen = TRUE;
signal(SIGHUP, sighup_handler);
}

static void
main_sigchld_handler(int sig)
{
sig = sig;    /* Keep picky compilers happy */
os_non_restarting_signal(SIGCHLD, SIG_DFL);
sigchld_seen = TRUE;
}


/* SIGTERM handler.  Try to get the daemon pid file removed
before exiting. */

static void


static void
close_daemon_sockets(int daemon_notifier_fd,
  struct pollfd * fd_polls, int listen_socket_count)
{
if (daemon_notifier_fd >= 0)
  {

#endif
  }

for (int i = 0; i < listen_socket_count; i++) (void) close(fd_polls[i].fd);
}



leak store in this process - reset the stacking pool at the end.

Arguments:
  fd_polls        sockets which are listening for incoming calls
  listen_socket_count   count of listening sockets
  accept_socket         socket of the current accepted call
  accepted              socket information about the current call

*/

static void
handle_smtp_call(struct pollfd *fd_polls, int listen_socket_count,
  int accept_socket, struct sockaddr *accepted)
{
pid_t pid;

if (smtp_load_reserve >= 0)
  {
  load_average = OS_GETLOADAVG();
  if (!smtp_reserve_hosts && load_average > smtp_load_reserve)
    {
    DEBUG(D_any) debug_printf("rejecting SMTP connection: load average = %.2f\n",
      (double)load_average/1000.0);

this is in the daemon mainline, only fast expansions (such as inline address
checks) should be used. The documentation is full of warnings. */

if (smtp_accept_max_per_host)
  {
  uschar *expanded = expand_string(smtp_accept_max_per_host);
  if (!expanded)
    {
    if (!f.expand_string_forcedfail)
      log_write(0, LOG_MAIN|LOG_PANIC, "expansion of smtp_accept_max_per_host "

    uschar *s = expanded;
    while (isdigit(*s))
      max_for_this_host = max_for_this_host * 10 + *s++ - '0';
    if (*s)
      log_write(0, LOG_MAIN|LOG_PANIC, "expansion of smtp_accept_max_per_host "
        "for %s contains non-digit: %s", whofrom->s, expanded);
    }

per host_address checks. Note that at this stage smtp_accept_count contains the
count of *other* connections, not including this one. */

if (max_for_this_host > 0 && smtp_accept_count >= max_for_this_host)
    (smtp_accept_count >= max_for_this_host))
  {
  int host_accept_count = 0;
  int other_host_count = 0;    /* keep a count of non matches to optimise */

      early, either by hitting the target, or finding there are not enough
      connections left to make the target. */

      if (  host_accept_count >= max_for_this_host
         || smtp_accept_count - other_host_count < max_for_this_host)
       break;
      }


  {
  uschar *list = hosts_connection_nolog;
  memset(sender_host_cache, 0, sizeof(sender_host_cache));
  if (list && verify_check_host(&list) == OK)
    save_log_selector &= ~L_smtp_connection;
  else
    log_write(L_smtp_connection, LOG_MAIN, "SMTP connection from %s "

  int save_debug_selector = debug_selector;
  BOOL local_queue_only;
  BOOL session_local_queue_only;
#ifdef SA_NOCLDWAIT
  struct sigaction act;
#endif

  smtp_accept_count++;    /* So that it includes this process */

  /* If the listen backlog was over the monitoring level, log it. */

  if (smtp_listen_backlog > smtp_backlog_monitor)
    log_write(0, LOG_MAIN, "listen backlog %d I=[%s]:%d",
		smtp_listen_backlog, interface_address, interface_port);

  /* May have been modified for the subprocess */

  *log_selector = save_log_selector;

  extensive comment before the reception loop in exim.c for a fuller
  explanation of this logic. */

  close_daemon_sockets(daemon_notifier_fd, fd_polls, listen_socket_count);

  /* Set FD_CLOEXEC on the SMTP socket. We don't want any rogue child processes
  to be able to communicate with them, under any circumstances. */

  (void)fcntl(dup_accept_socket, F_SETFD,
              fcntl(dup_accept_socket, F_GETFD) | FD_CLOEXEC);

#ifdef SA_NOCLDWAIT
  act.sa_handler = SIG_IGN;
  sigemptyset(&(act.sa_mask));
  act.sa_flags = SA_NOCLDWAIT;
  sigaction(SIGCHLD, &act, NULL);
#else
  signal(SIGCHLD, SIG_IGN);
#endif
  signal(SIGTERM, SIG_DFL);
  signal(SIGINT, SIG_DFL);


        }
      if (message_id[0] == 0) continue;   /* No message was accepted */
      }
    else				/* bad smtp_setup_msg() */
      {
      if (smtp_out)
	{

      {
      pid_t dpid;

      /* We used to flush smtp_out before forking so that buffered data was not
      duplicated, but now we want to pipeline the responses for data and quit.
      Instead, hard-close the fd underlying smtp_out right after fork to discard
      the data buffer. */
      mac_smtp_fflush();

      if ((dpid = exim_fork(US"daemon-accept-delivery")) == 0)
        {
        (void)fclose(smtp_in);
	(void)close(fileno(smtp_out));
        (void)fclose(smtp_out);
	smtp_in = smtp_out = NULL;

        /* Don't ever molest the parent's SSL connection, but do clean up
        the data structures if necessary. */

the incoming host address and an expanded active_hostname. */

log_close_all();
interface_address = sender_host_name = sender_host_address = NULL;
sender_host_address = NULL;
store_reset(reset_point);
sender_host_address = NULL;
}



the file. FIXME.
Returns: true on success, false + errno==EACCES otherwise
*/

static BOOL
operate_on_pid_file(const enum pid_op operation, const pid_t pid)
{
char pid_line[sizeof(int) * 3 + 2];
const int pid_len = snprintf(pid_line, sizeof(pid_line), "%d\n", (int)pid);
BOOL lines_match = FALSE;
uschar * path, * base, * dir;
char * path = NULL;
char * base = NULL;
char * dir = NULL;

const int dir_flags = O_RDONLY | O_NONBLOCK;
const int base_flags = O_NOFOLLOW | O_NONBLOCK;
const mode_t base_mode = 0644;
struct stat sb;
int cwd_fd = -1, dir_fd = -1, base_fd = -1;
int cwd_fd = -1;
int dir_fd = -1;
int base_fd = -1;

BOOL success = FALSE;
errno = EACCES;


if (!f.running_in_test_harness && real_uid != root_uid && real_uid != exim_uid) goto cleanup;
if (pid_len < 2 || pid_len >= (int)sizeof(pid_line)) goto cleanup;

path = string_copy(pid_file_path);
if ((base = Ustrrchr(path, '/')) == NULL)	/* should not happen, but who knows */
  log_write(0, LOG_MAIN|LOG_PANIC_DIE, "pid file path \"%s\" does not contain a '/'", pid_file_path);

dir = base != path ? path : US"/";
*base++ = '\0';

if (!dir || !*dir || *dir != '/') goto cleanup;
if (!base || !*base || Ustrchr(base, '/') != NULL) goto cleanup;

cwd_fd = open(".", dir_flags);
if (cwd_fd < 0 || fstat(cwd_fd, &sb) != 0 || !S_ISDIR(sb.st_mode)) goto cleanup;
dir_fd = open(CS dir, dir_flags);
if (dir_fd < 0 || fstat(dir_fd, &sb) != 0 || !S_ISDIR(sb.st_mode)) goto cleanup;

/* emulate openat */
if (fchdir(dir_fd) != 0) goto cleanup;
base_fd = open(CS base, O_RDONLY | base_flags);
if (fchdir(cwd_fd) != 0)
  log_write(0, LOG_MAIN|LOG_PANIC_DIE, "can't return to previous working dir: %s", strerror(errno));



  if (strspn(line, "0123456789") != (size_t)len-1) goto cleanup;
  if (line[len-1] != '\n') goto cleanup;
  lines_match = len == pid_len && strcmp(line, pid_line) == 0;
  }

if (operation == PID_WRITE)

      int error = -1;
      /* emulate unlinkat */
      if (fchdir(dir_fd) != 0) goto cleanup;
      error = unlink(CS base);
      if (fchdir(cwd_fd) != 0)
        log_write(0, LOG_MAIN|LOG_PANIC_DIE, "can't return to previous working dir: %s", strerror(errno));
      if (error) goto cleanup;

     }
    /* emulate openat */
    if (fchdir(dir_fd) != 0) goto cleanup;
    base_fd = open(CS base, O_WRONLY | O_CREAT | O_EXCL | base_flags, base_mode);
    if (fchdir(cwd_fd) != 0)
        log_write(0, LOG_MAIN|LOG_PANIC_DIE, "can't return to previous working dir: %s", strerror(errno));
    if (base_fd < 0) goto cleanup;

    int error = -1;
    /* emulate unlinkat */
    if (fchdir(dir_fd) != 0) goto cleanup;
    error = unlink(CS base);
    if (fchdir(cwd_fd) != 0)
        log_write(0, LOG_MAIN|LOG_PANIC_DIE, "can't return to previous working dir: %s", strerror(errno));
    if (error) goto cleanup;

struct sockaddr_un sa_un = {.sun_family = AF_UNIX};
int len;

if (!notifier_socket || !*notifier_socket)
  {
  DEBUG(D_any) debug_printf("-oY used so not creating notifier socket\n");
  return;
  }
if (override_local_interfaces && !override_pid_file_path)
  {
  DEBUG(D_any)

buf[sz] = 0;
switch (buf[0])
  {
#ifndef DISABLE_QUEUE_RAMP
  case NOTIFY_MSG_QRUN:
    /* this should be a message_id */
    DEBUG(D_queue_run)
      debug_printf("%s: qrunner trigger: %s\n", __FUNCTION__, buf+1);
    memcpy(queuerun_msgid, buf+1, MESSAGE_ID_LENGTH+1);
    return TRUE;
#endif

  case NOTIFY_QUEUE_SIZE_REQ:
    {

}




/*************************************************
*              Exim Daemon Mainline              *
*************************************************/

void
daemon_go(void)
{
struct passwd * pw;
struct pollfd * fd_polls, * tls_watch_poll = NULL, * dnotify_poll = NULL;
int listen_socket_count = 0, poll_fd_count;
ip_address_item * addresses = NULL;
time_t last_connection_time = (time_t)0;
int local_queue_run_max = atoi(CS expand_string(queue_run_max));



DEBUG(D_any|D_v) debug_selector |= D_pid;

/* Allocate enough pollstructs for inetd mode plus the ancillary sockets;
also used when there are no listen sockets. */

fd_polls = store_get(sizeof(struct pollfd) * 3, GET_UNTAINTED);

if (f.inetd_wait_mode)
  {
  listen_socket_count = 1;
  listen_sockets = store_get(sizeof(int), FALSE);
  (void) close(3);
  if (dup2(0, 3) == -1)
    log_write(0, LOG_MAIN|LOG_PANIC_DIE,
        "failed to dup inetd socket safely away: %s", strerror(errno));

  fd_polls[0].fd = 3;
  fd_polls[0].events = POLLIN;
  (void) close(0);
  (void) close(1);
  (void) close(2);

  for those OS for which this is necessary the first time it is called (in
  order to perform an "open" on the kernel memory file). */

#ifdef LOAD_AVG_NEEDS_ROOT
  if (queue_only_load >= 0 || smtp_load_reserve >= 0 ||
       (deliver_queue_load_max >= 0 && deliver_drop_privilege))
    (void)os_getloadavg();
#endif
  }



  sep = 0;
  while ((s = string_nextinlist(&list, &sep, NULL, 0)))
    pct++;
  default_smtp_port = store_get((pct+1) * sizeof(int), GET_UNTAINTED);
  list = daemon_smtp_port;
  sep = 0;
  for (pct = 0;


  list = tls_in.on_connect_ports;
  sep = 0;
  /* the list isn't expanded so cannot be tainted.  If it ever is we will trap here */
  while ((s = string_nextinlist(&list, &sep, big_buffer, big_buffer_size)))
    if (!isdigit(*s))
      {

    ipa->port = default_smtp_port[0];
    for (int i = 1; default_smtp_port[i] > 0; i++)
      {
      ip_address_item * new = store_get(sizeof(ip_address_item), GET_UNTAINTED);

      memcpy(new->address, ipa->address, Ustrlen(ipa->address) + 1);
      new->port = default_smtp_port[i];

        }
    }

  /* Get a vector to remember all the sockets in.
  Two extra elements for the ancillary sockets */

  for (ipa = addresses; ipa; ipa = ipa->next)
    listen_socket_count++;
  fd_polls = store_get(sizeof(struct pollfd) * (listen_socket_count + 2),
			    GET_UNTAINTED);
  for (struct pollfd * p = fd_polls; p < fd_polls + listen_socket_count + 2;
       p++)
    { p->fd = -1; p->events = POLLIN; }

  } /* daemon_listen but not inetd_wait_mode */



  if (smtp_accept_max > 0)
    {
    smtp_slots = store_get(smtp_accept_max * sizeof(smtp_slot), GET_UNTAINTED);
    for (int i = 0; i < smtp_accept_max; i++) smtp_slots[i] = empty_smtp_slot;
    }
  }

  for (ipa = addresses, sk = 0; sk < listen_socket_count; ipa = ipa->next, sk++)
    {
    BOOL wildcard;
    ip_address_item * ipa2;
    int fd, af;

    if (Ustrchr(ipa->address, ':') != NULL)
      {

      wildcard = ipa->address[0] == 0;
      }

    if ((fd_polls[sk].fd = fd = ip_socket(SOCK_STREAM, af)) < 0)
      {
      if (check_special_case(0, addresses, ipa, FALSE))
        {

        goto SKIP_SOCKET;
        }
      log_write(0, LOG_PANIC_DIE, "IPv%c socket creation failed: %s",
        af == AF_INET6 ? '6' : '4', strerror(errno));
      }

    /* If this is an IPv6 wildcard socket, set IPV6_V6ONLY if that option is


#ifdef IPV6_V6ONLY
    if (af == AF_INET6 && wildcard &&
        setsockopt(fd, IPPROTO_IPV6, IPV6_V6ONLY, &on, sizeof(on)) < 0)
          sizeof(on)) < 0)
      log_write(0, LOG_MAIN, "Setting IPV6_V6ONLY on daemon's IPv6 wildcard "
        "socket failed (%s): carrying on without it", strerror(errno));
#endif  /* IPV6_V6ONLY */

    is being handled.  Without this, a connection will prevent reuse of the
    smtp port for listening. */

    if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on)) < 0)
                   US (&on), sizeof(on)) < 0)
      log_write(0, LOG_MAIN|LOG_PANIC_DIE, "setting SO_REUSEADDR on socket "
        "failed when starting daemon: %s", strerror(errno));

    /* Set TCP_NODELAY; Exim does its own buffering. There is a switch to
    disable this because it breaks some broken clients. */

    if (tcp_nodelay) setsockopt(fd, IPPROTO_TCP, TCP_NODELAY, &on, sizeof(on));
      US (&on), sizeof(on));

    /* Now bind the socket to the required port; if Exim is being restarted
    it may not always be possible to bind immediately, even with SO_REUSEADDR

    for(;;)
      {
      uschar *msg, *addr;
      if (ip_bind(fd, af, ipa->address, ipa->port) >= 0) break;
      if (check_special_case(errno, addresses, ipa, TRUE))
        {
        DEBUG(D_any) debug_printf("wildcard IPv4 bind() failed after IPv6 "
          "listen() success; EADDRINUSE ignored\n");
        (void)close(fd);
        goto SKIP_SOCKET;
        }
      msg = US strerror(errno);

      else
        debug_printf("listening on %s port %d\n", ipa->address, ipa->port);

    /* Start listening on the bound socket, establishing the maximum backlog of
    connections that is allowed. On success, add to the set of sockets for select
    and continue to the next address. */

#if defined(TCP_FASTOPEN) && !defined(__APPLE__)
    if (  f.tcp_fastopen_ok
       && setsockopt(fd, IPPROTO_TCP, TCP_FASTOPEN,
		    &smtp_connect_backlog, sizeof(smtp_connect_backlog)))
      {
      DEBUG(D_any) debug_printf("setsockopt FASTOPEN: %s\n", strerror(errno));
      f.tcp_fastopen_ok = FALSE;
      }
#endif
    if (listen(fd, smtp_connect_backlog) >= 0)
    /* Start listening on the bound socket, establishing the maximum backlog of
    connections that is allowed. On success, continue to the next address. */

    if (listen(listen_sockets[sk], smtp_connect_backlog) >= 0)
      {
#if defined(TCP_FASTOPEN) && defined(__APPLE__)
      if (  f.tcp_fastopen_ok
	 && setsockopt(fd, IPPROTO_TCP, TCP_FASTOPEN, &on, sizeof(on)))
		      &on, sizeof(on)))
	{
	DEBUG(D_any) debug_printf("setsockopt FASTOPEN: %s\n", strerror(errno));
	f.tcp_fastopen_ok = FALSE;
	}
#endif
      fd_polls[sk].fd = fd;
      continue;
      }



    DEBUG(D_any) debug_printf("wildcard IPv4 listen() failed after IPv6 "
      "listen() success; EADDRINUSE ignored\n");
    (void)close(fd);

    /* Come here if there has been a problem with the socket which we
    are going to ignore. We remove the address from the chain, and back up the

  }

/* Set up the handler for SIGHUP, which causes a restart of the daemon. */

sighup_seen = FALSE;
signal(SIGHUP, sighup_handler);



if (queue_interval > 0 && local_queue_run_max > 0)
  {
  queue_pid_slots = store_get(local_queue_run_max * sizeof(pid_t), GET_UNTAINTED);
  for (int i = 0; i < local_queue_run_max; i++) queue_pid_slots[i] = 0;
  }


#ifdef SUPPORT_SPF
spf_init();
#endif
#ifndef DISABLE_TLS
tls_daemon_init();
#endif

/* Add ancillary sockets to the set for select */

poll_fd_count = listen_socket_count;
#ifndef DISABLE_TLS
if (tls_watch_fd >= 0)
  {
  tls_watch_poll = &fd_polls[poll_fd_count++];
  tls_watch_poll->fd = tls_watch_fd;
  tls_watch_poll->events = POLLIN;
  }
#endif
if (daemon_notifier_fd >= 0)
  {
  dnotify_poll = &fd_polls[poll_fd_count++];
  dnotify_poll->fd = daemon_notifier_fd;
  dnotify_poll->events = POLLIN;
  }

/* Close the log so it can be renamed and moved. In the few cases below where
this long-running process writes to the log (always exceptional conditions), it


for (;;)
  {
  #if HAVE_IPV6
  struct sockaddr_in6 accepted;
  #else
  struct sockaddr_in accepted;
  #endif

  EXIM_SOCKLEN_T len;
  pid_t pid;

  if (sigterm_seen)

    else
      {
      DEBUG(D_any) debug_printf("%s received\n",
#ifndef DISABLE_QUEUE_RAMP
	*queuerun_msgid ? "qrun notification" :
#endif
	"SIGALRM");

          /* Close any open listening sockets in the child */

	  close_daemon_sockets(daemon_notifier_fd,
	    fd_polls, listen_socket_count);

          /* Reset SIGHUP and SIGCHLD in the child in both cases. */


            *p++ = '-';
            *p++ = 'q';
            if (  f.queue_2stage
#ifndef DISABLE_QUEUE_RAMP
	       && !*queuerun_msgid
#endif
	       ) *p++ = 'q';

	    extra[0] = *queue_name
	      ? string_sprintf("%sG%s", opt, queue_name) : opt;

#ifndef DISABLE_QUEUE_RAMP
	    if (*queuerun_msgid)
	      {
	      log_write(0, LOG_MAIN, "notify triggered queue run");


          /* No need to re-exec; SIGALRM remains set to the default handler */

#ifndef DISABLE_QUEUE_RAMP
	  if (*queuerun_msgid)
	    {
	    log_write(0, LOG_MAIN, "notify triggered queue run");

      /* Reset the alarm clock */

      sigalrm_seen = FALSE;
#ifndef DISABLE_QUEUE_RAMP
      if (*queuerun_msgid)
	*queuerun_msgid = 0;
      else


  if (f.daemon_listen)
    {
    int lcount;
    int max_socket = 0;
    BOOL select_failed = FALSE;
    fd_set select_listen;

    FD_ZERO(&select_listen);
    if (daemon_notifier_fd >= 0)
      FD_SET(daemon_notifier_fd, &select_listen);
    for (int sk = 0; sk < listen_socket_count; sk++)
      {
      FD_SET(listen_sockets[sk], &select_listen);
      if (listen_sockets[sk] > max_socket) max_socket = listen_sockets[sk];
      }

    DEBUG(D_any) debug_printf("Listening...\n");


      errno = EINTR;
      }
    else
      lcount = poll(fd_polls, poll_fd_count, -1);
        NULL, NULL, NULL);

    if (lcount < 0)
      {

    old one had just finished. Preserve the errno from any select() failure for
    the use of the common select/accept error processing below. */

      {
      int select_errno = errno;
      handle_ending_processes();

#ifndef DISABLE_TLS
      {
      int old_tfd;
      /* Create or rotate any required keys; handle (delayed) filewatch event */

      if ((old_tfd = tls_daemon_tick()) >= 0)
	for (struct pollfd * p = &fd_polls[listen_socket_count];
	     p < fd_polls + poll_fd_count; p++)
	  if (p->fd == old_tfd) { p->fd = tls_watch_fd ; break; }
      }
#endif
      errno = select_errno;
      }

    /* Loop for all the sockets that are currently ready to go. If select
    actually failed, we have set the count to 1 and select_failed=TRUE, so as

    while (lcount-- > 0)
      {
      int accept_socket = -1;
#if HAVE_IPV6
      struct sockaddr_in6 accepted;
#else
      struct sockaddr_in accepted;
#endif

      if (!select_failed)
	{
#if !defined(DISABLE_TLS) && (defined(EXIM_HAVE_INOTIFY) || defined(EXIM_HAVE_KEVENT))
	if (tls_watch_poll && tls_watch_poll->revents & POLLIN)
	  {
	  tls_watch_poll->revents = 0;
          tls_watch_trigger_time = time(NULL);	/* Set up delayed event */
	  tls_watch_discard_event(tls_watch_fd);
	  break;	/* to top of daemon loop */
	  }
#endif
	if (dnotify_poll && dnotify_poll->revents & POLLIN)
	  {
	  dnotify_poll->revents = 0;
	  sigalrm_seen = daemon_notification();
	  break;	/* to top of daemon loop */
	  }
	for (struct pollfd * p = fd_polls; p < fd_polls + listen_socket_count;
	     p++)
	  if (p->revents & POLLIN)
            {
	    EXIM_SOCKLEN_T alen = sizeof(accepted);
#ifdef TCP_INFO
	    struct tcp_info ti;
	    socklen_t tlen = sizeof(ti);

	    /* If monitoring the backlog is wanted, grab for later logging */

	    smtp_listen_backlog = 0;
	    if (  smtp_backlog_monitor > 0
	       && getsockopt(p->fd, IPPROTO_TCP, TCP_INFO, &ti, &tlen) == 0)
	      {
# ifdef EXIM_HAVE_TCPI_UNACKED
	      DEBUG(D_interface) debug_printf("listen fd %d queue max %u curr %u\n",
		      p->fd, ti.tcpi_sacked, ti.tcpi_unacked);
	      smtp_listen_backlog = ti.tcpi_unacked;
# elif defined(__FreeBSD__)	/* This does not work. Investigate kernel sourcecode. */
	      DEBUG(D_interface) debug_printf("listen fd %d queue max %u curr %u\n",
		      p->fd, ti.__tcpi_sacked, ti.__tcpi_unacked);
	      smtp_listen_backlog = ti.__tcpi_unacked;
# endif
	      }
#endif
	    p->revents = 0;
            accept_socket = accept(p->fd, (struct sockaddr *)&accepted, &alen);
            break;
            }
	}

        else if (  errno != accept_retry_errno
		|| select_failed != accept_retry_select_failed
		|| accept_retry_count >= 50)
	  {
	  log_write(0, LOG_MAIN | (accept_retry_count >= 50 ? LOG_PANIC : 0),
	    "%d %s() failure%s: %s",
	    accept_retry_count,
	    accept_retry_select_failed ? "select" : "accept",
	    accept_retry_count == 1 ? "" : "s",
	    strerror(accept_retry_errno));
	  log_close_all();
	  accept_retry_count = 0;
	  accept_retry_errno = errno;
	  accept_retry_select_failed = select_failed;
	  }
        accept_retry_count++;
        }
      else if (accept_retry_count > 0)
	{
	log_write(0, LOG_MAIN, "%d %s() failure%s: %s",
	  accept_retry_count,
	  accept_retry_select_failed ? "select" : "accept",
	  accept_retry_count == 1 ? "" : "s",
	  strerror(accept_retry_errno));
	log_close_all();
	accept_retry_count = 0;
	}
          accept_retry_count = 0;
          }
        }

      /* If select/accept succeeded, deal with the connection. */

      if (accept_socket >= 0)
        {
#ifdef TCP_QUICKACK /* Avoid pure-ACKs while in tls protocol pingpong phase */
	/* Unfortunately we cannot be certain to do this before a TLS-on-connect
	Client Hello arrives and is acked. We do it as early as possible. */
	(void) setsockopt(accept_socket, IPPROTO_TCP, TCP_QUICKACK, US &off, sizeof(off));
#endif
        if (inetd_wait_timeout)
          last_connection_time = time(NULL);
        handle_smtp_call(fd_polls, listen_socket_count, accept_socket,
          (struct sockaddr *)&accepted);
        }
      }


  else
    {
    struct pollfd p;
    poll(&p, 0, queue_interval * 1000);
    tv.tv_usec = 0;
    select(0, NULL, NULL, NULL, &tv);
    handle_ending_processes();
    }


    {
    log_write(0, LOG_MAIN, "pid %d: SIGHUP received: re-exec daemon",
      getpid());
    close_daemon_sockets(daemon_notifier_fd, fd_polls, listen_socket_count);
      listen_sockets, listen_socket_count);
    ALARM_CLR(0);
    signal(SIGHUP, SIG_IGN);
    sighup_argv[0] = exim_path;




*     Exim - an Internet mail transport agent    *
*************************************************/

/* Copyright (c) The Exim Maintainers 2020 - 2022 */
/* Copyright (c) University of Cambridge 1995 - 2018 */
/* Copyright (c) The Exim Maintainers 2020 */
/* See the file NOTICE for conditions of use and distribution. */


#include "exim.h"

/* We have buffers holding path names for database files.
PATH_MAX could be used here, but would be wasting memory, as we deal
with database files like $spooldirectory/db/<name> */
#define PATHLEN 256


/* Functions for accessing Exim's hints database, which consists of a number of
different DBM files. This module does not contain code for reading DBM files



/*************************************************
*         Berkeley DB error callback             *
*************************************************/

/* For Berkeley DB >= 2, we can define a function to be called in case of DB
errors. This should help with debugging strange DB problems, e.g. getting "File
exists" when you try to open a db file. The API for this function was changed
at DB release 4.3. */

#if defined(USE_DB) && defined(DB_VERSION_STRING)
void
#if DB_VERSION_MAJOR > 4 || (DB_VERSION_MAJOR == 4 && DB_VERSION_MINOR >= 3)
dbfn_bdb_error_callback(const DB_ENV *dbenv, const char *pfx, const char *msg)
{
dbenv = dbenv;
#else
dbfn_bdb_error_callback(const char *pfx, char *msg)
{
#endif
pfx = pfx;
log_write(0, LOG_MAIN, "Berkeley DB error: %s", msg);
}
#endif


/*************************************************
*          Open and lock a database file         *
*************************************************/


int rc, save_errno;
BOOL read_only = flags == O_RDONLY;
flock_t lock_data;
uschar dirname[PATHLEN], filename[PATHLEN];

DEBUG(D_hints_lookup) acl_level++;


if (dbblock->lockfd < 0)
  {
  log_write(0, LOG_MAIN, "%s",
    string_open_failed("database lock file %s", filename));
  errno = 0;      /* Indicates locking failure */
  DEBUG(D_hints_lookup) acl_level--;
  return NULL;

snprintf(CS filename, sizeof(filename), "%s/%s", dirname, name);

priv_drop_temp(exim_uid, exim_gid);
dbblock->dbptr = exim_dbopen(filename, dirname, flags, EXIMDB_MODE);
if (!dbblock->dbptr && errno == ENOENT && flags == O_RDWR)
  {
  DEBUG(D_hints_lookup)
    debug_printf_indent("%s appears not to exist: trying to create\n", filename);
  dbblock->dbptr = exim_dbopen(filename, dirname, flags|O_CREAT, EXIMDB_MODE);
  }
save_errno = errno;
priv_restore();


if (!dbblock->dbptr)
  {
  errno = save_errno;
  if (lof && save_errno != ENOENT)
    log_write(0, LOG_MAIN, "%s", string_open_failed("DB file %s",
        filename));
  else
    DEBUG(D_hints_lookup)
      debug_printf_indent("%s\n", CS string_open_failed("DB file %s",
          filename));
  (void)close(dbblock->lockfd);
  errno = save_errno;

void
dbfn_close(open_db *dbblock)
{
exim_dbclose(dbblock->dbptr);
(void)close(dbblock->lockfd);
DEBUG(D_hints_lookup)
  { debug_printf_indent("closed hints database and lockfile\n"); acl_level--; }

void *yield;
EXIM_DATUM key_datum, result_datum;
int klen = Ustrlen(key) + 1;
uschar * key_copy = store_get(klen, key);

memcpy(key_copy, key, klen);

DEBUG(D_hints_lookup) debug_printf_indent("dbfn_read: key=%s\n", key);

exim_datum_init(&key_datum);         /* Some DBM libraries require the datum */
exim_datum_init(&result_datum);      /* to be cleared before use. */
exim_datum_data_set(&key_datum, key_copy);
exim_datum_size_set(&key_datum, klen);

if (!exim_dbget(dbblock->dbptr, &key_datum, &result_datum)) return NULL;

/* Assume the data store could have been tainted.  Properly, we should
store the taint status with the data. */

yield = store_get(exim_datum_size_get(&result_datum), GET_TAINTED);
memcpy(yield, exim_datum_data_get(&result_datum), exim_datum_size_get(&result_datum));
if (length) *length = exim_datum_size_get(&result_datum);

exim_datum_free(&result_datum);    /* Some DBM libs require freeing */
return yield;
}


/* Read a record.  If the length is not as expected then delete it, write
an error log line, delete the record and return NULL.
Use this for fixed-size records (so not retry or wait records).

Arguments:
  dbblock   a pointer to an open database block
  key       the key of the record to be read
  length    the expected record length

Returns: a pointer to the retrieved record, or
         NULL if the record is not found/bad
*/

void *
dbfn_read_enforce_length(open_db * dbblock, const uschar * key, size_t length)
{
int rlen;
void * yield = dbfn_read_with_length(dbblock, key, &rlen);

if (yield)
  {
  if (rlen == length) return yield;
  log_write(0, LOG_MAIN|LOG_PANIC, "Bad db record size for '%s'", key);
  dbfn_delete(dbblock, key);
  }
return NULL;
}


/*************************************************
*             Write to database file             *

EXIM_DATUM key_datum, value_datum;
dbdata_generic *gptr = (dbdata_generic *)ptr;
int klen = Ustrlen(key) + 1;
uschar * key_copy = store_get(klen, key);

memcpy(key_copy, key, klen);
gptr->time_stamp = time(NULL);

DEBUG(D_hints_lookup) debug_printf_indent("dbfn_write: key=%s\n", key);

exim_datum_init(&key_datum);         /* Some DBM libraries require the datum */
exim_datum_init(&value_datum);       /* to be cleared before use. */
exim_datum_data_set(&key_datum, key_copy);
exim_datum_size_set(&key_datum, klen);
exim_datum_data_set(&value_datum, ptr);
exim_datum_size_set(&value_datum, length);
return exim_dbput(dbblock->dbptr, &key_datum, &value_datum);
}



dbfn_delete(open_db *dbblock, const uschar *key)
{
int klen = Ustrlen(key) + 1;
uschar * key_copy = store_get(klen, key);
EXIM_DATUM key_datum;

DEBUG(D_hints_lookup) debug_printf_indent("dbfn_delete: key=%s\n", key);

memcpy(key_copy, key, klen);
exim_datum_init(&key_datum);         /* Some DBM libraries require clearing */
exim_datum_data_set(&key_datum, key_copy);
exim_datum_size_set(&key_datum, klen);
return exim_dbdel(dbblock->dbptr, &key_datum);
return EXIM_DBDEL(dbblock->dbptr, key_datum);
}



{
EXIM_DATUM key_datum, value_datum;
uschar *yield;
value_datum = value_datum;    /* dummy; not all db libraries use this */

DEBUG(D_hints_lookup) debug_printf_indent("dbfn_scan\n");

/* Some dbm require an initialization */

if (start) *cursor = exim_dbcreate_cursor(dbblock->dbptr);

exim_datum_init(&key_datum);         /* Some DBM libraries require the datum */
exim_datum_init(&value_datum);       /* to be cleared before use. */

yield = exim_dbscan(dbblock->dbptr, &key_datum, &value_datum, start, *cursor)
  ? US exim_datum_data_get(&key_datum) : NULL;

/* Some dbm require a termination */

if (!yield) exim_dbdelete_cursor(*cursor);
return yield;
}


Lines 2-10 Link Here

(-)exim.orig/src/dbfunctions.h (-4 / +9 lines)
2	* Exim - an Internet mail transport agent *	2	* Exim - an Internet mail transport agent *
3	*************************************************/	3	*************************************************/
4		4
5	/* Copyright (c) University of Cambridge 1995 - 2015 */	5	/* Copyright (c) The Exim Maintainers 2022 */
		6	/* Copyright (c) University of Cambridge 1995 - 2021 */
6	/* See the file NOTICE for conditions of use and distribution. */	7	/* See the file NOTICE for conditions of use and distribution. */
7		8
		9	#ifndef DBFUNCTIONS_H
		10	#define DBFUNCTIONS_H
8		11
9	/* Functions for reading/writing exim database files */	12	/* Functions for reading/writing exim database files */
10		13
Lines 12-17 Link Here
12	int dbfn_delete(open_db , const uschar );	15	int dbfn_delete(open_db , const uschar );
13	open_db dbfn_open(uschar , int, open_db *, BOOL, BOOL);	16	open_db dbfn_open(uschar , int, open_db *, BOOL, BOOL);
14	void dbfn_read_with_length(open_db , const uschar , int );	17	void dbfn_read_with_length(open_db , const uschar , int );
		18	void dbfn_read_enforce_length(open_db , const uschar *, size_t);
15	uschar dbfn_scan(open_db , BOOL, EXIM_CURSOR **);	19	uschar dbfn_scan(open_db , BOOL, EXIM_CURSOR **);
16	int dbfn_write(open_db , const uschar , void *, int);	20	int dbfn_write(open_db , const uschar , void *, int);
17		21
Lines 23-33 Link Here
23	changed at release 4.3. */	27	changed at release 4.3. */
24		28
25	#if defined(USE_DB) && defined(DB_VERSION_STRING)	29	#if defined(USE_DB) && defined(DB_VERSION_STRING)
26	#if DB_VERSION_MAJOR > 4 \|\| (DB_VERSION_MAJOR == 4 && DB_VERSION_MINOR >= 3)	30	# if DB_VERSION_MAJOR > 4 \|\| (DB_VERSION_MAJOR == 4 && DB_VERSION_MINOR >= 3)
27	void dbfn_bdb_error_callback(const DB_ENV , const char , const char *);	31	void dbfn_bdb_error_callback(const DB_ENV , const char , const char *);
28	#else	32	# else
29	void dbfn_bdb_error_callback(const char , char );	33	void dbfn_bdb_error_callback(const char , char );
30	#endif	34	# endif
31	#endif	35	#endif
32		36
		37	#endif
33	/* End of dbfunctions.h */	38	/* End of dbfunctions.h */




 * wbreyha@gmx.net
 * See the file NOTICE for conditions of use and distribution.
 *
 * Copyright (c) The Exim Maintainers 2015 - 2021
 */

/* Code for calling dccifd. Called from acl.c. */

int dcc_rc = 0;

/* This function takes a file descriptor and a buffer as input and
returns either 0 for success or errno in case of error. */

static int flushbuffer
(int socket, gstring *buffer)
{
int rsp;

rsp = write(socket, buffer->s, buffer->ptr);
DEBUG(D_acl)
  debug_printf("DCC: flushbuffer(): Result of the write() = %d\n", rsp);
if(rsp < 0)
  {
  DEBUG(D_acl)
    debug_printf("DCC: flushbuffer(): Error writing buffer to socket: %s\n", strerror(errno));
  return errno;
    DEBUG(D_acl)
      debug_printf("DCC: flushbuffer(): Error writing buffer to socket: %s\n", strerror(errno));
    retval = errno;
  }
DEBUG(D_acl)
  debug_printf("DCC: flushbuffer(): Wrote buffer to socket:\n%.*s\n", buffer->ptr, buffer->s);
return 0;
    retval = 0;
  }
  return retval;
}

int
dcc_process(uschar **listptr)
{
int sep = 0;
const uschar *list = *listptr;
FILE *data_file;
uschar *dcc_default_ip_option = US"127.0.0.1";
uschar *dcc_helo_option = US"localhost";
uschar *xtra_hdrs = NULL;
uschar *override_client_ip  = NULL;

/* from local_scan */
int dcc_resplen, retval, sockfd, resp;
unsigned int portnr;
struct sockaddr_un  serv_addr;
struct sockaddr_in  serv_addr_in;
struct hostent *ipaddress;
uschar sockpath[128];
uschar sockip[40], client_ip[40];
gstring *dcc_headers;
gstring *sendbuf;
uschar *dcc_return_text = US"''";
struct header_line *mail_headers;
uschar *dcc_acl_options;
gstring *dcc_xtra_hdrs;
gstring *dcc_header_str;

/* grep 1st option */
if ((dcc_acl_options = string_nextinlist(&list, &sep, NULL, 0)))
  {
  /* parse 1st option */
  if (  strcmpic(dcc_acl_options, US"false") == 0
     || Ustrcmp(dcc_acl_options, "0") == 0)
    return FAIL;	/* explicitly no matching */
  }
else
  return FAIL;	/* empty means "don't match anything" */

  sep = 0;

sep = 0;
  if (dcc_ok)
    return dcc_rc;

/* if we scanned this message last time, just return */
if (dcc_ok)
  return dcc_rc;
    set_subdir_str(message_subdir, message_id, i);
    if ((data_file = Ufopen(
	    spool_fname(US"input", message_subdir, message_id, US"-D"), "rb")))
      break;
  }

  if (!data_file) {
    /* error while spooling */
    log_write(0, LOG_MAIN|LOG_PANIC,
           "DCC: error while opening spool file");
    return DEFER;
  }

  /* Initialize the variables */

/* open the spooled body */
for (int i = 0; i < 2; i++)
  {
  uschar message_subdir[2];
  set_subdir_str(message_subdir, message_id, i);
  if ((data_file = Ufopen(
	  spool_fname(US"input", message_subdir, message_id, US"-D"), "rb")))
    break;
  }

if (!data_file)
  {
  /* error while spooling */
  log_write(0, LOG_MAIN|LOG_PANIC,
	 "DCC: error while opening spool file");
  return DEFER;
  }

/* Initialize the variables */

bzero(sockip,sizeof(sockip));
if (dccifd_address)
  {
  if (dccifd_address[0] == '/')
    Ustrncpy(sockpath, dccifd_address, sizeof(sockpath));
  else
    if( sscanf(CS dccifd_address, "%s %u", sockip, &portnr) != 2)
      {
      log_write(0, LOG_MAIN,
	"DCC: warning - invalid dccifd address: '%s'", dccifd_address);
      (void)fclose(data_file);
      return DEFER;
      }
  }

/* dcc_headers is what we send as dccifd options - see man dccifd */
/* We don't support any other option than 'header' so just copy that */
dcc_headers = string_cat(NULL, dccifd_options);
/* if $acl_m_dcc_override_client_ip is set use it */
if (((override_client_ip = expand_string(US"$acl_m_dcc_override_client_ip")) != NULL) &&
     (override_client_ip[0] != '\0'))
  {
  Ustrncpy(client_ip, override_client_ip, sizeof(client_ip)-1);
  DEBUG(D_acl)
    debug_printf("DCC: Client IP (overridden): %s\n", client_ip);
  }
else if(sender_host_address)
  {
  /* else if $sender_host_address is available use that? */
  Ustrncpy(client_ip, sender_host_address, sizeof(client_ip)-1);
  DEBUG(D_acl)
    debug_printf("DCC: Client IP (sender_host_address): %s\n", client_ip);
  }
else
  {
  /* sender_host_address is NULL which means it comes from localhost */
  Ustrncpy(client_ip, dcc_default_ip_option, sizeof(client_ip)-1);
  DEBUG(D_acl)
    debug_printf("DCC: Client IP (default): %s\n", client_ip);
  }
/* build options block */
dcc_headers = string_append(dcc_headers, 5, US"\n", client_ip, US"\nHELO ", dcc_helo_option, US"\n");

/* initialize the other variables */
mail_headers = header_list;
/* we set the default return value to DEFER */
retval = DEFER;

/* send a null return path as "<>". */
dcc_headers = string_cat (dcc_headers, *sender_address ? sender_address : US"<>");
dcc_headers = string_catn(dcc_headers, US"\n", 1);

/**************************************
 * Now creating the socket connection *
 **************************************/

/* If sockip contains an ip, we use a tcp socket, otherwise a UNIX socket */
if(Ustrcmp(sockip, ""))
  {
  ipaddress = gethostbyname(CS sockip);
  bzero(CS  &serv_addr_in, sizeof(serv_addr_in));
  serv_addr_in.sin_family = AF_INET;
  bcopy(CS ipaddress->h_addr, CS &serv_addr_in.sin_addr.s_addr, ipaddress->h_length);
  serv_addr_in.sin_port = htons(portnr);
  if ((sockfd = socket(AF_INET, SOCK_STREAM,0)) < 0)
    {
    DEBUG(D_acl)
      debug_printf("DCC: Creating TCP socket connection failed: %s\n", strerror(errno));
    log_write(0,LOG_PANIC,"DCC: Creating TCP socket connection failed: %s\n", strerror(errno));
    /* if we cannot create the socket, defer the mail */
    (void)fclose(data_file);
    return retval;
    }
  /* Now connecting the socket (INET) */
  if (connect(sockfd, (struct sockaddr *)&serv_addr_in, sizeof(serv_addr_in)) < 0)
    {
    DEBUG(D_acl)
      debug_printf("DCC: Connecting to TCP socket failed: %s\n", strerror(errno));
    log_write(0,LOG_PANIC,"DCC: Connecting to TCP socket failed: %s\n", strerror(errno));
    /* if we cannot contact the socket, defer the mail */
    (void)fclose(data_file);
    return retval;
    }
  }
else
  {
  /* connecting to the dccifd UNIX socket */
  bzero(&serv_addr, sizeof(serv_addr));
  serv_addr.sun_family = AF_UNIX;
  Ustrncpy(US serv_addr.sun_path, sockpath, sizeof(serv_addr.sun_path));
  if ((sockfd = socket(AF_UNIX, SOCK_STREAM,0)) < 0)
    {
    DEBUG(D_acl)
      debug_printf("DCC: Creating UNIX socket connection failed: %s\n", strerror(errno));
    log_write(0,LOG_PANIC,"DCC: Creating UNIX socket connection failed: %s\n", strerror(errno));
    /* if we cannot create the socket, defer the mail */
    (void)fclose(data_file);
    return retval;
    }
  /* Now connecting the socket (UNIX) */
  if (connect(sockfd, (struct sockaddr *) &serv_addr, sizeof(serv_addr)) < 0)
    {
    DEBUG(D_acl)
      debug_printf("DCC: Connecting to UNIX socket failed: %s\n", strerror(errno));
    log_write(0,LOG_PANIC,"DCC: Connecting to UNIX socket failed: %s\n", strerror(errno));
    /* if we cannot contact the socket, defer the mail */
    (void)fclose(data_file);
    return retval;
    }
  }
/* the socket is open, now send the options to dccifd*/
DEBUG(D_acl)
  debug_printf("DCC: -----------------------------------\nDCC: Socket opened; now sending input\n"
	       "DCC: -----------------------------------\n");

/* let's send each of the recipients to dccifd */
for (int i = 0; i < recipients_count; i++)
  {
  DEBUG(D_acl)
    debug_printf("DCC: recipient = %s\n",recipients_list[i].address);
  dcc_headers = string_append(dcc_headers, 2, recipients_list[i].address, "\n");

  /* let's send each of the recipients to dccifd */
  for (int i = 0; i < recipients_count; i++) {
    DEBUG(D_acl)
      debug_printf("DCC: recipient = %s\n",recipients_list[i].address);
    dcc_headers = string_append(dcc_headers, 2, recipients_list[i].address, "\n");
  }
/* send a blank line between options and message */
dcc_headers = string_catn(dcc_headers, US"\n", 1);
/* Now we send the input buffer */
(void) string_from_gstring(dcc_headers);
DEBUG(D_acl)
  debug_printf("DCC: ***********************************\nDCC: Sending options:\n%s"
	       "DCC: ***********************************\n", dcc_headers->s);
if (flushbuffer(sockfd, dcc_headers) != 0)
  {
  (void)fclose(data_file);
  return retval;
  }

/* now send the message */
/* First send the headers */
DEBUG(D_acl)
  debug_printf("DCC: ***********************************\nDCC: Sending headers:\n");
sendbuf = string_get(8192);
sendbuf = string_catn(sendbuf, mail_headers->text, mail_headers->slen);
while((mail_headers=mail_headers->next))
  sendbuf = string_catn(sendbuf, mail_headers->text, mail_headers->slen);
  while((mail_headers=mail_headers->next)) {
    sendbuf = string_catn(sendbuf, mail_headers->text, mail_headers->slen);
  }

/* a blank line separates header from body */
sendbuf = string_catn(sendbuf, US"\r\n", 2);
(void) string_from_gstring(sendbuf);
gstring_release_unused(sendbuf);
DEBUG(D_acl)
  debug_printf("%sDCC: ***********************************\n", sendbuf->s);
if (flushbuffer(sockfd, sendbuf) != 0)
  {
  (void)fclose(data_file);
  return retval;
  }

/* now send the body */
DEBUG(D_acl)
  debug_printf("DCC: ***********************************\nDCC: Writing body:\n");
(void)fseek(data_file, SPOOL_DATA_START_OFFSET, SEEK_SET);

gstring filebuf = { .size = big_buffer_size, .ptr = 0, .s = big_buffer };

while((filebuf.ptr = fread(filebuf.s, 1, filebuf.size, data_file)) > 0)
  if (flushbuffer(sockfd, &filebuf) != 0)
    {
    (void)fclose(data_file);
    return retval;
    }
DEBUG(D_acl)
  debug_printf("DCC: ***********************************\n");
    debug_printf("DCC: ***********************************\n");

/* shutdown() the socket */
if(shutdown(sockfd, SHUT_WR) < 0)
  {
  DEBUG(D_acl)
    debug_printf("DCC: Couldn't shutdown socket: %s\n", strerror(errno));
  log_write(0,LOG_MAIN,"DCC: Couldn't shutdown socket: %s\n", strerror(errno));
  /* If there is a problem with the shutdown()
   * defer the mail. */
  (void)fclose(data_file);
  return retval;
  }
DEBUG(D_acl)
  debug_printf("DCC: Input sent.\n"
	       "DCC: +++++++++++++++++++++++++++++++++++\n"
	       "DCC: Now receiving output from server\n"
	       "DCC: -----------------------------------\n");

/********************************
 * receiving output from dccifd *
 ********************************/

/******************************************************************
 * We should get 3 lines:                                         *
 * 1/ First line is overall result: either 'A' for Accept,        *
 *    'R' for Reject, 'S' for accept Some recipients or           *
 *    'T' for a Temporary error.                                  *
 * 2/ Second line contains the list of Accepted/Rejected          *
 *    recipients in the form AARRA (A = accepted, R = rejected).  *
 * 3/ Third line contains the X-DCC header.                       *
 ******************************************************************/

int line = 1;    /* we start at the first line of the output */
int bufoffset;

dcc_header_str = string_get(DCC_HEADER_LIMIT + 2);
/* Let's read from the socket until there's nothing left to read */
while((dcc_resplen = read(sockfd, big_buffer, big_buffer_size-1)) > 0)
  {
  /* fail on read error */
  if(dcc_resplen < 0)
    {
    DEBUG(D_acl)
      debug_printf("DCC: Error reading from socket: %s\n", strerror(errno));
    log_write(0,LOG_MAIN,"DCC: Couldn't shutdown socket: %s\n", strerror(errno));
    /* If there is a problem with the shutdown()
     * defer the mail. */
    (void)fclose(data_file);
    return retval;
  }
  DEBUG(D_acl)
    debug_printf("DCC: Input sent.\n"
                 "DCC: +++++++++++++++++++++++++++++++++++\n"
                 "DCC: Now receiving output from server\n"
                 "DCC: -----------------------------------\n");

  /********************************
   * receiving output from dccifd *
   ********************************/

  /******************************************************************
   * We should get 3 lines:                                         *
   * 1/ First line is overall result: either 'A' for Accept,        *
   *    'R' for Reject, 'S' for accept Some recipients or           *
   *    'T' for a Temporary error.                                  *
   * 2/ Second line contains the list of Accepted/Rejected          *
   *    recipients in the form AARRA (A = accepted, R = rejected).  *
   * 3/ Third line contains the X-DCC header.                       *
   ******************************************************************/

  int line = 1;    /* we start at the first line of the output */
  int bufoffset;

  dcc_header_str = string_get(DCC_HEADER_LIMIT + 2);
  /* Let's read from the socket until there's nothing left to read */
  while((dcc_resplen = read(sockfd, big_buffer, big_buffer_size-1)) > 0) {
    /* fail on read error */
    if(dcc_resplen < 0) {
      DEBUG(D_acl)
        debug_printf("DCC: Error reading from socket: %s\n", strerror(errno));
      (void)fclose(data_file);
      return retval;
    }
  /* make the answer 0-terminated. only needed for debug_printf */
  DEBUG(D_acl)
    debug_printf("DCC: Length of the output buffer is: %d\nDCC: Output buffer is:\n"
		 "DCC: -----------------------------------\n%.*s\n"
		 "DCC: -----------------------------------\n", dcc_resplen, dcc_resplen, big_buffer);

  /* Now let's read each character and see what we've got */
  for(bufoffset = 0; bufoffset < dcc_resplen && line <= 2; bufoffset++)
    {
    /* First check if we reached the end of the line and
    then increment the line counter */
    if(big_buffer[bufoffset] == '\n')
      line++;
    else
      {
      /* The first character of the first line is the overall response. If
      there's another character on that line it is not correct. */
      if(line == 1)
	{
	if(bufoffset == 0)
	  {
	  /* Now get the value and set the return value accordingly */
	  switch (big_buffer[bufoffset])
	    {
	    case 'A':
	      DEBUG(D_acl)
		debug_printf("DCC: Overall result = A\treturning OK\n");
	      dcc_return_text = US"Mail accepted by DCC";
	      dcc_result = US"A";
	      retval = OK;
	      break;
	    case 'R':
	      DEBUG(D_acl)
		debug_printf("DCC: Overall result = R\treturning FAIL\n");
	      dcc_return_text = US"Rejected by DCC";
	      dcc_result = US"R";
	      retval = FAIL;
	      if(sender_host_name)
		log_write(0, LOG_MAIN, "H=%s [%s] F=<%s>: rejected by DCC",
			   sender_host_name, sender_host_address, sender_address);
	      else
		log_write(0, LOG_MAIN, "H=[%s] F=<%s>: rejected by DCC",
			   sender_host_address, sender_address);
	      break;
	    case 'S':
	      DEBUG(D_acl)
		debug_printf("DCC: Overall result  = S\treturning OK\n");
	      dcc_return_text = US"Not all recipients accepted by DCC";
	      /* Since we're in an ACL we want a global result so we accept for all */
	      dcc_result = US"A";
	      retval = OK;
	      break;
	    case 'G':
	      DEBUG(D_acl)
		debug_printf("DCC: Overall result  = G\treturning FAIL\n");
	      dcc_return_text = US"Greylisted by DCC";
	      dcc_result = US"G";
	      retval = FAIL;
	      break;
	    case 'T':
	      DEBUG(D_acl)
		debug_printf("DCC: Overall result = T\treturning DEFER\n");
	      dcc_return_text = US"Temporary error with DCC";
	      dcc_result = US"T";
	      retval = DEFER;
	      log_write(0,LOG_MAIN,"Temporary error with DCC: %s\n", big_buffer);
	      break;
	    default:
	      DEBUG(D_acl)
		debug_printf("DCC: Overall result = something else\treturning DEFER\n");
	      dcc_return_text = US"Unknown DCC response";
	      dcc_result = US"T";
	      retval = DEFER;
	      log_write(0,LOG_MAIN,"Unknown DCC response: %s\n", big_buffer);
	      break;
	    }
	}
	else
	  {
	  /* We're on the first line but not on the first character,
	   * there must be something wrong. */
	  DEBUG(D_acl) debug_printf("DCC: Line = %d but bufoffset = %d != 0"
	      "  character is %c - This is wrong!\n", line, bufoffset, big_buffer[bufoffset]);
	  log_write(0,LOG_MAIN,"Wrong header from DCC, output is %s\n", big_buffer);
	  }
	}
      else if(line == 2)
	{
	/* On the second line we get a list of answers for each recipient. We
	don't care about it because we're in an acl and take the global result. */
	}
      }
    }
  if(line > 2)
    {
    /* The third and following lines are the X-DCC header, so we store it in
    dcc_header_str up to our limit. */
    /* check if buffer contains the end of the header .."\n\n" and truncate it */
    if ((big_buffer[dcc_resplen-1] == '\n') &&
	(big_buffer[dcc_resplen-2] == '\n'))
      dcc_resplen -= 2;
    dcc_resplen -= bufoffset;
    if (dcc_header_str->ptr + dcc_resplen > DCC_HEADER_LIMIT)
      {
      dcc_resplen = DCC_HEADER_LIMIT - dcc_header_str->ptr;
      DEBUG(D_acl) debug_printf("DCC: We got more output than we can store"
			 "in the X-DCC header. Truncating at 120 characters.\n");
      }
    dcc_header_str = string_catn(dcc_header_str, &big_buffer[bufoffset], dcc_resplen);
    }
  }
/* We have read everything from the socket. make sure the header ends with "\n" */
dcc_header_str = string_catn(dcc_header_str, US"\n", 1);

(void) string_from_gstring(dcc_header_str);
/* Now let's sum up what we've got. */
DEBUG(D_acl)
  debug_printf("\nDCC: --------------------------\nDCC: Overall result = %d\n"
	       "DCC: X-DCC header: %sReturn message: %s\nDCC: dcc_result: %s\n",
		 retval, dcc_header_str->s, dcc_return_text, dcc_result);

/* We only add the X-DCC header if it starts with X-DCC */
if(!(Ustrncmp(dcc_header_str->s, "X-DCC", 5)))
  {
  dcc_header = dcc_header_str->s;
  if(dcc_direct_add_header)
    {
    header_add(' ' , "%s", dcc_header_str->s);
/* since the MIME ACL already writes the .eml file to disk without DCC Header we've to erase it */
    unspool_mbox();
    }
  }
else
  DEBUG(D_acl)
    debug_printf("DCC: Wrong format of the X-DCC header: %.*s\n", dcc_header_str->ptr, dcc_header_str->s);
  }

/* check if we should add additional headers passed in acl_m_dcc_add_header */
if (dcc_direct_add_header)
  {
  if (((xtra_hdrs = expand_string(US"$acl_m_dcc_add_header")) != NULL) && (xtra_hdrs[0] != '\0'))
    {
    dcc_xtra_hdrs = string_cat(NULL, xtra_hdrs);
    if (dcc_xtra_hdrs->s[dcc_xtra_hdrs->ptr - 1] != '\n')
      dcc_xtra_hdrs = string_catn(dcc_xtra_hdrs, US"\n", 1);
    header_add(' ', "%s", string_from_gstring(dcc_xtra_hdrs));
    DEBUG(D_acl)
      debug_printf("DCC: adding additional headers in $acl_m_dcc_add_header: %.*s", dcc_xtra_hdrs->ptr, dcc_xtra_hdrs->s);
    }
  }

dcc_ok = 1;
/* Now return to exim main process */
DEBUG(D_acl)
  debug_printf("DCC: Before returning to exim main process:\nDCC: return_text = %s - retval = %d\n"
	       "DCC: dcc_result = %s\n", dcc_return_text, retval, dcc_result);

(void)fclose(data_file);
dcc_rc = retval;
return dcc_rc;
}

#endif

Lines 2-7 Link Here

(-)exim.orig/src/debug.c (-15 / +102 lines)
2	* Exim - an Internet mail transport agent *	2	* Exim - an Internet mail transport agent *
3	*************************************************/	3	*************************************************/
4		4
		5	/* Copyright (c) The Exim Maintainers 2015 - 2022 */
5	/* Copyright (c) University of Cambridge 1995 - 2018 */	6	/* Copyright (c) University of Cambridge 1995 - 2018 */
6	/* See the file NOTICE for conditions of use and distribution. */	7	/* See the file NOTICE for conditions of use and distribution. */
7		8
Lines 12-17 Link Here
12	static uschar *debug_ptr = debug_buffer;	13	static uschar *debug_ptr = debug_buffer;
13	static int debug_prefix_length = 0;	14	static int debug_prefix_length = 0;
14		15
		16	static unsigned pretrigger_writeoff;
		17	static unsigned pretrigger_readoff;
15		18
16		19
17	const uschar * rc_names[] = { /* Mostly for debug output */	20	const uschar * rc_names[] = { /* Mostly for debug output */
Lines 52-59 Link Here
52	moves down the page. This function is used only in debugging circumstances. The	55	moves down the page. This function is used only in debugging circumstances. The
53	output is done via debug_printf(). */	56	output is done via debug_printf(). */
54		57
55	#define tree_printlinesize 132 /* line size for printing */	58	#define TREE_PRINTLINESIZE 132 /* line size for printing */
56	static uschar tree_printline[tree_printlinesize];	59	static uschar tree_printline[TREE_PRINTLINESIZE];
57		60
58	/* Internal recursive subroutine.	61	/* Internal recursive subroutine.
59		62
Lines 66-77 Link Here
66	*/	69	*/
67		70
68	static void	71	static void
69	tree_printsub(tree_node *p, int pos, int barswitch)	72	tree_printsub(tree_node * p, int pos, int barswitch)
70	{	73	{
71	if (p->right) tree_printsub(p->right, pos+2, 1);	74	if (p->right) tree_printsub(p->right, pos+2, 1);
72	for (int i = 0; i <= pos-1; i++) debug_printf("%c", tree_printline[i]);	75	for (int i = 0; i <= pos-1; i++) debug_printf_indent(" %c", tree_printline[i]);
73	debug_printf("-->%s [%d]\n", p->name, p->balance);	76	debug_printf_indent(" -->%s [%d]\n", p->name, p->balance);
74	tree_printline[pos] = barswitch? '\|' : ' ';	77	tree_printline[pos] = barswitch ? '\|' : ' ';
75	if (p->left)	78	if (p->left)
76	{	79	{
77	tree_printline[pos+2] = '\|';	80	tree_printline[pos+2] = '\|';
Lines 82-92 Link Here
82	/* The external function, with just a tree node argument. */	85	/* The external function, with just a tree node argument. */
83		86
84	void	87	void
85	debug_print_tree(tree_node *p)	88	debug_print_tree(const char * title, tree_node * p)
86	{	89	{
87	for (int i = 0; i < tree_printlinesize; i++) tree_printline[i] = ' ';	90	debug_printf_indent("%s:\n", title);
88	if (!p) debug_printf("Empty Tree\n"); else tree_printsub(p, 0, 0);	91	for (int i = 0; i < TREE_PRINTLINESIZE; i++) tree_printline[i] = ' ';
89	debug_printf("---- End of tree ----\n");	92	if (!p) debug_printf_indent(" Empty Tree\n"); else tree_printsub(p, 0, 0);
		93	debug_printf_indent("---- End of tree ----\n");
90	}	94	}
91		95
92		96
Lines 316-323 Link Here
316	}	320	}
317	}	321	}
318		322
319	fprintf(debug_file, "%s", CS debug_buffer);	323	if (debug_pretrigger_buf)
320	fflush(debug_file);	324	{
		325	int needed = Ustrlen(debug_buffer)+1, avail;
		326	char c;
		327
		328	if (needed > debug_pretrigger_bsize)
		329	needed = debug_pretrigger_bsize;
		330	if ((avail = pretrigger_readoff - pretrigger_writeoff) <= 0)
		331	avail += debug_pretrigger_bsize;
		332
		333	/* We have a pretrigger set up, trigger not yet hit. Copy the line(s) to the
		334	pretrig buffer, dropping earlier lines if needed but truncating this line if
		335	the pbuf is maxed out. In the PTB the lines are NOT nul-terminated. */
		336
		337	while (avail < needed)
		338	do
		339	{
		340	avail++;
		341	c = debug_pretrigger_buf[pretrigger_readoff];
		342	if (++pretrigger_readoff >= debug_pretrigger_bsize) pretrigger_readoff = 0;
		343	}
		344	while (c && c != '\n' && pretrigger_readoff != pretrigger_writeoff);
		345
		346	needed--;
		347	for (int i = 0; needed; i++, needed--)
		348	{
		349	debug_pretrigger_buf[pretrigger_writeoff] = debug_buffer[i];
		350	if (++pretrigger_writeoff >= debug_pretrigger_bsize) pretrigger_writeoff = 0;
		351	}
		352	}
		353	else
		354	{
		355	fprintf(debug_file, "%s", CS debug_buffer);
		356	fflush(debug_file);
		357	}
321	debug_ptr = debug_buffer;	358	debug_ptr = debug_buffer;
322	debug_prefix_length = 0;	359	debug_prefix_length = 0;
323	}	360	}
Lines 351-357 Link Here
351	g = string_fmt_append(g, " lcl [%s]:%u",	388	g = string_fmt_append(g, " lcl [%s]:%u",
352	inet_ntoa(sinp->sin_addr), ntohs(sinp->sin_port));	389	inet_ntoa(sinp->sin_addr), ntohs(sinp->sin_port));
353	alen = sizeof(*sinp);	390	alen = sizeof(*sinp);
354	if (getpeername(fd, sinp, &alen) == 0)	391	if (getpeername(fd, (struct sockaddr *)sinp, &alen) == 0)
355	g = string_fmt_append(g, " rmt [%s]:%u",	392	g = string_fmt_append(g, " rmt [%s]:%u",
356	inet_ntoa(sinp->sin_addr), ntohs(sinp->sin_port));	393	inet_ntoa(sinp->sin_addr), ntohs(sinp->sin_port));
357	break;	394	break;
Lines 363-369 Link Here
363	inet_ntop(AF_INET6, &sin6p->sin6_addr, CS buf, sizeof(buf)),	400	inet_ntop(AF_INET6, &sin6p->sin6_addr, CS buf, sizeof(buf)),
364	ntohs(sin6p->sin6_port));	401	ntohs(sin6p->sin6_port));
365	alen = sizeof(*sin6p);	402	alen = sizeof(*sin6p);
366	if (getpeername(fd, sin6p, &alen) == 0)	403	if (getpeername(fd, (struct sockaddr *)sin6p, &alen) == 0)
367	g = string_fmt_append(g, " rmt [%s]:%u",	404	g = string_fmt_append(g, " rmt [%s]:%u",
368	inet_ntop(AF_INET6, &sin6p->sin6_addr, CS buf, sizeof(buf)),	405	inet_ntop(AF_INET6, &sin6p->sin6_addr, CS buf, sizeof(buf)),
369	ntohs(sin6p->sin6_port));	406	ntohs(sin6p->sin6_port));
Lines 376-382 Link Here
376	sunp->sun_path[0] ? US"" : US"@",	413	sunp->sun_path[0] ? US"" : US"@",
377	sunp->sun_path[0] ? sunp->sun_path : sunp->sun_path+1);	414	sunp->sun_path[0] ? sunp->sun_path : sunp->sun_path+1);
378	alen = sizeof(*sunp);	415	alen = sizeof(*sunp);
379	if (getpeername(fd, sunp, &alen) == 0)	416	if (getpeername(fd, (struct sockaddr *)sunp, &alen) == 0)
380	g = string_fmt_append(g, " rmt %s%s",	417	g = string_fmt_append(g, " rmt %s%s",
381	sunp->sun_path[0] ? US"" : US"@",	418	sunp->sun_path[0] ? US"" : US"@",
382	sunp->sun_path[0] ? sunp->sun_path : sunp->sun_path+1);	419	sunp->sun_path[0] ? sunp->sun_path : sunp->sun_path+1);
Lines 408-411 Link Here
408	}	445	}
409		446
410		447
		448	/**************************************************************/
		449	/* Pretrigger handling for debug. The debug_printf implementation
		450	diverts output to a circular buffer if the buffer is set up.
		451	The routines here set up the buffer, and unload it to file (and release it).
		452	What ends up in the buffer is subject to the usual debug_selector. */
		453
		454	void
		455	debug_pretrigger_setup(const uschar * size_string)
		456	{
		457	long size = Ustrtol(size_string, NULL, 0);
		458	if (size > 0)
		459	{
		460	unsigned bufsize = MIN(size, 16384);
		461
		462	dtrigger_selector \|= BIT(DTi_pretrigger);
		463	if (debug_pretrigger_buf) store_free(debug_pretrigger_buf);
		464	debug_pretrigger_buf = store_malloc((size_t)(debug_pretrigger_bsize = bufsize));
		465	pretrigger_readoff = pretrigger_writeoff = 0;
		466	}
		467	}
		468
		469	void
		470	debug_trigger_fire(void)
		471	{
		472	int nbytes;
		473
		474	if (!debug_pretrigger_buf) return;
		475
		476	if (debug_file && (nbytes = pretrigger_writeoff - pretrigger_readoff) != 0)
		477	if (nbytes > 0)
		478	fwrite(debug_pretrigger_buf + pretrigger_readoff, 1, nbytes, debug_file);
		479	else
		480	{
		481	fwrite(debug_pretrigger_buf + pretrigger_readoff, 1,
		482	debug_pretrigger_bsize - pretrigger_readoff, debug_file);
		483	fwrite(debug_pretrigger_buf, 1, pretrigger_writeoff, debug_file);
		484	}
		485
		486	debug_pretrigger_discard();
		487	}
		488
		489	void
		490	debug_pretrigger_discard(void)
		491	{
		492	if (debug_pretrigger_buf) store_free(debug_pretrigger_buf);
		493	debug_pretrigger_buf = NULL;
		494	dtrigger_selector = 0;
		495	}
		496
		497
411	/* End of debug.c */	498	/* End of debug.c */




*     Exim - an Internet mail transport agent    *
*************************************************/

/* Copyright (c) The Exim Maintainers 2020 - 2022 */
/* Copyright (c) University of Cambridge 1995 - 2018 */
/* Copyright (c) The Exim Maintainers 2020 */
/* See the file NOTICE for conditions of use and distribution. */

/* The main code for delivering a message. */

static BOOL remove_journal;
static int  parcount = 0;
static pardata *parlist = NULL;
static struct pollfd *parpoll;
static int  return_count;
static uschar *frozen_info = US"";
static uschar *used_return_path = NULL;

address_item *
deliver_make_addr(uschar *address, BOOL copy)
{
address_item * addr = store_get(sizeof(address_item), GET_UNTAINTED);
*addr = address_defaults;
if (copy) address = string_copy(address);
addr->address = address;

  else if (one->port != two->port)
    return FALSE;

#ifdef SUPPORT_DANE
  /* DNSSEC equality */
  if (one->dnssec != two->dnssec) return FALSE;
#endif

  /* Hosts matched */
  one = one->next;
  two = two->next;
  }

if (LOGGING(outgoing_port))
  g = string_fmt_append(g, ":%d", h->port);

if (continue_sequence > 1)		/*XXX this is wrong for a dropped proxyconn.  Would have to pass back from transport */
  g = string_catn(g, US"*", 1);

#ifdef SUPPORT_SOCKS
if (LOGGING(proxy) && proxy_local_address)
  {

if (LOGGING(tls_cipher) && addr->cipher)
  {
  g = string_append(g, 2, US" X=", addr->cipher);
#ifndef DISABLE_TLS_RESUME
  if (LOGGING(tls_resumption) && testflag(addr, af_tls_resume))
    g = string_catn(g, US"*", 1);
#endif



#ifndef DISABLE_EVENT
/* Distribute a named event to any listeners.

Args:	action	config option specifying listener
	event	name of the event
	ev_data	associated data for the event
	errnop	pointer to errno for modification, or null

Return: string expansion from listener, or NULL
*/

uschar *
event_raise(uschar * action, const uschar * event, uschar * ev_data, int * errnop)
{
uschar * s;
if (action)

    {
    DEBUG(D_deliver)
      debug_printf("Event(%s): event_action returned \"%s\"\n", event, s);
    if (errnop)
      *errnop = ERRNO_EVENT;
    return s;
    }
  }

     a filter was used which triggered a fail command (in such a case
     a transport isn't needed).  Convert it to an internal fail event. */

    (void) event_raise(event_action, US"msg:fail:internal", addr->message, NULL);
    }
  }
else

	    || Ustrcmp(addr->transport->driver_name, "smtp") == 0
	    || Ustrcmp(addr->transport->driver_name, "lmtp") == 0
	    || Ustrcmp(addr->transport->driver_name, "autoreply") == 0
	   ? addr->message : NULL,
	   NULL);
  }

deliver_host_port =    save_port;



/*************************************************
*        Generate local part for logging         *
*************************************************/

static uschar *
string_get_lpart_sub(const address_item * addr, uschar * s)
{
#ifdef SUPPORT_I18N
if (testflag(addr, af_utf8_downcvt))
  {
  uschar * t = string_localpart_utf8_to_alabel(s, NULL);
  return t ? t : s;	/* t is NULL on a failed conversion */
  }
#endif
return s;
}

/* This function is a subroutine for use in string_log_address() below.

Arguments:

{
uschar * s;

if (testflag(addr, af_include_affixes) && (s = addr->prefix))
  yield = string_cat(yield, string_get_lpart_sub(addr, s));
  {
#ifdef SUPPORT_I18N
  if (testflag(addr, af_utf8_downcvt))
    s = string_localpart_utf8_to_alabel(s, NULL);
#endif
  yield = string_cat(yield, s);
  }

yield = string_cat(yield, string_get_lpart_sub(addr, addr->local_part));
#ifdef SUPPORT_I18N
if (testflag(addr, af_utf8_downcvt))
  s = string_localpart_utf8_to_alabel(s, NULL);
#endif
yield = string_cat(yield, s);

if (testflag(addr, af_include_affixes) && (s = addr->suffix))
  yield = string_cat(yield, string_get_lpart_sub(addr, s));
  {
#ifdef SUPPORT_I18N
  if (testflag(addr, af_utf8_downcvt))
    s = string_localpart_utf8_to_alabel(s, NULL);
#endif
  yield = string_cat(yield, s);
  }

return yield;
}

#endif

reset_point = store_mark();
g = string_get_tainted(256, GET_TAINTED);	/* addrs will be tainted, so avoid copy */

if (msg)
  g = string_append(g, 2, host_and_ident(TRUE), US" ");

if (*queue_name)
  g = string_append(g, 2, US" Q=", queue_name);

#ifdef EXPERIMENTAL_SRS
if(addr->prop.srs_sender)
  g = string_append(g, 3, US" SRS=<", addr->prop.srs_sender, US">");
#endif

/* You might think that the return path must always be set for a successful
delivery; indeed, I did for some time, until this statement crashed. The case
when it is not set is for a delivery to /dev/null which is optimised by not

  if (addr->host_used)
    {
    g = d_hostlog(g, addr);
    if (continue_sequence > 1)		/*XXX this is wrong for a dropped proxyconn.  Would have to pass back from transport */
      g = string_catn(g, US"*", 1);

#ifndef DISABLE_EVENT
    deliver_host_address = addr->host_used->address;

/* Time on queue and actual time taken to deliver */

if (LOGGING(queue_time))
  g = string_append(g, 2, US" QT=", string_timesince(
    LOGGING(queue_time_exclusive) ? &received_time_complete : &received_time));

if (LOGGING(deliver_time))
  g = string_append(g, 2, US" DT=", string_timediff(&addr->delivery_time));

g = string_fmt_append(g, " defer (%d)", addr->basic_errno);

if (addr->basic_errno > 0)
  g = string_append(g, 2, US": ", US strerror(addr->basic_errno));
    US strerror(addr->basic_errno));

if (addr->host_used)
  g = d_hostlog(g, addr);
  g = string_append(g, 5,
		    US" H=", addr->host_used->name,
		    US" [",  addr->host_used->address, US"]");
  if (LOGGING(outgoing_port))
    {
    int port = addr->host_used->port;
    g = string_fmt_append(g, ":%d", port == PORT_NONE ? 25 : port);
    }
  }

if (LOGGING(deliver_time))
  g = string_append(g, 2, US" DT=", string_timediff(&addr->delivery_time));

  (void)close(addr->return_file);
  }

/* Check if the transport notifed continue-conn status explicitly, and
update our knowlege. */

if (testflag(addr, af_new_conn))       continue_sequence = 1;
else if (testflag(addr, af_cont_conn)) continue_sequence++;

/* The success case happens only after delivery by a transport. */

if (result == OK)

Returns:     nothing
*/

void
deliver_local(address_item *addr, BOOL shadowing)
{
BOOL use_initgroups;


if(addr->prop.errors_address)
  return_path = addr->prop.errors_address;
#ifdef EXPERIMENTAL_SRS
else if (addr->prop.srs_sender)
  return_path = addr->prop.srs_sender;
#endif
else
  return_path = sender_address;

if (tp->return_path)
  {
  uschar * new_return_path = expand_string(tp->return_path);
  if (new_return_path)
    return_path = new_return_path;
  else if (!f.expand_string_forcedfail)
    {
    common_error(TRUE, addr, ERRNO_EXPANDFAIL,
      US"Failed to expand return path \"%s\" in %s transport: %s",
      tp->return_path, tp->name, expand_string_message);
    return;
      }
    }
  else return_path = new_return_path;
  }

/* For local deliveries, one at a time, the value used for logging can just be

    {
    BOOL ok = TRUE;
    set_process_info("delivering %s to %s using %s", message_id,
     addr->local_part, tp->name);

    /* Setting these globals in the subprocess means we need never clear them */
    transport_name = addr->transport->name;
    driver_srcfile = tp->srcfile;
    driver_srcline = tp->srcline;

    /* If a transport filter has been specified, set up its argument list.
    Any errors will get put into the address, and FALSE yielded. */

    if (tp->filter_command)
      {
      ok = transport_set_up_command(&transport_filter_argv,
        tp->filter_command,
        TRUE, PANIC, addr, FALSE, US"transport filter", NULL);
      transport_filter_timeout = tp->filter_timeout;
      }
    else transport_filter_argv = NULL;

    if (ok)
      {
      debug_print_string(tp->debug_string);
      replicate = !(tp->info->code)(addr->transport, addr);
      }
    }


    uschar *s;
    int ret;

    if(  (i = addr2->transport_return, (ret = write(pfd[pipe_write], &i, sizeof(int))) != sizeof(int))
      || (ret = write(pfd[pipe_write], &transport_count, sizeof(transport_count))) != sizeof(transport_count)
      || (ret = write(pfd[pipe_write], &addr2->flags, sizeof(addr2->flags))) != sizeof(addr2->flags)
      || (ret = write(pfd[pipe_write], &addr2->basic_errno,    sizeof(int))) != sizeof(int)
      || (ret = write(pfd[pipe_write], &addr2->more_errno,     sizeof(int))) != sizeof(int)
      || (ret = write(pfd[pipe_write], &addr2->delivery_time,  sizeof(struct timeval))) != sizeof(struct timeval)
      || (i = addr2->special_action, (ret = write(pfd[pipe_write], &i, sizeof(int))) != sizeof(int))
      || (ret = write(pfd[pipe_write], &addr2->transport,
        sizeof(transport_instance *))) != sizeof(transport_instance *)


    len = read(pfd[pipe_read], &addr2->basic_errno,    sizeof(int));
    len = read(pfd[pipe_read], &addr2->more_errno,     sizeof(int));
    len = read(pfd[pipe_read], &addr2->delivery_time,  sizeof(struct timeval));
    len = read(pfd[pipe_read], &i, sizeof(int)); addr2->special_action = i;
    len = read(pfd[pipe_read], &addr2->transport,
      sizeof(transport_instance *));


  deliveries (e.g. to pipes) can take a substantial time. */

  if (!(dbm_file = dbfn_open(US"retry", O_RDONLY, &dbblock, FALSE, TRUE)))
    {
    DEBUG(D_deliver|D_retry|D_hints_lookup)
      debug_printf("no retry data available\n");
    }

  addr2 = addr;
  addr3 = NULL;

    else for (addr2 = addr; addr2; addr2 = addr2->next)
      if (addr2->transport_return == OK)
	{
	addr3 = store_get(sizeof(address_item), GET_UNTAINTED);
	*addr3 = *addr2;
	addr3->next = NULL;
	addr3->shadow_message = US &addr2->shadow_message;

uschar *pattern;
uschar patbuf[256];

/*XXX The list is used before expansion. Not sure how that ties up with the docs */
while (  *aptr
      && (pattern = string_nextinlist(&listptr, &sep, patbuf, sizeof(patbuf)))
      )


/* Loop through all items, reading from the pipe when necessary. The pipe
used to be non-blocking. But I do not see a reason for using non-blocking I/O
here, as the preceding poll() tells us, if data is available for reading.

A read() on a "selected" handle should never block, but(!) it may return
less data then we expected. (The buffer size we pass to read() shouldn't be


      if (!r || !(*ptr & rf_delete))
	{
	r = store_get(sizeof(retry_item), GET_UNTAINTED);
	r->next = addr->retries;
	addr->retries = r;
	r->flags = *ptr++;


      switch (*subid)
	{
	case 3:		/* explicit notification of continued-connection (non)use;
			overrides caller's knowlege. */
	  if (*ptr & BIT(1))      setflag(addr, af_new_conn);
	  else if (*ptr & BIT(2)) setflag(addr, af_cont_conn);
	  break;

#ifdef SUPPORT_SOCKS
	case '2':	/* proxy information; must arrive before A0 and applies to that addr XXX oops*/
	  proxy_session = TRUE;	/*XXX should this be cleared somewhere? */
	  if (*ptr == 0)

	    ptr += sizeof(proxy_local_port);
	    }
	  break;
#endif

#ifdef EXPERIMENTAL_DSN_INFO
	case '1':	/* must arrive before A0, and applies to that addr */
			/* Two strings: smtp_greeting and helo_response */
	  addr->smtp_greeting = string_copy(ptr);

	  addr->helo_response = string_copy(ptr);
	  while(*ptr++);
	  break;
#endif

	case '0':
	  DEBUG(D_deliver) debug_printf("A0 %s tret %d\n", addr->address, *ptr);


	  if (*ptr)
	    {
	    h = store_get(sizeof(host_item), GET_UNTAINTED);
	    h->name = string_copy(ptr);
	    while (*ptr++);
	    h->address = string_copy(ptr);

par_wait(void)
{
int poffset, status;
address_item * addr, * addrlist;
pid_t pid;

set_process_info("delivering %s: waiting for a remote delivery subprocess "

existence - in which case give an error return. We cannot proceed just by
waiting for a completion, because a subprocess may have filled up its pipe, and
be waiting for it to be emptied. Therefore, if no processes have finished, we
wait for one of the pipes to acquire some data by calling poll(), with a
timeout just in case.

The simple approach is just to iterate after reading data from a ready pipe.
This leads to non-ideal behaviour when the subprocess has written its final Z
item, closed the pipe, and is in the process of exiting (the common case). A
call to waitpid() yields nothing completed, but poll() shows the pipe ready -
reading it yields EOF, so you end up with busy-waiting until the subprocess has
actually finished.

To avoid this, if all the data that is needed has been read from a subprocess
after poll(), an explicit wait() for it is done. We know that all it is doing
is writing to the pipe and then exiting, so the wait should not be long.

The non-blocking waitpid() is to some extent just insurance; if we could

  {
  while ((pid = waitpid(-1, &status, WNOHANG)) <= 0)
    {
    int readycount;
    fd_set select_pipes;
    int maxpipe, readycount;

    /* A return value of -1 can mean several things. If errno != ECHILD, it
    either means invalid options (which we discount), or that this process was

    subprocesses are still in existence. If kill() gives an OK return, we know
    it must be for one of our processes - it can't be for a re-use of the pid,
    because if our process had finished, waitpid() would have found it. If any
    of our subprocesses are in existence, we proceed to use poll() as if
    waitpid() had returned zero. I think this is safe. */

    if (pid < 0)

      if (poffset >= remote_max_parallel)
        {
        DEBUG(D_deliver) debug_printf("*** no delivery children found\n");
	return NULL;	/* This is the error return */
        }
      }


    subprocess, but there are no completed subprocesses. See if any pipes are
    ready with any data for reading. */

    DEBUG(D_deliver) debug_printf("polling subprocess pipes\n");

    maxpipe = 0;
    FD_ZERO(&select_pipes);
    for (poffset = 0; poffset < remote_max_parallel; poffset++)
      if (parlist[poffset].pid != 0)
	{
	parpoll[poffset].fd = parlist[poffset].fd;
	parpoll[poffset].events = POLLIN;
	}
      else
	parpoll[poffset].fd = -1;

    /* Stick in a 60-second timeout, just in case. */

    readycount = poll(parpoll, remote_max_parallel, 60 * 1000);
    tv.tv_usec = 0;

    readycount = select(maxpipe + 1, (SELECT_ARG2_TYPE *)&select_pipes,
         NULL, NULL, &tv);

    /* Scan through the pipes and read any that are ready; use the count
    returned by poll() to stop when there are no more. Select() can return
    with no processes (e.g. if interrupted). This shouldn't matter.

    If par_read_pipe() returns TRUE, it means that either the terminating Z was

         poffset++)
      {
      if (  (pid = parlist[poffset].pid) != 0
	 && parpoll[poffset].revents
	 )
        {
        readycount--;

    "transport process list", pid);
  }  /* End of the "for" loop */

/* Come here when all the data was completely read after a poll(), and
the process in pid has been wait()ed for. */

PROCESS_DONE:

    "%s %d",
    addrlist->transport->driver_name,
    status,
    msb == 0 ? "terminated by signal" : "exit code",
    code);

  if (msb != 0 || (code != SIGTERM && code != SIGKILL && code != SIGQUIT))

/* Else complete reading the pipe to get the result of the delivery, if all
the data has not yet been obtained. */

else if (!parlist[poffset].done)
  (void) par_read_pipe(poffset, TRUE);

/* Put the data count and return path into globals, mark the data slot unused,
decrement the count of subprocesses, and return the address chain. */


if (!parlist)
  {
  parlist = store_get(remote_max_parallel * sizeof(pardata), GET_UNTAINTED);
  for (poffset = 0; poffset < remote_max_parallel; poffset++)
    parlist[poffset].pid = 0;
  parpoll = store_get(remote_max_parallel * sizeof(struct pollfd), GET_UNTAINTED);
  }

/* Now loop for each remote delivery */


  if(addr->prop.errors_address)
    return_path = addr->prop.errors_address;
#ifdef EXPERIMENTAL_SRS
  else if(addr->prop.srs_sender)
    return_path = addr->prop.srs_sender;
#endif
  else
    return_path = sender_address;


    that it can use either of them, though it prefers O_NONBLOCK, which
    distinguishes between EOF and no-more-data. */

/* The data appears in a timely manner and we already did a poll on
all pipes, so I do not see a reason to use non-blocking IO here

#ifdef O_NONBLOCK

    int fd = pfd[pipe_write];
    host_item *h;

    /* Setting these globals in the subprocess means we need never clear them */
    transport_name = addr->transport->name;
    driver_srcfile = tp->srcfile;
    driver_srcline = tp->srcline;

    /* There are weird circumstances in which logging is disabled */
    f.disable_logging = tp->disable_logging;

#ifdef SUPPORT_DANE
      if (tls_out.dane_verified)        setflag(addr, af_dane_verified);
#endif
# ifndef DISABLE_TLS_RESUME
      if (tls_out.resumption & RESUME_USED) setflag(addr, af_tls_resume);
# endif


        rmt_dlv_checked_write(fd, 'R', '0', big_buffer, ptr - big_buffer);
        }

      if (testflag(addr, af_new_conn) || testflag(addr, af_cont_conn))
	{
	DEBUG(D_deliver) debug_printf("%scontinued-connection\n",
	  testflag(addr, af_new_conn) ? "non-" : "");
	big_buffer[0] = testflag(addr, af_new_conn) ? BIT(1) : BIT(2);
        rmt_dlv_checked_write(fd, 'A', '3', big_buffer, 1);
	}

#ifdef SUPPORT_SOCKS
      if (LOGGING(proxy) && proxy_session)
	{

this, Jan 1999.] We know the syntax is valid, so this can be done by simply
removing quoting backslashes and any unquoted doublequotes. */

t = addr->cc_local_part = store_get(len+1, address);
while(len-- > 0)
  {
  int c = *address++;


  if (new_address)
    {
    address_item * new_parent = store_get(sizeof(address_item), GET_UNTAINTED);
    *new_parent = *addr;
    addr->parent = new_parent;
    new_parent->child_count = 1;

*/

static void
print_address_error(address_item * addr, FILE * f, const uschar * t)
{
int count = Ustrlen(t);
uschar * s = testflag(addr, af_pass_message) ? addr->message : NULL;

if (!s && !(s = addr->user_message))
  return;

    return continue_closedown();   /* yields DELIVER_NOT_ATTEMPTED */
    }

  /* Make a stdio stream out of it. */

  if (!(message_log = fdopen(fd, "a")))
    {

	    string_copyn(addr+start, dom ? (dom-1) - start : end - start);
	  deliver_domain = dom ? CUS string_copyn(addr+dom, end - dom) : CUS"";

	  (void) event_raise(event_action, US"msg:fail:internal", new->message, NULL);

	  deliver_localpart = save_local;
	  deliver_domain = save_domain;

  while (addr_new)
    {
    int rc;
    tree_node * tnode;
    dbdata_retry * domain_retry_record, * address_retry_record;
    dbdata_retry *domain_retry_record;
    dbdata_retry *address_retry_record;

    addr = addr_new;
    addr_new = addr->next;


      /* Treat /dev/null as a special case and abandon the delivery. This
      avoids having to specify a uid on the transport just for this case.
      Arrange for the transport name to be logged as "**bypassed**".
      Copy the transport for this fairly unusual case rather than having
      to make all transports mutable. */

      if (Ustrcmp(addr->address, "/dev/null") == 0)
        {
	transport_instance * save_t = addr->transport;
	transport_instance * t = store_get(sizeof(*t), save_t);
	*t = *save_t;
	t->name = US"**bypassed**";
	addr->transport = t;
        (void)post_process_one(addr, OK, LOG_MAIN, EXIM_DTYPE_TRANSPORT, '=');
        addr->transport= save_t;
        continue;   /* with the next new address */
        }


    /* Ensure that the domain in the unique field is lower cased, because
    domains are always handled caselessly. */

    for (uschar * p = Ustrrchr(addr->unique, '@'); *p; p++) *p = tolower(*p);
    while (*p != 0) { *p = tolower(*p); p++; }

    DEBUG(D_deliver|D_route) debug_printf("unique = %s\n", addr->unique);


      addr_route = addr->next;

      deliver_domain = addr->domain;  /* set $domain */
      if ((rc = match_isinlist(addr->domain, CUSS &queue_domains, 0,
            &domainlist_anchor, addr->domain_cache, MCL_DOMAIN, TRUE, NULL))
              != OK)
        if (rc == DEFER)

    debug_printf("deferring local deliveries due to continued-transport\n");
  if (addr_defer)
    {
    address_item * addr = addr_defer;
    while (addr->next) addr = addr->next;
    addr->next = addr_local;
    }

    {
    /* copy and relink address_item and send report with all of them at once later */
    address_item * addr_next = addr_senddsn;
    addr_senddsn = store_get(sizeof(address_item), GET_UNTAINTED);
    *addr_senddsn = *a;
    addr_senddsn->next = addr_next;
    }

  f.deliver_freeze = FALSE;

#ifndef DISABLE_EVENT
  (void) event_raise(event_action, US"msg:complete", NULL, NULL);
#endif
  }


  /* If this was a first delivery attempt, unset the first time flag, and
  ensure that the spool gets updated. */

  if (f.deliver_firsttime && !f.queue_2stage)
    {
    f.deliver_firsttime = FALSE;
    update_spool = TRUE;

}


uschar *
deliver_get_sender_address (uschar * id)
{
int rc;
uschar * new_sender_address,
       * save_sender_address;
BOOL save_qr = f.queue_running;
uschar * spoolname;

/* make spool_open_datafile non-noisy on fail */

f.queue_running = TRUE;

/* Side effect: message_subdir is set for the (possibly split) spool directory */

deliver_datafile = spool_open_datafile(id);
f.queue_running = save_qr;
if (deliver_datafile < 0)
  return NULL;

/* Save and restore the global sender_address.  I'm not sure if we should
not save/restore all the other global variables too, because
spool_read_header() may change all of them. But OTOH, when this
deliver_get_sender_address() gets called, the current message is done
already and nobody needs the globals anymore. (HS12, 2015-08-21) */

spoolname = string_sprintf("%s-H", id);
save_sender_address = sender_address;

rc = spool_read_header(spoolname, TRUE, TRUE);

new_sender_address = sender_address;
sender_address = save_sender_address;

if (rc != spool_read_OK)
  return NULL;

assert(new_sender_address);

(void)close(deliver_datafile);
deliver_datafile = -1;

return new_sender_address;
}


/* Called from a commandline, or from the daemon, to do a delivery.
We need to regain privs; do this by exec of the exim binary. */

void
delivery_re_exec(int exec_type)

    if (pid == 0)	/* child: will fork again to totally disconnect */
      {
      smtp_proxy_tls(cutthrough.cctx.tls_ctx, big_buffer, big_buffer_size,
		      pfd, 5*60, cutthrough.host.name);
      /* does not return */
      }


Lines 2-9 Link Here

(-)exim.orig/src/directory.c (-2 / +5 lines)
2	* Exim - an Internet mail transport agent *	2	* Exim - an Internet mail transport agent *
3	*************************************************/	3	*************************************************/
4		4
		5	/* Copyright (c) The Exim Maintainers 2010 - 2022 */
5	/* Copyright (c) University of Cambridge 1995 - 2009 */	6	/* Copyright (c) University of Cambridge 1995 - 2009 */
6	/* Copyright (c) The Exim Maintainers 2010 - 2018 */
7	/* See the file NOTICE for conditions of use and distribution. */	7	/* See the file NOTICE for conditions of use and distribution. */
8		8
9	#include "exim.h"	9	#include "exim.h"
Lines 44-49 Link Here
44	struct stat statbuf;	44	struct stat statbuf;
45	uschar * path;	45	uschar * path;
46		46
		47	if (is_tainted(name))
		48	{ p = US"create"; path = US name; errno = ERRNO_TAINT; goto bad; }
		49
47	if (parent)	50	if (parent)
48	{	51	{
49	path = string_sprintf("%s%s%s", parent, US"/", name);	52	path = string_sprintf("%s%s%s", parent, US"/", name);
Lines 85-91 Link Here
85		88
86	bad:	89	bad:
87	if (panic) log_write(0, LOG_MAIN\|LOG_PANIC_DIE,	90	if (panic) log_write(0, LOG_MAIN\|LOG_PANIC_DIE,
88	"Failed to %s directory \"%s\": %s\n", p, path, strerror(errno));	91	"Failed to %s directory \"%s\": %s\n", p, path, exim_errstr(errno));
89	return FALSE;	92	return FALSE;
90	}	93	}
91		94




*     Exim - an Internet mail transport agent    *
*************************************************/

/* Copyright (c) The Exim Maintainers 2020 - 2022 */
/* Copyright (c) University of Cambridge, 1995 - 2018 */
/* Copyright (c) The Exim Maintainers 2020 */
/* See the file NOTICE for conditions of use and distribution. */

/* Code for DKIM support. Other DKIM relevant code is in

dns_answer * dnsa = store_get_dns_answer();
dns_scan dnss;
rmark reset_point = store_mark();
gstring * g = string_get_tainted(256, GET_TAINTED);

lookup_dnssec_authenticated = NULL;
if (dns_lookup(dnsa, name, T_TXT, NULL) != DNS_SUCCEED)
  goto bad;

/* Search for TXT record */


     rr;
     rr = dns_next_rr(dnsa, &dnss, RESET_NEXT))
  if (rr->type == T_TXT)
    {			/* Copy record content to the answer buffer */
    for (int rr_offset = 0; rr_offset < rr->size; )

    /* Copy record content to the answer buffer */

    while (rr_offset < rr->size)
      {
      uschar len = rr->data[rr_offset++];


      rr_offset += len;
      }

    /* Check if this looks like a DKIM record */
    if (Ustrncmp(g->s, "v=", 2) != 0 || strncasecmp(CS g->s, "v=dkim", 6) == 0)
      {
      store_free_dns_answer(dnsa);
      gstring_release_unused(g);
      return string_from_gstring(g);
      }

    g->ptr = 0;		/* overwrite previous record */
    }

bad:
store_reset(reset_point);
store_free_dns_answer(dnsa);
return NULL;	/*XXX better error detail?  logging? */
}


{
dkim_exim_init();

/* There is a store-reset between header & body reception for the main pool
(actually, after every header line) so cannot use that as we need the data we
store per-header, during header processing, at the end of body reception
for evaluating the signature.  Any allocs done for dkim verify
memory-handling must use a different pool.  We use a separate one that we
can reset per message. */

dkim_verify_oldpool = store_pool;
store_pool = POOL_MESSAGE;

/* Free previous context if there is one */


dkim_collect_input = dkim_verify_ctx ? DKIM_MAX_SIGNATURES : 0;
dkim_collect_error = NULL;

/* Start feed up with any cached data, but limited to message data */
receive_get_cache(chunking_state == CHUNKING_LAST
		  ? chunking_data_left : GETC_BUFFER_UNLIMITED);

store_pool = dkim_verify_oldpool;
}


/* Submit a chunk of data for verification input.
Only use the data when the feed is activated. */
void
dkim_exim_verify_feed(uschar * data, int len)
{
int rc;

store_pool = POOL_MESSAGE;
if (  dkim_collect_input
   && (rc = pdkim_feed(dkim_verify_ctx, data, len)) != PDKIM_OK)
  {

gstring * g = NULL;
const uschar * errstr = NULL;

store_pool = POOL_MESSAGE;

/* Delete eventual previous signature chain */


Lines 2-7 Link Here

(-)exim.orig/src/dkim_transport.c (-1 / +2 lines)
2	* Exim - an Internet mail transport agent *	2	* Exim - an Internet mail transport agent *
3	*************************************************/	3	*************************************************/
4		4
		5	/* Copyright (c) The Exim Maintainers 2022 */
5	/* Copyright (c) University of Cambridge 1995 - 2018 */	6	/* Copyright (c) University of Cambridge 1995 - 2018 */
6	/* See the file NOTICE for conditions of use and distribution. */	7	/* See the file NOTICE for conditions of use and distribution. */
7		8
Lines 169-175 Link Here
169	#ifdef EXPERIMENTAL_ARC	170	#ifdef EXPERIMENTAL_ARC
170	if (dkim->arc_signspec) /* Prepend ARC headers */	171	if (dkim->arc_signspec) /* Prepend ARC headers */
171	{	172	{
172	uschar * e;	173	uschar * e = NULL;
173	if (!(dkim_signature = arc_sign(dkim->arc_signspec, dkim_signature, &e)))	174	if (!(dkim_signature = arc_sign(dkim->arc_signspec, dkim_signature, &e)))
174	{	175	{
175	*err = e;	176	*err = e;




*     Exim - an Internet mail transport agent    *
*************************************************/
/* DMARC support.
   Copyright (c) The Exim Maintainers 2019 - 2022
   Copyright (c) Todd Lyons <tlyons@exim.org> 2012 - 2014
   Copyright (c) The Exim Maintainers 2019
   License: GPL */

/* Portions Copyright (c) 2012, 2013, The Trusted Domain Project;

  { US"reject",     DMARC_RECORD_P_REJECT },
  { NULL,           0 }
};


gstring *
dmarc_version_report(gstring * g)
{
return string_fmt_append(g, "Library version: dmarc: Compile: %d.%d.%d.%d\n",
    (OPENDMARC_LIB_VERSION & 0xff000000) >> 24, (OPENDMARC_LIB_VERSION & 0x00ff0000) >> 16,
    (OPENDMARC_LIB_VERSION & 0x0000ff00) >> 8, OPENDMARC_LIB_VERSION & 0x000000ff);
}


/* Accept an error_block struct, initialize if empty, parse to the
end, and append the two strings passed to it.  Used for adding
variable amounts of value:pair data to the forensic emails. */

static error_block *
add_to_eblock(error_block *eblock, uschar *t1, uschar *t2)
{
error_block *eb = store_malloc(sizeof(error_block));
if (!eblock)
  eblock = eb;
else
  {
  /* Find the end of the eblock struct and point it at eb */
  error_block *tmp = eblock;
  while(tmp->next)
    tmp = tmp->next;
  tmp->next = eb;
  }

}

/* dmarc_init sets up a context that can be re-used for several
messages on the same SMTP connection (that come from the
same host with the same HELO string) */

int
dmarc_init()

  for (dns_record * rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS); rr;
       rr = dns_next_rr(dnsa, &dnss, RESET_NEXT))
    if (rr->type == T_TXT && rr->size > 3)
      {
      store_free_dns_answer(dnsa);
      return string_copyn_taint(US rr->data, rr->size, GET_TAINTED);
      }
store_free_dns_answer(dnsa);
return NULL;
}


static int
dmarc_write_history_file()
{
int history_file_fd;
ssize_t written_len;
int tmp_ans;
u_char **rua; /* aggregate report addressees */
uschar *history_buffer = NULL;

  DEBUG(D_receive) debug_printf("DMARC history file not set\n");
  return DMARC_HIST_DISABLED;
  }
history_file_fd = log_open_as_exim(dmarc_history_file);

if (history_file_fd < 0)
  {
  log_write(0, LOG_MAIN|LOG_PANIC, "failure to create DMARC history file: %s",
			   dmarc_history_file);
  return DMARC_HIST_FILE_ERR;
  }

/* Generate the contents of the history file */
history_buffer = string_sprintf(

  }
else
  {
  ssize_t written_len;
  const int history_file_fd = log_open_as_exim(dmarc_history_file);

  if (history_file_fd < 0)
    {
    log_write(0, LOG_MAIN|LOG_PANIC, "failure to create DMARC history file: %s",
			   dmarc_history_file);
    return DMARC_HIST_FILE_ERR;
    }

  written_len = write_to_fd_buf(history_file_fd,
				history_buffer,
				Ustrlen(history_buffer));
  if (written_len == 0)
  (void)close(history_file_fd);

  if (written_len <= 0)
    {
    log_write(0, LOG_MAIN|LOG_PANIC, "failure to write to DMARC history file: %s",
			   dmarc_history_file);
    return DMARC_HIST_WRITE_ERR;
    }
  (void)close(history_file_fd);
  }
return DMARC_HIST_OK;
}

  /* Can't use exim's string manipulation functions so allocate memory
  for libopendmarc using its max hostname length definition. */

  dmarc_domain = store_get(DMARC_MAXHOSTNAMELEN, GET_TAINTED);
  libdm_status = opendmarc_policy_fetch_utilized_domain(dmarc_pctx,
    dmarc_domain, DMARC_MAXHOSTNAMELEN-1);
  store_release_above(dmarc_domain + Ustrlen(dmarc_domain)+1);




*************************************************/

/* Experimental DMARC support.
   Copyright (c) The Exim Maintainers 2021 - 2022
   Copyright (c) Todd Lyons <tlyons@exim.org> 2012 - 2014
   License: GPL */


# endif /* SUPPORT_SPF */

/* prototypes */
gstring * dmarc_version_report(gstring *);
int dmarc_init();
int dmarc_store_data(header_line *);
int dmarc_process();
uschar *dmarc_exim_expand_query(int);
uschar *dmarc_exim_expand_defaults(int);
uschar *dmarc_auth_results_header(header_line *,uschar *);
static int dmarc_write_history_file();

#define DMARC_AR_HEADER        US"Authentication-Results:"
#define DMARC_VERIFY_STATUS    1

#define DMARC_HIST_OK          1




*     Exim - an Internet mail transport agent    *
*************************************************/

/* Copyright (c) The Exim Maintainers 2020 - 2022 */
/* Copyright (c) University of Cambridge 1995 - 2018 */
/* Copyright (c) The Exim Maintainers 2020 */
/* See the file NOTICE for conditions of use and distribution. */

/* Functions for interfacing with the DNS. */

  {
  int v6[4];

  g = string_get_tainted(32, string);
  (void)host_aton(string, v6);

  /* The original specification for IPv6 reverse lookup was to invert each

#ifdef rr_trace
# define TRACE DEBUG(D_dns)
#else
trace = trace;
# define TRACE if (FALSE)
#endif


  e = previous->data.ptr;
else
  {
  e = store_get_perm(DNS_FAILNODE_SIZE, name);
  new = (void *)(e+1);
  dns_fail_tag(new->name, name, type);
  new->data.ptr = e;

val = e->data.val;
rc = e->expiry && e->expiry <= time(NULL) ? -1 : val;

DEBUG(D_dns) debug_printf("DNS lookup of %.255s (%s): %scached value %s%s\n",
  name, dns_text_type(type),
  rc == -1 ? "" : "using ",
  dns_rc_names[val],
    val == DNS_NODATA ? "DNS_NODATA" :
    val == DNS_AGAIN ? "DNS_AGAIN" :
    val == DNS_FAIL ? "DNS_FAIL" : "??",
  rc == -1 ? " past valid time" : "");

return rc;

replacement value. (The only way to fix this properly would be to
re-implement res_search() and res_query() so that they don't muddle their
success and packet length return values.) For added safety we only reset
the packet length if the packet header looks plausible.

Return TRUE iff it seemed ok */

static BOOL
fake_dnsa_len_for_fail(dns_answer * dnsa, int type)
{
const HEADER * h = (const HEADER *)dnsa->answer;

  DEBUG(D_dns) debug_printf("faking res_search(%s) response length as %d\n",
    dns_text_type(type), (int)sizeof(dnsa->answer));
  dnsa->answerlen = sizeof(dnsa->answer);
  return TRUE;
  }
DEBUG(D_dns) debug_printf("DNS: couldn't fake dnsa len\n");
/* Maybe we should just do a second lookup for an SOA? */
return FALSE;
}



{
dns_scan dnss;

if (fake_dnsa_len_for_fail(dnsa, type))
  for (dns_record * rr = dns_next_rr(dnsa, &dnss, RESET_AUTHORITY);
       rr; rr = dns_next_rr(dnsa, &dnss, RESET_NEXT)
      ) if (rr->type == T_SOA)
    {
    const uschar * p = rr->data;
    uschar discard_buf[256];
    int len;
    unsigned long ttl;

    /* Skip the mname & rname strings */

    if ((len = dn_expand(dnsa->answer, dnsa->answer + dnsa->answerlen,
	p, (DN_EXPAND_ARG4_TYPE)discard_buf, 256)) < 0)
      break;
    p += len;
    if ((len = dn_expand(dnsa->answer, dnsa->answer + dnsa->answerlen,
	p, (DN_EXPAND_ARG4_TYPE)discard_buf, 256)) < 0)
      break;
    p += len;

    /* Skip the SOA serial, refresh, retry & expire.  Grab the TTL */

    if (p > dnsa->answer + dnsa->answerlen - 5 * INT32SZ)
      break;
    p += 4 * INT32SZ;
    GETLONG(ttl, p);

    return time(NULL) + ttl;
    }
    ) if (rr->type == T_SOA)
  {
  const uschar * p = rr->data;
  uschar discard_buf[256];
  int len;
  unsigned long ttl;

  /* Skip the mname & rname strings */

  if ((len = dn_expand(dnsa->answer, dnsa->answer + dnsa->answerlen,
      p, (DN_EXPAND_ARG4_TYPE)discard_buf, 256)) < 0)
    break;
  p += len;
  if ((len = dn_expand(dnsa->answer, dnsa->answer + dnsa->answerlen,
      p, (DN_EXPAND_ARG4_TYPE)discard_buf, 256)) < 0)
    break;
  p += len;

  /* Skip the SOA serial, refresh, retry & expire.  Grab the TTL */

  if (p > dnsa->answer + dnsa->answerlen - 5 * INT32SZ)
    break;
  p += 4 * INT32SZ;
  GETLONG(ttl, p);

  return time(NULL) + ttl;
  }
DEBUG(D_dns) debug_printf("DNS: no SOA record found for neg-TTL\n");
return 0;
}


if (check_dns_names_pattern[0] != 0 && type != T_PTR && type != T_TXT)
  {
  int ovector[3*(EXPAND_MAXN+1)];

  dns_pattern_init();
  if (!regex_match(regex_check_dns_names, name, -1, NULL))
      0, PCRE_EOPT, ovector, nelem(ovector)) < 0)
    {
    DEBUG(D_dns)
      debug_printf("DNS name syntax check failed: %s (%s)\n", name,

    return DNS_FAIL;

  /* DNS data comes from the outside, hence tainted */
  data = store_get(256, GET_TAINTED);
  if (dn_expand(dnsa->answer, dnsa->answer + dnsa->answerlen,
      cname_rr.data, (DN_EXPAND_ARG4_TYPE)data, 256) < 0)
    return DNS_FAIL;

  case T_CSA:
    {
    uschar *srvname, *namesuff, *tld;
    int priority, dummy_weight, port;
    int limit, rc, i;
    BOOL ipv6;
    dns_record *rr;

    If the TLD and the 2LD exist but the explicit CSA record lookup failed, then
    the AUTHORITY SOA will be the 2LD's or a subdomain thereof. */

    if (rc == DNS_NOMATCH) return DNS_NOMATCH;
      {
      fake_dnsa_len_for_fail(dnsa, T_CSA);

      for (rr = dns_next_rr(dnsa, &dnss, RESET_AUTHORITY);
	   rr; rr = dns_next_rr(dnsa, &dnss, RESET_NEXT)
	  )
	if (rr->type != T_SOA) continue;
	else if (strcmpic(rr->name, US"") == 0 ||
		 strcmpic(rr->name, tld) == 0) return DNS_NOMATCH;
	else break;
      }

    for (i = 0; i < limit; i++)
      {


	/* Extract the numerical SRV fields (p is incremented) */
	GETSHORT(priority, p);
	GETSHORT(dummy_weight, p);
	GETSHORT(port, p);

	/* Check the CSA version number */

  if (p + 4 <= dnsa_lim)
    {
    /* the IP is not regarded as tainted */
    yield = store_get(sizeof(dns_address) + 20, GET_UNTAINTED);
    (void)sprintf(CS yield->address, "%d.%d.%d.%d", p[0], p[1], p[2], p[3]);
    yield->next = NULL;
    }

    {
    struct in6_addr in6;
    for (int i = 0; i < 16; i++) in6.s6_addr[i] = rr->data[i];
    yield = store_get(sizeof(dns_address) + 50, GET_UNTAINTED);
    inet_ntop(AF_INET6, &in6, CS yield->address, 50);
    yield->next = NULL;
    }




*     Exim - an Internet mail transport agent    *
*************************************************/

/* Copyright (c) The Exim Maintainers 2020 - 2022 */
/* Copyright (c) University of Cambridge 1995 - 2018 */
/* Copyright (c) The Exim Maintainers 2020 */
/* See the file NOTICE for conditions of use and distribution. */



static void
addlookupmodule(void *dl, struct lookup_module_info *info)
{
struct lookupmodulestr *p = store_get(sizeof(struct lookupmodulestr), GET_UNTAINTED);

p->dl = dl;
p->info = info;

#if defined(LOOKUP_REDIS) && LOOKUP_REDIS!=2
extern lookup_module_info redis_lookup_module_info;
#endif
#if defined(LOOKUP_LMDB)
extern lookup_module_info lmdb_lookup_module_info;
#endif
#if defined(SUPPORT_SPF)

addlookupmodule(NULL, &redis_lookup_module_info);
#endif

#ifdef LOOKUP_LMDB
addlookupmodule(NULL, &lmdb_lookup_module_info);
#endif


  }
else
  {
  const pcre2_code *regex_islookupmod = regex_must_compile(
    US"\\." DYNLIB_FN_EXT "$", FALSE, TRUE);

  DEBUG(D_lookup) debug_printf("Loading lookup modules from %s\n", LOOKUP_MODULE_DIR);
  while ((ent = readdir(dd)))
    {
    char * name = ent->d_name;
    int len = (int)strlen(name);
    if (regex_match(regex_islookupmod, US name, len, NUL))
      {
      int pathnamelen = len + (int)strlen(LOOKUP_MODULE_DIR) + 2;
      void *dl;

	}

      /* FreeBSD nsdispatch() can trigger dlerror() errors about
      _nss_cache_cycle_prevention_function; we need to clear the dlerror()
      state before calling dlsym(), so that any error afterwards only comes
      from dlsym().  */

      errormsg = dlerror();

      info = (struct lookup_module_info*) dlsym(dl, "_lookup_module_info");




*************************************************/

/* Copyright (c) University of Cambridge 1995 - 2009 */
/* Copyright (c) The Exim Maintainers 2021 */
/* See the file NOTICE for conditions of use and distribution. */

/* This file is not part of the main Exim code. There are little bits of test

vfprintf(stderr, format, ap);
fprintf(stderr, "\n");
va_end(ap);
selector = selector;     /* Keep picky compilers happy */
flags = flags;
}



void
sigalrm_handler(int sig)
{
sig = sig;            /* Keep picky compilers happy */
sigalrm_seen = TRUE;
}


int
header_checkname(void *h, char *name, int len)
{
h = h;            /* Keep picky compilers happy */
name = name;
len = len;
return 0;
}

void
directory_make(char *parent, char *name, int mode, int panic)
{
parent = parent;  /* Keep picky compilers happy */
name = name;
mode = mode;
panic = panic;
}

void

char *
host_ntoa(int type, const void *arg, char *buffer, int *portptr)
{
type = type;      /* Keep picky compilers happy */
arg = arg;
buffer = buffer;
portptr = portptr;
return NULL;
}
#endif

Lines 198-204 Link Here

(-)exim.orig/src/EDITME (-35 / +36 lines)
198	# the libraries and headers are installed, as the pkg-config .pc	198	# the libraries and headers are installed, as the pkg-config .pc
199	# specification should include all -L/-I information necessary.	199	# specification should include all -L/-I information necessary.
200	# Enabling the USE_*_PC options should be sufficient. If not using	200	# Enabling the USE_*_PC options should be sufficient. If not using
201	# pkg-config, then you have to specify the libraries, and you mmight	201	# pkg-config, then you have to specify the libraries, and you might
202	# need to specify the locations too.	202	# need to specify the locations too.
203		203
204	# Uncomment the following lines if you want	204	# Uncomment the following lines if you want
Lines 207-213 Link Here
207	# Unless you do this, you must define one of USE_OPENSSL or USE_GNUTLS	207	# Unless you do this, you must define one of USE_OPENSSL or USE_GNUTLS
208	# below.	208	# below.
209		209
210	# If you are buliding with TLS, the library configuration must be done:	210	# If you are building with TLS, the library configuration must be done:
211		211
212	# Uncomment this if you are using OpenSSL	212	# Uncomment this if you are using OpenSSL
213	# USE_OPENSSL=yes	213	# USE_OPENSSL=yes
Lines 276-281 Link Here
276	# specified in INCLUDE.	276	# specified in INCLUDE.
277		277
278		278
		279	# Uncomment the following line to remove support for TLS Resumption
		280	# DISABLE_TLS_RESUME=yes
		281
279		282
280	###############################################################################	283	###############################################################################
281	# THESE ARE THINGS YOU PROBABLY WANT TO SPECIFY #	284	# THESE ARE THINGS YOU PROBABLY WANT TO SPECIFY #
Lines 411-416 Link Here
411	# LOOKUP_IBASE=yes	414	# LOOKUP_IBASE=yes
412	# LOOKUP_JSON=yes	415	# LOOKUP_JSON=yes
413	# LOOKUP_LDAP=yes	416	# LOOKUP_LDAP=yes
		417	# LOOKUP_LMDB=yes
		418
414	# LOOKUP_MYSQL=yes	419	# LOOKUP_MYSQL=yes
415	# LOOKUP_MYSQL_PC=mariadb	420	# LOOKUP_MYSQL_PC=mariadb
416	# LOOKUP_NIS=yes	421	# LOOKUP_NIS=yes
Lines 452-470 Link Here
452		457
453		458
454	#------------------------------------------------------------------------------	459	#------------------------------------------------------------------------------
455	# The PCRE library is required for Exim. There is no longer an embedded	460	# The PCRE2 library is required for Exim. There is no longer an embedded
456	# version of the PCRE library included with the source code, instead you	461	# version of the PCRE library included with the source code, instead you
457	# must use a system library or build your own copy of PCRE.	462	# must use a system library or build your own copy of PCRE2.
458	# In either case you must specify the library link info here. If the	463	# In either case you must specify the library link info here. If the
459	# PCRE header files are not in the standard search path you must also	464	# PCRE2 header files are not in the standard search path you must also
460	# modify the INCLUDE path (above)	465	# modify the INCLUDE path (above)
461	#	466	#
462	# Use PCRE_CONFIG to query the pcre-config command (first found in $PATH)	467	# Use PCRE_CONFIG to query the pcre-config command (first found in $PATH)
463	# to find the include files and libraries, else use PCRE_LIBS and set INCLUDE	468	# to find the include files and libraries, else use PCRE_LIBS and set INCLUDE
464	# too if needed.	469	# too if needed.
465		470
466	PCRE_CONFIG=yes	471	PCRE2_CONFIG=yes
467	# PCRE_LIBS=-lpcre	472	# PCRE_LIBS=-lpcre2
468		473
469		474
470	#------------------------------------------------------------------------------	475	#------------------------------------------------------------------------------
Lines 487-493 Link Here
487	# You do not need to use this for any lookup information added via pkg-config.	492	# You do not need to use this for any lookup information added via pkg-config.
488		493
489	# LOOKUP_INCLUDE=-I /usr/local/ldap/include -I /usr/local/mysql/include -I /usr/local/pgsql/include	494	# LOOKUP_INCLUDE=-I /usr/local/ldap/include -I /usr/local/mysql/include -I /usr/local/pgsql/include
490	# LOOKUP_LIBS=-L/usr/local/lib -lldap -llber -lmysqlclient -lpq -lgds -lsqlite3	495	# LOOKUP_INCLUDE +=-I /usr/local/include
		496	# LOOKUP_LIBS=-L/usr/local/lib -lldap -llber -lmysqlclient -lpq -lgds -lsqlite3 -llmdb
		497
		498	#------------------------------------------------------------------------------
		499	# If you included LOOKUP_LMDB above you will need the library. Depending
		500	# on where installed you may also need an include directory
		501	#
		502	# LOOKUP_INCLUDE += -I/usr/local/include
		503	# LOOKUP_LIBS += -llmdb
491		504
492		505
493	#------------------------------------------------------------------------------	506	#------------------------------------------------------------------------------
Lines 560-566 Link Here
560	# DISABLE_DNSSEC=yes	573	# DISABLE_DNSSEC=yes
561		574
562	# To disable support for Events set DISABLE_EVENT to "yes"	575	# To disable support for Events set DISABLE_EVENT to "yes"
563
564	# DISABLE_EVENT=yes	576	# DISABLE_EVENT=yes
565		577
566		578
Lines 569-574 Link Here
569	# DISABLE_PIPE_CONNECT=yes	581	# DISABLE_PIPE_CONNECT=yes
570		582
571		583
		584	# Uncomment the following to remove the fast-ramp two-phase-queue-run support
		585	# DISABLE_QUEUE_RAMP=yes
		586
		587	# Uncomment the following lines to add SRS (Sender Rewriting Scheme) support
		588	# using only native facilities.
		589	# SUPPORT_SRS=yes
		590
		591
572	#------------------------------------------------------------------------------	592	#------------------------------------------------------------------------------
573	# Compiling Exim with experimental features. These are documented in	593	# Compiling Exim with experimental features. These are documented in
574	# experimental-spec.txt. "Experimental" means that the way these features are	594	# experimental-spec.txt. "Experimental" means that the way these features are
Lines 580-600 Link Here
580		600
581	# EXPERIMENTAL_DCC=yes	601	# EXPERIMENTAL_DCC=yes
582		602
583	# Uncomment the following lines to add SRS (Sender rewriting scheme) support.
584	# You need to have libsrs_alt installed on your system (srs.mirtol.com).
585	# Depending on where it is installed you may have to edit the CFLAGS and
586	# LDFLAGS lines.
587
588	# EXPERIMENTAL_SRS=yes
589	# CFLAGS += -I/usr/local/include
590	# LDFLAGS += -lsrs_alt
591
592	# Uncomment the following lines to add SRS (Sender rewriting scheme) support
593	# using only native facilities.
594	# EXPERIMENTAL_SRS_NATIVE=yes
595
596	# Uncomment the following line to add DMARC checking capability, implemented	603	# Uncomment the following line to add DMARC checking capability, implemented
597	# using libopendmarc libraries. You must have SPF and DKIM support enabled also.	604	# using libopendmarc libraries. You must have SPF and DKIM support enabled also.
		605	# Library version libopendmarc-1.4.1-1.fc33.x86_64 (on Fedora 33) is known broken;
		606	# 1.3.2-3 works. I seems that the OpenDMARC project broke their API.
598	# SUPPORT_DMARC=yes	607	# SUPPORT_DMARC=yes
599	# CFLAGS += -I/usr/local/include	608	# CFLAGS += -I/usr/local/include
600	# LDFLAGS += -lopendmarc	609	# LDFLAGS += -lopendmarc
Lines 618-639 Link Here
618	# Uncomment the following to include extra information in fail DSN message (bounces)	627	# Uncomment the following to include extra information in fail DSN message (bounces)
619	# EXPERIMENTAL_DSN_INFO=yes	628	# EXPERIMENTAL_DSN_INFO=yes
620		629
621	# Uncomment the following to add LMDB lookup support
622	# You need to have LMDB installed on your system (https://github.com/LMDB/lmdb)
623	# Depending on where it is installed you may have to edit the CFLAGS and LDFLAGS lines.
624	# EXPERIMENTAL_LMDB=yes
625	# CFLAGS += -I/usr/local/include
626	# LDFLAGS += -llmdb
627
628	# Uncomment the following line to add queuefile transport support	630	# Uncomment the following line to add queuefile transport support
629	# EXPERIMENTAL_QUEUEFILE=yes	631	# EXPERIMENTAL_QUEUEFILE=yes
630		632
631	# Uncomment the following line to include support for TLS Resumption
632	# EXPERIMENTAL_TLS_RESUME=yes
633
634	# Uncomment the following to include the fast-ramp two-phase-queue-run support
635	# EXPERIMENTAL_QUEUE_RAMP=yes
636
637	###############################################################################	633	###############################################################################
638	# THESE ARE THINGS YOU MIGHT WANT TO SPECIFY #	634	# THESE ARE THINGS YOU MIGHT WANT TO SPECIFY #
639	###############################################################################	635	###############################################################################
Lines 1493-1496 Link Here
1493	# For development, add this to include code to time various stages and report.	1489	# For development, add this to include code to time various stages and report.
1494	# CFLAGS += -DMEASURE_TIMING	1490	# CFLAGS += -DMEASURE_TIMING
1495		1491
		1492	# For a very slightly smaller build, for constrained systems, uncomment this.
		1493	# The feature involved is purely for debugging.
		1494
		1495	# DISABLE_CLIENT_CMD_LOG=yes
		1496
1496	# End of EDITME for Exim 4.	1497	# End of EDITME for Exim 4.




*************************************************/

/* Copyright (c) University of Cambridge 1995 - 2015 */
/* Copyright (c) The Exim Maintainers 2021 */
/* See the file NOTICE for conditions of use and distribution. */

/* Functions concerned with serialization. */

/* See if there is a record for this host or queue run; if there is, we cannot
proceed with the connection unless the record is very old. */

serial_record = dbfn_read_enforce_length(dbm_file, key, sizeof(dbdata_serialize));
if (serial_record && time(NULL) - serial_record->time_stamp < 6*60*60)
  {
  if (serial_record->count >= lim)

DEBUG(D_transport) debug_printf("end serialized: %s\n", key);

if (  !(dbm_file = dbfn_open(US"misc", O_RDWR, &dbblock, TRUE, TRUE))
   || !(serial_record = dbfn_read_enforce_length(dbm_file, key, sizeof(dbdata_serialize)))
   )
  return;
if (--serial_record->count > 0)




use File::Basename;

# Copyright (c) 2007-2017 University of Cambridge.
# Copyright (c) The Exim Maintainers 2020 - 2021
# See the file NOTICE for conditions of use and distribution.

# Except when they appear in comments, the following placeholders in this

# the number of seconds since the epoch. It handles optional timezone
# information.

sub seconds
  {
  my($year,$month,$day,$hour,$min,$sec,$tzs,$tzh,$tzm) =
    $_[0] =~ /^(\d{4})-(\d\d)-(\d\d)\s(\d\d):(\d\d):(\d\d)(?:.\d+)?(?>\s([+-])(\d\d)(\d\d))?/o;

  my $seconds = mktime $sec, $min, $hour, $day, $month - 1, $year - 1900;

  if (defined $tzs)
    {
    $seconds -= $tzh * 3600 + $tzm * 60 if $tzs eq "+";
    $seconds += $tzh * 3600 + $tzm * 60 if $tzs eq "-";
    }

  return $seconds;
  }


# This subroutine processes a single line (in $_) from a log file. Program

my $related_re='';
my @Mids = ();

sub do_line
  {

  # Convert syslog lines to mainlog format, as in eximstats.

  if (!/^\d{4}-/o) { $_ =~ s/^.*? exim\b.*?: //o; }

  return unless
    my($date,$id) = /^(\d{4}-\d\d-\d\d \d\d:\d\d:\d\d(?:\.\d+)? (?:[+-]\d{4} )?)(?:\[\d+\] )?(\w{6}\-\w{6}\-\w{2})?/o;

  # Handle the case when the log line belongs to a specific message. We save
  # lines for specific messages until the message is complete. Then either print
  # or discard.

  if (defined $id)
    {
    $saved{$id} = '' unless defined($saved{$id});

    # Save up the data for this message in case it becomes interesting later.

    $saved{$id} .= $_;

    # Are we interested in this id ? Short circuit if we already were interested.

    if ($invert)
    {
    $id_list{$id} = 1 if (!defined($id_list{$id}));
    $id_list{$id} = 0 if (($insensitive && /$pattern/io) || /$pattern/o);
    }
  else
    {
    if (defined $id_list{$id} ||
      ($insensitive && /$pattern/io) || /$pattern/o)
      {
      $id_list{$id} = 1 if (!defined($id_list{$id}));
      $id_list{$id} = 0 if (($insensitive && /$pattern/io) || /$pattern/o);
      }
    else
      {
      if (defined $id_list{$id} ||
	($insensitive && /$pattern/io) || /$pattern/o)
	{
	$id_list{$id} = 1;
	get_related_ids($id) if $related;
	}
      elsif ($related && $related_re)
	{
	grep_for_related($_, $id);
	}
      }
    }

    # See if this is a completion for some message. If it is interesting,
    # print it, but in any event, throw away what was saved.

    if (index($_, 'Completed') != -1 ||
	index($_, 'SMTP data timeout') != -1 ||
	  (index($_, 'rejected') != -1 &&
	    /^(\d{4}-\d\d-\d\d \d\d:\d\d:\d\d(?:\.\d+)? (?:[+-]\d{4} )?)(?:\[\d+\] )?\w{6}\-\w{6}\-\w{2} rejected/o))
    {
    if ($queue_time != -1 &&
        $saved{$id} =~ /^(\d{4}-\d\d-\d\d \d\d:\d\d:\d\d ([+-]\d{4} )?)/o)
      {
      if ($queue_time != -1 &&
	  $saved{$id} =~ /^(\d{4}-\d\d-\d\d \d\d:\d\d:\d\d ([+-]\d{4} )?)/o)
	{
	my $old_sec = &seconds($1);
	my $sec = &seconds($date);
	$id_list{$id} = 0 if $id_list{$id} && $sec - $old_sec <= $queue_time;
	}

      print "$saved{$id}\n" if ($id_list{$id});
      delete $id_list{$id};
      delete $saved{$id};
      }

    print "$saved{$id}\n" if ($id_list{$id});
    delete $id_list{$id};
    delete $saved{$id};
    }
  }

  # Handle the case where the log line does not belong to a specific message.
  # Print it if it is interesting.

  elsif ( ($invert && (($insensitive && !/$pattern/io) || !/$pattern/o)) ||
	 (!$invert && (($insensitive &&  /$pattern/io) ||  /$pattern/o)) )
    { print "$_\n"; }
  }

# Rotated log files are frequently compressed and there are a variety of
# formats it could be compressed with. Rather than use just one that is

  return $cmdline;
  }

sub grep_for_related
  {
  my ($line,$id) = @_;
  $id_list{$id} = 1 if $line =~ m/$related_re/;
  }

sub get_related_ids
  {
  my ($id) = @_;
  push @Mids, $id unless grep /\b$id\b/, @Mids;
  my $re = join '|', @Mids;
  $related_re = qr/$re/;
  }

# The main program. Extract the pattern and make sure any relevant characters
# are quoted if the -l flag is given. The -t flag gives a time-on-queue value




*     Exim - an Internet mail transport agent    *
*************************************************/

/* Copyright (c) The Exim Maintainers 2020 - 2022 */
/* Copyright (c) University of Cambridge 1995 - 2018 */
/* Copyright (c) The Exim Maintainers 2020 */
/* See the file NOTICE for conditions of use and distribution. */



for store allocation via Exim's store manager. The normal calls are actually
macros that pass over location information to make tracing easier. These
functions just interface to the standard macro calls. A good compiler will
optimize out the tail recursion and so not make them too expensive. */
are two sets of functions; one for use when we want to retain the compiled
regular expression for a long time; the other for short-term use. */

static void *
function_store_malloc(PCRE2_SIZE size, void * tag)
{
/* For now, regard all RE results as potentially tainted.  We might need
more intelligence on this point. */
return store_get((int)size, TRUE);
}

static void
function_dummy_free(void *block) { block = block; }

static void *
function_store_malloc(size_t size)
{
return store_malloc((int)size);
}

static void
function_store_free(void * block, void * tag)
{
/* At least some version of pcre2 pass a null pointer */
if (block) store_free(block);
}



Returns:      pointer to the compiled pattern
*/

const pcre2_code *
regex_must_compile(const uschar * pattern, BOOL caseless, BOOL use_malloc)
{
size_t offset;
int options = caseless ? PCRE_COPT|PCRE2_CASELESS : PCRE_COPT;
const pcre2_code * yield;
int err;
pcre2_general_context * gctx;
pcre2_compile_context * cctx;

if (use_malloc)
  {
  gctx = pcre2_general_context_create(function_store_malloc, function_store_free, NULL);
  cctx = pcre2_compile_context_create(gctx);
  }
else
  cctx = pcre_cmp_ctx;

if (!(yield = pcre2_compile((PCRE2_SPTR)pattern, PCRE2_ZERO_TERMINATED, options,
  &err, &offset, cctx)))
  {
  uschar errbuf[128];
  pcre2_get_error_message(err, errbuf, sizeof(errbuf));
  log_write(0, LOG_MAIN|LOG_PANIC_DIE, "regular expression error: "
    "%s at offset %ld while compiling %s", errbuf, (long)offset, pattern);
  }

if (use_malloc)
  {
  pcre2_compile_context_free(cctx);
  pcre2_general_context_free(gctx);
  }
return yield;
}


static void
pcre_init(void)
{
pcre_gen_ctx = pcre2_general_context_create(function_store_malloc, function_store_free, NULL);
pcre_cmp_ctx = pcre2_compile_context_create(pcre_gen_ctx);
pcre_mtc_ctx = pcre2_match_context_create(pcre_gen_ctx);
}




/*************************************************

*************************************************/

/* This function runs a regular expression match, and sets up the pointers to
the matched substrings.  The matched strings are copied so the lifetime of
the subject is not a problem.

Arguments:
  re          the compiled expression

              if >= 0 setup from setup+1 onwards,
                excluding the full matched string

Returns:      TRUE if matched, or FALSE
*/

BOOL
regex_match_and_setup(const pcre2_code * re, const uschar * subject, int options, int setup)
{
pcre2_match_data * md = pcre2_match_data_create_from_pattern(re, pcre_gen_ctx);
int res = pcre2_match(re, (PCRE2_SPTR)subject, PCRE2_ZERO_TERMINATED, 0,
			PCRE_EOPT | options, md, pcre_mtc_ctx);
BOOL yield;

if ((yield = (res >= 0)))
if (yield)
  {
  res = pcre2_get_ovector_count(md);
  expand_nmax = setup < 0 ? 0 : setup + 1;
  for (int matchnum = setup < 0 ? 0 : 1; matchnum < res; matchnum++)
    {
    PCRE2_SIZE len;
    pcre2_substring_get_bynumber(md, matchnum,
      (PCRE2_UCHAR **)&expand_nstring[expand_nmax], &len);
    expand_nlength[expand_nmax++] = (int)len;
    }
  expand_nmax--;
  }
else if (res != PCRE2_ERROR_NOMATCH) DEBUG(D_any)
  {
  uschar errbuf[128];
  pcre2_get_error_message(res, errbuf, sizeof(errbuf));
  debug_printf_indent("pcre2: %s\n", errbuf);
  }
pcre2_match_data_free(md);
return yield;
}


/* Check just for match with regex.  Uses the common memory-handling.

Arguments:
	re	compiled regex
	subject	string to be checked
	slen	length of subject; -1 for nul-terminated
	rptr	pointer for matched string, copied, or NULL

Return: TRUE for a match.
*/

BOOL
regex_match(const pcre2_code * re, const uschar * subject, int slen, uschar ** rptr)
{
pcre2_match_data * md = pcre2_match_data_create(1, pcre_gen_ctx);
int rc = pcre2_match(re, (PCRE2_SPTR)subject,
		      slen >= 0 ? slen : PCRE2_ZERO_TERMINATED,
		      0, PCRE_EOPT, md, pcre_mtc_ctx);
PCRE2_SIZE * ovec = pcre2_get_ovector_pointer(md);
if (rc < 0)
  return FALSE;
if (rptr)
  *rptr = string_copyn(subject + ovec[0], ovec[1] - ovec[0]);
return TRUE;
}



/*************************************************

}


/***********************************************
*            Handler for SIGSEGV               *
***********************************************/

static void
#ifdef SA_SIGINFO
segv_handler(int sig, siginfo_t * info, void * uctx)
{
log_write(0, LOG_MAIN|LOG_PANIC, "SIGSEGV (fault address: %p)", info->si_addr);
# if defined(SEGV_MAPERR) && defined(SEGV_ACCERR) && defined(SEGV_BNDERR) && defined(SEGV_PKUERR)
switch (info->si_code)
  {
  case SEGV_MAPERR: log_write(0, LOG_MAIN|LOG_PANIC, "SEGV_MAPERR"); break;
  case SEGV_ACCERR: log_write(0, LOG_MAIN|LOG_PANIC, "SEGV_ACCERR"); break;
  case SEGV_BNDERR: log_write(0, LOG_MAIN|LOG_PANIC, "SEGV_BNDERR"); break;
  case SEGV_PKUERR: log_write(0, LOG_MAIN|LOG_PANIC, "SEGV_PKUERR"); break;
  }
# endif
if (US info->si_addr < US 4096)
  log_write(0, LOG_MAIN|LOG_PANIC, "SIGSEGV (null pointer indirection)");
else
  log_write(0, LOG_MAIN|LOG_PANIC, "SIGSEGV (maybe attempt to write to immutable memory)");
if (process_info_len > 0)
  log_write(0, LOG_MAIN|LOG_PANIC, "SIGSEGV (%.*s)", process_info_len, process_info);
signal(SIGSEGV, SIG_DFL);
kill(getpid(), sig);
}

#else
segv_handler(int sig)
{
log_write(0, LOG_MAIN|LOG_PANIC, "SIGSEGV (maybe attempt to write to immutable memory)");
if (process_info_len > 0)
  log_write(0, LOG_MAIN|LOG_PANIC, "SIGSEGV (%.*s)", process_info_len, process_info);
signal(SIGSEGV, SIG_DFL);
kill(getpid(), sig);
}
#endif


/*************************************************
*             Handler for SIGUSR1                *
*************************************************/

void
sigalrm_handler(int sig)
{
sig = sig;      /* Keep picky compilers happy */
sigalrm_seen = TRUE;
os_non_restarting_signal(SIGALRM, sigalrm_handler);
}

clocks that go backwards.

Arguments:
  prev_tv      A timeval which was used to create uniqueness; its usec field
                 has been rounded down to the value of the resolution.
                 We want to be sure the current time is greater than this.
		 On return, updated to current (rounded down).
  resolution   The resolution that was used to divide the microseconds
                 (1 for maildir, larger for message ids)


*/

void
exim_wait_tick(struct timeval * prev_tv, int resolution)
{
struct timeval now_tv;
long int now_true_usec;

now_true_usec = now_tv.tv_usec;
now_tv.tv_usec = (now_true_usec/resolution) * resolution;

while (exim_tvcmp(&now_tv, prev_tv) <= 0)
  {
  struct itimerval itval;
  itval.it_interval.tv_sec = 0;
  itval.it_interval.tv_usec = 0;
  itval.it_value.tv_sec = prev_tv->tv_sec - now_tv.tv_sec;
  itval.it_value.tv_usec = prev_tv->tv_usec + resolution - now_true_usec;

  /* We know that, overall, "now" is less than or equal to "then". Therefore, a
  negative value for the microseconds is possible only in the case when "now"

    if (!f.running_in_test_harness)
      {
      debug_printf("tick check: " TIME_T_FMT ".%06lu " TIME_T_FMT ".%06lu\n",
        prev_tv->tv_sec, (long) prev_tv->tv_usec,
       	now_tv.tv_sec, (long) now_tv.tv_usec);
      debug_printf("waiting " TIME_T_FMT ".%06lu sec\n",
        itval.it_value.tv_sec, (long) itval.it_value.tv_usec);

  /* Be prapared to go around if the kernel does not implement subtick
  granularity (GNU Hurd) */

  exim_gettime(&now_tv);
  now_true_usec = now_tv.tv_usec;
  now_tv.tv_usec = (now_true_usec/resolution) * resolution;
  }
*prev_tv = now_tv;
}



    {
    if (devnull < 0) devnull = open("/dev/null", O_RDWR);
    if (devnull < 0) log_write(0, LOG_MAIN|LOG_PANIC_DIE, "%s",
      string_open_failed("/dev/null", NULL));
    if (devnull != i) (void)dup2(devnull, i);
    }
  }

*/

void
exim_setugid(uid_t uid, gid_t gid, BOOL igflag, const uschar * msg)
{
uid_t euid = geteuid();
gid_t egid = getegid();

  int rc = verify_address(deliver_make_addr(address,TRUE), stdout, flags, -1,
    -1, -1, NULL, NULL, NULL);
  if (rc == FAIL) *exit_value = 2;
  else if (rc == DEFER && *exit_value == 0) *exit_value = 1;
  }
}


*************************************************/

static void
show_string(BOOL is_stdout, gstring * g)
{
const uschar * s = string_from_gstring(g);
if (s)
  if (is_stdout) fputs(CCS s, stdout);
  else debug_printf("%s", s);
}


static gstring *
show_db_version(gstring * g)
{
#ifdef DB_VERSION_STRING
DEBUG(D_any)
  {
  g = string_fmt_append(g, "Library version: BDB: Compile: %s\n", DB_VERSION_STRING);
  g = string_fmt_append(g, "                      Runtime: %s\n",
    db_version(NULL, NULL, NULL));
  }
else
  g = string_fmt_append(g, "Berkeley DB: %s\n", DB_VERSION_STRING);

#elif defined(BTREEVERSION) && defined(HASHVERSION)
# ifdef USE_DB
  g = string_cat(g, US"Probably Berkeley DB version 1.8x (native mode)\n");
# else
  g = string_cat(g, US"Probably Berkeley DB version 1.8x (compatibility mode)\n");
# endif

#elif defined(_DBM_RDONLY) || defined(dbm_dirfno)
g = string_cat(g, US"Probably ndbm\n");
#elif defined(USE_TDB)
g = string_cat(g, US"Using tdb\n");
#else
# ifdef USE_GDBM
  g = string_cat(g, US"Probably GDBM (native mode)\n");
# else
  g = string_cat(g, US"Probably GDBM (compatibility mode)\n");
# endif
#endif
return g;
}


/* This function is called for -bV/--version and for -d to output the optional
features of the current Exim binary.

Arguments:  BOOL, true for stdout else debug channel
Returns:    nothing
*/

static void
show_whats_supported(BOOL is_stdout)
{
rmark reset_point = store_mark();
gstring * g = NULL;
DEBUG(D_any) {} else show_db_version(fp);

DEBUG(D_any) {} else g = show_db_version(g);

g = string_cat(g, US"Support for:");
#ifdef SUPPORT_CRYPTEQ
  g = string_cat(g, US" crypteq");
#endif

#ifdef USE_OPENSSL
  g = string_cat(g, US" OpenSSL");
#endif
#ifndef DISABLE_TLS_RESUME
  g = string_cat(g, US" TLS_resume");
#endif
#ifdef SUPPORT_TRANSLATE_IP_ADDRESS
  g = string_cat(g, US" translate_ip_address");
#endif

#ifndef DISABLE_DKIM
  g = string_cat(g, US" DKIM");
#endif
#ifdef SUPPORT_DMARC
  g = string_cat(g, US" DMARC");
#endif
#ifndef DISABLE_DNSSEC
  g = string_cat(g, US" DNSSEC");
#endif

  g = string_cat(g, US" OCSP");
#endif
#ifndef DISABLE_PIPE_CONNECT
  g = string_cat(g, US" PIPECONNECT");
#endif
#ifndef DISABLE_PRDR
  g = string_cat(g, US" PRDR");

#ifdef SUPPORT_PROXY
  g = string_cat(g, US" PROXY");
#endif
#ifndef DISABLE_QUEUE_RAMP
  g = string_cat(g, US" Queue_Ramp");
#endif
#ifdef SUPPORT_SOCKS
  g = string_cat(g, US" SOCKS");
#endif
#ifdef SUPPORT_SPF
  g = string_cat(g, US" SPF");
#endif
#if defined(SUPPORT_SRS)
  g = string_cat(g, US" SRS");
#endif
#ifdef TCP_FASTOPEN
  tcp_init();

#ifdef EXPERIMENTAL_DSN_INFO
  g = string_cat(g, US" Experimental_DSN_info");
#endif
#ifdef EXPERIMENTAL_ESMTP_LIMITS
  g = string_cat(g, US" Experimental_ESMTP_Limits");
#endif
#ifdef EXPERIMENTAL_QUEUE_RAMP
  g = string_cat(g, US" Experimental_Queue_Ramp");
#endif
#ifdef EXPERIMENTAL_QUEUEFILE
  g = string_cat(g, US" Experimental_QUEUEFILE");
#endif
#if defined(EXPERIMENTAL_SRS) || defined(EXPERIMENTAL_SRS_NATIVE)
  g = string_cat(g, US" Experimental_SRS");
#endif
#ifdef EXPERIMENTAL_TLS_RESUME
  g = string_cat(g, US" Experimental_TLS_resume");
#endif
g = string_cat(g, US"\n");

g = string_cat(g, US"Lookups (built-in):");

#if defined(LOOKUP_LDAP) && LOOKUP_LDAP!=2
  g = string_cat(g, US" ldap ldapdn ldapm");
#endif
#ifdef LOOKUP_LMDB
  g = string_cat(g, US" lmdb");
#endif
#if defined(LOOKUP_MYSQL) && LOOKUP_MYSQL!=2

#ifdef WITH_CONTENT_SCAN
g = malware_show_supported(g);
#endif
show_string(is_stdout, g); g = NULL;

if (fixed_never_users[0] > 0)
  {

  }

g = string_fmt_append(g, "Configure owner: %d:%d\n", config_uid, config_gid);
fputs(CS string_from_gstring(g), fp);

g = string_fmt_append(g, "Size of off_t: " SIZE_T_FMT "\n", sizeof(off_t));

/* Everything else is details which are only worth reporting when debugging.
Perhaps the tls_version_report should move into this too. */
DEBUG(D_any)
  {

/* clang defines __GNUC__ (at least, for me) so test for it first */
#if defined(__clang__)
  g = string_fmt_append(g, "Compiler: CLang [%s]\n", __clang_version__);
#elif defined(__GNUC__)
  g = string_fmt_append(g, "Compiler: GCC [%s]\n",
# ifdef __VERSION__
      __VERSION__
# else

# endif
      );
#else
  g = string_cat(g, US"Compiler: <unknown>\n");
#endif

#if defined(__GLIBC__) && !defined(__UCLIBC__)
  g = string_fmt_append(g, "Library version: Glibc: Compile: %d.%d\n",
	       	__GLIBC__, __GLIBC_MINOR__);
  if (__GLIBC_PREREQ(2, 1))
    g = string_fmt_append(g, "                        Runtime: %s\n",
	       	gnu_get_libc_version());
#endif

g = show_db_version(g);

#ifndef DISABLE_TLS
  g = tls_version_report(g);
#endif
#ifdef SUPPORT_I18N
  g = utf8_version_report(g);
#endif
#ifdef SUPPORT_DMARC
  g = dmarc_version_report(g);
#endif
#ifdef SUPPORT_SPF
  g = spf_lib_version_report(g);
#endif

show_string(is_stdout, g);
g = NULL;

for (auth_info * authi = auths_available; *authi->driver_name != '\0'; ++authi)
  if (authi->version_report)
    g = (*authi->version_report)(g);

  /* PCRE_PRERELEASE is either defined and empty or a bare sequence of
  characters; unless it's an ancient version of PCRE in which case it

#endif
#define QUOTE(X) #X
#define EXPAND_AND_QUOTE(X) QUOTE(X)
  {
  uschar buf[24];
  pcre2_config(PCRE2_CONFIG_VERSION, buf);
  g = string_fmt_append(g, "Library version: PCRE2: Compile: %d.%d%s\n"
              "                        Runtime: %s\n",
          PCRE2_MAJOR, PCRE2_MINOR,
          EXPAND_AND_QUOTE(PCRE2_PRERELEASE) "",
          buf);
  }
#undef QUOTE
#undef EXPAND_AND_QUOTE

show_string(is_stdout, g);
g = NULL;

init_lookup_list();
for (int i = 0; i < lookup_list_count; i++)
  if (lookup_list[i]->version_report)
    g = lookup_list[i]->version_report(g);
show_string(is_stdout, g);
g = NULL;

#ifdef WHITELIST_D_MACROS
  g = string_fmt_append(g, "WHITELIST_D_MACROS: \"%s\"\n", WHITELIST_D_MACROS);
#else
  g = string_cat(g, US"WHITELIST_D_MACROS unset\n");
#endif
#ifdef TRUSTED_CONFIG_LIST
  g = string_fmt_append(g, "TRUSTED_CONFIG_LIST: \"%s\"\n", TRUSTED_CONFIG_LIST);
#else
  g = string_cat(g, US"TRUSTED_CONFIG_LIST unset\n");
#endif
  }

show_string(is_stdout, g);
store_reset(reset_point);
}


get_stdinput(char *(*fn_readline)(const char *), void(*fn_addhist)(const char *))
{
gstring * g = NULL;
BOOL had_input = FALSE;

if (!fn_readline) { printf("> "); fflush(stdout); }

for (int i = 0;; i++)
  {
  uschar buffer[1024];
  uschar * p, * ss;

#ifdef USE_READLINE
  char *readline_line = NULL;
  if (fn_readline)
    {
    if (!(readline_line = fn_readline((i > 0)? "":"> "))) break;
    if (*readline_line && fn_addhist) fn_addhist(readline_line);
    p = US readline_line;
    }
  else
#endif

  /* readline() not in use */

    {
    if (Ufgets(buffer, sizeof(buffer), stdin) == NULL) break;	/*EOF*/
    p = buffer;
    }

  /* Handle the line */

  had_input = TRUE;
  ss = p + Ustrlen(p);
  while (ss > p && isspace(ss[-1])) ss--; /* strip trailing newline (and spaces) */

  if (i > 0)
    while (p < ss && isspace(*p)) p++;   /* strip leading space after cont */

  g = string_catn(g, p, ss - p);

#ifdef USE_READLINE
  if (fn_readline) free(readline_line);
#endif

  /* g can only be NULL if ss==p */
  if (ss == p || g->s[g->ptr-1] != '\\') /* not continuation; done */
    break;

  --g->ptr;				/* drop the \ */
  (void) string_from_gstring(g);
  }

if (had_input) return g ? string_from_gstring(g) : US"";
printf("\n");
return NULL;
}



    continue;
  if ((len = m->replen) == 0)
    continue;
  if (!regex_match(regex_whitelisted_macro, m->replacement, len, NULL))
   0, PCRE_EOPT, NULL, 0);
  if (n < 0)
    {
    if (n != PCRE_ERROR_NOMATCH)
      debug_printf("macros_trusted checking %s returned %d\n", m->name, n);
    return FALSE;
    }
  }
DEBUG(D_any) debug_printf("macros_trusted overridden to true by whitelisting\n");
return TRUE;

int  list_queue_option = 0;
int  msg_action = 0;
int  msg_action_arg = -1;
int  namelen = argv[0] ? Ustrlen(argv[0]) : 0;
int  queue_only_reason = 0;
#ifdef EXIM_PERL
int  perl_start_option = 0;

BOOL list_options = FALSE;
BOOL list_config = FALSE;
BOOL local_queue_only;
BOOL more = TRUE;
BOOL one_msg_action = FALSE;
BOOL opt_D_used = FALSE;
BOOL queue_only_set = FALSE;

BOOL usage_wanted = FALSE;
BOOL verify_address_mode = FALSE;
BOOL verify_as_sender = FALSE;
BOOL rcpt_verify_quota = FALSE;
BOOL version_printed = FALSE;
uschar *alias_arg = NULL;
uschar *called_as = US"";

(void)gettimeofday(&timestamp_startup, NULL);
#endif

store_init();	/* Initialise the memory allocation susbsystem */
pcre_init();	/* Set up memory handling for pcre */

/* If the Exim user and/or group and/or the configuration file owner/group were
defined by ref:name at build time, we must now find the actual uid/gid values.
This is a feature to make the lives of binary distributors easier. */

  debug_store = TRUE;

/* Protect against abusive argv[0] */
if (!argv[0] || !argc) exim_fail("exim: executable name required\n");
exim_str_fail_toolong(argv[0], PATH_MAX, "argv[0]");

/* The C standard says that the equivalent of setlocale(LC_ALL, "C") is obeyed


if (fstat(fileno(stderr), &statbuf) >= 0) log_stderr = stderr;

/* Arrange for the PCRE regex library to use our store functions. Note that
the normal calls are actually macros that add additional arguments for
debugging purposes so we have to assign specially constructed functions here.
The default is to use store in the stacking pool, but this is overridden in the
regex_must_compile() function. */

pcre_malloc = function_store_get;
pcre_free = function_dummy_free;

/* Ensure there is a big buffer for temporary use in several places. It is put
in malloc store so that it can be freed for enlargement if necessary. */


/* Set up the handler for the data request signal, and set the initial
descriptive text. */

process_info = store_get(PROCESS_INFO_SIZE, GET_TAINTED);
set_process_info("initializing");
os_restarting_signal(SIGUSR1, usr1_handler);		/* exiwhat */
#ifdef SA_SIGINFO
  {
  struct sigaction act = { .sa_sigaction = segv_handler, .sa_flags = SA_RESETHAND | SA_SIGINFO };
  sigaction(SIGSEGV, &act, NULL);
  }
#else
signal(SIGSEGV, segv_handler);				/* log faults */
#endif

/* If running in a dockerized environment, the TERM signal is only
delegated to the PID 1 if we request it by setting an signal handler */

	  if (!*argrest || Ustrcmp(argrest, "c") == 0)
	    {
	    if (++i >= argc) { badarg = TRUE; break; }
	    sender_host_address = string_copy_taint(
		  exim_str_fail_toolong(argv[i], EXIM_IPADDR_MAX, "-bh"),
		  GET_TAINTED);
	    host_checking = checking = f.log_testing_mode = TRUE;
	    f.host_checking_callout = *argrest == 'c';
	    message_logs = FALSE;

	case 'P':

	  /* -bP config: we need to setup here, because later,
	  when list_options is checked, the config is read already */
	  if (*argrest)
	    badarg = TRUE;
	  else if (argv[i+1] && Ustrcmp(argv[i+1], "config") == 0)

	      version_cnumber, version_date);
	    printf("%s\n", CS version_copyright);
	    version_printed = TRUE;
	    show_whats_supported(TRUE);
	    f.log_testing_mode = TRUE;
	    }
	  else badarg = TRUE;

      int len = Ustrlen(ALT_CONFIG_PREFIX);
      const uschar *list = argrest;
      uschar *filename;
      /* The argv is untainted, so big_buffer (also untainted) is ok to use */
      while((filename = string_nextinlist(&list, &sep, big_buffer,
             big_buffer_size)))
        if (  (  Ustrlen(filename) < len

    #endif
    break;

    /* -d: Set debug level (see also -v below) or set the drop_cr option.
    The latter is now a no-op, retained for compatibility only. If -dd is used,
    debugging subprocesses of the daemon is disabled. */

    case 'd':

    /* -dropcr: Set this option.  Now a no-op, retained for compatibility only. */

    if (Ustrcmp(argrest, "ropcr") == 0)
      {
      /* drop_cr = TRUE; */
      }

    /* -dp: Set up a debug pretrigger buffer with given size. */

    else if (Ustrcmp(argrest, "p") == 0)
      if (++i >= argc)
	badarg = TRUE;
      else
	debug_pretrigger_setup(argv[i]);

    /* -dt: Set a debug trigger selector */

    else if (Ustrncmp(argrest, "t=", 2) == 0)
      dtrigger_selector = (unsigned int) Ustrtol(argrest + 2, NULL, 0);

    /* -d: Set debug level (see also -v below).
    If -dd is used, debugging subprocesses of the daemon is disabled. */

    else
      {
      /* Use an intermediate variable so that we don't set debugging while
      decoding the debugging bits. */

      unsigned int selector = D_default;
      debug_selector = 0;
      debug_file = NULL;

    case 'F':
    if (!*argrest)
      if (++i < argc) argrest = argv[i]; else { badarg = TRUE; break; }
    originator_name = string_copy_taint(
		  exim_str_fail_toolong(argrest, EXIM_HUMANNAME_MAX, "-F"),
		  GET_TAINTED);
    f.sender_name_forced = TRUE;
    break;


        if (i+1 < argc) argrest = argv[++i]; else { badarg = TRUE; break; }
      (void) exim_str_fail_toolong(argrest, EXIM_DISPLAYMAIL_MAX, "-f");
      if (!*argrest)
        *(sender_address = store_get(1, GET_UNTAINTED)) = '\0';  /* Ensure writeable memory */
      else
        {
        uschar * temp = argrest + Ustrlen(argrest) - 1;

		  &dummy_start, &dummy_end, &sender_address_domain, TRUE)))
          exim_fail("exim: bad -f address \"%s\": %s\n", argrest, errmess);

	sender_address = string_copy_taint(sender_address, GET_TAINTED);
#ifdef SUPPORT_I18N
	message_smtputf8 =  string_is_utf8(sender_address);
	allow_utf8_domains = FALSE;

      exim_fail("exim: the -L syslog name is too long: \"%s\"\n", argrest);
    if (sz < 1)
      exim_fail("exim: the -L syslog name is too short\n");
    cmdline_syslog_name = string_copy_taint(argrest, GET_TAINTED);
    break;

    case 'M':

      if (msg_action_arg >= 0)
        exim_fail("exim: incompatible arguments\n");

      continue_transport = string_copy_taint(
	exim_str_fail_toolong(argv[++i], EXIM_DRIVERNAME_MAX, "-C internal transport"),
	GET_TAINTED);
      continue_hostname = string_copy_taint(
	exim_str_fail_toolong(argv[++i], EXIM_HOSTNAME_MAX, "-C internal hostname"),
	GET_TAINTED);
      continue_host_address = string_copy_taint(
	exim_str_fail_toolong(argv[++i], EXIM_IPADDR_MAX, "-C internal hostaddr"),
	GET_TAINTED);
      continue_sequence = Uatoi(argv[++i]);
      msg_action = MSG_DELIVER;
      msg_action_arg = ++i;

    /* -MCd: for debug, set a process-purpose string */

	case 'd': if (++i < argc)
		    process_purpose = string_copy_taint(
		      exim_str_fail_toolong(argv[i], EXIM_DRIVERNAME_MAX, "-MCd"),
		      GET_TAINTED);
		  else badarg = TRUE;
		  break;

    /* -MCG: set the queue name, to a non-default value. Arguably, anything
       from the commandline should be tainted - but we will need an untainted
       value for the spoolfile when doing a -odi delivery process. */

	case 'G': if (++i < argc) queue_name = string_copy_taint(
		      exim_str_fail_toolong(argv[i], EXIM_DRIVERNAME_MAX, "-MCG"),
		      GET_UNTAINTED);
		  else badarg = TRUE;
		  break;



	case 'K': smtp_peer_options |= OPTION_CHUNKING; break;

#ifdef EXPERIMENTAL_ESMTP_LIMITS
    /* -MCL: peer used LIMITS RCPTMAX and/or RCPTDOMAINMAX */
	case 'L': if (++i < argc) continue_limit_mail = Uatoi(argv[i]);
		  else badarg = TRUE;
		  if (++i < argc) continue_limit_rcpt = Uatoi(argv[i]);
		  else badarg = TRUE;
		  if (++i < argc) continue_limit_rcptdom = Uatoi(argv[i]);
		  else badarg = TRUE;
		  break;
#endif

    /* -MCP: set the smtp_use_pipelining flag; this is useful only when
    it preceded -MC (see above) */

	case 'P': smtp_peer_options |= OPTION_PIPE; break;

#ifdef SUPPORT_SOCKS
    /* -MCp: Socks proxy in use; nearside IP, port, external IP, port */
	case 'p': proxy_session = TRUE;
		  if (++i < argc)
		    {
		    proxy_local_address = string_copy_taint(argv[i], GET_TAINTED);
		    if (++i < argc)
		      {
		      proxy_local_port = Uatoi(argv[i]);
		      if (++i < argc)
			{
			proxy_external_address = string_copy_taint(argv[i], GET_TAINTED);
			if (++i < argc)
			  {
			  proxy_external_port = Uatoi(argv[i]);
			  break;
		    } } } }
		  badarg = TRUE;
		  break;
#endif
    /* -MCQ: pass on the pid of the queue-running process that started
    this chain of deliveries and the fd of its synchronizing pipe; this
    is useful only when it precedes -MC (see above) */

		  else badarg = TRUE;
		  break;

    /* -MCq: do a quota check on the given recipient for the given size
    of message.  Separate from -MC. */
	case 'q': rcpt_verify_quota = TRUE;
		  if (++i < argc) message_size = Uatoi(argv[i]);
		  else badarg = TRUE;
		  break;

    /* -MCS: set the smtp_use_size flag; this is useful only when it
    precedes -MC (see above) */


	case 'r':
	case 's': if (++i < argc)
		    {
		    continue_proxy_sni = string_copy_taint(
		      exim_str_fail_toolong(argv[i], EXIM_HOSTNAME_MAX, "-MCr/-MCs"),
		      GET_TAINTED);
		    if (argrest[1] == 'r') continue_proxy_dane = TRUE;
		    }
		  else badarg = TRUE;

    and the TLS cipher. */

	case 't': if (++i < argc)
		    sending_ip_address = string_copy_taint(
		      exim_str_fail_toolong(argv[i], EXIM_IPADDR_MAX, "-MCt IP"),
		      GET_TAINTED);
		  else badarg = TRUE;
		  if (++i < argc)
		    sending_port = (int)(Uatol(argv[i]));
		  else badarg = TRUE;
		  if (++i < argc)
		    continue_proxy_cipher = string_copy_taint(
		      exim_str_fail_toolong(argv[i], EXIM_CIPHERNAME_MAX, "-MCt cipher"),
		      GET_TAINTED);
		  else badarg = TRUE;
		  /*FALLTHROUGH*/


   else if (Ustrcmp(argrest, "G") == 0)
      {
      msg_action = MSG_SETQUEUE;
      queue_name_dest = string_copy_taint(
	exim_str_fail_toolong(argv[++i], EXIM_DRIVERNAME_MAX, "-MG"),
	GET_TAINTED);
      {
      msg_action = MSG_MARK_ALL_DELIVERED;
      }
    else if (Ustrcmp(argrest, "mad") == 0) msg_action = MSG_MARK_ALL_DELIVERED;
    else if (Ustrcmp(argrest, "md") == 0)
      {
      msg_action = MSG_MARK_DELIVERED;

	/* -oMa: Set sender host address */

	if (Ustrcmp(argrest, "a") == 0)
	  sender_host_address = string_copy_taint(
	    exim_str_fail_toolong(argv[++i], EXIM_IPADDR_MAX, "-oMa"),
	    GET_TAINTED);

	/* -oMaa: Set authenticator name */

	else if (Ustrcmp(argrest, "aa") == 0)
	  sender_host_authenticated = string_copy_taint(
	    exim_str_fail_toolong(argv[++i], EXIM_DRIVERNAME_MAX, "-oMaa"),
	    GET_TAINTED);

	/* -oMas: setting authenticated sender */

	else if (Ustrcmp(argrest, "as") == 0)
	  authenticated_sender = string_copy_taint(
	    exim_str_fail_toolong(argv[++i], EXIM_EMAILADDR_MAX, "-oMas"),
	    GET_TAINTED);

	/* -oMai: setting authenticated id */

	else if (Ustrcmp(argrest, "ai") == 0)
	  authenticated_id = string_copy_taint(
	    exim_str_fail_toolong(argv[++i], EXIM_EMAILADDR_MAX, "-oMas"),
	    GET_TAINTED);

	/* -oMi: Set incoming interface address */

	else if (Ustrcmp(argrest, "i") == 0)
	  interface_address = string_copy_taint(
	    exim_str_fail_toolong(argv[++i], EXIM_IPADDR_MAX, "-oMi"),
	    GET_TAINTED);

	/* -oMm: Message reference */


	  if (received_protocol)
	    exim_fail("received_protocol is set already\n");
	  else
	    received_protocol = string_copy_taint(
	      exim_str_fail_toolong(argv[++i], EXIM_DRIVERNAME_MAX, "-oMr"),
	      GET_TAINTED);

	/* -oMs: Set sender host name */

	else if (Ustrcmp(argrest, "s") == 0)
	  sender_host_name = string_copy_taint(
	    exim_str_fail_toolong(argv[++i], EXIM_HOSTNAME_MAX, "-oMs"),
	    GET_TAINTED);

	/* -oMt: Set sender ident */

	else if (Ustrcmp(argrest, "t") == 0)
	  {
	  sender_ident_set = TRUE;
	  sender_ident = string_copy_taint(
	    exim_str_fail_toolong(argv[++i], EXIM_IDENTUSER_MAX, "-oMt"),
	    GET_TAINTED);
	  }

	/* Else a bad argument */


      case 'X':
	if (*argrest) badarg = TRUE;
	else override_local_interfaces = string_copy_taint(
	  exim_str_fail_toolong(argv[++i], 1024, "-oX"),
	  GET_TAINTED);
	break;

      /* -oY: Override creation of daemon notifier socket */

      case 'Y':
	if (*argrest) badarg = TRUE;
	else notifier_socket = NULL;
	break;

      /* Unknown -o argument */

        exim_fail("received_protocol is set already\n");

      if (!hn)
        received_protocol = string_copy_taint(
	  exim_str_fail_toolong(argrest, EXIM_DRIVERNAME_MAX, "-p<protocol>"),
	  GET_TAINTED);
      else
        {
        (void) exim_str_fail_toolong(argrest, (EXIM_DRIVERNAME_MAX+1+EXIM_HOSTNAME_MAX), "-p<protocol>:<host>");
        received_protocol = string_copyn_taint(argrest, hn - argrest, GET_TAINTED);
        sender_host_name = string_copy_taint(hn + 1, GET_TAINTED);
        }
      }
    break;

	{
	queue_interval = 0;
	if (i+1 < argc && mac_ismsgid(argv[i+1]))
	  start_queue_run_id = string_copy_taint(argv[++i], GET_TAINTED);
	if (i+1 < argc && mac_ismsgid(argv[i+1]))
	  stop_queue_run_id = string_copy_taint(argv[++i], GET_TAINTED);
	}

    /* -q[f][f][l][G<name>/]<n>: Run the queue at regular intervals, optionally

	tainted_selectstr = argv[++i];
      else
	exim_fail("exim: string expected after -R\n");
      deliver_selectstring = string_copy_taint(
	exim_str_fail_toolong(tainted_selectstr, EXIM_EMAILADDR_MAX, "-R"),
	GET_TAINTED);
      }
    break;


	tainted_selectstr = argv[++i];
      else
	exim_fail("exim: string expected after -S\n");
      deliver_selectstring_sender = string_copy_taint(
	exim_str_fail_toolong(tainted_selectstr, EXIM_EMAILADDR_MAX, "-S"),
	GET_TAINTED);
      }
    break;



    case 'T':
    if (f.running_in_test_harness && Ustrcmp(argrest, "qt") == 0)
      fudged_queue_times = string_copy_taint(argv[++i], GET_TAINTED);
    else badarg = TRUE;
    break;


    case 'z':
    if (!*argrest)
      if (++i < argc)
	log_oneline = string_copy_taint(
	  exim_str_fail_toolong(argv[i], 2048, "-z logtext"),
	  GET_TAINTED);
      else
        exim_fail("exim: file name expected after %s\n", argv[i-1]);
    break;

if (usage_wanted) exim_usage(called_as);

/* Arguments have been processed. Check for incompatibilities. */
if (  (  (smtp_input || extract_recipients || recipients_arg < argc)
      && (  f.daemon_listen || queue_interval >= 0 || bi_option
	 || test_retry_arg >= 0 || test_rewrite_arg >= 0
	 || filter_test != FTEST_NONE
	 || msg_action_arg > 0 && !one_msg_action
      )  )
   || (  msg_action_arg > 0
      && (  f.daemon_listen || queue_interval > 0 || list_options
	 || checking && msg_action != MSG_LOAD
	 || bi_option || test_retry_arg >= 0 || test_rewrite_arg >= 0
      )  )
   || (  (f.daemon_listen || queue_interval > 0)
      && (  sender_address || list_options || list_queue || checking
	 || bi_option
      )  )
   || f.daemon_listen && queue_interval == 0
   || f.inetd_wait_mode && queue_interval >= 0
   || (  list_options
      && (  checking || smtp_input || extract_recipients
	 || filter_test != FTEST_NONE || bi_option
      )  )
   || (  verify_address_mode
      && (  f.address_test_mode || smtp_input || extract_recipients
	 || filter_test != FTEST_NONE || bi_option
      )  )
   || (  f.address_test_mode
      && (  smtp_input || extract_recipients || filter_test != FTEST_NONE
	 || bi_option
      )  )
   || (  smtp_input
      && (sender_address || filter_test != FTEST_NONE || extract_recipients)
      )
   || deliver_selectstring && queue_interval < 0
   || msg_action == MSG_LOAD && (!expansion_test || expansion_test_message)
    f.address_test_mode && (smtp_input || extract_recipients ||
      filter_test != FTEST_NONE || bi_option)
    ) ||
    (
    smtp_input && (sender_address != NULL || filter_test != FTEST_NONE ||
      extract_recipients)
    ) ||
    (
    deliver_selectstring != NULL && queue_interval < 0
    ) ||
    (
    msg_action == MSG_LOAD &&
      (!expansion_test || expansion_test_message != NULL)
    )
   )
  exim_fail("exim: incompatible command-line options or arguments\n");


      version_string, (long int)real_uid, (long int)real_gid, (int)getpid(),
      debug_selector);
    if (!version_printed)
      show_whats_supported(FALSE);
    }
  }


  {
  struct rlimit rlp;

#ifdef RLIMIT_NOFILE
  if (getrlimit(RLIMIT_NOFILE, &rlp) < 0)
    {
    log_write(0, LOG_MAIN|LOG_PANIC, "getrlimit(RLIMIT_NOFILE) failed: %s",

          strerror(errno));
      }
    }
#endif

#ifdef RLIMIT_NPROC
  if (getrlimit(RLIMIT_NPROC, &rlp) < 0)
    {
    log_write(0, LOG_MAIN|LOG_PANIC, "getrlimit(RLIMIT_NPROC) failed: %s",

    rlp.rlim_cur = rlp.rlim_max = 0;
    }

# ifdef RLIM_INFINITY
  if (rlp.rlim_cur != RLIM_INFINITY && rlp.rlim_cur < 1000)
    {
    rlp.rlim_cur = rlp.rlim_max = RLIM_INFINITY;
# else
  if (rlp.rlim_cur < 1000)
    {
    rlp.rlim_cur = rlp.rlim_max = 1000;
# endif
    if (setrlimit(RLIMIT_NPROC, &rlp) < 0)
      log_write(0, LOG_MAIN|LOG_PANIC, "setrlimit(RLIMIT_NPROC) failed: %s",
        strerror(errno));
    }
#endif
  }

/* Exim is normally entered as root (but some special configurations are

This needs to happen before we read the main configuration. */
init_lookup_list();

/*XXX this excrescence could move to the testsuite standard config setup file */
#ifdef SUPPORT_I18N
if (f.running_in_test_harness) smtputf8_advertise_hosts = NULL;
#endif

defined) */

  {
  int old_pool = store_pool;
#ifdef MEASURE_TIMING
  struct timeval t0;
  (void)gettimeofday(&t0, NULL);
#endif

  store_pool = POOL_CONFIG;
  readconf_main(checking || list_options);
  store_pool = old_pool;

#ifdef MEASURE_TIMING
  report_time_since(&t0, US"readconf_main (delta)");
#endif
  }


/* Now in directory "/" */

if (cleanup_environment() == FALSE)


if (Uchdir(spool_directory) != 0)
  {
  (void) directory_make(spool_directory, US"", SPOOL_DIRECTORY_MODE, FALSE);
  (void) Uchdir(spool_directory);
  dummy = /* quieten compiler */ Uchdir(spool_directory);
  dummy = dummy;	/* yet more compiler quietening, sigh */
  }

/* Handle calls with the -bi option. This is a sendmail option to rebuild *the*


if (bi_option)
  {
  (void) fclose(config_file);
  if (bi_command && *bi_command)
    {
    int i = 0;
    uschar *argv[3];
    argv[i++] = bi_command;	/* nonexpanded option so assume untainted */
    if (alias_arg) argv[i++] = alias_arg;
    argv[i++] = NULL;

    setgroups(group_count, group_list);
    exim_setugid(real_uid, real_gid, FALSE, US"running bi_command");

    DEBUG(D_exec) debug_printf("exec '%.256s' %s%.256s%s\n", argv[0],
      argv[1] ? "'" : "", argv[1] ? argv[1] : US"", argv[1] ? "'" : "");

    execv(CS argv[0], (char *const *)argv);
    exim_fail("exim: exec '%s' failed: %s\n", argv[0], strerror(errno));
    }
  else
    {

     || queue_name_dest && prod_requires_admin
     || debugset && !f.running_in_test_harness
     )
    exim_fail("exim:%s permission denied\n", debugset ? " debugging" : "");
  }

/* If the real user is not root or the exim uid, the argument for passing

one that supplied an input message, or we are using a patched exim for
regression testing. */

if (  real_uid != root_uid && real_uid != exim_uid
   && (  continue_hostname
      || (  f.dont_deliver
	 && (queue_interval >= 0 || f.daemon_listen || msg_action_arg > 0)
      )  )
   && !f.running_in_test_harness
   )
  exim_fail("exim: Permission denied\n");

/* If the caller is not trusted, certain arguments are ignored when running for


else
  {
  if (sender_host_address)
    sender_host_port = check_port(sender_host_address);
  if (interface_address)
    interface_port = check_port(interface_address);
  }


situation (controlled by the TRUE below), in order to be as close as possible
to the state Exim usually runs in. */

if (  !unprivileged				/* originally had root AND */
   && !removed_privilege			/* still got root AND      */
   && !f.daemon_listen				/* not starting the daemon */
   && queue_interval <= 0			/* (either kind of daemon) */
   && (						/*    AND EITHER           */
         deliver_drop_privilege			/* requested unprivileged  */
      || (					/*       OR                */
            queue_interval < 0			/* not running the queue   */
         && (  msg_action_arg < 0		/*       and               */
            || msg_action != MSG_DELIVER	/* not delivering          */
	    )					/*       and               */
         && (!checking || !f.address_test_mode)	/* not address checking    */
	 && !rcpt_verify_quota			/* and not quota checking  */
   )  )  )
  exim_setugid(exim_uid, exim_gid, TRUE, US"privilege not needed");

/* When we are retaining a privileged uid, we still change to the exim gid. */

#ifdef WITH_CONTENT_SCAN
  int result;
  set_process_info("scanning file for malware");
  if ((result = malware_in_file(malware_test_file)) == FAIL)
  if (result == FAIL)
    {
    printf("No malware found.\n");
    exit(EXIT_SUCCESS);

  event_action gets expanded */

  if (msg_action == MSG_REMOVE)
    {
    int old_pool = store_pool;
    store_pool = POOL_CONFIG;
    readconf_rest();
    store_pool = old_pool;
    store_writeprotect(POOL_CONFIG);
    }

  if (!one_msg_action)
    {

needed in transports so we lost the optimisation. */

  {
  int old_pool = store_pool;
#ifdef MEASURE_TIMING
  struct timeval t0;
  (void)gettimeofday(&t0, NULL);
#endif

  store_pool = POOL_CONFIG;
  readconf_rest();
  store_pool = old_pool;

  /* -be can add macro definitions, needing to link to the macro structure
  chain.  Otherwise, make the memory used for config data readonly. */

  if (!expansion_test)
    store_writeprotect(POOL_CONFIG);

#ifdef MEASURE_TIMING
  report_time_since(&t0, US"readconf_rest (delta)");
#endif
  }

/* Handle a request to check quota */
if (rcpt_verify_quota)
  if (real_uid != root_uid && real_uid != exim_uid)
    exim_fail("exim: Permission denied\n");
  else if (recipients_arg >= argc)
    exim_fail("exim: missing recipient for quota check\n");
  else
    {
    verify_quota(argv[recipients_arg]);
    exim_exit(EXIT_SUCCESS);
    }

/* Handle the -brt option. This is for checking out retry configurations.
The next three arguments are a domain name or a complete address, and
optionally two error numbers. All it does is to call the function that


        if (gecos_pattern && gecos_name)
          {
          const pcre2_code *re;
          re = regex_must_compile(gecos_pattern, FALSE, TRUE); /* Use malloc */

          if (regex_match_and_setup(re, name, 0, -1))

configuration specifies something to use. When running in the test harness,
any setting of unknown_login overrides the actual name. */

if (!originator_login || f.running_in_test_harness)
  {
  if (unknown_login)
    {
    originator_login = expand_string(unknown_login);
    if (!originator_name && unknown_username)
      originator_name = expand_string(unknown_username);
    if (!originator_name) originator_name = US"";
    }
  if (!originator_login)
    log_write(0, LOG_MAIN|LOG_PANIC_DIE, "Failed to get user name for uid %d",
      (int)real_uid);
  }

/* Ensure that the user name is in a suitable form for use as a "phrase" in an
RFC822 address.*/

originator_name = US parse_fix_phrase(originator_name, Ustrlen(originator_name));

/* If a message is created by this call of Exim, the uid/gid of its originator
are those of the caller. These values are overridden if an existing message is

  routines in it, so call even if tls_require_ciphers is unset */
    {
# ifdef MEASURE_TIMING
    struct timeval t0;
    (void)gettimeofday(&t0, NULL);
# endif
    if (!tls_dropprivs_validate_require_cipher(FALSE))

  sender, or if a sender other than <> is set, override with the originator's
  login (which will get qualified below), except when checking things. */

  if (  !sender_address                  /* No sender_address set */
     ||                                  /*         OR            */
       (sender_address[0] != 0 &&        /* Non-empty sender address, AND */
       !checking))                       /* Not running tests, including filter tests */
    {

    }

  if (recipients_arg < argc)
    {
    while (recipients_arg < argc)
      {
      /* Supplied addresses are tainted since they come from a user */
      uschar * s = string_copy_taint(
	exim_str_fail_toolong(argv[recipients_arg++], EXIM_DISPLAYMAIL_MAX, "address verification"),
	GET_TAINTED);
      while (*s)
        {
        BOOL finished = FALSE;

          while (*++s == ',' || isspace(*s)) ;
        }
      }
    }

  else for (;;)
    {
    uschar * s = get_stdinput(NULL, NULL);
    if (!s) break;
    test_address(string_copy_taint(
	exim_str_fail_toolong(s, EXIM_DISPLAYMAIL_MAX, "address verification (stdin)"),
	GET_TAINTED),
      flags, &exit_value);
    }

  route_tidyup();

    message_id = US exim_str_fail_toolong(argv[msg_action_arg], MESSAGE_ID_LENGTH, "message-id");
    /* Checking the length of the ID is sufficient to validate it.
    Get an untainted version so file opens can be done. */
    message_id = string_copy_taint(message_id, GET_UNTAINTED);

    spoolname = string_sprintf("%s-H", message_id);
    if ((deliver_datafile = spool_open_datafile(message_id)) < 0)

  it. The code works for both IPv4 and IPv6, as it happens. */

  size = host_aton(sender_host_address, x);
  sender_host_address = store_get(48, GET_UNTAINTED);  /* large enough for full IPv6 */
  (void)host_nmtoa(size, x, -1, sender_host_address, ':');

  /* Now set up for testing */

  {
  if (!f.is_inetd) set_process_info("accepting a local %sSMTP message from <%s>",
    smtp_batched_input? "batched " : "",
    sender_address ? sender_address : originator_login);
  }
else
  {

    }
  }

/* Otherwise, set up the input size limit here and set no stdin stdio buffer
(we handle buferring so as to have visibility of fill level). */

else
  {

    else
      log_write(0, LOG_MAIN|LOG_PANIC_DIE, "invalid value for "
        "message_size_limit: %s", expand_string_message);

  setvbuf(stdin, NULL, _IONBF, 0);
  }

/* Loop for several messages when reading SMTP input. If we fork any child


if (!f.synchronous_delivery)
  {
#ifdef SA_NOCLDWAIT
  struct sigaction act;
  act.sa_handler = SIG_IGN;
  sigemptyset(&(act.sa_mask));
  act.sa_flags = SA_NOCLDWAIT;
  sigaction(SIGCHLD, &act, NULL);
#else
  signal(SIGCHLD, SIG_IGN);
#endif
  }

/* Save the current store pool point, for resetting at the start of

messages to be read (SMTP input), or FALSE otherwise (not SMTP, or SMTP channel
collapsed). */

for (BOOL more = TRUE; more; )
  {
  rmark reset_point = store_mark();
  message_id[0] = 0;

      /* Now get the data for the message */

      more = receive_msg(extract_recipients);
      if (!message_id[0])
        {
	cancel_cutthrough_connection(TRUE, US"receive dropped");
        if (more) goto MORELOOP;
        smtp_log_no_mail();               /* Log no mail if configured */
        exim_exit(EXIT_FAILURE);
        }

      uschar * errmess;
      /* There can be multiple addresses, so EXIM_DISPLAYMAIL_MAX (tuned for 1) is too short.
       * We'll still want to cap it to something, just in case. */
      uschar * s = string_copy_taint(
	exim_str_fail_toolong(list[i], BIG_BUFFER_SIZE, "address argument"),
	GET_TAINTED);

      /* Loop for each comma-separated address */

      while (*s)
        {
        BOOL finished = FALSE;
        uschar *recipient;

                errors_sender_rc : EXIT_FAILURE;
            }

        receive_add_recipient(string_copy_taint(recipient, GET_TAINTED), -1);
        s = ss;
        if (!finished)
          while (*(++s) != 0 && (*s == ',' || isspace(*s)));

    the file copy. */

    if (!receive_timeout)
      if (poll_one_fd(0, POLLIN, 30*60*1000) == 0)	/* 30 minutes */
	mainlog_close();
      fd_set r;

      FD_ZERO(&r); FD_SET(0, &r);
      if (select(1, &r, NULL, NULL, &t) == 0) mainlog_close();
      }

    /* Read the data for the message. If filter_test is not FTEST_NONE, this
    will just read the headers for the message, and not write anything onto the

    for real; when reading the headers of a message for filter testing,
    it is TRUE if the headers were terminated by '.' and FALSE otherwise. */

    if (!message_id[0]) exim_exit(EXIT_FAILURE);
    }  /* Non-SMTP message reception */

  /* If this is a filter testing run, there are headers in store, but

  finished subprocesses here, in case there are lots of messages coming in
  from the same source. */

#ifndef SIG_IGN_WORKS
  while (waitpid(-1, NULL, WNOHANG) > 0);
#endif

MORELOOP:
  return_path = sender_address = NULL;
  authenticated_sender = NULL;
  deliver_localpart_orig = NULL;




*     Exim - an Internet mail transport agent    *
*************************************************/

/* Copyright (c) The Exim Maintainers 2020 - 2022 */
/* Copyright (c) University of Cambridge 1995 - 2018 */
/* Copyright (c) The Exim Maintainers 2020 */
/* See the file NOTICE for conditions of use and distribution. */




#include "exim.h"

uschar * spool_directory = NULL;	/* dummy for hintsdb.h */

/******************************************************************************/
					/* dummies needed by Solaris build */

readconf_printtime(int t)
{ return NULL; }
void *
store_get_3(int size, const void * proto_mem, const char *filename, int linenumber)
{ return NULL; }
void **
store_reset_3(void **ptr, const char *filename, int linenumber)
{ return NULL; }
void
store_release_above_3(void *ptr, const char *func, int linenumber)

unsigned int		log_selector[1];
uschar *		queue_name;
BOOL			split_spool_directory;


/* These introduced by the taintwarn handling */
rmark
store_mark_3(const char *func, int linenumber)
{ return NULL; }
#ifdef ALLOW_INSECURE_TAINTED_DATA
BOOL    allow_insecure_tainted_data;
#endif

/******************************************************************************/



#endif /* STRERROR_FROM_ERRLIST */


/* For Berkeley DB >= 2, we can define a function to be called in case of DB
errors. This should help with debugging strange DB problems, e.g. getting "File
exists" when you try to open a db file. The API changed at release 4.3. */

#if defined(USE_DB) && defined(DB_VERSION_STRING)
void
# if DB_VERSION_MAJOR > 4 || (DB_VERSION_MAJOR == 4 && DB_VERSION_MINOR >= 3)
dbfn_bdb_error_callback(const DB_ENV *dbenv, const char *pfx, const char *msg)
{
dbenv = dbenv;
# else
dbfn_bdb_error_callback(const char *pfx, char *msg)
{
# endif
pfx = pfx;
printf("Berkeley DB error: %s\n", msg);
}
#endif



/*************************************************
*          Interpret escape sequence             *

/* It is apparently necessary to open with O_RDWR for this to work
with gdbm-1.7.3, though no reading is actually going to be done. */

if (!(d = exim_dbopen(temp_dbmname, dirname, O_RDWR|O_CREAT|O_EXCL, 0644)))

if (d == NULL)
  {
  printf("exim_dbmbuild: unable to create %s: %s\n", temp_dbmname,
    strerror(errno));


    if (started)
      {
      exim_datum_init(&content);
      exim_datum_data_set(&content, buffer);
      exim_datum_size_set(&content, bptr - buffer + add_zero);

      switch(rc = exim_dbputb(d, &key, &content))
        {
        case EXIM_DBPUTB_OK:
	  count++;

	  if (warn) fprintf(stderr, "** Duplicate key \"%s\"\n", keybuffer);
	  dupcount++;
	  if(duperr) yield = 1;
	  if (lastdup) exim_dbput(d, &key, &content);
	  break;

        default:

      bptr = buffer;
      }

    exim_datum_init(&key);
    exim_datum_data_set(&key, keybuffer);

    /* Deal with quoted keys. Escape sequences always make one character
    out of several, so we can re-build in place. */

        s++;
        }
      if (*s != 0) s++;               /* Past terminating " */
      exim_datum_size_set(&key, t - keystart + add_zero);
      }
    else
      {
      keystart = s;
      while (*s != 0 && *s != ':' && !isspace(*s)) s++;
      exim_datum_size_set(&key, s - keystart + add_zero);
      }

    if (exim_datum_size_get(&key) > 256)
      {
      printf("Keys longer than 255 characters cannot be handled\n");
      started = 0;

      }

    if (lowercase)
      for (i = 0; i < exim_datum_size_get(&key) - add_zero; i++)
        keybuffer[i] = tolower(keystart[i]);
    else
      for (i = 0; i < exim_datum_size_get(&key) - add_zero; i++)
        keybuffer[i] = keystart[i];

    keybuffer[i] = 0;

if (started)
  {
  int rc;
  exim_datum_init(&content);
  exim_datum_data_set(&content, buffer);
  exim_datum_size_set(&content, bptr - buffer + add_zero);

  switch(rc = exim_dbputb(d, &key, &content))
    {
    case EXIM_DBPUTB_OK:
    count++;

    if (warn) fprintf(stderr, "** Duplicate key \"%s\"\n", keybuffer);
    dupcount++;
    if (duperr) yield = 1;
    if (lastdup) exim_dbput(d, &key, &content);
    break;

    default:


TIDYUP:

exim_dbclose(d);
(void)fclose(f);

/* If successful, output the number of entries and rename the temporary

Lines 2-9 Link Here

(-)exim.orig/src/exim_dbutil.c (-91 / +115 lines)
2	* Exim - an Internet mail transport agent *	2	* Exim - an Internet mail transport agent *
3	*************************************************/	3	*************************************************/
4		4
		5	/* Copyright (c) The Exim Maintainers 2020 - 2022 */
5	/* Copyright (c) University of Cambridge 1995 - 2018 */	6	/* Copyright (c) University of Cambridge 1995 - 2018 */
6	/* Copyright (c) The Exim Maintainers 2020 */
7	/* See the file NOTICE for conditions of use and distribution. */	7	/* See the file NOTICE for conditions of use and distribution. */
8		8
9		9
Lines 17-27 Link Here
17	In all cases, the first argument is the name of the spool directory. The second	17	In all cases, the first argument is the name of the spool directory. The second
18	argument is the name of the database file. The available names are:	18	argument is the name of the database file. The available names are:
19		19
20	retry: retry delivery information	20	callout: callout verification cache
21	misc: miscellaneous hints data	21	misc: miscellaneous hints data
22	wait-<t>: message waiting information; <t> is a transport name	22	ratelimit: record for ACL "ratelimit" condition
23	callout: callout verification cache	23	retry: etry delivery information
24	tls: TLS session resumption cache	24	seen: imestamp records for ACL "seen" condition
		25	tls: TLS session resumption cache
		26	wait-<t>: message waiting information; <t> is a transport name
25		27
26	There are a number of common subroutines, followed by three main programs,	28	There are a number of common subroutines, followed by three main programs,
27	whose inclusion is controlled by -D on the compilation command. */	29	whose inclusion is controlled by -D on the compilation command. */
Lines 38-49 Link Here
38	#define type_callout 4	40	#define type_callout 4
39	#define type_ratelimit 5	41	#define type_ratelimit 5
40	#define type_tls 6	42	#define type_tls 6
		43	#define type_seen 7
41		44
42		45
43	/* This is used by our cut-down dbfn_open(). */	46	/* This is used by our cut-down dbfn_open(). */
44		47
45	uschar *spool_directory;	48	uschar *spool_directory;
46		49
		50	BOOL keyonly = FALSE;
		51	BOOL utc = FALSE;
		52
47		53
48	/******************************************************************************/	54	/******************************************************************************/
49	/* dummies needed by Solaris build */	55	/* dummies needed by Solaris build */
Lines 69-100 Link Here
69	unsigned int log_selector[1];	75	unsigned int log_selector[1];
70	uschar * queue_name;	76	uschar * queue_name;
71	BOOL split_spool_directory;	77	BOOL split_spool_directory;
72	/******************************************************************************/
73
74
75	/*************************************************
76	* Berkeley DB error callback *
77	*************************************************/
78		78
79	/* For Berkeley DB >= 2, we can define a function to be called in case of DB
80	errors. This should help with debugging strange DB problems, e.g. getting "File
81	exists" when you try to open a db file. The API changed at release 4.3. */
82		79
83	#if defined(USE_DB) && defined(DB_VERSION_STRING)	80	/* These introduced by the taintwarn handling */
84	void	81	#ifdef ALLOW_INSECURE_TAINTED_DATA
85	#if DB_VERSION_MAJOR > 4 \|\| (DB_VERSION_MAJOR == 4 && DB_VERSION_MINOR >= 3)	82	BOOL allow_insecure_tainted_data;
86	dbfn_bdb_error_callback(const DB_ENV dbenv, const char pfx, const char *msg)
87	{
88	dbenv = dbenv;
89	#else
90	dbfn_bdb_error_callback(const char pfx, char msg)
91	{
92	#endif
93	pfx = pfx;
94	printf("Berkeley DB error: %s\n", msg);
95	}
96	#endif	83	#endif
97		84
		85	/******************************************************************************/
98		86
99		87
100	/*************************************************	88	/*************************************************
Lines 106-112 Link Here
106	void	94	void
107	sigalrm_handler(int sig)	95	sigalrm_handler(int sig)
108	{	96	{
109	sig = sig; /* Keep picky compilers happy */
110	sigalrm_seen = 1;	97	sigalrm_seen = 1;
111	}	98	}
112		99
Lines 120-127 Link Here
120	usage(uschar name, uschar options)	107	usage(uschar name, uschar options)
121	{	108	{
122	printf("Usage: exim_%s%s <spool-directory> <database-name>\n", name, options);	109	printf("Usage: exim_%s%s <spool-directory> <database-name>\n", name, options);
123	printf(" <database-name> = retry \| misc \| wait-<transport-name> \| callout \| ratelimit \| tls\n");	110	printf(" <database-name> = retry \| misc \| wait-<transport-name> \| callout \| ratelimit \| tls \| seen\n");
124	exit(1);	111	exit(EXIT_FAILURE);
125	}	112	}
126		113
127		114
Lines 136-155 Link Here
136	static int	123	static int
137	check_args(int argc, uschar *argv, uschar name, uschar *options)	124	check_args(int argc, uschar *argv, uschar name, uschar *options)
138	{	125	{
139	if (argc == 3)	126	uschar * aname = argv[optind + 1];
		127	if (argc - optind == 2)
140	{	128	{
141	if (Ustrcmp(argv[2], "retry") == 0) return type_retry;	129	if (Ustrcmp(aname, "retry") == 0) return type_retry;
142	if (Ustrcmp(argv[2], "misc") == 0) return type_misc;	130	if (Ustrcmp(aname, "misc") == 0) return type_misc;
143	if (Ustrncmp(argv[2], "wait-", 5) == 0) return type_wait;	131	if (Ustrncmp(aname, "wait-", 5) == 0) return type_wait;
144	if (Ustrcmp(argv[2], "callout") == 0) return type_callout;	132	if (Ustrcmp(aname, "callout") == 0) return type_callout;
145	if (Ustrcmp(argv[2], "ratelimit") == 0) return type_ratelimit;	133	if (Ustrcmp(aname, "ratelimit") == 0) return type_ratelimit;
146	if (Ustrcmp(argv[2], "tls") == 0) return type_tls;	134	if (Ustrcmp(aname, "tls") == 0) return type_tls;
		135	if (Ustrcmp(aname, "seen") == 0) return type_seen;
147	}	136	}
148	usage(name, options);	137	usage(name, options);
149	return -1; /* Never obeyed */	138	return -1; /* Never obeyed */
150	}	139	}
151		140
152		141
		142	FUNC_MAYBE_UNUSED
		143	static void
		144	options(int argc, uschar * argv[], uschar * name, const uschar * opts)
		145	{
		146	int opt;
		147
		148	opterr = 0;
		149	while ((opt = getopt(argc, (char * const *)argv, CCS opts)) != -1)
		150	switch (opt)
		151	{
		152	case 'k': keyonly = TRUE; break;
		153	case 'z': utc = TRUE; break;
		154	default: usage(name, US" [-z] [-k]");
		155	}
		156	}
		157
		158
		159
153		160
154	/*************************************************	161	/*************************************************
155	* Handle attempts to write the log *	162	* Handle attempts to write the log *
Lines 177-184 Link Here
177	vfprintf(stderr, format, ap);	184	vfprintf(stderr, format, ap);
178	fprintf(stderr, "\n");	185	fprintf(stderr, "\n");
179	va_end(ap);	186	va_end(ap);
180	selector = selector; /* Keep picky compilers happy */
181	flags = flags;
182	}	187	}
183		188
184		189
Lines 192-198 Link Here
192	uschar *	197	uschar *
193	print_time(time_t t)	198	print_time(time_t t)
194	{	199	{
195	struct tm *tmstr = localtime(&t);	200	struct tm *tmstr = utc ? gmtime(&t) : localtime(&t);
196	Ustrftime(time_buffer, sizeof(time_buffer), "%d-%b-%Y %H:%M:%S", tmstr);	201	Ustrftime(time_buffer, sizeof(time_buffer), "%d-%b-%Y %H:%M:%S", tmstr);
197	return time_buffer;	202	return time_buffer;
198	}	203	}
Lines 206-213 Link Here
206	uschar *	211	uschar *
207	print_cache(int value)	212	print_cache(int value)
208	{	213	{
209	return (value == ccache_accept)? US"accept" :	214	return value == ccache_accept ? US"accept" :
210	(value == ccache_reject)? US"reject" :	215	value == ccache_reject ? US"reject" :
211	US"unknown";	216	US"unknown";
212	}	217	}
213		218
Lines 337-343 Link Here
337	#else	342	#else
338	filename = string_sprintf("%s/%s", dirname, name);	343	filename = string_sprintf("%s/%s", dirname, name);
339	#endif	344	#endif
340	EXIM_DBOPEN(filename, dirname, flags, 0, &dbblock->dbptr);	345	dbblock->dbptr = exim_dbopen(filename, dirname, flags, 0);
341		346
342	if (!dbblock->dbptr)	347	if (!dbblock->dbptr)
343	{	348	{
Lines 373-379 Link Here
373	void	378	void
374	dbfn_close(open_db *dbblock)	379	dbfn_close(open_db *dbblock)
375	{	380	{
376	EXIM_DBCLOSE(dbblock->dbptr);	381	exim_dbclose(dbblock->dbptr);
377	(void)close(dbblock->lockfd);	382	(void)close(dbblock->lockfd);
378	}	383	}
379		384
Lines 403-427 Link Here
403	void *yield;	408	void *yield;
404	EXIM_DATUM key_datum, result_datum;	409	EXIM_DATUM key_datum, result_datum;
405	int klen = Ustrlen(key) + 1;	410	int klen = Ustrlen(key) + 1;
406	uschar * key_copy = store_get(klen, is_tainted(key));	411	uschar * key_copy = store_get(klen, key);
407		412
408	memcpy(key_copy, key, klen);	413	memcpy(key_copy, key, klen);
409		414
410	EXIM_DATUM_INIT(key_datum); /* Some DBM libraries require the datum */	415	exim_datum_init(&key_datum); /* Some DBM libraries require the datum */
411	EXIM_DATUM_INIT(result_datum); /* to be cleared before use. */	416	exim_datum_init(&result_datum); /* to be cleared before use. */
412	EXIM_DATUM_DATA(key_datum) = CS key_copy;	417	exim_datum_data_set(&key_datum, key_copy);
413	EXIM_DATUM_SIZE(key_datum) = klen;	418	exim_datum_size_set(&key_datum, klen);
414		419
415	if (!EXIM_DBGET(dbblock->dbptr, key_datum, result_datum)) return NULL;	420	if (!exim_dbget(dbblock->dbptr, &key_datum, &result_datum)) return NULL;
416		421
417	/* Assume for now that anything stored could have been tainted. Properly	422	/* Assume for now that anything stored could have been tainted. Properly
418	we should store the taint status along with the data. */	423	we should store the taint status along with the data. */
419		424
420	yield = store_get(EXIM_DATUM_SIZE(result_datum), TRUE);	425	yield = store_get(exim_datum_size_get(&result_datum), GET_TAINTED);
421	memcpy(yield, EXIM_DATUM_DATA(result_datum), EXIM_DATUM_SIZE(result_datum));	426	memcpy(yield, exim_datum_data_get(&result_datum), exim_datum_size_get(&result_datum));
422	if (length) *length = EXIM_DATUM_SIZE(result_datum);	427	if (length) *length = exim_datum_size_get(&result_datum);
423		428
424	EXIM_DATUM_FREE(result_datum); /* Some DBM libs require freeing */	429	exim_datum_free(&result_datum); /* Some DBM libs require freeing */
425	return yield;	430	return yield;
426	}	431	}
427		432
Lines 450-467 Link Here
450	EXIM_DATUM key_datum, value_datum;	455	EXIM_DATUM key_datum, value_datum;
451	dbdata_generic gptr = (dbdata_generic )ptr;	456	dbdata_generic gptr = (dbdata_generic )ptr;
452	int klen = Ustrlen(key) + 1;	457	int klen = Ustrlen(key) + 1;
453	uschar * key_copy = store_get(klen, is_tainted(key));	458	uschar * key_copy = store_get(klen, key);
454		459
455	memcpy(key_copy, key, klen);	460	memcpy(key_copy, key, klen);
456	gptr->time_stamp = time(NULL);	461	gptr->time_stamp = time(NULL);
457		462
458	EXIM_DATUM_INIT(key_datum); /* Some DBM libraries require the datum */	463	exim_datum_init(&key_datum); /* Some DBM libraries require the datum */
459	EXIM_DATUM_INIT(value_datum); /* to be cleared before use. */	464	exim_datum_init(&value_datum); /* to be cleared before use. */
460	EXIM_DATUM_DATA(key_datum) = CS key_copy;	465	exim_datum_data_set(&key_datum, key_copy);
461	EXIM_DATUM_SIZE(key_datum) = klen;	466	exim_datum_size_set(&key_datum, klen);
462	EXIM_DATUM_DATA(value_datum) = CS ptr;	467	exim_datum_data_set(&value_datum, ptr);
463	EXIM_DATUM_SIZE(value_datum) = length;	468	exim_datum_size_set(&value_datum, length);
464	return EXIM_DBPUT(dbblock->dbptr, key_datum, value_datum);	469	return exim_dbput(dbblock->dbptr, &key_datum, &value_datum);
465	}	470	}
466		471
467		472
Lines 482-495 Link Here
482	dbfn_delete(open_db dbblock, const uschar key)	487	dbfn_delete(open_db dbblock, const uschar key)
483	{	488	{
484	int klen = Ustrlen(key) + 1;	489	int klen = Ustrlen(key) + 1;
485	uschar * key_copy = store_get(klen, is_tainted(key));	490	uschar * key_copy = store_get(klen, key);
		491	EXIM_DATUM key_datum;
486		492
487	memcpy(key_copy, key, klen);	493	memcpy(key_copy, key, klen);
488	EXIM_DATUM key_datum;	494	exim_datum_init(&key_datum); /* Some DBM libraries require clearing */
489	EXIM_DATUM_INIT(key_datum); /* Some DBM libraries require clearing */	495	exim_datum_data_set(&key_datum, key_copy);
490	EXIM_DATUM_DATA(key_datum) = CS key_copy;	496	exim_datum_size_set(&key_datum, klen);
491	EXIM_DATUM_SIZE(key_datum) = klen;	497	return exim_dbdel(dbblock->dbptr, &key_datum);
492	return EXIM_DBDEL(dbblock->dbptr, key_datum);
493	}	498	}
494		499
495	#endif /* EXIM_TIDYDB \|\| EXIM_FIXDB */	500	#endif /* EXIM_TIDYDB \|\| EXIM_FIXDB */
Lines 518-538 Link Here
518	{	523	{
519	EXIM_DATUM key_datum, value_datum;	524	EXIM_DATUM key_datum, value_datum;
520	uschar *yield;	525	uschar *yield;
521	value_datum = value_datum; /* dummy; not all db libraries use this */
522		526
523	/* Some dbm require an initialization */	527	/* Some dbm require an initialization */
524		528
525	if (start) EXIM_DBCREATE_CURSOR(dbblock->dbptr, cursor);	529	if (start) *cursor = exim_dbcreate_cursor(dbblock->dbptr);
526		530
527	EXIM_DATUM_INIT(key_datum); /* Some DBM libraries require the datum */	531	exim_datum_init(&key_datum); /* Some DBM libraries require the datum */
528	EXIM_DATUM_INIT(value_datum); /* to be cleared before use. */	532	exim_datum_init(&value_datum); /* to be cleared before use. */
529		533
530	yield = (EXIM_DBSCAN(dbblock->dbptr, key_datum, value_datum, start, *cursor))?	534	yield = exim_dbscan(dbblock->dbptr, &key_datum, &value_datum, start, *cursor)
531	US EXIM_DATUM_DATA(key_datum) : NULL;	535	? US exim_datum_data_get(&key_datum) : NULL;
532		536
533	/* Some dbm require a termination */	537	/* Some dbm require a termination */
534		538
535	if (!yield) EXIM_DBDELETE_CURSOR(*cursor);	539	if (!yield) exim_dbdelete_cursor(*cursor);
536	return yield;	540	return yield;
537	}	541	}
538	#endif /* EXIM_DUMPDB \|\| EXIM_TIDYDB */	542	#endif /* EXIM_DUMPDB \|\| EXIM_TIDYDB */
Lines 555-565 Link Here
555	uschar **argv = USS cargv;	559	uschar **argv = USS cargv;
556	uschar keybuffer[1024];	560	uschar keybuffer[1024];
557		561
		562	store_init();
		563	options(argc, argv, US"dumpdb", US"kz");
		564
558	/* Check the arguments, and open the database */	565	/* Check the arguments, and open the database */
559		566
560	dbdata_type = check_args(argc, argv, US"dumpdb", US"");	567	dbdata_type = check_args(argc, argv, US"dumpdb", US" [-z] [-k]");
561	spool_directory = argv[1];	568	argc -= optind; argv += optind;
562	if (!(dbm = dbfn_open(argv[2], O_RDONLY, &dbblock, FALSE, TRUE)))	569	spool_directory = argv[0];
		570
		571	if (!(dbm = dbfn_open(argv[1], O_RDONLY, &dbblock, FALSE, TRUE)))
563	exit(1);	572	exit(1);
564		573
565	/* Scan the file, formatting the information for each entry. Note	574	/* Scan the file, formatting the information for each entry. Note
Lines 576-581 Link Here
576	dbdata_ratelimit *ratelimit;	585	dbdata_ratelimit *ratelimit;
577	dbdata_ratelimit_unique *rate_unique;	586	dbdata_ratelimit_unique *rate_unique;
578	dbdata_tls_session *session;	587	dbdata_tls_session *session;
		588	dbdata_seen *seen;
579	int count_bad = 0;	589	int count_bad = 0;
580	int length;	590	int length;
581	uschar *t;	591	uschar *t;
Lines 593-604 Link Here
593	}	603	}
594	Ustrcpy(keybuffer, key);	604	Ustrcpy(keybuffer, key);
595		605
596	if (!(value = dbfn_read_with_length(dbm, keybuffer, &length)))	606	if (keyonly)
		607	printf(" %s\n", keybuffer);
		608	else if (!(value = dbfn_read_with_length(dbm, keybuffer, &length)))
597	fprintf(stderr, "**** Entry \"%s\" was in the key scan, but the record "	609	fprintf(stderr, "**** Entry \"%s\" was in the key scan, but the record "
598	"was not found in the file - something is wrong!\n",	610	"was not found in the file - something is wrong!\n",
599	CS keybuffer);	611	CS keybuffer);
600	else	612	else
601	{
602	/* Note: don't use print_time more than once in one statement, since	613	/* Note: don't use print_time more than once in one statement, since
603	it uses a single buffer. */	614	it uses a single buffer. */
604		615
Lines 715-722 Link Here
715	session = (dbdata_tls_session *)value;	726	session = (dbdata_tls_session *)value;
716	printf(" %s %.*s\n", keybuffer, length, session->session);	727	printf(" %s %.*s\n", keybuffer, length, session->session);
717	break;	728	break;
		729
		730	case type_seen:
		731	seen = (dbdata_seen *)value;
		732	printf("%s\t%s\n", keybuffer, print_time(seen->time_stamp));
		733	break;
718	}	734	}
719	}
720	store_reset(reset_point);	735	store_reset(reset_point);
721	}	736	}
722		737
Lines 761-781 Link Here
761	is re-used. */	776	is re-used. */
762		777
763		778
764	int main(int argc, char **cargv)	779	int
		780	main(int argc, char **cargv)
765	{	781	{
766	int dbdata_type;	782	int dbdata_type;
767	uschar **argv = USS cargv;	783	uschar **argv = USS cargv;
768	uschar buffer[256];	784	uschar buffer[256];
769	uschar name[256];	785	uschar name[256];
770	rmark reset_point;	786	rmark reset_point;
		787	uschar * aname;
771		788
		789	store_init();
		790	options(argc, argv, US"fixdb", US"z");
772	name[0] = 0; /* No name set */	791	name[0] = 0; /* No name set */
773		792
774	/* Sort out the database type, verify what we are working on and then process	793	/* Sort out the database type, verify what we are working on and then process
775	user requests */	794	user requests */
776		795
777	dbdata_type = check_args(argc, argv, US"fixdb", US"");	796	dbdata_type = check_args(argc, argv, US"fixdb", US" [-z]");
778	printf("Modifying Exim hints database %s/db/%s\n", argv[1], argv[2]);	797	argc -= optind; argv += optind;
		798	spool_directory = argv[0];
		799	aname = argv[1];
		800
		801	printf("Modifying Exim hints database %s/db/%s\n", spool_directory, aname);
779		802
780	for(; (reset_point = store_mark()); store_reset(reset_point))	803	for(; (reset_point = store_mark()); store_reset(reset_point))
781	{	804	{
Lines 822-830 Link Here
822	if (field[0] != 0)	845	if (field[0] != 0)
823	{	846	{
824	int verify = 1;	847	int verify = 1;
825	spool_directory = argv[1];
826		848
827	if (!(dbm = dbfn_open(argv[2], O_RDWR, &dbblock, FALSE, TRUE)))	849	if (!(dbm = dbfn_open(aname, O_RDWR, &dbblock, FALSE, TRUE)))
828	continue;	850	continue;
829		851
830	if (Ustrcmp(field, "d") == 0)	852	if (Ustrcmp(field, "d") == 0)
Lines 993-1000 Link Here
993		1015
994	/* Handle a read request, or verify after an update. */	1016	/* Handle a read request, or verify after an update. */
995		1017
996	spool_directory = argv[1];	1018	if (!(dbm = dbfn_open(aname, O_RDONLY, &dbblock, FALSE, TRUE)))
997	if (!(dbm = dbfn_open(argv[2], O_RDONLY, &dbblock, FALSE, TRUE)))
998	continue;	1019	continue;
999		1020
1000	if (!(record = dbfn_read_with_length(dbm, name, &oldlength)))	1021	if (!(record = dbfn_read_with_length(dbm, name, &oldlength)))
Lines 1124-1130 Link Here
1124	} key_item;	1145	} key_item;
1125		1146
1126		1147
1127	int main(int argc, char **cargv)	1148	int
		1149	main(int argc, char **cargv)
1128	{	1150	{
1129	struct stat statbuf;	1151	struct stat statbuf;
1130	int maxkeep = 30 * 24 * 60 * 60;	1152	int maxkeep = 30 * 24 * 60 * 60;
Lines 1138-1143 Link Here
1138	uschar buffer[256];	1160	uschar buffer[256];
1139	uschar *key;	1161	uschar *key;
1140		1162
		1163	store_init();
		1164
1141	/* Scan the options */	1165	/* Scan the options */
1142		1166
1143	for (i = 1; i < argc; i++)	1167	for (i = 1; i < argc; i++)
Lines 1203-1209 Link Here
1203	key;	1227	key;
1204	key = dbfn_scan(dbm, FALSE, &cursor))	1228	key = dbfn_scan(dbm, FALSE, &cursor))
1205	{	1229	{
1206	key_item *k = store_get(sizeof(key_item) + Ustrlen(key), is_tainted(key));	1230	key_item * k = store_get(sizeof(key_item) + Ustrlen(key), key);
1207	k->next = keychain;	1231	k->next = keychain;
1208	keychain = k;	1232	keychain = k;
1209	Ustrcpy(k->key, key);	1233	Ustrcpy(k->key, key);

Lines 2-7 Link Here

(-)exim.orig/src/exim.h (-6 / +29 lines)
2	* Exim - an Internet mail transport agent *	2	* Exim - an Internet mail transport agent *
3	*************************************************/	3	*************************************************/
4		4
		5	/* Copyright (c) The Exim Maintainers 2021 - 2022 */
5	/* Copyright (c) University of Cambridge 1995 - 2018 */	6	/* Copyright (c) University of Cambridge 1995 - 2018 */
6	/* See the file NOTICE for conditions of use and distribution. */	7	/* See the file NOTICE for conditions of use and distribution. */
7		8
Lines 87-92 Link Here
87	# include <limits.h>	88	# include <limits.h>
88	#endif	89	#endif
89		90
		91	#ifdef EXIM_HAVE_INOTIFY
		92	# include <sys/inotify.h>
		93	#endif
		94	#ifdef EXIM_HAVE_KEVENT
		95	# include <sys/event.h>
		96	#endif
		97
90	/* C99 integer types, figure out how to undo this if needed for older systems */	98	/* C99 integer types, figure out how to undo this if needed for older systems */
91		99
92	#include <inttypes.h>	100	#include <inttypes.h>
Lines 515-521 Link Here
515		523
516	/* The header from the PCRE regex package */	524	/* The header from the PCRE regex package */
517		525
518	#include <pcre.h>	526	#define PCRE2_CODE_UNIT_WIDTH 8
		527	#include <pcre2.h>
519		528
520	/* Exim includes are in several files. Note that local_scan.h #includes	529	/* Exim includes are in several files. Note that local_scan.h #includes
521	config.h, mytypes.h, and store.h, so we don't need to mention them explicitly.	530	config.h, mytypes.h, and store.h, so we don't need to mention them explicitly.
Lines 523-533 Link Here
523		532
524	#include "local_scan.h"	533	#include "local_scan.h"
525	#include "macros.h"	534	#include "macros.h"
526	#include "dbstuff.h"	535	#include "hintsdb.h"
		536	#include "hintsdb_structs.h"
527	#include "structs.h"	537	#include "structs.h"
528	#include "blob.h"	538	#include "blob.h"
529	#include "globals.h"
530	#include "hash.h"	539	#include "hash.h"
		540	#include "globals.h"
531	#include "functions.h"	541	#include "functions.h"
532	#include "dbfunctions.h"	542	#include "dbfunctions.h"
533	#include "osfunctions.h"	543	#include "osfunctions.h"
Lines 538-546 Link Here
538	#ifdef SUPPORT_SPF	548	#ifdef SUPPORT_SPF
539	# include "spf.h"	549	# include "spf.h"
540	#endif	550	#endif
541	#ifdef EXPERIMENTAL_SRS
542	# include "srs.h"
543	#endif
544	#ifndef DISABLE_DKIM	551	#ifndef DISABLE_DKIM
545	# include "dkim.h"	552	# include "dkim.h"
546	#endif	553	#endif
Lines 644-648 Link Here
644	# define EXIM_GROUPLIST_SIZE NGROUPS_MAX	651	# define EXIM_GROUPLIST_SIZE NGROUPS_MAX
645	#endif	652	#endif
646		653
		654	/* Linux has TCP_CORK, FreeBSD has TCP_NOPUSH; they do pretty much the same */
		655
		656	#ifdef TCP_CORK
		657	# define EXIM_TCP_CORK TCP_CORK
		658	#elif defined(TCP_NOPUSH)
		659	# define EXIM_TCP_CORK TCP_NOPUSH
		660	#endif
		661
		662	/* LibreSSL seems to not push out the SMTP response to QUIT with our usual
		663	handling which is trying to get the client to FIN first so that the server does
		664	not get the TIME_WAIT */
		665
		666	#if !defined(DISABLE_TLS) && defined(USE_OPENSSL) && defined(LIBRESSL_VERSION_NUMBER)
		667	# define SERVERSIDE_CLOSE_NOWAIT
		668	#endif
		669
647	#endif	670	#endif
648	/* End of exim.h */	671	/* End of exim.h */





Argument: the name of the lock file

Copyright (c) The Exim Maintainers 2016 - 2021
*/

#include "os.h"

static void
sigalrm_handler(int sig)
{
sig = sig;      /* Keep picky compilers happy */
sigalrm_seen = TRUE;
}


if (restore_times)
  {
  struct stat strestore;
#ifdef EXIM_HAVE_FUTIMENS
  int fd = open(filename, O_RDWR); /* use fd for both get & restore */
  struct timespec tt[2];


Lines 2-7 Link Here

(-)exim.orig/src/exiqgrep.src (-3 / +8 lines)
2		2
3	# Utility for searching and displaying queue information.	3	# Utility for searching and displaying queue information.
4	# Written by Matt Hubbard 15 August 2002	4	# Written by Matt Hubbard 15 August 2002
		5	#
		6	# Copyright (c) The Exim Maintainers 2021 - 2022
5		7
6	# Except when they appear in comments, the following placeholders in this	8	# Except when they appear in comments, the following placeholders in this
7	# source are replaced when it is turned into a runnable script:	9	# source are replaced when it is turned into a runnable script:
Lines 53-64 Link Here
53	exit 0;	55	exit 0;
54	}	56	}
55		57
56	getopts('hf:r:y:o:s:C:zxlibRcaG:',\%opt);	58	if (!getopts('hf:r:y:o:s:C:zxlibRcaG:E:',\%opt)) { &help; exit; }
57	if ($ARGV[0]) { &help; exit;}	59	if ($opt{h}) { &help; exit; }
58	if ($opt{h}) { &help; exit;}	60	if ($ARGV[0] \|\| !($opt{f} \|\| $opt{r} \|\| $opt{s} \|\| $opt{y} \|\| $opt{o} \|\| $opt{z} \|\| $opt{x} \|\| $opt{c}))
		61	{ &help; exit(1); }
59	if ($opt{a}) { $eargs = '-bp'; }	62	if ($opt{a}) { $eargs = '-bp'; }
60	if ($opt{C} && -e $opt{C} && -f $opt{C} && -R $opt{C}) { $eargs .= ' -C '.$opt{C}; }	63	if ($opt{C} && -e $opt{C} && -f $opt{C} && -R $opt{C}) { $eargs .= ' -C '.$opt{C}; }
61	if ($opt{G}) { $eargs .= ' -qG'.$opt{G}; }	64	if ($opt{G}) { $eargs .= ' -qG'.$opt{G}; }
		65	if ($opt{E}) { $exim = $opt{E}; }
62		66
63	# Read message queue output into hash	67	# Read message queue output into hash
64	&collect();	68	&collect();
Lines 75-80 Link Here
75		79
76	-h This help message.	80	-h This help message.
77	-C Specify which exim.conf to use.	81	-C Specify which exim.conf to use.
		82	-E Specify exim binary to use.
78		83
79	Selection criteria:	84	Selection criteria:
80	-f <regexp> Match sender address sender (field is "< >" wrapped)	85	-f <regexp> Match sender address sender (field is "< >" wrapped)




*     Exim - an Internet mail transport agent    *
*************************************************/

/* Copyright (c) The Exim Maintainers 2020 - 2022 */
/* Copyright (c) University of Cambridge 1995 - 2018 */
/* Copyright (c) The Exim Maintainers 2020 */
/* See the file NOTICE for conditions of use and distribution. */



  US"run",
  US"sg",
  US"sort",
#ifdef SUPPORT_SRS
  US"srs_encode",
#endif
  US"substr",

  EITEM_RUN,
  EITEM_SG,
  EITEM_SORT,
#ifdef SUPPORT_SRS
  EITEM_SRS_ENCODE,
#endif
  EITEM_SUBSTR,

cases to introduce arguments, whereas for other it is part of the name. This is
an historical mis-design. */

static uschar * op_table_underscore[] = {
  US"from_utf8",
  US"local_part",
  US"quote_local_part",

  US"base62d",
  US"base64",
  US"base64d",
  US"bless",
  US"domain",
  US"escape",
  US"escape8bit",

  EOP_BASE62D,
  EOP_BASE64,
  EOP_BASE64D,
  EOP_BLESS,
  EOP_DOMAIN,
  EOP_ESCAPE,
  EOP_ESCAPE8BIT,

  US"gei",
  US"gt",
  US"gti",
#ifdef SUPPORT_SRS
  US"inbound_srs",
#endif
  US"inlist",

  ECOND_STR_GEI,
  ECOND_STR_GT,
  ECOND_STR_GTI,
#ifdef SUPPORT_SRS
  ECOND_INBOUND_SRS,
#endif
  ECOND_INLIST,

  vtype_pspace,         /* partition space; value is T/F for spool/log */
  vtype_pinodes,        /* partition inodes; value is T/F for spool/log */
  vtype_cert		/* SSL certificate */
#ifndef DISABLE_DKIM
  ,vtype_dkim           /* Lookup of value in DKIM signature */
#endif
};

/* Type for main variable table */

  { "interface_address",   vtype_stringptr,   &interface_address },
  { "interface_port",      vtype_int,         &interface_port },
  { "item",                vtype_stringptr,   &iterate_item },
#ifdef LOOKUP_LDAP
  { "ldap_dn",             vtype_stringptr,   &eldap_dn },
#endif
  { "load_average",        vtype_load_avg,    NULL },
  { "local_part",          vtype_stringptr,   &deliver_localpart },
  { "local_part_data",     vtype_stringptr,   &deliver_localpart_data },

  { "spool_directory",     vtype_stringptr,   &spool_directory },
  { "spool_inodes",        vtype_pinodes,     (void *)TRUE },
  { "spool_space",         vtype_pspace,      (void *)TRUE },
#ifdef SUPPORT_SRS
  { "srs_db_address",      vtype_stringptr,   &srs_db_address },
  { "srs_db_key",          vtype_stringptr,   &srs_db_key },
  { "srs_orig_recipient",  vtype_stringptr,   &srs_orig_recipient },
  { "srs_orig_sender",     vtype_stringptr,   &srs_orig_sender },
#endif
#if defined(EXPERIMENTAL_SRS) || defined(EXPERIMENTAL_SRS_NATIVE)
  { "srs_recipient",       vtype_stringptr,   &srs_recipient },
#endif
#ifdef EXPERIMENTAL_SRS
  { "srs_status",          vtype_stringptr,   &srs_status },
#endif
  { "thisaddress",         vtype_stringptr,   &filter_thisaddress },

  /* The non-(in,out) variables are now deprecated */

  { "tls_in_ourcert",      vtype_cert,        &tls_in.ourcert },
  { "tls_in_peercert",     vtype_cert,        &tls_in.peercert },
  { "tls_in_peerdn",       vtype_stringptr,   &tls_in.peerdn },
#ifndef DISABLE_TLS_RESUME
  { "tls_in_resumption",   vtype_int,         &tls_in.resumption },
#endif
#ifndef DISABLE_TLS

  { "tls_out_ourcert",     vtype_cert,        &tls_out.ourcert },
  { "tls_out_peercert",    vtype_cert,        &tls_out.peercert },
  { "tls_out_peerdn",      vtype_stringptr,   &tls_out.peerdn },
#ifndef DISABLE_TLS_RESUME
  { "tls_out_resumption",  vtype_int,         &tls_out.resumption },
#endif
#ifndef DISABLE_TLS

const uschar * tlist = list;
int sep = 0;
/* Tainted mem for the throwaway element copies */
uschar * dummy = store_get(2, GET_TAINTED);

if (field < 0)
  {

*/

static uschar *
find_header(uschar *name, int *newsize, unsigned flags, const uschar *charset)
{
BOOL found = !name;
int len = name ? Ustrlen(name) : 0;

if (sender_host_name)
  g = string_append(g, 3, US";\n\tiprev=pass (", sender_host_name, US")");
else if (host_lookup_deferred)
  g = string_cat(g, US";\n\tiprev=temperror");
else if (host_lookup_failed)
  g = string_cat(g, US";\n\tiprev=fail");
else
  return g;


#ifndef EXIM_HAVE_ABSTRACT_UNIX_SOCKETS
uschar * sname;
#endif
fd_set fds;
struct timeval tv;

if ((fd = socket(AF_UNIX, SOCK_DGRAM, 0)) < 0)
  {

buf[0] = NOTIFY_QUEUE_SIZE_REQ;
if (send(fd, buf, 1, 0) < 0) { where = US"send"; goto bad; }

if (poll_one_fd(fd, POLLIN, 2 * 1000) != 1)
tv.tv_sec = 2; tv.tv_usec = 0;
if (select(fd + 1, (SELECT_ARG2_TYPE *)&fds, NULL, NULL, &tv) != 1)
  {
  DEBUG(D_expand) debug_printf("no daemon response; using local evaluation\n");
  len = snprintf(CS buf, sizeof(buf), "%u", queue_count_cached());

                something non-NULL if exists_only is TRUE
*/

static const uschar *
find_variable(uschar *name, BOOL exists_only, BOOL skipping, int *newsize)
{
var_entry * vp;

  {
  uschar *endptr;
  int n = Ustrtoul(name + 4, &endptr, 10);
  if (!*endptr && n != 0 && n <= AUTH_VARS)
    return auth_vars[n-1] ? auth_vars[n-1] : US"";
  }
else if (Ustrncmp(name, "regex", 5) == 0)
  {
  uschar *endptr;
  int n = Ustrtoul(name + 5, &endptr, 10);
  if (!*endptr && n != 0 && n <= REGEX_VARS)
    return regex_vars[n-1] ? regex_vars[n-1] : US"";
  }

/* For all other variables, search the table */

    ss = (uschar **)(val);
    if (!*ss && deliver_datafile >= 0)  /* Read body when needed */
      {
      uschar * body;
      off_t start_offset = SPOOL_DATA_START_OFFSET;
      int len = message_body_visible;

      if (len > message_size) len = message_size;
      *ss = body = store_get(len+1, GET_TAINTED);
      body[0] = 0;
      if (vp->type == vtype_msgbody_end)
	{

      if (lseek(deliver_datafile, start_offset, SEEK_SET) < 0)
	log_write(0, LOG_MAIN|LOG_PANIC_DIE, "deliver_datafile lseek: %s",
	  strerror(errno));
      if ((len = read(deliver_datafile, body, len)) > 0)
      if (len > 0)
	{
	body[len] = 0;
	if (message_body_newlines)   /* Separate loops for efficiency */




#ifdef SUPPORT_SRS
/* Do an hmac_md5.  The result is _not_ nul-terminated, and is sized as
the smaller of a full hmac_md5 result (16 bytes) or the supplied output buffer.


  }
return;
}
#endif /*SUPPORT_SRS*/


/*************************************************

BOOL *subcondptr;
BOOL sub2_honour_dollar = TRUE;
BOOL is_forany, is_json, is_jsons;
int rc, cond_type;
int_eximarith_t num[2];
struct stat statbuf;
uschar * opname;
uschar name[256];
const uschar *sub[10];

const pcre *re;
const uschar *rerror;

for (;;)
  if (Uskip_whitespace(&s) == '!') { testfor = !testfor; s++; } else break;



  case ECOND_DEF:
    {
    const uschar * t;

    if (*s != ':')
      {

    {
    case ECOND_NUM_E:
    case ECOND_NUM_EE:
      tempcond = (num[0] == num[1]); break;
    break;

    case ECOND_NUM_G:
      tempcond = (num[0] > num[1]); break;
    break;

    case ECOND_NUM_GE:
      tempcond = (num[0] >= num[1]); break;
    break;

    case ECOND_NUM_L:
      tempcond = (num[0] < num[1]); break;
    break;

    case ECOND_NUM_LE:
      tempcond = (num[0] <= num[1]); break;
    break;

    case ECOND_STR_LT:
      tempcond = (Ustrcmp(sub[0], sub[1]) < 0); break;
    break;

    case ECOND_STR_LTI:
      tempcond = (strcmpic(sub[0], sub[1]) < 0); break;
    break;

    case ECOND_STR_LE:
      tempcond = (Ustrcmp(sub[0], sub[1]) <= 0); break;
    break;

    case ECOND_STR_LEI:
      tempcond = (strcmpic(sub[0], sub[1]) <= 0); break;
    break;

    case ECOND_STR_EQ:
      tempcond = (Ustrcmp(sub[0], sub[1]) == 0); break;
    break;

    case ECOND_STR_EQI:
      tempcond = (strcmpic(sub[0], sub[1]) == 0); break;
    break;

    case ECOND_STR_GT:
      tempcond = (Ustrcmp(sub[0], sub[1]) > 0); break;
    break;

    case ECOND_STR_GTI:
      tempcond = (strcmpic(sub[0], sub[1]) > 0); break;
    break;

    case ECOND_STR_GE:
      tempcond = (Ustrcmp(sub[0], sub[1]) >= 0); break;
    break;

    case ECOND_STR_GEI:
      tempcond = (strcmpic(sub[0], sub[1]) >= 0); break;
    break;

    case ECOND_MATCH:   /* Regular expression match */
    if (!(re = pcre_compile(CS sub[1], PCRE_COPT, CCSS &rerror,
			    &roffset, NULL)))
      {
      const pcre2_code * re;
      PCRE2_SIZE offset;
      int err;

      if (!(re = pcre2_compile((PCRE2_SPTR)sub[1], PCRE2_ZERO_TERMINATED,
				PCRE_COPT, &err, &offset, pcre_cmp_ctx)))
	{
	uschar errbuf[128];
	pcre2_get_error_message(err, errbuf, sizeof(errbuf));
	expand_string_message = string_sprintf("regular expression error in "
	  "\"%s\": %s at offset %ld", sub[1], errbuf, (long)offset);
	return NULL;
	}

      tempcond = regex_match_and_setup(re, sub[0], 0, -1);
      break;
      }
    tempcond = regex_match_and_setup(re, sub[0], 0, -1);
    break;

    case ECOND_MATCH_ADDRESS:  /* Match in an address list */
      rc = match_address_list(sub[0], TRUE, FALSE, &(sub[1]), NULL, -1, 0,
			      CUSS &lookup_value);
      goto MATCHED_SOMETHING;

    case ECOND_MATCH_DOMAIN:   /* Match in a domain list */
      rc = match_isinlist(sub[0], &(sub[1]), 0, &domainlist_anchor, NULL,
	MCL_DOMAIN + MCL_NOEXPAND, TRUE, CUSS &lookup_value);
      goto MATCHED_SOMETHING;

    case ECOND_MATCH_IP:       /* Match IP address in a host list */
      if (sub[0][0] != 0 && string_is_ip_address(sub[0], NULL) == 0)
	{
	expand_string_message = string_sprintf("\"%s\" is not an IP address",
	  sub[0]);
	return NULL;
	}
      else
	{
	unsigned int *nullcache = NULL;
	check_host_block cb;

	cb.host_name = US"";
	cb.host_address = sub[0];

	/* If the host address starts off ::ffff: it is an IPv6 address in
	IPv4-compatible mode. Find the IPv4 part for checking against IPv4
	addresses. */

	cb.host_ipv4 = (Ustrncmp(cb.host_address, "::ffff:", 7) == 0)?
	  cb.host_address + 7 : cb.host_address;

	rc = match_check_list(
	       &sub[1],                   /* the list */
	       0,                         /* separator character */
	       &hostlist_anchor,          /* anchor pointer */
	       &nullcache,                /* cache pointer */
	       check_host,                /* function for testing */
	       &cb,                       /* argument for function */
	       MCL_HOST,                  /* type of check */
	       sub[0],                    /* text for debugging */
	       CUSS &lookup_value);       /* where to pass back data */
	}
      goto MATCHED_SOMETHING;

    case ECOND_MATCH_LOCAL_PART:
      rc = match_isinlist(sub[0], &(sub[1]), 0, &localpartlist_anchor, NULL,
	MCL_LOCALPART + MCL_NOEXPAND, TRUE, CUSS &lookup_value);
      /* Fall through */
      /* VVVVVVVVVVVV */
      MATCHED_SOMETHING:
      switch(rc)
	{
	case OK:   tempcond = TRUE;  break;
	case FAIL: tempcond = FALSE; break;
      break;

      case FAIL:
      tempcond = FALSE;
      break;

	case DEFER:
	  expand_string_message = string_sprintf("unable to complete match "
	    "against \"%s\": %s", sub[1], search_error_message);
	  return NULL;
	}

      break;

    /* Various "encrypted" comparisons. If the second string starts with
    "{" then an encryption type is given. Default to crypt() or crypt16()


    case ECOND_CRYPTEQ:
    #ifndef SUPPORT_CRYPTEQ
      goto COND_FAILED_NOT_COMPILED;
    #else
      if (strncmpic(sub[1], US"{md5}", 5) == 0)
	{
	int sublen = Ustrlen(sub[1]+5);
	md5 base;
	uschar digest[16];

	md5_start(&base);
	md5_end(&base, sub[0], Ustrlen(sub[0]), digest);

	/* If the length that we are comparing against is 24, the MD5 digest
	is expressed as a base64 string. This is the way LDAP does it. However,
	some other software uses a straightforward hex representation. We assume
	this if the length is 32. Other lengths fail. */

	if (sublen == 24)
	  {
	  uschar *coded = b64encode(CUS digest, 16);
	  DEBUG(D_auth) debug_printf("crypteq: using MD5+B64 hashing\n"
	    "  subject=%s\n  crypted=%s\n", coded, sub[1]+5);
	  tempcond = (Ustrcmp(coded, sub[1]+5) == 0);
	  }
	else if (sublen == 32)
	  {
	  uschar coded[36];
	  for (int i = 0; i < 16; i++) sprintf(CS (coded+2*i), "%02X", digest[i]);
	  coded[32] = 0;
	  DEBUG(D_auth) debug_printf("crypteq: using MD5+hex hashing\n"
	    "  subject=%s\n  crypted=%s\n", coded, sub[1]+5);
	  tempcond = (strcmpic(coded, sub[1]+5) == 0);
	  }
	else
	  {
	  DEBUG(D_auth) debug_printf("crypteq: length for MD5 not 24 or 32: "
	    "fail\n  crypted=%s\n", sub[1]+5);
	  tempcond = FALSE;
	  }
	}

    else if (strncmpic(sub[1], US"{sha1}", 6) == 0)
      {
      int sublen = Ustrlen(sub[1]+6);
      hctx h;
      uschar digest[20];

      else if (strncmpic(sub[1], US"{sha1}", 6) == 0)
	{
	int sublen = Ustrlen(sub[1]+6);
	hctx h;
	uschar digest[20];

	sha1_start(&h);
	sha1_end(&h, sub[0], Ustrlen(sub[0]), digest);
      straightforward hex representation. Other lengths fail. */

	/* If the length that we are comparing against is 28, assume the SHA1
	digest is expressed as a base64 string. If the length is 40, assume a
	straightforward hex representation. Other lengths fail. */

	if (sublen == 28)
	  {
	  uschar *coded = b64encode(CUS digest, 20);
	  DEBUG(D_auth) debug_printf("crypteq: using SHA1+B64 hashing\n"
	    "  subject=%s\n  crypted=%s\n", coded, sub[1]+6);
	  tempcond = (Ustrcmp(coded, sub[1]+6) == 0);
	  }
	else if (sublen == 40)
	  {
	  uschar coded[44];
	  for (int i = 0; i < 20; i++) sprintf(CS (coded+2*i), "%02X", digest[i]);
	  coded[40] = 0;
	  DEBUG(D_auth) debug_printf("crypteq: using SHA1+hex hashing\n"
	    "  subject=%s\n  crypted=%s\n", coded, sub[1]+6);
	  tempcond = (strcmpic(coded, sub[1]+6) == 0);
	  }
	else
	  {
	  DEBUG(D_auth) debug_printf("crypteq: length for SHA-1 not 28 or 40: "
	    "fail\n  crypted=%s\n", sub[1]+6);
	  tempcond = FALSE;
	  }
	}

      else   /* {crypt} or {crypt16} and non-{ at start */
	     /* }-for-text-editors */
	{
	int which = 0;
	uschar *coded;

	if (strncmpic(sub[1], US"{crypt}", 7) == 0)
	  {
	  sub[1] += 7;
	  which = 1;
	  }
	else if (strncmpic(sub[1], US"{crypt16}", 9) == 0)
	  {
	  sub[1] += 9;
	  which = 2;
	  }
	else if (sub[1][0] == '{')		/* }-for-text-editors */
	  {
	  expand_string_message = string_sprintf("unknown encryption mechanism "
	    "in \"%s\"", sub[1]);
	  return NULL;
	  }

	switch(which)
	  {
	  case 0:  coded = US DEFAULT_CRYPT(CS sub[0], CS sub[1]); break;
	  case 1:  coded = US crypt(CS sub[0], CS sub[1]); break;
	  default: coded = US crypt16(CS sub[0], CS sub[1]); break;
	  }

	#define STR(s) # s
	#define XSTR(s) STR(s)
	DEBUG(D_auth) debug_printf("crypteq: using %s()\n"
	  "  subject=%s\n  crypted=%s\n",
	  which == 0 ? XSTR(DEFAULT_CRYPT) : which == 1 ? "crypt" : "crypt16",
	  coded, sub[1]);
	#undef STR
	#undef XSTR

	/* If the encrypted string contains fewer than two characters (for the
	salt), force failure. Otherwise we get false positives: with an empty
	string the yield of crypt() is an empty string! */

	if (coded)
	  tempcond = Ustrlen(sub[1]) < 2 ? FALSE : Ustrcmp(coded, sub[1]) == 0;
	else if (errno == EINVAL)
	  tempcond = FALSE;
	else
	  {
	  expand_string_message = string_sprintf("crypt error: %s\n",
	    US strerror(errno));
	  return NULL;
	  }
	}
      break;
    break;
    #endif  /* SUPPORT_CRYPTEQ */

    case ECOND_INLIST:

        if (compare(sub[0], iterate_item) == 0)
          {
          tempcond = TRUE;
	  lookup_value = iterate_item;
          break;
          }
	}

    return s;
    }

#ifdef SUPPORT_SRS
  case ECOND_INBOUND_SRS:
    /* ${if inbound_srs {local_part}{secret}  {yes}{no}} */
    {
    uschar * sub[2];
    const pcre2_code * re;
    pcre2_match_data * md;
    PCRE2_SIZE * ovec;
    int quoting = 0;
    uschar cksum[4];
    BOOL boolvalue = FALSE;



    re = regex_must_compile(US"^(?i)SRS0=([^=]+)=([A-Z2-7]+)=([^=]*)=(.*)$",
			    TRUE, FALSE);
    md = pcre2_match_data_create(4+1, pcre_gen_ctx);
    if (pcre2_match(re, sub[0], PCRE2_ZERO_TERMINATED, 0, PCRE_EOPT,
		    md, pcre_mtc_ctx) < 0)
      {
      DEBUG(D_expand) debug_printf("no match for SRS'd local-part pattern\n");
      goto srs_result;
      }
    ovec = pcre2_get_ovector_pointer(md);

    if (sub[0][0] == '"')
      quoting = 1;
    else for (uschar * s = sub[0]; *s; s++)
      if (!isalnum(*s) && Ustrchr(".!#$%&'*+-/=?^_`{|}~", *s) == NULL)
	{ quoting = 1; break; }
    if (quoting)
      DEBUG(D_expand) debug_printf_indent("auto-quoting local part\n");

    /* Record the (quoted, if needed) decoded recipient as $srs_recipient */

    srs_recipient = string_sprintf("%.*s%.*S%.*s@%.*S",   	/* lowercased */
		      quoting, "\"",
		      (int) (ovec[9]-ovec[8]), sub[0] + ovec[8],  /* substr 4 */
		      quoting, "\"",
		      (int) (ovec[7]-ovec[6]), sub[0] + ovec[6]); /* substr 3 */

    /* If a zero-length secret was given, we're done.  Otherwise carry on
    and validate the given SRS local_part againt our secret. */

      struct timeval now;
      uschar * ss = sub[0] + ovec[4];	/* substring 2, the timestamp */
      long d;
      int n;

      gettimeofday(&now, NULL);
      now.tv_sec /= 86400;		/* days since epoch */

    if (yield) *yield = (boolvalue == testfor);
    return s;
    }
#endif /*SUPPORT_SRS*/

  /* Unknown condition */


*/

static int
save_expand_strings(const uschar **save_expand_nstring, int *save_expand_nlength)
{
for (int i = 0; i <= expand_nmax; i++)
  {

*/

static void
restore_expand_strings(int save_expand_nmax, const uschar **save_expand_nstring,
  int *save_expand_nlength)
{
expand_nmax = save_expand_nmax;

static uschar *
prvs_daystamp(int day_offset)
{
uschar * days = store_get(32, GET_UNTAINTED);      /* Need at least 24 for cases */
(void)string_format(days, 32, TIME_T_FMT, 	   /* where TIME_T_FMT is %lld */
  (time(NULL) + day_offset*86400)/86400);
return (Ustrlen(days) >= 3) ? &days[Ustrlen(days)-3] : US"100";
}


/* Hashing is deemed sufficient to de-taint any input data */

p = finalhash_hex = store_get(40, GET_UNTAINTED);
for (int i = 0; i < 3; i++)
  {
  *p++ = hex_digits[(finalhash[i] & 0xf0) >> 4];

*/

gstring *
cat_file(FILE * f, gstring * yield, uschar * eol)
{
uschar buffer[1024];


  if (eol && buffer[len])
    yield = string_cat(yield, eol);
  }

(void) string_from_gstring(yield);
return yield;
}


/* We assume that all errors, and any returns of zero bytes,
are actually EOF. */

(void) string_from_gstring(yield);
return yield;
}
#endif

}


/* Expand a named list.  Return false on failure. */
static gstring *
expand_listnamed(gstring * yield, const uschar * name, const uschar * listtype)
{
tree_node *t = NULL;
const uschar * list;
int sep = 0;
uschar * item;
BOOL needsep = FALSE;
#define LISTNAMED_BUF_SIZE 256
uschar b[LISTNAMED_BUF_SIZE];
uschar * buffer = b;

if (*name == '+') name++;
if (!listtype)		/* no-argument version */
  {
  if (  !(t = tree_search(addresslist_anchor, name))
     && !(t = tree_search(domainlist_anchor,  name))
     && !(t = tree_search(hostlist_anchor,    name)))
    t = tree_search(localpartlist_anchor, name);
  }
else switch(*listtype)	/* specific list-type version */
  {
  case 'a': t = tree_search(addresslist_anchor,   name); break;
  case 'd': t = tree_search(domainlist_anchor,    name); break;
  case 'h': t = tree_search(hostlist_anchor,      name); break;
  case 'l': t = tree_search(localpartlist_anchor, name); break;
  default:
    expand_string_message = US"bad suffix on \"list\" operator";
    return yield;
  }

if(!t)
  {
  expand_string_message = string_sprintf("\"%s\" is not a %snamed list",
    name, !listtype?""
      : *listtype=='a'?"address "
      : *listtype=='d'?"domain "
      : *listtype=='h'?"host "
      : *listtype=='l'?"localpart "
      : 0);
  return yield;
  }

list = ((namedlist_block *)(t->data.ptr))->string;

/* The list could be quite long so we (re)use a buffer for each element
rather than getting each in new memory */

if (is_tainted(list)) buffer = store_get(LISTNAMED_BUF_SIZE, GET_TAINTED);
while ((item = string_nextinlist(&list, &sep, buffer, LISTNAMED_BUF_SIZE)))
  {
  uschar * buf = US" : ";
  if (needsep)
    yield = string_catn(yield, buf, 3);
  else
    needsep = TRUE;

  if (*item == '+')	/* list item is itself a named list */
    {
    yield = expand_listnamed(yield, item, listtype);
    if (expand_string_message)
      return yield;
    }

  else if (sep != ':')	/* item from non-colon-sep list, re-quote for colon list-separator */
    {
    char tok[3];
    tok[0] = sep; tok[1] = ':'; tok[2] = 0;

    for(char * cp; cp = strpbrk(CCS item, tok); item = US cp)
      {
      yield = string_catn(yield, item, cp - CS item);
      if (*cp++ == ':')	/* colon in a non-colon-sep list item, needs doubling */
	yield = string_catn(yield, US"::", 2);
      else		/* sep in item; should already be doubled; emit once */
	{
	yield = string_catn(yield, US tok, 1);
	if (*cp == sep) cp++;
	}
      }
    yield = string_cat(yield, item);
    }
  else
    yield = string_cat(yield, item);
  }
return yield;
}



/************************************************/
static void
debug_expansion_interim(const uschar * what, const uschar * value, int nchar,
  BOOL skipping)
{
DEBUG(D_noutf8)
  debug_printf_indent("|");
else
  debug_printf_indent(UTF8_VERT_RIGHT);

for (int fill = 11 - Ustrlen(what); fill > 0; fill--)
  DEBUG(D_noutf8)
    debug_printf("-");
  else
    debug_printf(UTF8_HORIZ);

debug_printf("%s: %.*s\n", what, nchar, value);
if (is_tainted(value))
  {
  DEBUG(D_noutf8)
    debug_printf_indent("%s     \\__", skipping ? "|     " : "      ");
  else
    debug_printf_indent("%s",
      skipping
      ? UTF8_VERT "             " : "           " UTF8_UP_RIGHT UTF8_HORIZ UTF8_HORIZ);
  debug_printf("(tainted)\n");
  }
}


/*************************************************
*                 Expand string                  *
*************************************************/

rmark reset_point = store_mark();
gstring * yield = string_get(Ustrlen(string) + 64);
int item_type;
const uschar * s = string;
const uschar * save_expand_nstring[EXPAND_MAXN+1];
int save_expand_nlength[EXPAND_MAXN+1];
BOOL resetok = TRUE, first = TRUE;

expand_level++;
DEBUG(D_expand)
  DEBUG(D_noutf8)
    debug_printf_indent("/%s: %s\n",
      skipping ? "---scanning" : "considering", string);
  else
    debug_printf_indent(UTF8_DOWN_RIGHT "%s: %s\n",
      skipping
      ? UTF8_HORIZ UTF8_HORIZ UTF8_HORIZ "scanning"
      : "considering",
      string);

f.expand_string_forcedfail = FALSE;
expand_string_message = US"";


  goto EXPAND_FAILED;
  }

while (*s)
  {
  uschar *value;
  uschar name[256];

  DEBUG(D_expand)
    {
    DEBUG(D_noutf8)
      debug_printf_indent("%c%s: %s\n",
	first ? '/' : '|',
	skipping ? "---scanning" : "considering", s);
    else
      debug_printf_indent("%s%s: %s\n",
	first ? UTF8_DOWN_RIGHT : UTF8_VERT_RIGHT,
	skipping
	? UTF8_HORIZ UTF8_HORIZ UTF8_HORIZ "scanning"
	: "considering",
	s);
    first = FALSE;
    }

  /* \ escapes the next character, which must exist, or else
  the expansion fails. There's a special escape, \N, which causes
  copying of the subject verbatim up to the next \N. Otherwise,

    if (s[1] == 'N')
      {
      const uschar * t = s + 2;
      for (s = t; *s ; s++) if (*s == '\\' && s[1] == 'N') break;

      DEBUG(D_expand)
	debug_expansion_interim(US"protected", t, (int)(s - t), skipping);
      yield = string_catn(yield, t, s - t);
      if (*s) s += 2;
      }

    else
      {
      uschar ch[1];
      DEBUG(D_expand)
	DEBUG(D_noutf8)
	  debug_printf_indent("|backslashed: '\\%c'\n", s[1]);
	else
	  debug_printf_indent(UTF8_VERT_RIGHT "backslashed: '\\%c'\n", s[1]);
      ch[0] = string_interpret_escape(&s);
      s++;
      yield = string_catn(yield, ch, 1);
      }

    continue;
    }

									/*{{*/
  /* Anything other than $ is just copied verbatim, unless we are
  looking for a terminating } character. */

  /*{*/
  if (ket_ends && *s == '}') break;

  if (*s != '$' || !honour_dollar)
    {
    int i = 1;								/*{*/
    for (const uschar * t = s+1;
	*t && *t != '$' && *t != '}' && *t != '\\'; t++) i++;

    DEBUG(D_expand) debug_expansion_interim(US"text", s, i, skipping);

    yield = string_catn(yield, s, i);
    s += i;
    continue;
    }


  "$header_". A non-existent header yields a NULL value; nothing is
  inserted. */	/*}*/

  if (isalpha(*++s))
    {
    const uschar * value;
    int newsize = 0, len;
    gstring * g = NULL;
    uschar * t;


    buffer. */

    if (!yield)
      g = store_get(sizeof(gstring), GET_UNTAINTED);
    else if (yield->ptr == 0)
      {
      if (resetok) reset_point = store_reset(reset_point);
      yield = NULL;
      reset_point = store_mark();
      g = store_get(sizeof(gstring), GET_UNTAINTED);	/* alloc _before_ calling find_variable() */
      }

    /* Header */

      unsigned flags = *name == 'r' ? FH_WANT_RAW
		      : *name == 'l' ? FH_WANT_RAW|FH_WANT_LIST
		      : 0;
      const uschar * charset = *name == 'b' ? NULL : headers_charset;

      s = read_header_name(name, sizeof(name), s);
      value = find_header(name, &newsize, flags, charset);

      But there is no error here - nothing gets inserted. */

      if (!value)
        {								/*{*/
        if (Ustrchr(name, '}')) malformed_header = TRUE;
        continue;
        }

      yield = g;
      yield->size = newsize;
      yield->ptr = len;
      yield->s = US value; /* known to be in new store i.e. a copy, so deconst safe */
      }
    else
      yield = string_catn(yield, value, len);

    }

  /* After { there can be various things, but they all start with
  an initial word, except for a number for a string match variable. */	/*}*/

  if (isdigit(*++s))
    {
    int n;
    s = read_cnumber(&n, s);						/*{{*/
    if (*s++ != '}')
      {
      expand_string_message = US"} expected after number";
      goto EXPAND_FAILED;
      }


  /* Allow "-" in names to cater for substrings with negative
  arguments. Since we are checking for known names after { this is
  OK. */								/*}*/

  s = read_name(name, sizeof(name), s, US"_-");
  item_type = chop_match(name, item_table, nelem(item_table));

  /* Switch on item type.  All nondefault choices should "continue* when
  skipping, but "break" otherwise so we get debug output for the item
  expansion. */
  {
  int start = gstring_length(yield);
  switch(item_type)
    {
    /* Call an ACL from an expansion.  We feed data in via $acl_arg1 - $acl_arg9.

    case EITEM_ACL:
      /* ${acl {name} {arg1}{arg2}...} */
      {
      uschar * sub[10];	/* name + arg1-arg9 (which must match number of acl_arg[]) */
      uschar * user_msg;
      int rc;

      switch(read_subs(sub, nelem(sub), 1, &s, skipping, TRUE, name,

	    debug_printf_indent("acl expansion yield: %s\n", user_msg);
	  if (user_msg)
            yield = string_cat(yield, user_msg);
	  break;

	case DEFER:
          f.expand_string_forcedfail = TRUE;

	    rc_names[rc], sub[0]);
	  goto EXPAND_FAILED;
	}
      break;
      }

    case EITEM_AUTHRESULTS:
      /* ${authresults {mysystemname}} */
      {
      uschar * sub_arg[1];

      switch(read_subs(sub_arg, nelem(sub_arg), 1, &s, skipping, TRUE, name,
		      &resetok))

#ifdef EXPERIMENTAL_ARC
      yield = authres_arc(yield);
#endif
      break;
      }

    /* Handle conditionals - preserve the values of the numerical expansion

      const uschar *next_s;
      int save_expand_nmax =
        save_expand_strings(save_expand_nstring, save_expand_nlength);
      uschar * save_lookup_value = lookup_value;

      Uskip_whitespace(&s);
      if (!(next_s = eval_condition(s, &resetok, skipping ? NULL : &cond)))
	goto EXPAND_FAILED;  /* message already set */

      DEBUG(D_expand)
	{
	debug_expansion_interim(US"condition", s, (int)(next_s - s), skipping);
	debug_expansion_interim(US"result",
	  cond ? US"true" : US"false", cond ? 4 : 5, skipping);
	}
	else
	  {
	  debug_printf_indent(UTF8_VERT_RIGHT UTF8_HORIZ UTF8_HORIZ
	    "condition: %.*s\n",
	    (int)(next_s - s), s);
	  debug_printf_indent(UTF8_VERT_RIGHT UTF8_HORIZ UTF8_HORIZ
	    UTF8_HORIZ UTF8_HORIZ UTF8_HORIZ
	    "result: %s\n",
	    cond ? "true" : "false");
	  }

      s = next_s;


      /* Restore external setting of expansion variables for continuation
      at this level. */

      lookup_value = save_lookup_value;
      restore_expand_strings(save_expand_nmax, save_expand_nstring,
        save_expand_nlength);
      break;
      }

#ifdef SUPPORT_I18N
    case EITEM_IMAPFOLDER:
      {				/* ${imapfolder {name}{sep}{specials}} */
      uschar *sub_arg[3];
      uschar *encoded;


	goto EXPAND_FAILED;
	}

      if (skipping) continue;

      if (!(encoded = imap_utf7_encode(sub_arg[0], headers_charset,
			  sub_arg[1][0], sub_arg[2], &expand_string_message)))
	goto EXPAND_FAILED;
      yield = string_cat(yield, encoded);
      break;
      continue;
      }
#endif


      int stype, partial, affixlen, starflags;
      int expand_setup = 0;
      int nameptr = 0;
      uschar * key, * filename;
      const uschar * affix, * opts;
      uschar * save_lookup_value = lookup_value;
      int save_expand_nmax =
        save_expand_strings(save_expand_nstring, save_expand_nlength);

      if (expand_forbid & RDO_LOOKUP)
        {
        expand_string_message = US"lookup expansions are not permitted";
        goto EXPAND_FAILED;

          goto EXPAND_FAILED;
          }
        }
      else if (key)
	{
	expand_string_message = string_sprintf("a single key was given for "
	  "lookup type \"%s\", which is not a single-key lookup type", name);
	goto EXPAND_FAILED;
	}
          goto EXPAND_FAILED;
          }
        }

      /* Get the next string in brackets and expand it. It is the file name for
      single-key+file lookups, and the whole query otherwise. In the case of

      if (*s != '{')
        {
	expand_string_message = US"missing '{' for lookup file-or-query arg";
	goto EXPAND_FAILED_CURLY;						/*}}*/
	}
      if (!(filename = expand_string_internal(s+1, TRUE, &s, skipping, TRUE, &resetok)))
	goto EXPAND_FAILED;
      										/*{{*/
      if (*s++ != '}')
        {
	expand_string_message = US"missing '}' closing lookup file-or-query arg";

      file types, the query (i.e. "key") starts with a file name. */

      if (!key)
	key = search_args(stype, name, filename, &filename, opts);
	Uskip_whitespace(&filename);
        key = filename;

        if (mac_islookup(stype, lookup_querystyle))
          filename = NULL;
        else
          if (*filename == '/')
	    {
	    while (*key && !isspace(*key)) key++;
	    if (*key) *key++ = '\0';
	    }
	  else
	    filename = NULL;
        }

      /* If skipping, don't do the next bit - just lookup_value == NULL, as if
      the entry was not found. Note that there is no search_close() function.

        lookup_value = NULL;
      else
        {
        void * handle = search_open(filename, stype, 0, NULL, NULL);
        if (!handle)
          {
          expand_string_message = search_error_message;


      restore_expand_strings(save_expand_nmax, save_expand_nstring,
        save_expand_nlength);

      if (skipping) continue;
      break;
      }

    /* If Perl support is configured, handle calling embedded perl subroutines,

    or ${perl{sub}{arg1}{arg2}} or up to a maximum of EXIM_PERL_MAX_ARGS
    arguments (defined below). */

#define EXIM_PERL_MAX_ARGS 8

    case EITEM_PERL:
#ifndef EXIM_PERL
      expand_string_message = US"\"${perl\" encountered, but this facility "	/*}*/
	"is not included in this binary";
      goto EXPAND_FAILED;

#else   /* EXIM_PERL */
      {
      uschar * sub_arg[EXIM_PERL_MAX_ARGS + 2];
      gstring * new_yield;

      if (expand_forbid & RDO_PERL)
        {
        expand_string_message = US"Perl calls are not permitted";
        goto EXPAND_FAILED;


      if (!opt_perl_started)
        {
        uschar * initerror;
        if (!opt_perl_startup)
          {
          expand_string_message = US"A setting of perl_startup is needed when "


      f.expand_string_forcedfail = FALSE;
      yield = new_yield;
      break;
      }
#endif /* EXIM_PERL */

    /* Transform email address to "prvs" scheme to use
       as BATV-signed return path */

    case EITEM_PRVS:
      {
      uschar * sub_arg[3], * p, * domain;
      uschar *p,*domain;

      switch(read_subs(sub_arg, 3, 2, &s, skipping, TRUE, name, &resetok))
        {

      yield = string_catn(yield, US"@", 1);
      yield = string_cat (yield, domain);

      break;
      }

    /* Check a prvs-encoded address for validity */

    case EITEM_PRVSCHECK:
      {
      uschar * sub_arg[3], * p;
      gstring * g;
      const pcre2_code * re;
      uschar *p;

      /* TF: Ugliness: We want to expand parameter 1 first, then set
         up expansion variables that are used in the expansion of

         PH: Actually, that isn't necessary. The read_subs() function is
         designed to work this way for the ${if and ${lookup expansions. I've
         tidied the code.
      */								/*}}*/

      /* Reset expansion variables */
      prvscheck_result = NULL;


      if (regex_match_and_setup(re,sub_arg[0],0,-1))
        {
        uschar * local_part = string_copyn(expand_nstring[4],expand_nlength[4]);
        uschar * key_num = string_copyn(expand_nstring[1],expand_nlength[1]);
        uschar * daystamp = string_copyn(expand_nstring[2],expand_nlength[2]);
        uschar * hash = string_copyn(expand_nstring[3],expand_nlength[3]);
        uschar * domain = string_copyn(expand_nstring[5],expand_nlength[5]);

        DEBUG(D_expand) debug_printf_indent("prvscheck localpart: %s\n", local_part);
        DEBUG(D_expand) debug_printf_indent("prvscheck key number: %s\n", key_num);

          case 3: goto EXPAND_FAILED;
          }

      if (skipping) continue;
      break;
      }

    /* Handle "readfile" to insert an entire file */

    case EITEM_READFILE:
      {
      FILE * f;
      uschar * sub_arg[2];

      if ((expand_forbid & RDO_READFILE) != 0)
        {


      if (!(f = Ufopen(sub_arg[0], "rb")))
        {
        expand_string_message = string_open_failed("%s", sub_arg[0]);
        goto EXPAND_FAILED;
        }

      yield = cat_file(f, yield, sub_arg[1]);
      (void)fclose(f);
      break;
      }

    /* Handle "readsocket" to insert data from a socket, either

      /* The whole thing has worked (or we were skipping). If there is a
      failure string following, we need to skip it. */

      if (*s == '{')							/*}*/
        {
        if (!expand_string_internal(s+1, TRUE, &s, TRUE, TRUE, &resetok))
          goto EXPAND_FAILED;						/*{*/
        if (*s++ != '}')
	  {								/*{*/
	  expand_string_message = US"missing '}' closing failstring for readsocket";
	  goto EXPAND_FAILED_CURLY;
	  }
        Uskip_whitespace(&s);
        }

    READSOCK_DONE:							/*{*/
      if (*s++ != '}')
        {								/*{*/
	expand_string_message = US"missing '}' closing readsocket";
	goto EXPAND_FAILED_CURLY;
	}
      if (skipping) continue;
      break;

      /* Come here on failure to create socket, connect socket, write to the
      socket, or timeout on reading. If another substring follows, expand and
      use it. Otherwise, those conditions give expand errors. */

    SOCK_FAIL:
      if (*s != '{') goto EXPAND_FAILED;				/*}*/
      DEBUG(D_any) debug_printf("%s\n", expand_string_message);
      if (!(arg = expand_string_internal(s+1, TRUE, &s, FALSE, TRUE, &resetok)))
        goto EXPAND_FAILED;
      yield = string_cat(yield, arg);					/*{*/
      if (*s++ != '}')
        {								/*{*/
	expand_string_message = US"missing '}' closing failstring for readsocket";
	goto EXPAND_FAILED_CURLY;
	}


    case EITEM_RUN:
      {
      FILE * f;
      const uschar * arg, ** argv;
      BOOL late_expand = TRUE;
      pid_t pid;
      int fd_in, fd_out;

      if ((expand_forbid & RDO_RUN) != 0)
        {

        goto EXPAND_FAILED;
        }

      /* Handle options to the "run" */

      while (*s == ',')
	{
	if (Ustrncmp(++s, "preexpand", 9) == 0)
	  { late_expand = FALSE; s += 9; }
	else
	  {
	  const uschar * t = s;
	  while (isalpha(*++t)) ;
	  expand_string_message = string_sprintf("bad option '%.*s' for run",
						  (int)(t-s), s);
	  goto EXPAND_FAILED;
	  }
	}
      Uskip_whitespace(&s);

      if (*s != '{')					/*}*/
        {
	expand_string_message = US"missing '{' for command arg of run";
	goto EXPAND_FAILED_CURLY;			/*"}*/
	}
      s++;

      if (late_expand)		/* this is the default case */
	{
	int n = Ustrcspn(s, "}");
	arg = skipping ? NULL : string_copyn(s, n);
	s += n;
	}
      else
	{
	if (!(arg = expand_string_internal(s, TRUE, &s, skipping, TRUE, &resetok)))
	  goto EXPAND_FAILED;
	Uskip_whitespace(&s);
	}
							/*{*/
      if (*s++ != '}')
        {						/*{*/
	expand_string_message = US"missing '}' closing command arg of run";
	goto EXPAND_FAILED_CURLY;
	}

	}
      else
        {
	int fd_in, fd_out;
	pid_t pid;

        if (!transport_set_up_command(&argv,    /* anchor for arg list */
            arg,                                /* raw command */
	    late_expand,		/* expand args if not already done */
            0,                          /* not relevant when... */
            NULL,                       /* no transporting address */
	    late_expand,		/* allow tainted args, when expand-after-split */
            US"${run} expansion",       /* for error messages */
            &expand_string_message))    /* where to put error message */
          goto EXPAND_FAILED;

        /* Create the child process, making it a group leader. */

          expand_string_message =
            string_sprintf("couldn't create child process: %s", strerror(errno));
          goto EXPAND_FAILED;
	  }

        /* Nothing is written to the standard input. */


        case 2: goto EXPAND_FAILED_CURLY;    /* returned value is 0 */
        }

      if (skipping) continue;
      break;
      }

    /* Handle character translation for "tr" */

      {
      int oldptr = gstring_length(yield);
      int o2m;
      uschar * sub[3];

      switch(read_subs(sub, 3, 3, &s, skipping, TRUE, name, &resetok))
        {

          }
        }

      if (skipping) continue;
      break;
      }

    /* Handle "hash", "length", "nhash", and "substr" when they are given with

      int len;
      uschar *ret;
      int val[2] = { 0, -1 };
      uschar * sub[3];

      /* "length" takes only 2 arguments whereas the others take 2 or 3.
      Ensure that sub[2] is set in the ${length } case. */

      if (!ret)
	goto EXPAND_FAILED;
      yield = string_catn(yield, ret, len);
      if (skipping) continue;
      break;
      }

    /* Handle HMAC computation: ${hmac{<algorithm>}{<secret>}{<text>}}


    case EITEM_HMAC:
      {
      uschar * sub[3];
      md5 md5_base;
      hctx sha1_ctx;
      void * use_base;
      int type;
      int hashlen;      /* Number of octets for the hash algorithm's output */
      int hashblocklen; /* Number of octets the hash algorithm processes */
      uschar * keyptr, * p;
      unsigned int keylen;

      uschar keyhash[MAX_HASHLEN];

        case 3: goto EXPAND_FAILED;
        }

      if (skipping) continue;

      if (Ustrcmp(sub[0], "md5") == 0)
	{
	type = HMAC_MD5;
	use_base = &md5_base;
	hashlen = 16;
	hashblocklen = 64;
	}
      else if (Ustrcmp(sub[0], "sha1") == 0)
	{
	type = HMAC_SHA1;
	use_base = &sha1_ctx;
	hashlen = 20;
	hashblocklen = 64;
	}
      else
	{
	expand_string_message =
	  string_sprintf("hmac algorithm \"%s\" is not recognised", sub[0]);
	goto EXPAND_FAILED;
	}
	  goto EXPAND_FAILED;
	  }

      keyptr = sub[1];
      keylen = Ustrlen(keyptr);

      /* If the key is longer than the hash block length, then hash the key
      first */

      if (keylen > hashblocklen)
	{
	chash_start(type, use_base);
	chash_end(type, use_base, keyptr, keylen, keyhash);
	keyptr = keyhash;
	keylen = hashlen;
	}

      /* Now make the inner and outer key values */

      memset(innerkey, 0x36, hashblocklen);
      memset(outerkey, 0x5c, hashblocklen);

      for (int i = 0; i < keylen; i++)
	{
	innerkey[i] ^= keyptr[i];
	outerkey[i] ^= keyptr[i];
	}

      /* Now do the hashes */

      chash_start(type, use_base);
      chash_mid(type, use_base, innerkey);
      chash_end(type, use_base, sub[2], Ustrlen(sub[2]), innerhash);

      chash_start(type, use_base);
      chash_mid(type, use_base, outerkey);
      chash_end(type, use_base, innerhash, hashlen, finalhash);

      /* Encode the final hash as a hex string */

      p = finalhash_hex;
      for (int i = 0; i < hashlen; i++)
	{
	*p++ = hex_digits[(finalhash[i] & 0xf0) >> 4];
	*p++ = hex_digits[finalhash[i] & 0x0f];
	}

      DEBUG(D_any) debug_printf("HMAC[%s](%.*s,%s)=%.*s\n",
	sub[0], (int)keylen, keyptr, sub[2], hashlen*2, finalhash_hex);

      yield = string_catn(yield, finalhash_hex, hashlen*2);
      break;
      continue;
      }

    /* Handle global substitution for "sg" - like Perl's s/xxx/yyy/g operator.


    case EITEM_SG:
      {
      const pcre2_code * re;
      int moffset, moffsetextra, slen;
      PCRE2_SIZE roffset;
      pcre2_match_data * md;
      int err, emptyopt;
      uschar * subject, * sub[3];
      uschar *sub[3];
      int save_expand_nmax =
        save_expand_strings(save_expand_nstring, save_expand_nlength);


        case 3: goto EXPAND_FAILED;
        }

      /*XXX no handling of skipping? */
      /* Compile the regular expression */

      if (!(re = pcre2_compile((PCRE2_SPTR)sub[1], PCRE2_ZERO_TERMINATED,
		  PCRE_COPT, &err, &roffset, pcre_cmp_ctx)))
        {
        uschar errbuf[128];
	pcre2_get_error_message(err, errbuf, sizeof(errbuf));
        expand_string_message = string_sprintf("regular expression error in "
          "\"%s\": %s at offset %ld", sub[1], errbuf, (long)roffset);
        goto EXPAND_FAILED;
        }
      md = pcre2_match_data_create(EXPAND_MAXN + 1, pcre_gen_ctx);

      /* Now run a loop to do the substitutions as often as necessary. It ends
      when there are no more matches. Take care over matches of the null string;


      for (;;)
        {
	PCRE2_SIZE * ovec = pcre2_get_ovector_pointer(md);
	int n = pcre2_match(re, (PCRE2_SPTR)subject, slen, moffset + moffsetextra,
	  PCRE_EOPT | emptyopt, md, pcre_mtc_ctx);
        uschar * insert;

        /* No match - if we previously set PCRE_NOTEMPTY after a null match, this
        is not necessarily the end. We want to repeat the match from one

          }

        /* Match - set up for expanding the replacement. */
	DEBUG(D_expand) debug_printf_indent("%s: match\n", name);

        if (n == 0) n = EXPAND_MAXN + 1;
        expand_nmax = 0;
        for (int nn = 0; nn < n*2; nn += 2)
          {
          expand_nstring[expand_nmax] = subject + ovec[nn];
          expand_nlength[expand_nmax++] = ovec[nn+1] - ovec[nn];
          }
        expand_nmax--;

        /* Copy the characters before the match, plus the expanded insertion. */

	yield = string_catn(yield, subject + moffset, ovec[0] - moffset);

        if (!(insert = expand_string(sub[2])))
	  goto EXPAND_FAILED;
        yield = string_cat(yield, insert);

        moffset = ovec[1];
        moffsetextra = 0;
        emptyopt = 0;


        string at the same point. If this fails (picked up above) we advance to
        the next character. */

        if (ovec[0] == ovec[1])
          {
          if (ovec[0] == slen) break;
          emptyopt = PCRE2_NOTEMPTY | PCRE2_ANCHORED;
          }
        }



      restore_expand_strings(save_expand_nmax, save_expand_nstring,
        save_expand_nlength);
      if (skipping) continue;
      break;
      }

    /* Handle keyed and numbered substring extraction. If the first argument

      {
      int field_number = 1;
      BOOL field_number_set = FALSE;
      uschar * save_lookup_value = lookup_value, * sub[3];
      uschar *sub[3];
      int save_expand_nmax =
        save_expand_strings(save_expand_nstring, save_expand_nlength);



      if (skipping)
	{
        for (int j = 5; j > 0 && *s == '{'; j--)			/*'}'*/
	  {
          if (!expand_string_internal(s+1, TRUE, &s, skipping, TRUE, &resetok))
	    goto EXPAND_FAILED;					/*'{'*/

	    }
	  Uskip_whitespace(&s);
	  }
	if (  Ustrncmp(s, "fail", 4) == 0				/*'{'*/
	   && (s[4] == '}' || s[4] == ' ' || s[4] == '\t' || !s[4])
	   )
	  {
	  s += 4;
	  Uskip_whitespace(&s);
	  }								/*'{'*/
	if (*s != '}')
	  {
	  expand_string_message = US"missing '}' closing extract";


      else for (int i = 0, j = 2; i < j; i++) /* Read the proper number of arguments */
        {
	if (Uskip_whitespace(&s) == '{') 				/*'}'*/
          {
          if (!(sub[i] = expand_string_internal(s+1, TRUE, &s, skipping, TRUE, &resetok)))
	    goto EXPAND_FAILED;						/*'{'*/
          if (*s++ != '}')
	    {
	    expand_string_message = string_sprintf(

            {
            int len;
            int x = 0;
            uschar * p = sub[0];

            Uskip_whitespace(&p);
            sub[0] = p;

            while (len > 0 && isspace(p[len-1])) len--;
            p[len] = 0;

	    if (!*p)
	      {
	      expand_string_message = US"first argument of \"extract\" must "
		"not be empty";

	      field_number = -1;
	      p++;
	      }
	    while (*p && isdigit(*p)) x = x * 10 + *p++ - '0';
	    if (!*p)
	      {
	      field_number *= x;
	      if (fmt == extract_basic) j = 3;               /* Need 3 args */

      restore_expand_strings(save_expand_nmax, save_expand_nstring,
        save_expand_nlength);

      if (skipping) continue;
      break;
      }

    /* return the Nth item from a list */

    case EITEM_LISTEXTRACT:
      {
      int field_number = 1;
      uschar * save_lookup_value = lookup_value, * sub[2];
      uschar *sub[2];
      int save_expand_nmax =
        save_expand_strings(save_expand_nstring, save_expand_nlength);



      for (int i = 0; i < 2; i++)
        {
        if (Uskip_whitespace(&s) != '{')				/*}*/
	  {
	  expand_string_message = string_sprintf(
	    "missing '{' for arg %d of listextract", i+1);		/*}*/
	  goto EXPAND_FAILED_CURLY;
	  }

	sub[i] = expand_string_internal(s+1, TRUE, &s, skipping, TRUE, &resetok);
	if (!sub[i])     goto EXPAND_FAILED;				/*{{*/
	if (*s++ != '}')
	  {
	  expand_string_message = string_sprintf(

      restore_expand_strings(save_expand_nmax, save_expand_nstring,
        save_expand_nlength);

      if (skipping) continue;
      break;
      }

    case EITEM_LISTQUOTE:

	yield = string_catn(yield, sub[1], 1);
	}
      else yield = string_catn(yield, US" ", 1);
      if (skipping) continue;
      break;
      }

#ifndef DISABLE_TLS
    case EITEM_CERTEXTRACT:
      {
      uschar * save_lookup_value = lookup_value, * sub[2];
      uschar *sub[2];
      int save_expand_nmax =
        save_expand_strings(save_expand_nstring, save_expand_nlength);


      if (Uskip_whitespace(&s) != '{')					/*}*/
	{
	expand_string_message = US"missing '{' for field arg of certextract";
	goto EXPAND_FAILED_CURLY;					/*}*/
	}
      sub[0] = expand_string_internal(s+1, TRUE, &s, skipping, TRUE, &resetok);
      if (!sub[0])     goto EXPAND_FAILED;				/*{{*/
      if (*s++ != '}')
        {
	expand_string_message = US"missing '}' closing field arg of certextract";

      if (Uskip_whitespace(&s) != '{')					/*}*/
	{
	expand_string_message = US"missing '{' for cert variable arg of certextract";
	goto EXPAND_FAILED_CURLY;					/*}*/
	}
      if (*++s != '$')
        {

	goto EXPAND_FAILED;
	}
      sub[1] = expand_string_internal(s+1, TRUE, &s, skipping, FALSE, &resetok);
      if (!sub[1])     goto EXPAND_FAILED;				/*{{*/
      if (*s++ != '}')
        {
	expand_string_message = US"missing '}' closing cert variable arg of certextract";


      restore_expand_strings(save_expand_nmax, save_expand_nstring,
        save_expand_nlength);
      if (skipping) continue;
      break;
      }
#endif	/*DISABLE_TLS*/


    case EITEM_MAP:
    case EITEM_REDUCE:
      {
      int sep = 0, save_ptr = gstring_length(yield);
      int save_ptr = gstring_length(yield);
      uschar outsep[2] = { '\0', '\0' };
      const uschar *list, *expr, *temp;
      uschar * save_iterate_item = iterate_item;
      uschar * save_lookup_value = lookup_value;

      Uskip_whitespace(&s);
      if (*s++ != '{')							/*}*/
        {
	expand_string_message =
	  string_sprintf("missing '{' for first arg of %s", name);
	goto EXPAND_FAILED_CURLY;					/*}*/
	}

      if (!(list = expand_string_internal(s, TRUE, &s, skipping, TRUE, &resetok)))
	goto EXPAND_FAILED;						/*{{*/
      if (*s++ != '}')
        {
	expand_string_message =

        {
	uschar * t;
        Uskip_whitespace(&s);
        if (*s++ != '{')						/*}*/
	  {
	  expand_string_message = US"missing '{' for second arg of reduce";
	  goto EXPAND_FAILED_CURLY;					/*}*/
	  }
        t = expand_string_internal(s, TRUE, &s, skipping, TRUE, &resetok);
        if (!t) goto EXPAND_FAILED;
        lookup_value = t;						/*{{*/
        if (*s++ != '}')
	  {
	  expand_string_message = US"missing '}' closing second arg of reduce";

        }

      Uskip_whitespace(&s);
      if (*s++ != '{')							/*}*/
        {
	expand_string_message =
	  string_sprintf("missing '{' for last arg of %s", name);	/*}*/
	goto EXPAND_FAILED_CURLY;
	}


      condition for real. For EITEM_MAP and EITEM_REDUCE, do the same, using
      the normal internal expansion function. */

      if (item_type != EITEM_FILTER)
        {
        if ((temp = eval_condition(expr, &resetok, NULL)))
	  s = temp;
        }
      else
        temp = expand_string_internal(s, TRUE, &s, TRUE, TRUE, &resetok);
      else
        if ((temp = eval_condition(expr, &resetok, NULL))) s = temp;

      if (!temp)
        {

        goto EXPAND_FAILED;
        }

      Uskip_whitespace(&s);						/*{{{*/
      if (*s++ != '}')
        {
        expand_string_message = string_sprintf("missing } at end of condition "
          "or expression inside \"%s\"; could be an unquoted } in the content",
	  name);
        goto EXPAND_FAILED;
        }

      Uskip_whitespace(&s);						/*{{*/
      if (*s++ != '}')
        {
        expand_string_message = string_sprintf("missing } at end of \"%s\"",
          name);
        goto EXPAND_FAILED;

        item of the output list, add in a space if the new item begins with the
        separator character, or is an empty string. */

/*XXX is there not a standard support function for this, appending to a list? */
/* yes, string_append_listele(), but it depends on lack of text before the list */

        if (  yield && yield->ptr != save_ptr
	   && (temp[0] == *outsep || temp[0] == 0))
          yield = string_catn(yield, US" ", 1);

          too many; backup and end the loop. Otherwise arrange to double the
          separator. */

          if (!temp[seglen]) { yield->ptr--; break; }
          yield = string_catn(yield, outsep, 1);
          temp += seglen + 1;
          }

      /* Restore preserved $item */

      iterate_item = save_iterate_item;
      if (skipping) continue;
      break;
      }

    case EITEM_SORT:
      {
      int sep = 0, cond_type;
      const uschar * srclist, * cmp, * xtract;
      const uschar *srclist, *cmp, *xtract;
      uschar * opname, * srcitem;
      const uschar * dstlist = NULL, * dstkeylist = NULL;
      uschar * tmp, * save_iterate_item = iterate_item;
      uschar *save_iterate_item = iterate_item;

      Uskip_whitespace(&s);
      if (*s++ != '{')							/*}*/
        {
        expand_string_message = US"missing '{' for list arg of sort";
	goto EXPAND_FAILED_CURLY;					/*}*/
	}

      srclist = expand_string_internal(s, TRUE, &s, skipping, TRUE, &resetok);
      if (!srclist) goto EXPAND_FAILED;					/*{{*/
      if (*s++ != '}')
        {
        expand_string_message = US"missing '}' closing list arg of sort";

	}

      Uskip_whitespace(&s);
      if (*s++ != '{')							/*}*/
        {
        expand_string_message = US"missing '{' for comparator arg of sort";
	goto EXPAND_FAILED_CURLY;					/*}*/
	}

      cmp = expand_string_internal(s, TRUE, &s, skipping, FALSE, &resetok);
      if (!cmp) goto EXPAND_FAILED;					/*{{*/
      if (*s++ != '}')
        {
        expand_string_message = US"missing '}' closing comparator arg of sort";

	}

      Uskip_whitespace(&s);
      if (*s++ != '{')							/*}*/
        {
        expand_string_message = US"missing '{' for extractor arg of sort";
	goto EXPAND_FAILED_CURLY;					/*}*/
	}

      xtract = s;
      if (!(tmp = expand_string_internal(s, TRUE, &s, TRUE, TRUE, &resetok)))
	goto EXPAND_FAILED;
      xtract = string_copyn(xtract, s - xtract);
									/*{{*/
      if (*s++ != '}')
        {
        expand_string_message = US"missing '}' closing extractor arg of sort";
	goto EXPAND_FAILED_CURLY;
	}
									/*{{*/
      if (*s++ != '}')
        {
        expand_string_message = US"missing } at end of \"sort\"";
        goto EXPAND_FAILED;
        }

      while ((srcitem = string_nextinlist(&srclist, &sep, NULL, 0)))
	{
	uschar * srcfield, * dstitem;
	gstring * newlist = NULL, * newkeylist = NULL;
	gstring * newkeylist = NULL;

        DEBUG(D_expand) debug_printf_indent("%s: $item = \"%s\"\n", name, srcitem);



	  /* field for comparison */
	  if (!(dstfield = string_nextinlist(&dstkeylist, &sep, NULL, 0)))
	    goto SORT_MISMATCH;

	  /* String-comparator names start with a letter; numeric names do not */


	    while ((dstitem = string_nextinlist(&dstlist, &sep, NULL, 0)))
	      {
	      if (!(dstfield = string_nextinlist(&dstkeylist, &sep, NULL, 0)))
		goto SORT_MISMATCH;
	      newlist = string_append_listele(newlist, sep, dstitem);
	      newkeylist = string_append_listele(newkeylist, sep, dstfield);
	      }


      /* Restore preserved $item */
      iterate_item = save_iterate_item;
      break;

      SORT_MISMATCH:
	expand_string_message = US"Internal error in sort (list mismatch)";
	goto EXPAND_FAILED;
      }


#else   /* EXPAND_DLFUNC */
      {
      tree_node * t;
      exim_dlfunc_t * func;
      uschar * result;
      int status, argc;
      uschar * argv[EXPAND_DLFUNC_MAX_ARGS + 3];

      if (expand_forbid & RDO_DLFUNC)
        {
        expand_string_message =
          US"dynamically-loaded functions are not permitted";


      if (!(t = tree_search(dlobj_anchor, argv[0])))
        {
        void * handle = dlopen(CS argv[0], RTLD_LAZY);
        if (!handle)
          {
          expand_string_message = string_sprintf("dlopen \"%s\" failed: %s",

          log_write(0, LOG_MAIN|LOG_PANIC, "%s", expand_string_message);
          goto EXPAND_FAILED;
          }
        t = store_get_perm(sizeof(tree_node) + Ustrlen(argv[0]), argv[0]);
        Ustrcpy(t->name, argv[0]);
        t->data.ptr = handle;
        (void)tree_insertnode(&dlobj_anchor, t);


      resetok = FALSE;
      result = NULL;
      for (argc = 0; argv[argc]; argc++) ;

      if ((status = func(&result, argc - 2, &argv[2])) != OK)
        {
        if (!result) result = US"";
        yield = string_cat(yield, result);
        continue;
        }
      else
        {
        expand_string_message = result ? result : US"(no message)";
        if (status == FAIL_FORCED)

              argv[0], argv[1], status, expand_string_message);
        goto EXPAND_FAILED;
        }

      if (result) yield = string_cat(yield, result);
      break;
      }
#endif /* EXPAND_DLFUNC */


	goto EXPAND_FAILED;

      key = expand_string_internal(s+1, TRUE, &s, skipping, TRUE, &resetok);
      if (!key) goto EXPAND_FAILED;					/*{{*/
      if (*s++ != '}')
        {
        expand_string_message = US"missing '}' for name arg of env";
	goto EXPAND_FAILED_CURLY;
	}


        case 1: goto EXPAND_FAILED;          /* when all is well, the */
        case 2: goto EXPAND_FAILED_CURLY;    /* returned value is 0 */
        }
      if (skipping) continue;
      break;
      }

#ifdef SUPPORT_SRS
    case EITEM_SRS_ENCODE:
      /* ${srs_encode {secret} {return_path} {orig_domain}} */
      {
      uschar * sub[3];
      uschar cksum[4];
      gstring * g = NULL;
      BOOL quoted = FALSE;

      switch (read_subs(sub, 3, 3, CUSS &s, skipping, TRUE, name, &resetok))
        {

        case 2:
        case 3: goto EXPAND_FAILED;
        }
      if (skipping) continue;

      if (sub[1] && *(sub[1]))
	{
	g = string_catn(g, US"SRS0=", 5);

	/* ${l_4:${hmac{md5}{SRS_SECRET}{${lc:$return_path}}}}= */
	hmac_md5(sub[0], string_copylc(sub[1]), cksum, sizeof(cksum));
	g = string_catn(g, cksum, sizeof(cksum));
	g = string_catn(g, US"=", 1);

	/* ${base32:${eval:$tod_epoch/86400&0x3ff}}= */
	  {
	  struct timeval now;
	  unsigned long i;
	  gstring * h = NULL;

	  gettimeofday(&now, NULL);
	  for (unsigned long i = (now.tv_sec / 86400) & 0x3ff; i; i >>= 5)
	    h = string_catn(h, &base32_chars[i & 0x1f], 1);
	  if (h) while (h->ptr > 0)
	    g = string_catn(g, &h->s[--h->ptr], 1);
	  }
	g = string_catn(g, US"=", 1);

	/* ${domain:$return_path}=${local_part:$return_path} */
	  {
	  int start, end, domain;
	  uschar * t = parse_extract_address(sub[1], &expand_string_message,
					    &start, &end, &domain, FALSE);
	  uschar * s;
	  goto EXPAND_FAILED;

	  if (!t)
	    goto EXPAND_FAILED;
	yield = domain > 0
	  ? string_catn(yield, t, domain - 1) : string_cat(yield, t);
        }

	  if (domain > 0) g = string_cat(g, t + domain);
	  g = string_catn(g, US"=", 1);

	  s = domain > 0 ? string_copyn(t, domain - 1) : t;
	  if ((quoted = Ustrchr(s, '"') != NULL))
	    {
	    gstring * h = NULL;
	    DEBUG(D_expand) debug_printf_indent("auto-quoting local part\n");
	    while (*s)		/* de-quote */
	      {
	      while (*s && *s != '"') h = string_catn(h, s++, 1);
	      if (*s) s++;
	      while (*s && *s != '"') h = string_catn(h, s++, 1);
	      if (*s) s++;
	      }
	    gstring_release_unused(h);
	    s = string_from_gstring(h);
	    }
	  g = string_cat(g, s);
	  }

	/* Assume that if the original local_part had quotes
	it was for good reason */

	if (quoted) yield = string_catn(yield, US"\"", 1);
	yield = string_catn(yield, g->s, g->ptr);
	if (quoted) yield = string_catn(yield, US"\"", 1);

	/* @$original_domain */
	yield = string_catn(yield, US"@", 1);
	yield = string_cat(yield, sub[2]);
	}
      else
	DEBUG(D_expand) debug_printf_indent("null return_path for srs-encode\n");

      break;
      }
#endif /*SUPPORT_SRS*/

    default:
      goto NOT_ITEM;
    }	/* EITEM_* switch */
    /*NOTREACHED*/

  DEBUG(D_expand)
    if (yield && (start > 0 || *s))	/* only if not the sole expansion of the line */
      debug_expansion_interim(US"item-res",
			      yield->s + start, yield->ptr - start, skipping);
  continue;

NOT_ITEM: ;
  }

  /* Control reaches here if the name is not recognized as one of the more
  complicated expansion items. Check for the "operator" syntax (name terminated

  if (*s == ':')
    {
    int c;
    uschar * arg = NULL, * sub;
    uschar *sub;
#ifndef DISABLE_TLS
    var_entry * vp = NULL;
#endif

    /* Owing to an historical mis-design, an underscore may be part of the

		  FALSE, &resetok);
	  if (!sub)       goto EXPAND_FAILED;		/*{*/
	  if (*s1 != '}')
	    {						/*{*/
	    expand_string_message =
	      string_sprintf("missing '}' closing cert arg of %s", name);
	    goto EXPAND_FAILED_CURLY;


    if (skipping && c >= 0) continue;

    /* Otherwise, switch on the operator type.  After handling go back
    to the main loop top. */

     {
     int start = yield->ptr;
     switch(c)
      {
      case EOP_BASE32:
	{
	uschar *t;
	unsigned long int n = Ustrtoul(sub, &t, 10);
	gstring * g = NULL;

	if (*t != 0)
	  {
	  expand_string_message = string_sprintf("argument for base32 "
	    "operator is \"%s\", which is not a decimal number", sub);
	  goto EXPAND_FAILED;
	  }
	for ( ; n; n >>= 5)
	  g = string_catn(g, &base32_chars[n & 0x1f], 1);

	if (g) while (g->ptr > 0) yield = string_catn(yield, &g->s[--g->ptr], 1);
	break;
	}

      case EOP_BASE32D:
	{
	uschar *tt = sub;
	unsigned long int n = 0;
	while (*tt)
	  {
	  uschar * t = Ustrchr(base32_chars, *tt++);
	  if (!t)
	    {
	    expand_string_message = string_sprintf("argument for base32d "
	      "operator is \"%s\", which is not a base 32 number", sub);
	    goto EXPAND_FAILED;
	    }
	  n = n * 32 + (t - base32_chars);
	  }
	yield = string_fmt_append(yield, "%ld", n);
	break;
	}

      case EOP_BASE62:
	{
	uschar *t;
	unsigned long int n = Ustrtoul(sub, &t, 10);
	if (*t != 0)
	  {
	  expand_string_message = string_sprintf("argument for base62 "
	    "operator is \"%s\", which is not a decimal number", sub);
	  goto EXPAND_FAILED;
	  }
	yield = string_cat(yield, string_base62(n));
	break;
	}

      /* Note that for Darwin and Cygwin, BASE_62 actually has the value 36 */

      case EOP_BASE62D:
	{
	uschar *tt = sub;
	unsigned long int n = 0;
	while (*tt != 0)
          {
          uschar *t = Ustrchr(base62_chars, *tt++);
          if (!t)
            {
            expand_string_message = string_sprintf("argument for base62d "
              "operator is \"%s\", which is not a base %d number", sub,
              BASE_62);
            goto EXPAND_FAILED;
            }
          n = n * BASE_62 + (t - base62_chars);
          }
        yield = string_fmt_append(yield, "%ld", n);
        continue;
        }

      case EOP_BLESS:
	/* This is purely for the convenience of the test harness.  Do not enable
	it otherwise as it defeats the taint-checking security. */

	if (f.running_in_test_harness)
	  yield = string_cat(yield, is_tainted(sub)
				    ? string_copy_taint(sub, FALSE) : sub);
	else
	  {
	  uschar *t = Ustrchr(base62_chars, *tt++);
	  if (!t)
	    {
	    expand_string_message = string_sprintf("argument for base62d "
	      "operator is \"%s\", which is not a base %d number", sub,
	      BASE_62);
	    goto EXPAND_FAILED;
	    }
	  n = n * BASE_62 + (t - base62_chars);
	  }
	yield = string_fmt_append(yield, "%ld", n);
	break;
	}

      case EOP_EXPAND:
	{
	uschar *expanded = expand_string_internal(sub, FALSE, NULL, skipping, TRUE, &resetok);
	if (!expanded)
	  {
	  expand_string_message =
	    string_sprintf("internal expansion of \"%s\" failed: %s", sub,
	      expand_string_message);
	  goto EXPAND_FAILED;
	  }
	yield = string_cat(yield, expanded);
	break;
	}

      case EOP_LC:
	{
	int count = 0;
	uschar *t = sub - 1;
	while (*(++t) != 0) { *t = tolower(*t); count++; }
	yield = string_catn(yield, sub, count);
	break;
	}

      case EOP_UC:
	{
	int count = 0;
	uschar *t = sub - 1;
	while (*(++t) != 0) { *t = toupper(*t); count++; }
	yield = string_catn(yield, sub, count);
	break;
	}

      case EOP_MD5:
#ifndef DISABLE_TLS

	  for (int j = 0; j < 16; j++)
	    yield = string_fmt_append(yield, "%02x", digest[j]);
	  }
	break;

      case EOP_SHA1:
#ifndef DISABLE_TLS

	  for (int j = 0; j < 20; j++)
	    yield = string_fmt_append(yield, "%02X", digest[j]);
	  }
	break;

      case EOP_SHA2:
      case EOP_SHA256:

	    goto EXPAND_FAILED;
	    }

	  exim_sha_update_string(&h, sub);
	  exim_sha_finish(&h, &b);
	  while (b.len-- > 0)
	    yield = string_fmt_append(yield, "%02X", *b.data++);

#else
	  expand_string_message = US"sha256 only supported with TLS";
#endif
	break;

      case EOP_SHA3:
#ifdef EXIM_HAVE_SHA3

	  goto EXPAND_FAILED;
	  }

	exim_sha_update_string(&h, sub);
	exim_sha_finish(&h, &b);
	while (b.len-- > 0)
	  yield = string_fmt_append(yield, "%02X", *b.data++);
	}
	break;
#else
	expand_string_message = US"sha3 only supported with GnuTLS 3.5.0 + or OpenSSL 1.1.1 +";
	goto EXPAND_FAILED;

      /* Convert hex encoding to base64 encoding */

      case EOP_HEX2B64:
	{
	int c = 0;
	int b = -1;
	uschar *in = sub;
	uschar *out = sub;
	uschar *enc;

	for (enc = sub; *enc; enc++)
	  {
	  if (!isxdigit(*enc))
	    {
	    expand_string_message = string_sprintf("\"%s\" is not a hex "
	      "string", sub);
	    goto EXPAND_FAILED;
	    }
	  c++;
	  }

	if ((c & 1) != 0)
	  {
	  expand_string_message = string_sprintf("\"%s\" contains an odd "
	    "number of characters", sub);
	  goto EXPAND_FAILED;
	  }

	while ((c = *in++) != 0)
	  {
	  if (isdigit(c)) c -= '0';
	  else c = toupper(c) - 'A' + 10;
	  if (b == -1)
	    b = c << 4;
	  else
	    {
	    *out++ = b | c;
	    b = -1;
	    }
	  }

	enc = b64encode(CUS sub, out - sub);
	yield = string_cat(yield, enc);
	break;
	}

      /* Convert octets outside 0x21..0x7E to \xXX form */

      case EOP_HEXQUOTE:
	{
	uschar *t = sub - 1;
	while (*(++t) != 0)
	  {
	  if (*t < 0x21 || 0x7E < *t)
	    yield = string_fmt_append(yield, "\\x%02x", *t);
	  else
	    yield = string_catn(yield, t, 1);
	  }
	break;
	}

      /* count the number of list elements */

      case EOP_LISTCOUNT:
	{
	int cnt = 0, sep = 0;
	uschar * buf = store_get(2, sub);

	while (string_nextinlist(CUSS &sub, &sep, buf, 1)) cnt++;
	yield = string_fmt_append(yield, "%d", cnt);
	break;
	}

      /* expand a named list given the name */
      /* handles nested named lists; requotes as colon-sep list */

      case EOP_LISTNAMED:
	expand_string_message = NULL;
	yield = expand_listnamed(yield, sub, arg);
	if (expand_string_message)
	int sep = 0;
	uschar * item;
	uschar * suffix = US"";
	BOOL needsep = FALSE;
	uschar buffer[256];

	if (*sub == '+') sub++;
	if (!arg)		/* no-argument version */
	  {
	  if (!(t = tree_search(addresslist_anchor, sub)) &&
	      !(t = tree_search(domainlist_anchor,  sub)) &&
	      !(t = tree_search(hostlist_anchor,    sub)))
	    t = tree_search(localpartlist_anchor, sub);
	  }
	else switch(*arg)	/* specific list-type version */
	  {
	  case 'a': t = tree_search(addresslist_anchor,   sub); suffix = US"_a"; break;
	  case 'd': t = tree_search(domainlist_anchor,    sub); suffix = US"_d"; break;
	  case 'h': t = tree_search(hostlist_anchor,      sub); suffix = US"_h"; break;
	  case 'l': t = tree_search(localpartlist_anchor, sub); suffix = US"_l"; break;
	  default:
            expand_string_message = US"bad suffix on \"list\" operator";
	    goto EXPAND_FAILED;
	  }

	if(!t)
	  {
          expand_string_message = string_sprintf("\"%s\" is not a %snamed list",
            sub, !arg?""
	      : *arg=='a'?"address "
	      : *arg=='d'?"domain "
	      : *arg=='h'?"host "
	      : *arg=='l'?"localpart "
	      : 0);
	  goto EXPAND_FAILED;
	break;

	list = ((namedlist_block *)(t->data.ptr))->string;

	while ((item = string_nextinlist(&list, &sep, buffer, sizeof(buffer))))
	  {
	  uschar * buf = US" : ";
	  if (needsep)
	    yield = string_catn(yield, buf, 3);
	  else
	    needsep = TRUE;

	  if (*item == '+')	/* list item is itself a named list */
	    {
	    uschar * sub = string_sprintf("${listnamed%s:%s}", suffix, item);
	    item = expand_string_internal(sub, FALSE, NULL, FALSE, TRUE, &resetok);
	    }
	  else if (sep != ':')	/* item from non-colon-sep list, re-quote for colon list-separator */
	    {
	    char * cp;
	    char tok[3];
	    tok[0] = sep; tok[1] = ':'; tok[2] = 0;
	    while ((cp= strpbrk(CCS item, tok)))
	      {
              yield = string_catn(yield, item, cp - CS item);
	      if (*cp++ == ':')	/* colon in a non-colon-sep list item, needs doubling */
	        {
                yield = string_catn(yield, US"::", 2);
	        item = US cp;
		}
	      else		/* sep in item; should already be doubled; emit once */
	        {
                yield = string_catn(yield, US tok, 1);
		if (*cp == sep) cp++;
	        item = US cp;
		}
	      }
	    }
          yield = string_cat(yield, item);
	  }
        continue;
	}

      /* quote a list-item for the given list-separator */


      ${mask:131.111.10.206/28} is 131.111.10.192/28. */

      case EOP_MASK:
	{
	int count;
	uschar *endptr;
	int binary[4];
	int type, mask, maskoffset;
	BOOL normalised;
	uschar buffer[64];

	if ((type = string_is_ip_address(sub, &maskoffset)) == 0)
	  {
	  expand_string_message = string_sprintf("\"%s\" is not an IP address",
	   sub);
	  goto EXPAND_FAILED;
	  }

	if (maskoffset == 0)
	  {
	  expand_string_message = string_sprintf("missing mask value in \"%s\"",
	    sub);
	  goto EXPAND_FAILED;
	  }

	mask = Ustrtol(sub + maskoffset + 1, &endptr, 10);

	if (*endptr || mask < 0 || mask > (type == 4 ? 32 : 128))
	  {
	  expand_string_message = string_sprintf("mask value too big in \"%s\"",
	    sub);
	  goto EXPAND_FAILED;
	  }

	/* If an optional 'n' was given, ipv6 gets normalised output:
	colons rather than dots, and zero-compressed. */

	normalised = arg && *arg == 'n';
        count = host_aton(sub, binary);
        host_mask(count, binary, mask);

	/* Convert the address to binary integer(s) and apply the mask */

	sub[maskoffset] = 0;
	count = host_aton(sub, binary);
	host_mask(count, binary, mask);

	/* Convert to masked textual format and add to output. */

	if (type == 4 || !normalised)
	  yield = string_catn(yield, buffer,
	    host_nmtoa(count, binary, mask, buffer, '.'));
	else
	  {
	  ipv6_nmtoa(binary, buffer);
	  yield = string_fmt_append(yield, "%s/%d", buffer, mask);
	  }
	break;
	}

      case EOP_IPV6NORM:
      case EOP_IPV6DENORM:
	{
	int type = string_is_ip_address(sub, NULL);
	int binary[4];
	uschar buffer[44];


		    ? ipv6_nmtoa(binary, buffer)
		    : host_nmtoa(4, binary, -1, buffer, ':')
		  );
	break;
	}

      case EOP_ADDRESS:
      case EOP_LOCAL_PART:
      case EOP_DOMAIN:
	{
	uschar * error;
	int start, end, domain;
	uschar * t = parse_extract_address(sub, &error, &start, &end, &domain,
	  FALSE);
	if (t)
	  if (c != EOP_DOMAIN)
	    yield = c == EOP_LOCAL_PART && domain > 0
	      ? string_catn(yield, t, domain - 1)
	      : string_cat(yield, t);
	  else if (domain > 0)
	    yield = string_cat(yield, t + domain);
	break;
	}

      case EOP_ADDRESSES:
	{
	uschar outsep[2] = { ':', '\0' };
	uschar *address, *error;
	int save_ptr = gstring_length(yield);
	int start, end, domain;  /* Not really used */

	if (Uskip_whitespace(&sub) == '>')
	  if (*outsep = *++sub) ++sub;
	  else
	    {
	    expand_string_message = string_sprintf("output separator "
	      "missing in expanding ${addresses:%s}", --sub);
	    goto EXPAND_FAILED;
	    }
	f.parse_allow_group = TRUE;

	for (;;)
	  {
	  uschar * p = parse_find_address_end(sub, FALSE);
	  uschar saveend = *p;
	  *p = '\0';
	  address = parse_extract_address(sub, &error, &start, &end, &domain,
	    FALSE);
	  *p = saveend;

	  /* Add the address to the output list that we are building. This is
	  done in chunks by searching for the separator character. At the
	  start, unless we are dealing with the first address of the output
	  list, add in a space if the new address begins with the separator
	  character, or is an empty string. */

	  if (address)
	    {
	    if (yield && yield->ptr != save_ptr && address[0] == *outsep)
	      yield = string_catn(yield, US" ", 1);

	    for (;;)
	      {
	      size_t seglen = Ustrcspn(address, outsep);
	      yield = string_catn(yield, address, seglen + 1);

              /* If we got to the end of the string we output one character
              too many. */

              if (address[seglen] == '\0') { yield->ptr--; break; }
              yield = string_catn(yield, outsep, 1);
              address += seglen + 1;
              }

	      /* If we got to the end of the string we output one character
	      too many. */

	      if (address[seglen] == '\0') { yield->ptr--; break; }
	      yield = string_catn(yield, outsep, 1);
	      address += seglen + 1;
	      }

	    /* Output a separator after the string: we will remove the
	    redundant final one at the end. */
          }

	    yield = string_catn(yield, outsep, 1);
	    }

	  if (saveend == '\0') break;
	  sub = p + 1;
	  }

	/* If we have generated anything, remove the redundant final
	separator. */

	if (yield && yield->ptr != save_ptr) yield->ptr--;
	f.parse_allow_group = FALSE;
	break;
	}


      /* quote puts a string in quotes if it is empty or contains anything


      case EOP_QUOTE:
      case EOP_QUOTE_LOCAL_PART:
	if (!arg)
	  {
	  BOOL needs_quote = (!*sub);      /* TRUE for empty string */
	  uschar *t = sub - 1;

        if (c == EOP_QUOTE)
          {
          while (!needs_quote && *(++t) != 0)
            needs_quote = !isalnum(*t) && !strchr("_-.", *t);
          }
        else  /* EOP_QUOTE_LOCAL_PART */
          {
          while (!needs_quote && *(++t) != 0)
            needs_quote = !isalnum(*t) &&
              strchr("!#$%&'*+-/=?^_`{|}~", *t) == NULL &&
              (*t != '.' || t == sub || t[1] == 0);
          }

	  if (c == EOP_QUOTE)
	    while (!needs_quote && *++t)
	      needs_quote = !isalnum(*t) && !strchr("_-.", *t);

	  else  /* EOP_QUOTE_LOCAL_PART */
	    while (!needs_quote && *++t)
	      needs_quote = !isalnum(*t)
		&& strchr("!#$%&'*+-/=?^_`{|}~", *t) == NULL
		&& (*t != '.' || t == sub || !t[1]);
              yield = string_catn(yield, US"\\r", 2);
            else
              {
              if (*t == '\\' || *t == '"')
                yield = string_catn(yield, US"\\", 1);
              yield = string_catn(yield, t, 1);
              }
            }
          yield = string_catn(yield, US"\"", 1);
          }
        else yield = string_cat(yield, sub);
        continue;
        }

	  if (needs_quote)
	    {
	    yield = string_catn(yield, US"\"", 1);
	    t = sub - 1;
	    while (*++t)
	      if (*t == '\n')
		yield = string_catn(yield, US"\\n", 2);
	      else if (*t == '\r')
		yield = string_catn(yield, US"\\r", 2);
	      else
		{
		if (*t == '\\' || *t == '"')
		  yield = string_catn(yield, US"\\", 1);
		yield = string_catn(yield, t, 1);
		}
	    yield = string_catn(yield, US"\"", 1);
	    }
	  else
	    yield = string_cat(yield, sub);
	  break;
	  }

	/* quote_lookuptype does lookup-specific quoting */
        {
        int n;
        uschar *opt = Ustrchr(arg, '_');

	else
	  {
	  int n;
	  uschar * opt = Ustrchr(arg, '_');

	  if (opt) *opt++ = 0;
          {
          expand_string_message = search_error_message;
          goto EXPAND_FAILED;
          }

	  if ((n = search_findtype(arg, Ustrlen(arg))) < 0)
	    {
	    expand_string_message = search_error_message;
	    goto EXPAND_FAILED;
	    }

	  if (lookup_list[n]->quote)
	    sub = (lookup_list[n]->quote)(sub, opt, (unsigned)n);
	  else if (opt)
	    sub = NULL;
            opt, arg);
          goto EXPAND_FAILED;
          }

	  if (!sub)
	    {
	    expand_string_message = string_sprintf(
	      "\"%s\" unrecognized after \"${quote_%s\"",	/*}*/
	      opt, arg);
	    goto EXPAND_FAILED;
	    }

	  yield = string_cat(yield, sub);
	  break;
	  }

	/* rx quote sticks in \ before any non-alphameric character so that
	the insertion works in a regular expression. */
        uschar *t = sub - 1;
        while (*(++t) != 0)
          {
          if (!isalnum(*t))
            yield = string_catn(yield, US"\\", 1);
          yield = string_catn(yield, t, 1);
          }
        continue;
        }

	case EOP_RXQUOTE:
	  {
	  uschar *t = sub - 1;
	  while (*(++t) != 0)
	    {
	    if (!isalnum(*t))
	      yield = string_catn(yield, US"\\", 1);
	    yield = string_catn(yield, t, 1);
	    }
	  break;
	  }

	/* RFC 2047 encodes, assuming headers_charset (default ISO 8859-1) as
	prescribed by the RFC, if there are characters that need to be encoded */
			    parse_quote_2047(sub, Ustrlen(sub), headers_charset,
			      FALSE));
        continue;

	case EOP_RFC2047:
	  yield = string_cat(yield,
			      parse_quote_2047(sub, Ustrlen(sub), headers_charset,
				FALSE));
	  break;

	/* RFC 2047 decode */
        {
        int len;
        uschar *error;
        uschar *decoded = rfc2047_decode(sub, check_rfc2047_length,
          headers_charset, '?', &len, &error);
        if (error)
          {
          expand_string_message = error;
          goto EXPAND_FAILED;
          }
        yield = string_catn(yield, decoded, len);
        continue;
        }

	case EOP_RFC2047D:
	  {
	  int len;
	  uschar *error;
	  uschar *decoded = rfc2047_decode(sub, check_rfc2047_length,
	    headers_charset, '?', &len, &error);
	  if (error)
	    {
	    expand_string_message = error;
	    goto EXPAND_FAILED;
	    }
	  yield = string_catn(yield, decoded, len);
	  break;
	  }

	/* from_utf8 converts UTF-8 to 8859-1, turning non-existent chars into
	underscores */
	uschar * buff = store_get(4, is_tainted(sub));
        while (*sub)
          {
          int c;
          GETUTF8INC(c, sub);
          if (c > 255) c = '_';
          buff[0] = c;
          yield = string_catn(yield, buff, 1);
          }
        continue;
        }

	case EOP_FROM_UTF8:
	  {
	  uschar * buff = store_get(4, sub);
	  while (*sub)
	    {
	    int c;
	    GETUTF8INC(c, sub);
	    if (c > 255) c = '_';
	    buff[0] = c;
	    yield = string_catn(yield, buff, 1);
	    }
	  break;
	  }

	/* replace illegal UTF-8 sequences by replacement character  */

	#define UTF8_REPLACEMENT_CHAR US"?"
        {
        int seq_len = 0, index = 0;
        int bytes_left = 0;
        long codepoint = -1;
        int complete;
        uschar seq_buff[4];			/* accumulate utf-8 here */

	case EOP_UTF8CLEAN:
	  {
	  int seq_len = 0, index = 0;
	  int bytes_left = 0;
	  long codepoint = -1;
	  int complete;
	  uschar seq_buff[4];			/* accumulate utf-8 here */

	  /* Manually track tainting, as we deal in individual chars below */
	  if (yield->s && yield->ptr)
	    gstring_rebuffer(yield);
	  else
	    yield->s = store_get(yield->size = Ustrlen(sub), TRUE);

	  if (!yield->s || !yield->ptr)
	    yield->s = store_get(yield->size = Ustrlen(sub), sub);
	  else if (is_incompatible(yield->s, sub))
	    gstring_rebuffer(yield, sub);

	  /* Check the UTF-8, byte-by-byte */
	  {
	  complete = 0;
	  uschar c = *sub++;

	  while (*sub)
	    {
	    complete = 0;
	    uschar c = *sub++;

	    if (bytes_left)
	      {
	      codepoint = (codepoint << 6) | (c & 0x3f);
	      seq_buff[index++] = c;
	      if (--bytes_left == 0)		/* codepoint complete */
		if(codepoint > 0x10FFFF)	/* is it too large? */
		  complete = -1;	/* error (RFC3629 limit) */
		else
		  {		/* finished; output utf-8 sequence */
		  yield = string_catn(yield, seq_buff, seq_len);
		  index = 0;
		  }
	      }
	    }
	  else	/* no bytes left: new sequence */
	    {
	    if(!(c & 0x80))	/* 1-byte sequence, US-ASCII, keep it */
	      {
	      yield = string_catn(yield, &c, 1);
	      continue;
	      }
	    if((c & 0xe0) == 0xc0)		/* 2-byte sequence */
	      {
	      if ((c & 0xc0) != 0x80)
		      /* wrong continuation byte; invalidate all bytes */
		complete = 1; /* error */
	      else
		{
		codepoint = (codepoint << 6) | (c & 0x3f);
		seq_buff[index++] = c;
		if (--bytes_left == 0)		/* codepoint complete */
		  if(codepoint > 0x10FFFF)	/* is it too large? */
		    complete = -1;	/* error (RFC3629 limit) */
		  else
		    {		/* finished; output utf-8 sequence */
		    yield = string_catn(yield, seq_buff, seq_len);
		    index = 0;
		    }
		}
	      }
	    else	/* no bytes left: new sequence */
	      {
	      if(!(c & 0x80))	/* 1-byte sequence, US-ASCII, keep it */
		{
		yield = string_catn(yield, &c, 1);
		continue;
		}
	      if((c & 0xe0) == 0xc0)		/* 2-byte sequence */
		{
		if(c == 0xc0 || c == 0xc1)	/* 0xc0 and 0xc1 are illegal */
		  complete = -1;
		else
		  {
		    bytes_left = 1;
		    codepoint = c & 0x1f;
		  }
		}
	      else if((c & 0xf0) == 0xe0)		/* 3-byte sequence */
		{
		bytes_left = 2;
		codepoint = c & 0x0f;
		}
	      else if((c & 0xf8) == 0xf0)		/* 4-byte sequence */
		{
		bytes_left = 3;
		codepoint = c & 0x07;
		}
	      else	/* invalid or too long (RFC3629 allows only 4 bytes) */
		complete = -1;

	      seq_buff[index++] = c;
	      seq_len = bytes_left + 1;
	      }		/* if(bytes_left) */

	    if (complete != 0)
	      {
	      bytes_left = index = 0;
	      yield = string_catn(yield, UTF8_REPLACEMENT_CHAR, 1);
	      }
	    if ((complete == 1) && ((c & 0x80) == 0))
			  /* ASCII character follows incomplete sequence */
		yield = string_catn(yield, &c, 1);
	    }
	  /* If given a sequence truncated mid-character, we also want to report ?
	  Eg, ${length_1:フィル} is one byte, not one character, so we expect
	  ${utf8clean:${length_1:フィル}} to yield '?' */

	  if (bytes_left != 0)
	    {
	    bytes_left = index = 0;
	    yield = string_catn(yield, UTF8_REPLACEMENT_CHAR, 1);
	    }
	  if ((complete == 1) && ((c & 0x80) == 0))
			/* ASCII character follows incomplete sequence */
	      yield = string_catn(yield, &c, 1);
	  }
        /* If given a sequence truncated mid-character, we also want to report ?
        * Eg, ${length_1:フィル} is one byte, not one character, so we expect
        * ${utf8clean:${length_1:フィル}} to yield '?' */
        if (bytes_left != 0)
          yield = string_catn(yield, UTF8_REPLACEMENT_CHAR, 1);

	  break;
	  }

#ifdef SUPPORT_I18N
	case EOP_UTF8_DOMAIN_TO_ALABEL:
	{
        uschar * error = NULL;
	uschar * s = string_domain_utf8_to_alabel(sub, &error);
	if (error)
	  {
	  uschar * error = NULL;
	  uschar * s = string_domain_utf8_to_alabel(sub, &error);
	  if (error)
	    {
	    expand_string_message = string_sprintf(
	      "error converting utf8 (%s) to alabel: %s",
	      string_printing(sub), error);
	    goto EXPAND_FAILED;
	    }
	  yield = string_cat(yield, s);
	  break;
	  }
	yield = string_cat(yield, s);
        continue;
	}

	case EOP_UTF8_DOMAIN_FROM_ALABEL:
	{
        uschar * error = NULL;
	uschar * s = string_domain_alabel_to_utf8(sub, &error);
	if (error)
	  {
	  uschar * error = NULL;
	  uschar * s = string_domain_alabel_to_utf8(sub, &error);
	  if (error)
	    {
	    expand_string_message = string_sprintf(
	      "error converting alabel (%s) to utf8: %s",
	      string_printing(sub), error);
	    goto EXPAND_FAILED;
	    }
	  yield = string_cat(yield, s);
	  break;
	  }
	yield = string_cat(yield, s);
        continue;
	}

	case EOP_UTF8_LOCALPART_TO_ALABEL:
	{
        uschar * error = NULL;
	uschar * s = string_localpart_utf8_to_alabel(sub, &error);
	if (error)
	  {
	  uschar * error = NULL;
	  uschar * s = string_localpart_utf8_to_alabel(sub, &error);
	  if (error)
	    {
	    expand_string_message = string_sprintf(
	      "error converting utf8 (%s) to alabel: %s",
	      string_printing(sub), error);
	    goto EXPAND_FAILED;
	    }
	  yield = string_cat(yield, s);
	  DEBUG(D_expand) debug_printf_indent("yield: '%s'\n", yield->s);
	  break;
	  }
	yield = string_cat(yield, s);
	DEBUG(D_expand) debug_printf_indent("yield: '%s'\n", yield->s);
        continue;
	}

	case EOP_UTF8_LOCALPART_FROM_ALABEL:
	{
        uschar * error = NULL;
	uschar * s = string_localpart_alabel_to_utf8(sub, &error);
	if (error)
	  {
	  uschar * error = NULL;
	  uschar * s = string_localpart_alabel_to_utf8(sub, &error);
	  if (error)
	    {
	    expand_string_message = string_sprintf(
	      "error converting alabel (%s) to utf8: %s",
	      string_printing(sub), error);
	    goto EXPAND_FAILED;
	    }
	  yield = string_cat(yield, s);
	  break;
	  }
	yield = string_cat(yield, s);
        continue;
	}
#endif	/* EXPERIMENTAL_INTERNATIONAL */

	/* escape turns all non-printing characters into escape sequences. */

	case EOP_ESCAPE:
	  {
	  const uschar * t = string_printing(sub);
	  yield = string_cat(yield, t);
	  break;
	  }

	case EOP_ESCAPE8BIT:
	  {
	  uschar c;

	  for (const uschar * s = sub; (c = *s); s++)
	    yield = c < 127 && c != '\\'
	      ? string_catn(yield, s, 1)
	      : string_fmt_append(yield, "\\%03o", c);
	  break;
	  }

	/* Handle numeric expression evaluation */

	case EOP_EVAL:
	case EOP_EVAL10:
	  {
	  uschar *save_sub = sub;
	  uschar *error = NULL;
	  int_eximarith_t n = eval_expr(&sub, (c == EOP_EVAL10), &error, FALSE);
	  if (error)
	    {
	    expand_string_message = string_sprintf("error in expression "
	      "evaluation: %s (after processing \"%.*s\")", error,
	      (int)(sub-save_sub), save_sub);
	    goto EXPAND_FAILED;
	    }
	  yield = string_fmt_append(yield, PR_EXIM_ARITH, n);
	  break;
	  }

	/* Handle time period formatting */

	case EOP_TIME_EVAL:
	  {
	  int n = readconf_readtime(sub, 0, FALSE);
	  if (n < 0)
	    {
	    expand_string_message = string_sprintf("string \"%s\" is not an "
	      "Exim time interval in \"%s\" operator", sub, name);
	    goto EXPAND_FAILED;
	    }
	  yield = string_fmt_append(yield, "%d", n);
	  break;
	  }

	case EOP_TIME_INTERVAL:
	  {
	  int n;
	  uschar *t = read_number(&n, sub);
	  if (*t != 0) /* Not A Number*/
	    {
	    expand_string_message = string_sprintf("string \"%s\" is not a "
	      "positive number in \"%s\" operator", sub, name);
	    goto EXPAND_FAILED;
	    }
	  t = readconf_printtime(n);
	  yield = string_cat(yield, t);
	  break;
	  }

	/* Convert string to base64 encoding */

	case EOP_STR2B64:
	case EOP_BASE64:
	  {
#ifndef DISABLE_TLS
	  uschar * s = vp && *(void **)vp->value
	    ? tls_cert_der_b64(*(void **)vp->value)
	    : b64encode(CUS sub, Ustrlen(sub));
#else
	  uschar * s = b64encode(CUS sub, Ustrlen(sub));
#endif
	  yield = string_cat(yield, s);
	  break;
	  }

	case EOP_BASE64D:
	  {
	  uschar * s;
	  int len = b64decode(sub, &s);
	  if (len < 0)
	    {
	    expand_string_message = string_sprintf("string \"%s\" is not "
	      "well-formed for \"%s\" operator", sub, name);
	    goto EXPAND_FAILED;
	    }
	  yield = string_cat(yield, s);
	  break;
	  }

	/* strlen returns the length of the string */

	case EOP_STRLEN:
	  yield = string_fmt_append(yield, "%d", Ustrlen(sub));
	  break;

	/* length_n or l_n takes just the first n characters or the whole string,
	whichever is the shorter;

	substr_m_n, and s_m_n take n characters from offset m; negative m take
	from the end; l_n is synonymous with s_0_n. If n is omitted in substr it
	takes the rest, either to the right or to the left.

	hash_n or h_n makes a hash of length n from the string, yielding n
	characters from the set a-z; hash_n_m makes a hash of length n, but
	uses m characters from the set a-zA-Z0-9.

	nhash_n returns a single number between 0 and n-1 (in text form), while
	nhash_n_m returns a div/mod hash as two numbers "a/b". The first lies
	between 0 and n-1 and the second between 0 and m-1. */

	case EOP_LENGTH:
	case EOP_L:
	case EOP_SUBSTR:
	case EOP_S:
	case EOP_HASH:
	case EOP_H:
	case EOP_NHASH:
	case EOP_NH:
	  {
	  int sign = 1;
	  int value1 = 0;
	  int value2 = -1;
	  int *pn;
	  int len;
	  uschar *ret;

	  if (!arg)
	    {
	    expand_string_message = string_sprintf("missing values after %s",
	      name);
	    goto EXPAND_FAILED;
	    }

	  /* "length" has only one argument, effectively being synonymous with
	  substr_0_n. */

	  if (c == EOP_LENGTH || c == EOP_L)
	    {
	    pn = &value2;
	    value2 = 0;
	    }

	  /* The others have one or two arguments; for "substr" the first may be
	  negative. The second being negative means "not supplied". */

	  else
	    {
	    pn = &value1;
	    if (name[0] == 's' && *arg == '-') { sign = -1; arg++; }
	    }

	  /* Read up to two numbers, separated by underscores */

	  ret = arg;
	  while (*arg != 0)
	    {
	    if (arg != ret && *arg == '_' && pn == &value1)
	      {
	      pn = &value2;
	      value2 = 0;
	      if (arg[1] != 0) arg++;
	      }
	    else if (!isdigit(*arg))
	      {
	      expand_string_message =
		string_sprintf("non-digit after underscore in \"%s\"", name);
	      goto EXPAND_FAILED;
	      }
	    else *pn = (*pn)*10 + *arg++ - '0';
	    }
	  value1 *= sign;

	  /* Perform the required operation */

	  ret = c == EOP_HASH || c == EOP_H
	    ? compute_hash(sub, value1, value2, &len)
	    : c == EOP_NHASH || c == EOP_NH
	    ? compute_nhash(sub, value1, value2, &len)
	    : extract_substr(sub, value1, value2, &len);
	  if (!ret) goto EXPAND_FAILED;

	  yield = string_catn(yield, ret, len);
	  break;
	  }

	/* Stat a path */

	case EOP_STAT:
	  {
	  uschar smode[12];
	  uschar **modetable[3];
	  mode_t mode;
	  struct stat st;

	  if (expand_forbid & RDO_EXISTS)
	    {
	    expand_string_message = US"Use of the stat() expansion is not permitted";
	    goto EXPAND_FAILED;
	    }

	  if (stat(CS sub, &st) < 0)
	    {
	    expand_string_message = string_sprintf("stat(%s) failed: %s",
	      sub, strerror(errno));
	    goto EXPAND_FAILED;
	    }
	  mode = st.st_mode;
	  switch (mode & S_IFMT)
	    {
	    case S_IFIFO: smode[0] = 'p'; break;
	    case S_IFCHR: smode[0] = 'c'; break;
	    case S_IFDIR: smode[0] = 'd'; break;
	    case S_IFBLK: smode[0] = 'b'; break;
	    case S_IFREG: smode[0] = '-'; break;
	    default: smode[0] = '?'; break;
	    }

	  modetable[0] = ((mode & 01000) == 0)? mtable_normal : mtable_sticky;
	  modetable[1] = ((mode & 02000) == 0)? mtable_normal : mtable_setid;
	  modetable[2] = ((mode & 04000) == 0)? mtable_normal : mtable_setid;

	  for (int i = 0; i < 3; i++)
	    {
	    memcpy(CS(smode + 7 - i*3), CS(modetable[i][mode & 7]), 3);
	    mode >>= 3;
	    }

	  smode[10] = 0;
	  yield = string_fmt_append(yield,
	    "mode=%04lo smode=%s inode=%ld device=%ld links=%ld "
	    "uid=%ld gid=%ld size=" OFF_T_FMT " atime=%ld mtime=%ld ctime=%ld",
	    (long)(st.st_mode & 077777), smode, (long)st.st_ino,
	    (long)st.st_dev, (long)st.st_nlink, (long)st.st_uid,
	    (long)st.st_gid, st.st_size, (long)st.st_atime,
	    (long)st.st_mtime, (long)st.st_ctime);
	  break;
	  }

	/* vaguely random number less than N */

	case EOP_RANDINT:
	  {
	  int_eximarith_t max = expanded_string_integer(sub, TRUE);

	  if (expand_string_message)
	    goto EXPAND_FAILED;
	  yield = string_fmt_append(yield, "%d", vaguely_random_number((int)max));
	  break;
	  }

	/* Reverse IP, including IPv6 to dotted-nibble */

	case EOP_REVERSE_IP:
	  {
	  int family, maskptr;
	  uschar reversed[128];

	  family = string_is_ip_address(sub, &maskptr);
	  if (family == 0)
	    {
	    expand_string_message = string_sprintf(
		"reverse_ip() not given an IP address [%s]", sub);
	    goto EXPAND_FAILED;
	    }
	  invert_address(reversed, sub);
	  yield = string_cat(yield, reversed);
	  break;
	  }

	/* Unknown operator */

	default:
	  expand_string_message =
	    string_sprintf("unknown expansion operator \"%s\"", name);
	  goto EXPAND_FAILED;
	}	/* EOP_* switch */

       DEBUG(D_expand)
	{
	const uschar * s = yield->s + start;
	int i = yield->ptr - start;
	BOOL tainted = is_tainted(s);

	DEBUG(D_noutf8)
	  {
	  debug_printf_indent("|-----op-res: %.*s\n", i, s);
	  if (tainted)
	    {
	    debug_printf_indent("%s     \\__", skipping ? "|     " : "      ");
	    debug_print_taint(yield->s);
	    }
	  }
	else
	  {
	  debug_printf_indent(UTF8_VERT_RIGHT
	    UTF8_HORIZ UTF8_HORIZ UTF8_HORIZ UTF8_HORIZ UTF8_HORIZ
	    "op-res: %.*s\n", i, s);
	  if (tainted)
	    {
	    debug_printf_indent("%s",
	      skipping
	      ? UTF8_VERT "             " : "           " UTF8_UP_RIGHT UTF8_HORIZ UTF8_HORIZ);
	    debug_print_taint(yield->s);
	    }
	  }
	}
       continue;
       }
    }

  /* Not an item or an operator */
  /* Handle a plain name. If this is the first thing in the expansion, release
  the pre-allocated buffer. If the result data is known to be in a new buffer,
  newsize will be set to the size of that buffer, and we can just point at that

						/*{*/
  if (*s++ == '}')
    {
    const uschar * value;
    int len;
    int newsize = 0;
    gstring * g = NULL;

    if (!yield)
      g = store_get(sizeof(gstring), GET_UNTAINTED);
    else if (yield->ptr == 0)
      {
      if (resetok) reset_point = store_reset(reset_point);
      yield = NULL;
      reset_point = store_mark();
      g = store_get(sizeof(gstring), GET_UNTAINTED);	/* alloc _before_ calling find_variable() */
      }
    if (!(value = find_variable(name, FALSE, skipping, &newsize)))
      {

      yield = g;
      yield->size = newsize;
      yield->ptr = len;
      yield->s = US value; /* known to be in new store i.e. a copy, so deconst safe */
      }
    else
      yield = string_catn(yield, value, len);

/* If we hit the end of the string when ket_ends is set, there is a missing
terminating brace. */

if (ket_ends && !*s)
  {
  expand_string_message = malformed_header
    ? US"missing } at end of string - could be header name not terminated by colon"

    debug_printf_indent("%sresult: %s\n",
      skipping ? "|-----" : "\\_____", yield->s);
    if (tainted)
      {
      debug_printf_indent("%s     \\__", skipping ? "|     " : "      ");
      debug_print_taint(yield->s);
      }
    if (skipping)
      debug_printf_indent("\\___skipping: result is not used\n");
    }

      skipping ? UTF8_VERT_RIGHT : UTF8_UP_RIGHT,
      yield->s);
    if (tainted)
      {
      debug_printf_indent("%s",
	skipping
	? UTF8_VERT "             " : "           " UTF8_UP_RIGHT UTF8_HORIZ UTF8_HORIZ);
      debug_print_taint(yield->s);
      }
    if (skipping)
      debug_printf_indent(UTF8_UP_RIGHT UTF8_HORIZ UTF8_HORIZ UTF8_HORIZ
	"skipping: result is not used\n");

EXPAND_FAILED:
if (left) *left = s;
DEBUG(D_expand)
  {
  DEBUG(D_noutf8)
    {
    debug_printf_indent("|failed to expand: %s\n", string);

    if (f.expand_string_forcedfail)
      debug_printf_indent(UTF8_UP_RIGHT "failure was forced\n");
    }
  }
if (resetok_p && !resetok) *resetok_p = FALSE;
expand_level--;
return NULL;

  const uschar *var_data;
} err_ctx;

/* Called via tree_walk, which allows nonconst name/data.  Our usage is const. */
static void
assert_variable_notin(uschar * var_name, uschar * var_data, void * ctx)
{

tree_walk(acl_var_c, assert_variable_notin, &e);
tree_walk(acl_var_m, assert_variable_notin, &e);

/* check auth<n> variables.
assert_variable_notin() treats as const, so deconst is safe. */
for (int i = 0; i < AUTH_VARS; i++) if (auth_vars[i])
  assert_variable_notin(US"auth<n>", US auth_vars[i], &e);

/* check regex<n> variables. assert_variable_notin() treats as const. */
for (int i = 0; i < REGEX_VARS; i++) if (regex_vars[i])
  assert_variable_notin(US"regex<n>", US regex_vars[i], &e);

/* check known-name variables */
for (var_entry * v = var_table; v < var_table + var_table_size; v++)



BOOL
regex_match_and_setup(const pcre2_code *re, uschar *subject, int options, int setup)
{
int ovec[3*(EXPAND_MAXN+1)];
int n = pcre_exec(re, NULL, subject, Ustrlen(subject), 0, PCRE_EOPT|options,
  ovec, nelem(ovec));
BOOL yield = n >= 0;
if (n == 0) n = EXPAND_MAXN + 1;
if (yield)

  expand_nmax = setup < 0 ? 0 : setup + 1;
  for (int nn = setup < 0 ? 0 : 2; nn < n*2; nn += 2)
    {
    expand_nstring[expand_nmax] = subject + ovec[nn];
    expand_nlength[expand_nmax++] = ovec[nn+1] - ovec[nn];
    }
  expand_nmax--;
  }

debug_file = stderr;
debug_fd = fileno(debug_file);
big_buffer = malloc(big_buffer_size);
store_init();

for (int i = 1; i < argc; i++)
  {




*     Exim - an Internet mail transport agent    *
*************************************************/

/* Copyright (c) The Exim Maintainers 2020 - 2022 */
/* Copyright (c) University of Cambridge 1995 - 2018 */
/* Copyright (c) The Exim Maintainers 2020 */
/* See the file NOTICE for conditions of use and distribution. */



  struct condition_block *c;
  struct filter_cmd      *f;
  int                     i;
  const uschar            *u;
};

/* Local structures used in this module */


enum { had_neither, had_else, had_elif, had_endif };

static BOOL read_command_list(const uschar **, filter_cmd ***, BOOL);


/* The string arguments for the mail command. The header line ones (that are

Returns:           pointer to next non-whitespace character
*/

static const uschar *
nextsigchar(const uschar *ptr, BOOL comment_allowed)
{
for (;;)
  {

Returns:    pointer to the next significant character after the word
*/

static const uschar *
nextword(const uschar *ptr, uschar *buffer, int size, BOOL bracket)
{
uschar *bp = buffer;
while (*ptr != 0 && !isspace(*ptr) &&

Returns:     the next significant character after the item
*/

static const uschar *
nextitem(const uschar *ptr, uschar *buffer, int size, BOOL bracket)
{
uschar *bp = buffer;
if (*ptr != '\"') return nextword(ptr, buffer, size, bracket);

while (*++ptr && *ptr != '\"' && *ptr != '\n')
  {
  if (bp - buffer >= size - 1)
    {

    {
    if (isspace(ptr[1]))    /* \<whitespace>NL<whitespace> ignored */
      {
      const uschar *p = ptr + 1;
      while (*p != '\n' && isspace(*p)) p++;
      if (*p == '\n')
        {

*/

static int
get_number(const uschar *s, BOOL *ok)
{
int value, count;
*ok = FALSE;

Returns:          points to next character after "then"
*/

static const uschar *
read_condition(const uschar *ptr, condition_block **cond, BOOL toplevel)
{
uschar buffer[1024];
BOOL testfor = TRUE;


  /* reaching the end of the input is an error. */

  if (!*ptr)
    {
    *error_pointer = US"\"then\" missing at end of filter file";
    break;

  else
    {
    ptr = nextitem(ptr, buffer, sizeof(buffer), TRUE);
    if (*error_pointer) break;

    /* "Then" at the start of a condition is an error */



    /* Build a condition block from the specific word. */

    c = store_get(sizeof(condition_block), GET_UNTAINTED);
    c->left.u = c->right.u = NULL;
    c->testfor = testfor;
    testfor = TRUE;

      for (;;)
        {
        string_item *aa;
        const uschar * saveptr = ptr;
        ptr = nextword(ptr, buffer, sizeof(buffer), TRUE);
        if (*error_pointer) break;
        if (Ustrcmp(buffer, "alias") != 0)

          }
        ptr = nextitem(ptr, buffer, sizeof(buffer), TRUE);
        if (*error_pointer) break;
        aa = store_get(sizeof(string_item), GET_UNTAINTED);
        aa->text = string_copy(buffer);
        aa->next = c->left.a;
        c->left.a = aa;

    else
      {
      int i;
      const uschar *isptr = NULL;

      c->left.u = string_copy(buffer);
      ptr = nextword(ptr, buffer, sizeof(buffer), TRUE);


  else
    {
//    const uschar *saveptr = ptr;
    ptr = nextword(ptr, buffer, sizeof(buffer), FALSE);
    if (*error_pointer) break;

    /* "Then" terminates a toplevel condition; otherwise a closing bracket
    has been omitted. Put a string terminator at the start of "then" so
    that reflecting the condition can be done when testing. */
    /*XXX This stops us doing a constification job in this file, unfortunately.
    Comment it out and see if anything breaks.
    With one addition down at DEFERFREEZEFAIL it passes the testsuite. */

    if (Ustrcmp(buffer, "then") == 0)
      {
//      if (toplevel) *saveptr = 0;
//      else
   if (!toplevel)
      *error_pointer = string_sprintf("missing \")\" at end of "
          "condition near line %d of filter file", line_number);
      break;
      }


    else if (Ustrcmp(buffer, "and") == 0)
      {
      condition_block * andc = store_get(sizeof(condition_block), GET_UNTAINTED);
      andc->parent = current_parent;
      andc->type = cond_and;
      andc->testfor = TRUE;


    else if (Ustrcmp(buffer, "or") == 0)
      {
      condition_block * orc = store_get(sizeof(condition_block), GET_UNTAINTED);
      condition_block * or_parent = NULL;

      if (current_parent)
        {

*/

static BOOL
read_command(const uschar **pptr, filter_cmd ***lastcmdptr)
{
int command, i, cmd_bit;
filter_cmd *new, **newlastcmdptr;

BOOL was_seen_or_unseen = FALSE;
BOOL was_noerror = FALSE;
uschar buffer[1024];
const uschar *ptr = *pptr;
const uschar *saveptr;
uschar *fmsg = NULL;

/* Read the next word and find which command it is. Command words are normally

as brackets are allowed in conditions and users will expect not to require
white space here. */

*buffer = '\0';	/* compiler quietening */

if (Ustrncmp(ptr, "if(", 3) == 0)
  {
  Ustrcpy(buffer, US"if");

else
  {
  ptr = nextword(ptr, buffer, sizeof(buffer), FALSE);
  if (*error_pointer) return FALSE;
  }

for (command = 0; command < command_list_count; command++)

  case testprint_command:

  ptr = nextitem(ptr, buffer, sizeof(buffer), FALSE);
  if (!*buffer)
    *error_pointer = string_sprintf("\"%s\" requires an argument "
      "near line %d of filter file", command_list[command], line_number);

  if (*error_pointer) yield = FALSE; else
    {
    union argtypes argument, second_argument;


      {
      argument.u = string_copy(buffer);
      ptr = nextitem(ptr, buffer, sizeof(buffer), FALSE);
      if (!*buffer || Ustrcmp(buffer, "to") != 0)
        *error_pointer = string_sprintf("\"to\" expected in \"add\" command "
          "near line %d of filter file", line_number);
      else
        {
        ptr = nextitem(ptr, buffer, sizeof(buffer), FALSE);
        if (!*buffer)
          *error_pointer = string_sprintf("value missing after \"to\" "
            "near line %d of filter file", line_number);
        else second_argument.u = string_copy(buffer);

      if (yield)
        {
        ptr = nextitem(ptr, buffer, sizeof(buffer), FALSE);
        if (!*buffer)
          *error_pointer = string_sprintf("value missing after \"add\", "
            "\"remove\", or \"charset\" near line %d of filter file",
              line_number);


      else if (command == deliver_command)
        {
        const uschar *save_ptr = ptr;
        ptr = nextword(ptr, buffer, sizeof(buffer), FALSE);
        if (Ustrcmp(buffer, "errors_to") == 0)
          {

    FALSE for logging commands, and it doesn't matter for testprint, as
    that doesn't change the "delivered" status. */

    if (*error_pointer) yield = FALSE;
    else
      {
      new = store_get(sizeof(filter_cmd) + sizeof(union argtypes), GET_UNTAINTED);
      new->next = NULL;
      **lastcmdptr = new;
      *lastcmdptr = &(new->next);


  saveptr = ptr;
  ptr = nextitem(ptr, buffer, sizeof(buffer), FALSE);
  if (*saveptr != '\"' && (!*buffer || Ustrcmp(buffer, "text") != 0))
    {
    ptr = saveptr;
    fmsg = US"";

  /* Finish has no arguments; fmsg defaults to NULL */

  case finish_command:
  new = store_get(sizeof(filter_cmd), GET_UNTAINTED);
  new->next = NULL;
  **lastcmdptr = new;
  *lastcmdptr = &(new->next);
  new->command = command;
  new->seen = seen_force ? seen_value : FALSE;
  new->args[0].u = fmsg;
  break;



  /* Set up the command block for if */

  new = store_get(sizeof(filter_cmd) + 4 * sizeof(union argtypes), GET_UNTAINTED);
  new->next = NULL;
  **lastcmdptr = new;
  *lastcmdptr = &new->next;
  new->command = command;
  new->seen = FALSE;
  new->args[0].u = NULL;


  /* Read the condition */

  ptr = read_condition(ptr, &new->args[0].c, TRUE);
  if (*error_pointer) { yield = FALSE; break; }

  /* Read the commands to be obeyed if the condition is true */


    while (had_else_endif == had_elif)
      {
      filter_cmd *newnew =
        store_get(sizeof(filter_cmd) + 4 * sizeof(union argtypes), GET_UNTAINTED);
      new->args[2].f = newnew;
      new = newnew;
      new->next = NULL;

      new->args[1].u = new->args[2].u = NULL;
      new->args[3].u = ptr;

      ptr = read_condition(ptr, &new->args[0].c, TRUE);
      if (*error_pointer) { yield = FALSE; break; }
      newlastcmdptr = &(new->args[1].f);
      if (!read_command_list(&ptr, &newlastcmdptr, TRUE))
        yield = FALSE;


  case mail_command:
  case vacation_command:
  new = store_get(sizeof(filter_cmd) + mailargs_total * sizeof(union argtypes), GET_UNTAINTED);
  new->next = NULL;
  new->command = command;
  new->seen = seen_force ? seen_value : FALSE;
  new->noerror = noerror_force;
  for (i = 0; i < mailargs_total; i++) new->args[i].u = NULL;



  for (;;)
    {
    const uschar *saveptr = ptr;
    ptr = nextword(ptr, buffer, sizeof(buffer), FALSE);
    if (*error_pointer)
      { yield = FALSE; break; }
      yield = FALSE;
      break;
      }

    /* Ensure "return" is followed by "message"; that's a complete option */


    /* Found keyword, read the data item */

    ptr = nextitem(ptr, buffer, sizeof(buffer), FALSE);
    if (*error_pointer)
      { yield = FALSE; break; }
      yield = FALSE;
      break;
      }
    else new->args[i].u = string_copy(buffer);
    }



  if (command == vacation_command)
    {
    if (!new->args[mailarg_index_file].u)
      {
      new->args[mailarg_index_file].u = string_copy(US".vacation.msg");
      new->args[mailarg_index_expand].u = US"";   /* not NULL => TRUE */
      }
    if (!new->args[mailarg_index_log].u)
      new->args[mailarg_index_log].u = string_copy(US".vacation.log");
    if (!new->args[mailarg_index_once].u)
      new->args[mailarg_index_once].u = string_copy(US".vacation");
    if (!new->args[mailarg_index_once_repeat].u)
      new->args[mailarg_index_once_repeat].u = string_copy(US"7d");
    if (!new->args[mailarg_index_subject].u)
      new->args[mailarg_index_subject].u = string_copy(US"On vacation");
    }



  case seen_command:
  case unseen_command:
  if (!*ptr)
    {
    *error_pointer = string_sprintf("\"seen\" or \"unseen\" "
      "near line %d is not followed by a command", line_number);

  /* So does noerror */

  case noerror_command:
  if (!*ptr)
    {
    *error_pointer = string_sprintf("\"noerror\" "
      "near line %d is not followed by a command", line_number);

*/

static BOOL
read_command_list(const uschar **pptr, filter_cmd ***lastcmdptr, BOOL conditional)
{
if (conditional) expect_endif++;
had_else_endif = had_neither;
while (**pptr && had_else_endif == had_neither)
  {
  if (!read_command(pptr, lastcmdptr)) return FALSE;
  *pptr = nextsigchar(*pptr, TRUE);

test_condition(condition_block *c, BOOL toplevel)
{
BOOL yield = FALSE;
const uschar *exp[2], * p, * pp;
uschar *exp[2], *p, *pp;
const uschar *regcomp_error = NULL;
int regcomp_error_offset;
int val[2];
int i;



  case cond_foranyaddress:
  p = c->left.u;
  if (!(pp = expand_cstring(p)))
  if (pp == NULL)
    {
    *error_pointer = string_sprintf("failed to expand \"%s\" in "
      "filter file: %s", p, expand_string_message);

  yield = FALSE;
  f.parse_allow_group = TRUE;     /* Allow group syntax */

  while (*pp)
    {
    uschar *error;
    int start, end, domain;
    uschar * s;

    p = parse_find_address_end(pp, FALSE);
    s = string_copyn(pp, p - pp);

    *p = 0;
    filter_thisaddress =
      parse_extract_address(s, &error, &start, &end, &domain, FALSE);
    *p = saveend;

    if (filter_thisaddress)
      {

      }

    if (yield) break;
    if (!*p) break;
    pp = p + 1;
    }


  p = c->left.u;
  for (i = 0; i < 2; i++)
    {
    if (!(exp[i] = expand_cstring(p)))
    if (exp[i] == NULL)
      {
      *error_pointer = string_sprintf("failed to expand \"%s\" in "
        "filter file: %s", p, expand_string_message);

    break;

    case cond_contains:
    yield = strstric_c(exp[0], exp[1], FALSE) != NULL;
    break;

    case cond_CONTAINS:

    case cond_ENDS:
      {
      int len = Ustrlen(exp[1]);
      const uschar *s = exp[0] + Ustrlen(exp[0]) - len;
      yield = s < exp[0]
	? FALSE
	: (c->type == cond_ends ? strcmpic(s, exp[1]) : Ustrcmp(s, exp[1])) == 0;
      }
    break;

    case cond_matches:
    case cond_MATCHES:
    if ((filter_test != FTEST_NONE && debug_selector != 0) ||
        (debug_selector & D_filter) != 0)
      {
      const pcre2_code *re;
      int err;
      PCRE2_SIZE offset;
      }

      if ((filter_test != FTEST_NONE && debug_selector != 0) ||
	  (debug_selector & D_filter) != 0)
	{
	debug_printf_indent("Match expanded arguments:\n");
	debug_printf_indent("  Subject = %s\n", exp[0]);
	debug_printf_indent("  Pattern = %s\n", exp[1]);
	}
      return FALSE;
      }

      if (!(re = pcre2_compile((PCRE2_SPTR)exp[1], PCRE2_ZERO_TERMINATED,
		  PCRE_COPT | (c->type == cond_matches ? PCRE2_CASELESS : 0),
		  &err, &offset, pcre_cmp_ctx)))
	{
	uschar errbuf[128];
	pcre2_get_error_message(err, errbuf, sizeof(errbuf));
	*error_pointer = string_sprintf("error while compiling "
	  "regular expression \"%s\": %s at offset %ld",
	  exp[1], errbuf, (long)offset);
	return FALSE;
	}

      yield = regex_match_and_setup(re, exp[0], PCRE_EOPT, -1);
      break;
      }

    /* For above and below, convert the strings to numbers */



  for (i = 0; i < (command_exparg_count[commands->command] & 15); i++)
    {
    const uschar *ss = commands->args[i].u;
    if (!ss)
      expargs[i] = NULL;
    else if (!(expargs[i] = expand_cstring(ss)))
      {
      *error_pointer = string_sprintf("failed to expand \"%s\" in "
	"%s command: %s", ss, command_list[commands->command],
	expand_string_message);
      return FF_ERROR;
      }
        }
    }

  /* Now switch for each command, setting the "delivered" flag if any of them

	if (expand_nmax >= 0 || filter_thisaddress != NULL)
	  {
	  int ecount = expand_nmax >= 0 ? expand_nmax : -1;
	  uschar ** ss = store_get(sizeof(uschar *) * (ecount + 3), GET_UNTAINTED);

	  addr->pipe_expandn = ss;
	  if (!filter_thisaddress) filter_thisaddress = US"";

	  (long int)geteuid());
	if (log_fd < 0)
	  {
	  if (!log_filename)
	    {
	    *error_pointer = US"attempt to obey \"logwrite\" command "
	      "without a previous \"logfile\"";

	  log_fd = Uopen(log_filename, O_CREAT|O_APPEND|O_WRONLY, log_mode);
	  if (log_fd < 0)
	    {
	    *error_pointer = string_open_failed("filter log file \"%s\"",
	      log_filename);
	    return FF_ERROR;
	    }

	  }
	}
      else
	DEBUG(D_filter)
	  debug_printf_indent("skipping logwrite (verifying or testing)\n");
	}
      break;

      /* Header addition and removal is available only in the system filter. The

	s = expargs[0];

	if (filter_test != FTEST_NONE)
	  printf("Headers %s \"%s\"\n",
	    subtype == TRUE ? "add"
	    : subtype == FALSE ? "remove"
	    : "charset",
	    string_printing(s));

	if (subtype == TRUE)
	  {
	  while (isspace(*s)) s++;
	  if (*s)
	    {
	    header_add(htype_other, "%s%s", s,
	      s[Ustrlen(s)-1] == '\n' ? "" : "\n");
	    header_last->type = header_checkname(header_last, FALSE);
	    if (header_last->type >= 'a') header_last->type = htype_other;
	    }

	else if (subtype == FALSE)
	  {
	  int sep = 0;
	  const uschar * list = s;

	  for (uschar * ss; ss = string_nextinlist(&list, &sep, NULL, 0); )
	  while ((ss = string_nextinlist(&list, &sep, buffer, sizeof(buffer)))
		 != NULL)
	    header_remove(0, ss);
	  }

	/* This setting lasts only while the filter is running; on exit, the
	variable is reset to the previous value. */

	else headers_charset = s;
	}
      break;


      ff_name = US"freeze";
      ff_ret = FF_FREEZE;

    DEFERFREEZEFAIL:
      *error_pointer = fmsg = US string_printing(Ustrlen(expargs[0]) > 1024
	? string_sprintf("%.1000s ... (truncated)", expargs[0])
	: string_copy(expargs[0]));
      for(uschar * s = fmsg; *s; s++)
	if (!s[1] && *s == '\n') { *s = '\0'; break; }	/* drop trailing newline */

      if (filter_test != FTEST_NONE)
	{
	indent();
	printf("%c%s text \"%s\"\n", toupper(ff_name[0]), ff_name+1, fmsg);
	}
      else
        DEBUG(D_filter) debug_printf_indent("Filter: %s \"%s\"\n", ff_name, fmsg);
      return ff_ret;

    case finish_command:

	printf("%sinish\n", (commands->seen)? "Seen f" : "F");
	}
      else
	{
	DEBUG(D_filter) debug_printf_indent("Filter: %sfinish\n",
	  commands->seen ? " Seen " : "");
	}
      finish_obeyed = TRUE;
      return filter_delivered ? FF_DELIVERED : FF_NOTDELIVERED;

    case if_command:
	{
	uschar *save_address = filter_thisaddress;
	int ok = FF_DELIVERED;
	condition_value = test_condition(commands->args[0].c, TRUE);
	if (*error_pointer)
	  ok = FF_ERROR;
	else
	  {
	  output_indent += 2;
	  ok = interpret_commands(commands->args[condition_value? 1:2].f,

	  output_indent -= 2;
	  }
	filter_thisaddress = save_address;
	if (finish_obeyed  ||  ok != FF_DELIVERED && ok != FF_NOTDELIVERED)
	  return ok;
	}
      break;


    case mail_command:
    case vacation_command:
	if (!return_path || !*return_path)
	  {
	  if (filter_test != FTEST_NONE)
	    printf("%s command ignored because return_path is empty\n",


	for (i = 0; i < MAILARGS_STRING_COUNT; i++)
	  {
	  uschar *p;
	  const uschar *s = expargs[i];

	  if (!s) continue;

	  if (i != mailarg_index_text) for (const uschar * p = s; *p; p++)
	    {
	    int c = *p;
	    if (i > mailarg_index_text)


	      else
		{
		const uschar *pp;
		for (pp = p + 1;; pp++)
		  {
		  c = *pp;
		  if (c == ':' && pp != p + 1) break;
		  if (!c || c == ':' || isspace(c))
		    {
		    *error_pointer = string_sprintf("\\n not followed by space or "
		      "valid header name in \"%.1024s\" in %s command",


	  /* The string is OK */

	  commands->args[i].u = s;
	  }

	/* Proceed with mail or vacation command */

	if (filter_test != FTEST_NONE)
	  {
	  const uschar *to = commands->args[mailarg_index_to].u;
	  indent();
	  printf("%sail to: %s%s%s\n", (commands->seen)? "Seen m" : "M",
	    to ? to : US"<default>",

	    commands->noerror ? " (noerror)" : "");
	  for (i = 1; i < MAILARGS_STRING_COUNT; i++)
	    {
	    const uschar *arg = commands->args[i].u;
	    if (arg)
	      {
	      int len = Ustrlen(mailargs[i]);

	  }
	else
	  {
	  const uschar *tt;
	  const uschar *to = commands->args[mailarg_index_to].u;
	  gstring * log_addr = NULL;

	  if (!to) to = expand_string(US"$reply_address");
	  while (isspace(*to)) to++;

	  for (tt = to; *tt; tt++)     /* Get rid of newlines */
	    if (*tt == '\n')
	      {
	      uschar * s = string_copy(to);
	      for (uschar * ss = s; *ss; ss++)
		if (*ss == '\n') *ss = ' ';
	      to = s;
	      break;
	      }

	  DEBUG(D_filter)
	    {

	      commands->noerror ? " (noerror)" : "");
	    for (i = 1; i < MAILARGS_STRING_COUNT; i++)
	      {
	      const uschar *arg = commands->args[i].u;
	      if (arg)
		{
		int len = Ustrlen(mailargs[i]);
		while (len++ < 15) debug_printf_indent(" ");

	  string gets too long. */

	  tt = to;
	  while (*tt)
	    {
	    uschar *ss = parse_find_address_end(tt, FALSE);
	    uschar *recipient, *errmess;

	  addr->next = *generated;
	  *generated = addr;

	  addr->reply = store_get(sizeof(reply_item), GET_UNTAINTED);
	  addr->reply->from = NULL;
	  addr->reply->to = string_copy(to);
	  addr->reply->file_expand =


	  for (i = 1; i < mailargs_string_passed; i++)
	    {
	    const uschar *ss = commands->args[i].u;
	    *(USS((US addr->reply) + reply_offsets[i])) =
	      ss ? string_copy(ss) : NULL;
	    }

*/

int
filter_interpret(const uschar *filter, int options, address_item **generated,
  uschar **error)
{
int i;
int yield = FF_ERROR;
const uschar *ptr = filter;
const uschar *save_headers_charset = headers_charset;
filter_cmd *commands = NULL;
filter_cmd **lastcmdptr = &commands;





*     Exim - an Internet mail transport agent    *
*************************************************/

/* Copyright (c) The Exim Maintainers 2021 - 2022 */
/* Copyright (c) University of Cambridge 1995 - 2009 */
/* See the file NOTICE for conditions of use and distribution. */


body_linecount = 0;
header_size = message_size;

if (!dot_ended && !stdin_feof())
  {
  if (!f.dot_ends)
    {
    while ((ch = stdin_getc(GETC_BUFFER_UNLIMITED)) != EOF)
      {
      if (ch == 0) body_zerocount++;
      if (ch == '\n') body_linecount++;

  else
    {
    int ch_state = 1;
    while ((ch = stdin_getc(GETC_BUFFER_UNLIMITED)) != EOF)
      {
      if (ch == 0) body_zerocount++;
      switch (ch_state)

      if (s > message_body_end + message_body_visible) s = message_body_end;
      message_size++;
      }
    READ_END: ;
    }
  if (s == message_body_end || s[-1] != '\n') body_linecount++;
  }
debug_printf("%s %d\n", __FUNCTION__, __LINE__);

message_body[body_len] = 0;
message_body_size = message_size - header_size;

  int above = message_body_visible - below;
  if (above > 0)
    {
    uschar * temp = store_get(below, GET_UNTAINTED);
    memcpy(temp, message_body_end, below);
    memmove(message_body_end, s+1, above);
    memcpy(message_body_end + above, temp, below);

  return FALSE;
  }

filebuf = store_get(statbuf.st_size + 1, filename);
rc = read(fd, filebuf, statbuf.st_size);
(void)close(fd);


/* For a filter, set up the message_body variables and the message size if this
is the first time this function has been called. */

if (!message_body) read_message_body(dot_ended);

/* Now pass the filter file to the function that interprets it. Because
filter_test is not FILTER_NONE, the interpreter will output comments about what

  }
else
  {
  yield = filter_type == FILTER_SIEVE
    ? sieve_interpret(filebuf, RDO_REWRITE, NULL, NULL, NULL, NULL, &generated, &error)
    : filter_interpret(filebuf, RDO_REWRITE, &generated, &error);
    filter_interpret(filebuf, RDO_REWRITE, &generated, &error);
  }

return yield != FF_ERROR;




*     Exim - an Internet mail transport agent    *
*************************************************/

/* Copyright (c) The Exim Maintainers 2020 - 2022 */
/* Copyright (c) University of Cambridge 1995 - 2018 */
/* Copyright (c) The Exim Maintainers 2020 */
/* See the file NOTICE for conditions of use and distribution. */



extern void    tls_clean_env(void);
extern BOOL    tls_client_start(client_conn_ctx *, smtp_connect_args *,
		  void *, tls_support *, uschar **);
extern void    tls_client_creds_reload(BOOL);

extern void    tls_close(void *, int);
extern BOOL    tls_could_getc(void);
extern void    tls_daemon_init(void);
extern int     tls_daemon_tick(void);
extern BOOL    tls_dropprivs_validate_require_cipher(BOOL);
extern BOOL    tls_export_cert(uschar *, size_t, void *);
extern int     tls_feof(void);
extern int     tls_ferror(void);
extern uschar *tls_field_from_dn(uschar *, const uschar *);
extern void    tls_free_cert(void **);
extern int     tls_getc(unsigned);
extern uschar *tls_getbuf(unsigned *);
extern void    tls_get_cache(unsigned);
extern BOOL    tls_hasc(void);
extern BOOL    tls_import_cert(const uschar *, void **);
extern BOOL    tls_is_name_for_cert(const uschar *, void *);
# ifdef USE_OPENSSL
extern BOOL    tls_openssl_options_parse(uschar *, long *);
# endif
extern int     tls_read(void *, uschar *, size_t);
extern int     tls_server_start(uschar **);
extern void    tls_shutdown_wr(void *);
extern BOOL    tls_smtp_buffered(void);
extern int     tls_ungetc(int);
#if defined(EXIM_HAVE_INOTIFY) || defined(EXIM_HAVE_KEVENT)
extern void    tls_watch_discard_event(int);
extern void    tls_watch_invalidate(void);
#endif
extern int     tls_write(void *, const uschar *, size_t, BOOL);
extern uschar *tls_validate_require_cipher(void);
extern gstring *tls_version_report(gstring *);
# ifdef USE_OPENSSL
extern BOOL    tls_openssl_options_parse(uschar *, long *);
# endif
extern uschar * tls_field_from_dn(uschar *, const uschar *);
extern BOOL    tls_is_name_for_cert(const uschar *, void *);

# ifdef SUPPORT_DANE
extern int     tlsa_lookup(const host_item *, dns_answer *, BOOL);


extern acl_block *acl_read(uschar *(*)(void), uschar **);
extern int     acl_check(int, uschar *, uschar *, uschar **, uschar **);
extern uschar *acl_current_verb(void);
extern int     acl_eval(int, uschar *, uschar **, uschar **);

extern tree_node *acl_var_create(uschar *);

extern gstring * auth_show_supported(gstring *);
extern uschar *auth_xtextencode(uschar *, int);
extern int     auth_xtextdecode(uschar *, uschar **);
extern uschar *authenticator_current_name(void);

#ifdef EXPERIMENTAL_ARC
extern gstring *authres_arc(gstring *);

#endif

extern uschar *b64encode(const uschar *, int);
extern uschar *b64encode_taint(const uschar *, int, const void *);
extern int     b64decode(const uschar *, uschar **);
extern int     bdat_getc(unsigned);
extern uschar *bdat_getbuf(unsigned *);
extern BOOL    bdat_hasc(void);
extern int     bdat_ungetc(int);
extern void    bdat_flush_data(void);


extern int     dcc_process(uschar **);
#endif

extern void    debug_logging_activate(const uschar *, const uschar *);
extern void    debug_logging_from_spool(const uschar *);
extern void    debug_logging_stop(BOOL);
extern void    debug_print_argv(const uschar **);
extern void    debug_print_ids(uschar *);
extern void    debug_printf_indent(const char *, ...) PRINTF_FUNCTION(1,2);
extern void    debug_print_string(uschar *);
extern void    debug_print_tree(const char *, tree_node *);
extern void    debug_vprintf(int, const char *, va_list);
extern void    debug_pretrigger_setup(const uschar *);
extern void    debug_pretrigger_discard(void);
extern void    debug_print_socket(int);
extern void    debug_trigger_fire(void);

extern void    decode_bits(unsigned int *, size_t, int *,
	           const uschar *, bit_table *, int, uschar *, int);
extern void    delete_pid_file(void);
extern void    deliver_local(address_item *, BOOL);
extern address_item *deliver_make_addr(uschar *, BOOL);
extern void    delivery_log(int, address_item *, int, uschar *);
extern int     deliver_message(uschar *, BOOL, BOOL);

extern int     deliver_split_address(address_item *);
extern void    deliver_succeeded(address_item *);

extern uschar *deliver_get_sender_address (uschar *id);
extern void    delivery_re_exec(int);

extern void    die_tainted(const uschar *, const uschar *, int);

extern void    enq_end(uschar *);
extern BOOL    enq_start(uschar *, unsigned);
#ifndef DISABLE_EVENT
extern uschar *event_raise(uschar *, const uschar *, uschar *, int *);
extern void    msg_event_raise(const uschar *, const address_item *);
#endif


extern void    exim_exit(int) NORETURN;
extern void    exim_gettime(struct timeval *);
extern void    exim_nullstd(void);
extern void    exim_setugid(uid_t, gid_t, BOOL, const uschar *);
extern void    exim_underbar_exit(int) NORETURN;
extern void    exim_wait_tick(struct timeval *, int);
extern int     exp_bool(address_item *addr,


extern BOOL    fd_ready(int, time_t);

extern int     filter_interpret(const uschar *, int, address_item **, uschar **);
extern BOOL    filter_personal(string_item *, BOOL);
extern BOOL    filter_runtest(int, uschar *, BOOL, BOOL);
extern BOOL    filter_system_interpret(address_item **, uschar **);

extern uschar * fn_hdrs_added(void);
extern void    force_fd(int, int);

extern void    header_add(int, const char *, ...);
extern header_line *header_add_at_position_internal(BOOL, uschar *, BOOL, int, const char *, ...);

extern int     ipv6_nmtoa(int *, uschar *);

extern uschar *local_part_quote(uschar *);
extern int     log_open_as_exim(const uschar * const);
extern void    log_close_all(void);

extern macro_item * macro_create(const uschar *, const uschar *, BOOL);

                 unsigned int *, int, BOOL, const uschar **);
extern int     match_check_string(const uschar *, const uschar *, int, BOOL, BOOL, BOOL,
                 const uschar **);

extern void    message_start(void);
extern void    message_tidyup(void);
extern void    md5_end(md5 *, const uschar *, int, uschar *);
extern void    md5_mid(md5 *, const uschar *);
extern void    md5_start(md5 *);


extern uschar *parse_extract_address(const uschar *, uschar **, int *, int *, int *,
                 BOOL);
extern int     parse_forward_list(const uschar *, int, address_item **, uschar **,
                 const uschar *, const uschar *, error_block **);
extern uschar *parse_find_address_end(const uschar *, BOOL);
extern const uschar *parse_find_at(const uschar *);
extern const uschar *parse_fix_phrase(const uschar *, int);
extern const uschar *parse_message_id(const uschar *, uschar **, uschar **);
extern const uschar *parse_quote_2047(const uschar *, int, const uschar *,
				      BOOL);
extern const uschar *parse_date_time(const uschar *str, time_t *t);
extern void priv_drop_temp(const uid_t, const gid_t);
extern void priv_restore(void);

extern unsigned queue_count(void);
extern unsigned queue_count_cached(void);
extern void    queue_list(int, uschar **, int);
#ifndef DISABLE_QUEUE_RAMP
extern void    queue_notify_daemon(const uschar * hostname);
#endif
extern void    queue_run(uschar *, uschar *, BOOL);

extern int     random_number(int);
extern const uschar *rc_to_string(int);
extern int     rda_interpret(redirect_block *, int, const uschar *, const uschar *,
                 const uschar *, const uschar *, const uschar *, const ugid_block *, address_item **,
                 uschar **, error_block **, int *, const uschar *);
extern int     rda_is_filter(const uschar *);
extern BOOL    readconf_depends(driver_instance *, uschar *);
extern void    readconf_driver_init(uschar *, driver_instance **,

#ifdef WITH_CONTENT_SCAN
extern int     regex(const uschar **);
#endif
extern BOOL    regex_match(const pcre2_code *, const uschar *, int, uschar **);
extern BOOL    regex_match_and_setup(const pcre2_code *, const uschar *, int, int);
extern const pcre2_code *regex_must_compile(const uschar *, BOOL, BOOL);
extern void    retry_add_item(address_item *, uschar *, int);
extern BOOL    retry_check_address(const uschar *, host_item *, uschar *, BOOL,
                 uschar **, uschar **);

extern const uschar *rewrite_one(const uschar *, int, BOOL *, BOOL, uschar *,
                 rewrite_rule *);
extern void    rewrite_test(const uschar *);
extern uschar *rfc2047_decode2(uschar *, BOOL, const uschar *, int, int *,
				     int *, uschar **);
extern int     route_address(address_item *, address_item **, address_item **,
                 address_item **, address_item **, int);
extern int     route_check_prefix(const uschar *, const uschar *, unsigned *);

extern void    route_init(void);
extern gstring * route_show_supported(gstring *);
extern void    route_tidyup(void);
extern uschar *router_current_name(void);

extern uschar *search_args(int, uschar *, uschar *, uschar **, const uschar *);
extern uschar *search_find(void *, const uschar *, uschar *, int,
		 const uschar *, int, int, int *, const uschar *);
extern int     search_findtype(const uschar *, int);

extern void    sha1_end(hctx *, const uschar *, int, uschar *);
extern void    sha1_mid(hctx *, const uschar *);
extern void    sha1_start(hctx *);
extern int     sieve_interpret(const uschar *, int, const uschar *,
		 const uschar *, const uschar *, const uschar *,
		 address_item **, uschar **);
extern void    sigalrm_handler(int);
extern int     smtp_boundsock(smtp_connect_args *);
extern void    smtp_closedown(uschar *);
extern void    smtp_command_timeout_exit(void) NORETURN;
extern void    smtp_command_sigterm_exit(void) NORETURN;

extern void    smtp_deliver_init(void);
extern uschar *smtp_cmd_hist(void);
extern int     smtp_connect(smtp_connect_args *, const blob *);
extern int     smtp_sock_connect(host_item *, int, int, uschar *,
		 transport_instance * tb, int, const blob *);
extern int     smtp_feof(void);
extern int     smtp_ferror(void);
extern uschar *smtp_get_connection_info(void);

extern BOOL    smtp_get_port(uschar *, address_item *, int *, uschar *);
extern int     smtp_getc(unsigned);
extern uschar *smtp_getbuf(unsigned *);
extern void    smtp_get_cache(unsigned);
extern BOOL    smtp_hasc(void);
extern int     smtp_handle_acl_fail(int, int, uschar *, uschar *);
extern void    smtp_log_no_mail(void);
extern void    smtp_message_code(uschar **, int *, uschar **, uschar **, BOOL);
extern void    smtp_proxy_tls(void *, uschar *, size_t, int *, int, const uschar *) NORETURN;
extern BOOL    smtp_read_response(void *, uschar *, int, int, int);
extern void   *smtp_reset(void *);
extern void    smtp_respond(uschar *, int, BOOL, uschar *);

extern void    smtp_port_for_connect(host_item *, int);
extern void    smtp_send_prohibition_message(int, uschar *);
extern int     smtp_setup_msg(void);
extern int     smtp_sock_connect(smtp_connect_args *, int, const blob *);
extern BOOL    smtp_start_session(void);
extern int     smtp_ungetc(int);
extern BOOL    smtp_verify_helo(void);

extern int     spool_open_datafile(uschar *);
extern int     spool_open_temp(uschar *);
extern int     spool_read_header(uschar *, BOOL, BOOL);
extern uschar *spool_sender_from_msgid(const uschar *);
extern int     spool_write_header(uschar *, int, uschar **);
extern int     stdin_getc(unsigned);
extern int     stdin_feof(void);
extern int     stdin_ferror(void);
extern BOOL    stdin_hasc(void);
extern int     stdin_ungetc(int);

extern void    store_exit(void);
extern void    store_init(void);
extern void    store_writeprotect(int);

extern gstring *string_append(gstring *, int, ...) WARN_UNUSED_RESULT;
extern gstring *string_append_listele(gstring *, uschar, const uschar *) WARN_UNUSED_RESULT;
extern gstring *string_append_listele_n(gstring *, uschar, const uschar *, unsigned) WARN_UNUSED_RESULT;

extern gstring *string_vformat_trc(gstring *, const uschar *, unsigned,
			unsigned, unsigned, const char *, va_list);

#define string_open_failed(fmt, ...) \
	string_open_failed_trc(US __FUNCTION__, __LINE__, fmt, __VA_ARGS__)
extern uschar *string_open_failed_trc(const uschar *, unsigned,
			const char *, ...) PRINTF_FUNCTION(3,4);

#define string_nextinlist(lp, sp, b, l) \
	string_nextinlist_trc((lp), (sp), (b), (l), US __FUNCTION__, __LINE__)

extern int     strcmpic(const uschar *, const uschar *);
extern int     strncmpic(const uschar *, const uschar *, int);
extern uschar *strstric(uschar *, uschar *, BOOL);
extern const uschar *strstric_c(const uschar *, const uschar *, BOOL);

extern int     test_harness_fudged_queue_time(int);
extern void    tcp_init(void);

extern uschar *tod_stamp(int);

extern BOOL    transport_check_waiting(const uschar *, const uschar *, int, uschar *,
                 oicf, void*);
extern uschar *transport_current_name(void);
extern void    transport_do_pass_socket(const uschar *, const uschar *,
		 const uschar *, uschar *, int);
extern void    transport_init(void);
extern BOOL    transport_pass_socket(const uschar *, const uschar *, const uschar *, uschar *, int
#ifdef EXPERIMENTAL_ESMTP_LIMITS
			, unsigned, unsigned, unsigned
#endif
			);
extern uschar *transport_rcpt_address(address_item *, BOOL);
extern BOOL    transport_set_up_command(const uschar ***, const uschar *,
		 BOOL, int, address_item *, BOOL, const uschar *, uschar **);
extern void    transport_update_waiting(host_item *, uschar *);
extern BOOL    transport_write_block(transport_ctx *, uschar *, int, BOOL);
extern void    transport_write_reset(int);

extern void    unspool_mbox(void);
#endif
#ifdef SUPPORT_I18N
extern gstring *utf8_version_report(gstring *);
#endif

extern int     verify_address(address_item *, FILE *, int, int, int, int,

	         const uschar*, const uschar *, const uschar **);
extern address_item *verify_checked_sender(uschar *);
extern void    verify_get_ident(int);
extern void    verify_quota(uschar *);
extern int     verify_quota_call(const uschar *, int, int, uschar **);
extern BOOL    verify_sender(int *, uschar **);
extern BOOL    verify_sender_preliminary(int *, uschar **);
extern void    version_init(void);

#endif
}

static inline BOOL
is_incompatible(const void * old, const void * new)
{
#if defined(COMPILE_UTILITY) || defined(MACRO_PREDEF) || defined(EM_VERSION_C)
return FALSE;

#else
extern BOOL is_incompatible_fn(const void *, const void *);
return is_incompatible_fn(old, new);
#endif
}

/******************************************************************************/
/* String functions */
static inline uschar * __Ustrcat(uschar * dst, const uschar * src, const char * func, int line)


static inline uschar *
string_copyn_taint_trc(const uschar * s, unsigned len,
	const void * proto_mem, const char * func, int line)
{
uschar * ss;
unsigned slen = Ustrlen(s);
if (len > slen) len = slen;
ss = store_get_3(len + 1, proto_mem, func, line);
memcpy(ss, s, len);
ss[len] = '\0';
return ss;
}

static inline uschar *
string_copy_taint_trc(const uschar * s, const void * proto_mem, const char * func, int line)
{ return string_copyn_taint_trc(s, Ustrlen(s), proto_mem, func, line); }

static inline uschar *
string_copyn_trc(const uschar * s, unsigned len, const char * func, int line)
{ return string_copyn_taint_trc(s, len, s, func, line); }
static inline uschar *
string_copy_trc(const uschar * s, const char * func, int line)
{ return string_copy_taint_trc(s, s, func, line); }


/* String-copy functions explicitly setting the taint status */

#define string_copyn_taint(s, len, proto_mem) \
	string_copyn_taint_trc((s), (len), (proto_mem), __FUNCTION__, __LINE__)
#define string_copy_taint(s, proto_mem) \
	string_copy_taint_trc((s), (proto_mem), __FUNCTION__, __LINE__)

/* Simple string-copy functions maintaining the taint */


*/

static inline uschar *
string_copylc(const uschar * s)
{
uschar * ss = store_get(Ustrlen(s) + 1, s);
uschar * p = ss;
while (*s) *p++ = tolower(*s++);
*p = 0;
return ss;
}

*/

static inline uschar *
string_copynlc(uschar * s, int n)
{
uschar * ss = store_get(n + 1, s);
uschar * p = ss;
while (n-- > 0) *p++ = tolower(*s++);
*p = 0;
return ss;

uschar *ss;

store_pool = POOL_PERM;
ss = store_get(len, force_taint ? GET_TAINTED : s);
memcpy(ss, s, len);
store_pool = old_pool;
return ss;


/* Create a growable-string with some preassigned space */

#define string_get_tainted(size, proto_mem) \
	string_get_tainted_trc((size), (proto_mem), __FUNCTION__, __LINE__)

static inline gstring *
string_get_tainted_trc(unsigned size, const void * proto_mem, const char * func, unsigned line)
{
gstring * g = store_get_3(sizeof(gstring) + size, proto_mem, func, line);
g->size = size;		/*XXX would be good if we could see the actual alloc size */
g->ptr = 0;
g->s = US(g + 1);
return g;

static inline gstring *
string_get_trc(unsigned size, const char * func, unsigned line)
{
return string_get_tainted_trc(size, GET_UNTAINTED, func, line);
}

/* NUL-terminate the C string in the growable-string, and return it. */

}


/* Copy the content of a string to tainted memory.  The proto_mem arg
will always be tainted, and suitable as a prototype. */

static inline void
gstring_rebuffer(gstring * g, const void * proto_mem)
{
uschar * s = store_get_3(g->size, proto_mem, __FUNCTION__, __LINE__);
memcpy(s, g->s, g->ptr);
g->s = s;
}


# ifndef COMPILE_UTILITY
/******************************************************************************/
/* Use store_malloc for DNSA structs, and explicit frees. Using the same pool
for them as the strings we proceed to copy from them meant they could not be
released, hence blowing 64k for every DNS lookup. That mounted up. With malloc
we do have to take care over marking tainted all copied strings.  A separate pool
could be used and would handle that implicitly. */

#define store_get_dns_answer() store_get_dns_answer_trc(CUS __FUNCTION__, __LINE__)

static inline dns_answer *
store_get_dns_answer_trc(const uschar * func, unsigned line)
{
return store_malloc_3(sizeof(dns_answer), CCS func, line);
}

#define store_free_dns_answer(dnsa) store_free_dns_answer_trc(dnsa, CUS __FUNCTION__, __LINE__)

static inline void
store_free_dns_answer_trc(dns_answer * dnsa, const uschar * func, unsigned line)
{
store_free_3(dnsa, CCS func, line);
}

/******************************************************************************/
/* Routines with knowledge of spool layout */

# ifndef COMPILE_UTILITY
static inline void
spool_pname_buf(uschar * buf, int len)
{

#ifdef COMPILE_UTILITY		/* version avoiding string-extension */
int len = Ustrlen(spool_directory) + 1 + Ustrlen(queue_name) + 1 + Ustrlen(purpose) + 1
	+ Ustrlen(subdir) + 1 + Ustrlen(fname) + Ustrlen(suffix) + 1;
uschar * buf = store_get(len, GET_UNTAINTED);
string_format(buf, len, "%s/%s/%s/%s/%s%s",
	spool_directory, queue_name, purpose, subdir, fname, suffix);
return buf;

/******************************************************************************/
/* Time calculations */

/* Diff two times (later, earlier) returning diff in 1st arg */
static inline void
timediff(struct timeval * later, const struct timeval * earlier)
{
later->tv_sec -= earlier->tv_sec;
if ((later->tv_usec -= earlier->tv_usec) < 0)
if ((diff->tv_usec -= then->tv_usec) < 0)
  {
  later->tv_sec--;
  later->tv_usec += 1000*1000;
  }
}

static inline void
timesince(struct timeval * diff, const struct timeval * then)
{
gettimeofday(diff, NULL);
timediff(diff, then);
}

static inline uschar *
string_timediff(const struct timeval * diff)
{

errno = EACCES;
return -1;
}
#ifdef EXIM_HAVE_OPENAT
static inline int
exim_openat(int dirfd, const char *pathname, int flags)
{

errno = EACCES;
return -1;
}
#endif

static inline FILE *
exim_fopen(const char *pathname, const char *mode)

  outfdptr, make_leader, purpose);
}

/* Return 1 if fd is usable per pollbits, else 0 */
static inline int
poll_one_fd(int fd, short pollbits, int tmo_millisec)
{
struct pollfd p = {.fd = fd, .events = pollbits};
return poll(&p, 1, tmo_millisec);
}

/******************************************************************************/
/* Client-side smtp log string, for debug */

static inline void
smtp_debug_cmd(const uschar * buf, int mode)
{
HDEBUG(D_transport|D_acl|D_v) debug_printf_indent("  SMTP%c> %s\n",
  mode == SCMD_BUFFER ? '|' : mode == SCMD_MORE ? '+' : '>', buf);

#  ifndef DISABLE_CLIENT_CMD_LOG
  {
  int len = Ustrcspn(buf, " \n");
  int old_pool = store_pool;
  store_pool = POOL_PERM;	/* Main pool ACL allocations eg. callouts get released */
  client_cmd_log = string_append_listele_n(client_cmd_log, ':', buf, MIN(len, 8));
  if (mode == SCMD_BUFFER) 
    {
    client_cmd_log = string_catn(client_cmd_log, US"|", 1); 
    (void) string_from_gstring(client_cmd_log);
    }
  store_pool = old_pool;
  }
#  endif
}


static inline void
smtp_debug_cmd_report(void)
{
#  ifndef DISABLE_CLIENT_CMD_LOG
debug_printf("cmdlog: '%s'\n", client_cmd_log ? client_cmd_log->s : US"(unset)");
#  endif
}



# endif	/* !COMPILE_UTILITY */

/******************************************************************************/




*     Exim - an Internet mail transport agent    *
*************************************************/

/* Copyright (c) The Exim Maintainers 2020 - 2022 */
/* Copyright (c) University of Cambridge 1995 - 2018 */
/* Copyright (c) The Exim Maintainers 2020 */
/* See the file NOTICE for conditions of use and distribution. */

/* All the global variables are defined together in this one module, so


uschar *dsn_envid              = NULL;
int     dsn_ret                = 0;
const pcre2_code  *regex_DSN         = NULL;
uschar *dsn_advertise_hosts    = NULL;

#ifndef DISABLE_TLS
BOOL    gnutls_compat_mode     = FALSE;
BOOL    gnutls_allow_auto_pkcs11 = FALSE;
uschar *hosts_require_alpn     = NULL;
uschar *openssl_options        = NULL;
const pcre2_code *regex_STARTTLS     = NULL;
uschar *tls_advertise_hosts    = US"*";
uschar *tls_alpn	       = US"smtp:esmtp";
uschar *tls_certificate        = NULL;
uschar *tls_crl                = NULL;
/* This default matches NSS DH_MAX_P_BITS value at current time (2012), because

uschar *tls_privatekey         = NULL;
BOOL    tls_remember_esmtp     = FALSE;
uschar *tls_require_ciphers    = NULL;
# ifndef DISABLE_TLS_RESUME
uschar *tls_resumption_hosts   = NULL;
# endif
uschar *tls_try_verify_hosts   = NULL;
uschar *tls_verify_certificates= US"system";
uschar *tls_verify_hosts       = NULL;
int     tls_watch_fd	       = -1;
time_t  tls_watch_trigger_time = (time_t)0;
#else	/*DISABLE_TLS*/
uschar *tls_advertise_hosts    = NULL;
#endif

/* Per Recipient Data Response variables */
BOOL    prdr_enable            = FALSE;
BOOL    prdr_requested         = FALSE;
const pcre2_code *regex_PRDR         = NULL;
#endif

#ifdef SUPPORT_I18N
const pcre2_code *regex_UTF8         = NULL;
#endif

/* Input-reading functions for messages, so we can use special ones for

stand-alone tests. */

#if !defined(STAND_ALONE) && !defined(MACRO_PREDEF)
int	(*lwr_receive_getc)(unsigned)	= stdin_getc;
uschar * (*lwr_receive_getbuf)(unsigned *) = NULL;
int	(*lwr_receive_ungetc)(int)	= stdin_ungetc;
BOOL	(*lwr_receive_hasc)(void)	= stdin_hasc;

int	(*receive_getc)(unsigned) 	= stdin_getc;
uschar * (*receive_getbuf)(unsigned *) 	= NULL;
void	(*receive_get_cache)(unsigned)	= NULL;
BOOL	(*receive_hasc)(void)		= stdin_hasc;
int	(*receive_ungetc)(int)    	= stdin_ungetc;
int	(*receive_feof)(void)     	= stdin_feof;
int	(*receive_ferror)(void)   	= stdin_ferror;
#endif



#endif
	.smtp_in_pipelining_advertised = FALSE,
	.smtp_in_pipelining_used = FALSE,
	.smtp_in_quit		= FALSE,
	.spool_file_wireformat  = FALSE,
	.submission_mode        = FALSE,
	.suppress_local_fixups  = FALSE,

BOOL    proxy_session          = FALSE;
#endif

#ifndef DISABLE_QUEUE_RAMP
BOOL    queue_fast_ramp		= FALSE;
#endif
BOOL    queue_list_requires_admin = TRUE;

#endif
BOOL    split_spool_directory  = FALSE;
BOOL    spool_wireformat       = FALSE;
#ifdef EXPERIMENTAL_SRS
BOOL    srs_usehash            = TRUE;
BOOL    srs_usetimestamp       = TRUE;
#endif
BOOL    strict_acl_vars        = FALSE;
BOOL    strip_excess_angle_brackets = FALSE;
BOOL    strip_trailing_dot     = FALSE;

    .extra_headers =	NULL,
    .remove_headers =	NULL,
    .variables =	NULL,
#ifdef EXPERIMENTAL_SRS
    .srs_sender =	NULL,
#endif
    .ignore_error =	FALSE,
#ifdef SUPPORT_I18N
    .utf8_msg =		FALSE,


uschar *auth_defer_msg         = US"reason not recorded";
uschar *auth_defer_user_msg    = US"";
const uschar *auth_vars[AUTH_VARS];
uschar *authenticator_name     = NULL;
int     auto_thaw              = 0;
#ifdef WITH_CONTENT_SCAN
int     av_failed              = FALSE;	/* boolean but accessed as vtype_int*/

unsigned chunking_datasize     = 0;
unsigned chunking_data_left    = 0;
chunking_state_t chunking_state= CHUNKING_NOT_OFFERED;
const pcre2_code *regex_CHUNKING     = NULL;

#ifdef EXPERIMENTAL_ESMTP_LIMITS
const pcre2_code *regex_LIMITS        = NULL;
#endif

uschar *client_authenticator   = NULL;
uschar *client_authenticated_id = NULL;
uschar *client_authenticated_sender = NULL;
#ifndef DISABLE_CLIENT_CMD_LOG
gstring *client_cmd_log        = NULL;
#endif
int     clmacro_count          = 0;
uschar *clmacros[MAX_CLMACROS];
FILE   *config_file            = NULL;

uschar *continue_host_address  = NULL;
int     continue_sequence      = 1;
uschar *continue_transport     = NULL;
#ifdef EXPERIMENTAL_ESMTP_LIMITS
unsigned continue_limit_mail   = 0;
unsigned continue_limit_rcpt   = 0;
unsigned continue_limit_rcptdom= 0;
#endif

uschar *csa_status             = NULL;
cut_t   cutthrough = {

  BIT_TABLE(D, uid),
  BIT_TABLE(D, verify),
};
int      debug_options_count	= nelem(debug_options);
uschar   debuglog_name[LOG_NAME_SIZE] = {0};
unsigned debug_pretrigger_bsize	= 0;
uschar * debug_pretrigger_buf	= NULL;
unsigned int debug_selector	= 0;

unsigned int debug_selector    = 0;
int     delay_warning[DELAY_WARNING_SIZE] = { DELAY_WARNING_SIZE, 1, 24*60*60 };
uschar *delay_warning_condition=
  US"${if or {"

uschar *dnslist_value          = NULL;
tree_node *domainlist_anchor   = NULL;
int     domainlist_count       = 0;
const uschar *driver_srcfile   = NULL;
int     driver_srcline	       = 0;
uschar *dsn_from               = US DEFAULT_DSN_FROM;
unsigned int dtrigger_selector = 0;

int     errno_quota            = ERRNO_QUOTA;
uschar *errors_copy            = NULL;

int     expand_forbid          = 0;
int     expand_nlength[EXPAND_MAXN+1];
int     expand_nmax            = -1;
const uschar *expand_nstring[EXPAND_MAXN+1];
uschar *expand_string_message;
uschar *extra_local_interfaces = NULL;


volatile sig_atomic_t had_command_sigterm = 0;
volatile sig_atomic_t had_data_timeout    = 0;
volatile sig_atomic_t had_data_sigint     = 0;
const uschar *headers_charset  = US HEADERS_CHARSET;
int     header_insert_maxlen   = 64 * 1024;
header_line  *header_last      = NULL;
header_line  *header_list      = NULL;

tree_node *hostlist_anchor     = NULL;
int     hostlist_count         = 0;
uschar *hosts_treat_as_local   = NULL;
uschar *hosts_require_helo     = US"*";
uschar *hosts_connection_nolog = NULL;

int     ignore_bounce_errors_after = 10*7*24*60*60;  /* 10 weeks */

int     keep_malformed         = 4*24*60*60;    /* 4 days */

uschar *eldap_dn               = NULL;
#ifdef EXPERIMENTAL_ESMTP_LIMITS
uschar *limits_advertise_hosts = US"*";
#endif
int     load_average           = -2;
uschar *local_from_prefix      = NULL;
uschar *local_from_suffix      = NULL;

  Li_outgoing_interface, /* see d_log_interface in deliver.c */
  Li_msg_id,
  Li_queue_run,
  Li_queue_time_exclusive,
  Li_rejected_header,
  Li_retry_defer,
  Li_sender_verify_fail,

  BIT_TABLE(L, outgoing_port),
  BIT_TABLE(L, pid),
  BIT_TABLE(L, pipelining),
  BIT_TABLE(L, protocol_detail),
#if defined(SUPPORT_PROXY) || defined(SUPPORT_SOCKS)
  BIT_TABLE(L, proxy),
#endif
  BIT_TABLE(L, queue_run),
  BIT_TABLE(L, queue_time),
  BIT_TABLE(L, queue_time_exclusive),
  BIT_TABLE(L, queue_time_overall),
  BIT_TABLE(L, receive_time),
  BIT_TABLE(L, received_recipients),

uschar *message_id;
uschar *message_id_domain      = NULL;
uschar *message_id_text        = NULL;
struct timeval message_id_tv   = { 0, 0 };
uschar  message_id_option[MESSAGE_ID_LENGTH + 3];
uschar *message_id_external;
int     message_linecount      = 0;

uschar *override_local_interfaces = NULL;
uschar *override_pid_file_path = NULL;

pcre2_general_context * pcre_gen_ctx = NULL;
pcre2_compile_context * pcre_cmp_ctx = NULL;
pcre2_match_context * pcre_mtc_ctx = NULL;

uschar *percent_hack_domains   = NULL;
uschar *pid_file_path          = US PID_FILE_PATH
                           "\0<--------------Space to patch pid_file_path->";

int     proxy_external_port    = 0;
uschar *proxy_local_address    = NULL;
int     proxy_local_port       = 0;
int     proxy_protocol_timeout = 3;
#endif

uschar *prvscheck_address      = NULL;

int     received_headers_max   = 30;
uschar *received_protocol      = NULL;
struct timeval received_time   = { 0, 0 };
struct timeval received_time_complete = { 0, 0 };
uschar *recipient_data         = NULL;
uschar *recipient_unqualified_hosts = NULL;
uschar *recipient_verify_failure = NULL;

recipient_item  *recipients_list = NULL;
int     recipients_list_max    = 0;
int     recipients_max         = 50000;
const pcre2_code *regex_AUTH         = NULL;
const pcre2_code *regex_check_dns_names = NULL;
const pcre2_code *regex_From         = NULL;
const pcre2_code *regex_IGNOREQUOTA  = NULL;
const pcre2_code *regex_PIPELINING   = NULL;
const pcre2_code *regex_SIZE         = NULL;
#ifndef DISABLE_PIPE_CONNECT
const pcre2_code *regex_EARLY_PIPE   = NULL;
#endif
const pcre2_code *regex_ismsgid      = NULL;
const pcre2_code *regex_smtp_code    = NULL;
const uschar *regex_vars[REGEX_VARS];
#ifdef WHITELIST_D_MACROS
const pcre2_code *regex_whitelisted_macro = NULL;
#endif
#ifdef WITH_CONTENT_SCAN
uschar *regex_match_string     = NULL;

int     smtp_accept_max        = 20;
int     smtp_accept_max_nonmail= 10;
uschar *smtp_accept_max_nonmail_hosts = US"*";
uschar *smtp_accept_max_per_connection = US"1000";
uschar *smtp_accept_max_per_host = NULL;
int     smtp_accept_queue      = 0;
int     smtp_accept_queue_per_connection = 10;
int     smtp_accept_reserve    = 0;
uschar *smtp_active_hostname   = NULL;
int	smtp_backlog_monitor   = 0;
uschar *smtp_banner            = US"$smtp_active_hostname ESMTP "
                             "Exim $version_number $tod_full"
                             "\0<---------------Space to patch smtp_banner->";

double  smtp_delay_mail        = 0.0;
double  smtp_delay_rcpt        = 0.0;
FILE   *smtp_in                = NULL;
int     smtp_listen_backlog    = 0;
int     smtp_load_reserve      = -1;
int     smtp_mailcmd_count     = 0;
int     smtp_mailcmd_max       = -1;
FILE   *smtp_out               = NULL;
uschar *smtp_etrn_command      = NULL;
int     smtp_max_synprot_errors= 3;
int     smtp_max_unknown_commands = 3;
uschar *smtp_notquit_reason    = NULL;
unsigned smtp_peer_options     = 0;
unsigned smtp_peer_options_wrap= 0;
uschar *smtp_ratelimit_hosts   = NULL;
uschar *smtp_ratelimit_mail    = NULL;
uschar *smtp_ratelimit_rcpt    = NULL;

double  smtp_rlr_factor        = 0.0;
int     smtp_rlr_limit         = 0;
int     smtp_rlr_threshold     = INT_MAX;
unsigned smtp_peer_options     = 0;
unsigned smtp_peer_options_wrap= 0;
#ifdef SUPPORT_I18N
uschar *smtputf8_advertise_hosts = US"*";	/* overridden under test-harness */
#endif

FILE   *spool_data_file	       = NULL;
uschar *spool_directory        = US SPOOL_DIRECTORY
                           "\0<--------------Space to patch spool_directory->";
#ifdef SUPPORT_SRS
uschar *srs_config             = NULL;
uschar *srs_db_address         = NULL;
uschar *srs_db_key             = NULL;
int     srs_hashlength         = 6;
int     srs_hashmin            = -1;
int     srs_maxage             = 31;
uschar *srs_orig_recipient     = NULL;
uschar *srs_orig_sender        = NULL;
uschar *srs_recipient          = NULL;
uschar *srs_secrets            = NULL;
uschar *srs_status             = NULL;
#endif
#ifdef EXPERIMENTAL_SRS_NATIVE
uschar *srs_recipient          = NULL;
#endif
int     string_datestamp_offset= -1;
int     string_datestamp_length= 0;
int     string_datestamp_type  = -1;
const uschar *submission_domain = NULL;
const uschar *submission_name  = NULL;
int     syslog_facility        = LOG_MAIL;
uschar *syslog_processname     = US"exim";
uschar *system_filter          = NULL;

transport_instance  *transports = NULL;

transport_instance  transport_defaults = {
    /* All non-mentioned elements zero/NULL/FALSE */
    .name =			NULL,
    .info =			NULL,
    .options_block =		NULL,
    .driver_name =		NULL,
    .setup =			NULL,
    .batch_max =		1,
    .batch_id =			NULL,
    .home_dir =			NULL,
    .current_dir =		NULL,
    .expand_multi_domain =	NULL,
    .multi_domain =		TRUE,
    .overrides_hosts =		FALSE,
    .max_addresses =		100,
    .connection_max_messages =	500,
    .deliver_as_creator =	FALSE,
    .disable_logging =		FALSE,
    .initgroups =		FALSE,
    .uid_set =			FALSE,
    .gid_set =			FALSE,
    .uid =			(uid_t)(-1),
    .gid =			(gid_t)(-1),
    .expand_uid =		NULL,
    .expand_gid =		NULL,
    .warn_message =		NULL,
    .shadow =			NULL,
    .shadow_condition =		NULL,
    .filter_command =		NULL,
    .add_headers =		NULL,
    .remove_headers =		NULL,
    .return_path =		NULL,
    .debug_string =		NULL,
    .max_parallel =		NULL,
    .message_size_limit =	NULL,
    .headers_rewrite =		NULL,
    .rewrite_rules =		NULL,
    .rewrite_existflags =	0,
    .filter_timeout =		300,
    .body_only =		FALSE,
    .delivery_date_add =	FALSE,
    .envelope_to_add =		FALSE,
    .headers_only =		FALSE,
    .rcpt_include_affixes =	FALSE,
    .return_path_add =		FALSE,
    .return_output =		FALSE,
    .return_fail_output =	FALSE,
    .log_output =		FALSE,
    .log_fail_output =		FALSE,
    .log_defer_output =		FALSE,
    .retry_use_local_part =	TRUE_UNSET,	/* retry_use_local_part: BOOL, but set neither
						 1 nor 0 so can detect unset */
#ifndef DISABLE_EVENT
   .event_action =		NULL
#endif
};

int     transport_count;

uschar *verify_mode	       = NULL;
uschar *version_copyright      =
 US"Copyright (c) University of Cambridge, 1995 - 2018\n"
   "(c) The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007 - 2022";
uschar *version_date           = US"?";
uschar *version_cnumber        = US"????";
uschar *version_string         = US"?";




/*
 *  Exim - an Internet mail transport agent
 *
 *  Copyright (c) The Exim Maintainers 2010 - 2022
 *  Copyright (c) University of Cambridge 1995 - 2009
 *
 *  Hash interface functions


/******************************************************************************/
#ifdef SHA_OPENSSL
# define HAVE_PARTIAL_SHA

BOOL
exim_sha_init(hctx * h, hashmethod m)
{
# if OPENSSL_VERSION_NUMBER < 0x30000000L
switch (h->method = m)
  {
  case HASH_SHA1:     h->hashlen = 20; SHA1_Init  (&h->u.sha1);     break;
  case HASH_SHA2_256: h->hashlen = 32; SHA256_Init(&h->u.sha2_256); break;
  case HASH_SHA2_384: h->hashlen = 48; SHA384_Init(&h->u.sha2_512); break;
  case HASH_SHA2_512: h->hashlen = 64; SHA512_Init(&h->u.sha2_512); break;
#  ifdef EXIM_HAVE_SHA3
  case HASH_SHA3_224: h->hashlen = 28;
		      EVP_DigestInit(h->u.mctx = EVP_MD_CTX_new(), EVP_sha3_224());
		      break;

  case HASH_SHA3_512: h->hashlen = 64;
		      EVP_DigestInit(h->u.mctx = EVP_MD_CTX_new(), EVP_sha3_512());
		      break;
#  endif
  default:	      h->hashlen = 0; return FALSE;
  }
return TRUE;

# else
EVP_MD * md;

h->hashlen = 0;
if (!(h->u.mctx = EVP_MD_CTX_new())) return FALSE;
switch (h->method = m)
  {
  case HASH_SHA1:     h->hashlen = 20; md = EVP_MD_fetch(NULL, "SHA1", NULL); break;
  case HASH_SHA2_256: h->hashlen = 32; md = EVP_MD_fetch(NULL, "SHA2-256", NULL); break;
  case HASH_SHA2_384: h->hashlen = 48; md = EVP_MD_fetch(NULL, "SHA2-384", NULL); break;
  case HASH_SHA2_512: h->hashlen = 64; md = EVP_MD_fetch(NULL, "SHA2-512", NULL); break;
  case HASH_SHA3_224: h->hashlen = 28; md = EVP_MD_fetch(NULL, "SHA3-224", NULL); break;
  case HASH_SHA3_256: h->hashlen = 32; md = EVP_MD_fetch(NULL, "SHA3-256", NULL); break;
  case HASH_SHA3_384: h->hashlen = 48; md = EVP_MD_fetch(NULL, "SHA3-384", NULL); break;
  case HASH_SHA3_512: h->hashlen = 64; md = EVP_MD_fetch(NULL, "SHA3-512", NULL); break;
  default:	      return FALSE;
  }
if (md && EVP_DigestInit_ex(h->u.mctx, md, NULL))
  return TRUE;

h->hashlen = 0;
return FALSE;
# endif
}


void
exim_sha_update(hctx * h, const uschar * data, int len)
{
# if OPENSSL_VERSION_NUMBER < 0x30000000L
switch (h->method)
  {
  case HASH_SHA1:     SHA1_Update  (&h->u.sha1,     data, len); break;
  case HASH_SHA2_256: SHA256_Update(&h->u.sha2_256, data, len); break;
  case HASH_SHA2_384: SHA384_Update(&h->u.sha2_512, data, len); break;
  case HASH_SHA2_512: SHA512_Update(&h->u.sha2_512, data, len); break;
#  ifdef EXIM_HAVE_SHA3
  case HASH_SHA3_224:
  case HASH_SHA3_256:
  case HASH_SHA3_384:
  case HASH_SHA3_512: EVP_DigestUpdate(h->u.mctx, data, len); break;
#  endif
  /* should be blocked by init not handling these, but be explicit to
  guard against accidents later (and hush up clang -Wswitch) */
  default: assert(0);
  }

# else

EVP_DigestUpdate(h->u.mctx, data, len);
# endif
}



exim_sha_finish(hctx * h, blob * b)
{
/* Hashing is sufficient to purify any tainted input */
b->data = store_get(b->len = h->hashlen, GET_UNTAINTED);

# if OPENSSL_VERSION_NUMBER < 0x30000000L
switch (h->method)
  {
  case HASH_SHA1:     SHA1_Final  (b->data, &h->u.sha1);     break;
  case HASH_SHA2_256: SHA256_Final(b->data, &h->u.sha2_256); break;
  case HASH_SHA2_384: SHA384_Final(b->data, &h->u.sha2_512); break;
  case HASH_SHA2_512: SHA512_Final(b->data, &h->u.sha2_512); break;
#  ifdef EXIM_HAVE_SHA3
  case HASH_SHA3_224:
  case HASH_SHA3_256:
  case HASH_SHA3_384:
  case HASH_SHA3_512: EVP_DigestFinal(h->u.mctx, b->data, NULL); break;
#  endif
  default: assert(0);
  }

# else

EVP_DigestFinal_ex(h->u.mctx, b->data, NULL);
EVP_MD_free((EVP_MD *) EVP_MD_CTX_get0_md(h->u.mctx));
EVP_MD_CTX_free(h->u.mctx);

# endif
}



#elif defined(SHA_GNUTLS)
# define HAVE_PARTIAL_SHA
/******************************************************************************/

BOOL

void
exim_sha_finish(hctx * h, blob * b)
{
b->data = store_get(b->len = h->hashlen, GET_UNTAINTED);
gnutls_hash_output(h->sha, b->data);
}



#elif defined(SHA_GCRYPT)
# define HAVE_PARTIAL_SHA
/******************************************************************************/

BOOL

void
exim_sha_finish(hctx * h, blob * b)
{
b->data = store_get(b->len = h->hashlen, GET_UNTAINTED);
memcpy(b->data, gcry_md_read(h->sha, 0), h->hashlen);
}




#elif defined(SHA_POLARSSL)
# define HAVE_PARTIAL_SHA
/******************************************************************************/

BOOL

void
exim_sha_finish(hctx * h, blob * b)
{
b->data = store_get(b->len = h->hashlen, GET_INTAINTED);
switch (h->method)
  {
  case HASH_SHA1:   sha1_finish(h->u.sha1, b->data); break;

  memset(work, 0, 56);
  }
else
  {
  memset(work+length+1, 0, 55-length);
  }

/* The final 8 bytes of the final chunk are a 64-bit representation of the
length of the input string *bits*, before padding, high order word first, and

void
exim_sha_finish(hctx * h, blob * b)
{
b->data = store_get(b->len = h->hashlen, GET_UNTAINTED);

native_sha1_end(&h->sha1, NULL, 0, b->data);
}




#ifdef HAVE_PARTIAL_SHA
# undef HAVE_PARTIAL_SHA
void
exim_sha_update_string(hctx * h, const uschar * s)
{
if (s) exim_sha_update(h, s, Ustrlen(s));
}
#endif




**************************************************
*************************************************/

#ifdef STAND_ALONE

/* Test values. The first 128 may contain binary zeros and have increasing
length. */

if (strcmp(s, atest) != 0) printf("*** No match ***\n");

}
#endif	/*STAND_ALONE*/

/* End of File */

Lines 1-7 Link Here

(-)exim.orig/src/hash.h (-2 / +2 lines)
1	/*	1	/*
2	* Exim - an Internet mail transport agent	2	* Exim - an Internet mail transport agent
3	*	3	* Copyright (c) The Exim Maintainers 1995 - 2022
4	* Copyright (C) 1995 - 2018 Exim maintainers
5	*	4	*
6	* Hash interface functions	5	* Hash interface functions
7	*/	6	*/
Lines 77-82 Link Here
77		76
78	extern BOOL exim_sha_init(hctx *, hashmethod);	77	extern BOOL exim_sha_init(hctx *, hashmethod);
79	extern void exim_sha_update(hctx , const uschar a, int);	78	extern void exim_sha_update(hctx , const uschar a, int);
		79	extern void exim_sha_update_string(hctx , const uschar a);
80	extern void exim_sha_finish(hctx , blob );	80	extern void exim_sha_finish(hctx , blob );
81		81
82	#endif	82	#endif




*     Exim - an Internet mail transport agent    *
*************************************************/

/* Copyright (c) The Exim Maintainers 2020 - 2022 */
/* Copyright (c) University of Cambridge 1995 - 2016 */
/* Copyright (c) The Exim Maintainers 2020 */
/* See the file NOTICE for conditions of use and distribution. */



header_line *h, *new = NULL;
header_line **hptr;

uschar * p, * q, * buf;
gstring gs;
gstring gs = { .size = HEADER_ADD_BUFFER_SIZE, .ptr = 0, .s = buf };

if (!header_last) return NULL;

gs.s = buf = store_get(HEADER_ADD_BUFFER_SIZE, GET_UNTAINTED);
gs.size = HEADER_ADD_BUFFER_SIZE;
gs.ptr = 0;

if (!string_vformat(&gs, SVFMT_REBUFFER, format, ap))
  log_write(0, LOG_MAIN|LOG_PANIC_DIE, "string too long in header_add: "
    "%.100s ...", string_from_gstring(&gs));

    if (*(++q) != ' ' && *q != '\t') break;
    }

  new = store_get(sizeof(header_line), GET_UNTAINTED);
  new->text = string_copyn(p, q - p);
  new->slen = q - p;
  new->type = type;

one_pattern_match(uschar *name, int slen, BOOL has_addresses, uschar *pattern)
{
BOOL yield = FALSE;
const pcre2_code *re = NULL;

/* If the pattern is a regex, compile it. Bomb out if compiling fails; these
patterns are all constructed internally and should be valid. */


      /* Otherwise, test for the pattern; a non-regex must be an exact match */

      yield = re
	? regex_match(re, next, -1, NULL)
        : (strcmpic(next, pattern) == 0);
          >= 0);
      }
    }



  else
    {
    yield = re
      ? regex_match(re, h->text, h->slen, NULL)
      : (strstric(h->text, pattern, FALSE) != NULL);
      (pcre_exec(re, NULL, CS h->text, h->slen, 0, PCRE_EOPT, NULL, 0) >= 0);
    }
  }





*     Exim - an Internet mail transport agent    *
*************************************************/

/* Copyright (c) The Exim Maintainers 2020 - 2022 */
/* Copyright (c) University of Cambridge 1995 - 2018 */
/* Copyright (c) The Exim Maintainers 2020 */
/* See the file NOTICE for conditions of use and distribution. */

/* Functions for finding hosts, either by gethostbyname(), gethostbyaddr(), or

     ||  ipa == 6 && af == AF_INET6)
    {
    int x[4];
    yield = store_get(sizeof(struct hostent), GET_UNTAINTED);
    alist = store_get(2 * sizeof(char *), GET_UNTAINTED);
    adds  = store_get(alen, GET_UNTAINTED);
    yield->h_name = CS name;
    yield->h_aliases = NULL;
    yield->h_addrtype = af;

  else
    {
    *error_num = HOST_NOT_FOUND;
    yield = NULL;
    goto out;
    }

/* Handle a host name */

  switch(rc)
    {
    case DNS_SUCCEED: break;
    case DNS_NOMATCH: *error_num = HOST_NOT_FOUND; yield = NULL; goto out;
    case DNS_NODATA:  *error_num = NO_DATA; yield = NULL; goto out;
    case DNS_AGAIN:   *error_num = TRY_AGAIN; yield = NULL; goto out;
    default:
    case DNS_FAIL:    *error_num = NO_RECOVERY; yield = NULL; goto out;
    }

  for (dns_record * rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS);

       rr = dns_next_rr(dnsa, &dnss, RESET_NEXT)) if (rr->type == type)
    count++;

  yield = store_get(sizeof(struct hostent), GET_UNTAINTED);
  alist = store_get((count + 1) * sizeof(char *), GET_UNTAINTED);
  adds  = store_get(count *alen, GET_UNTAINTED);

  yield->h_name = CS name;
  yield->h_aliases = NULL;

  *alist = NULL;
  }

out:

store_free_dns_answer(dnsa);
return yield;
}


    continue;
    }

  h = store_get(sizeof(host_item), GET_UNTAINTED);
  h->name = name;
  h->address = NULL;
  h->port = PORT_NONE;
  h->mx = fake_mx;
  h->sort_key = randomize ? (-fake_mx)*1000 + random_number(1000) : 0;
  h->status = hstatus_unknown;
  h->why = hwhy_unknown;
  h->last_try = 0;

*        Extract port from address string        *
*************************************************/

/* In the -oMa and -oMi options, a host plus port is given as an IP address
followed by a dot and a port number. This function decodes this.
decodes this.

An alternative format for the -oMa and -oMi options is [ip address]:port which
is what Exim uses for output, because it seems to becoming commonly used,
whereas the dot form confuses some programs/people. So we recognize that form
too.

The spool file used to use the first form, but this breaks with a v4mapped ipv6
hybrid, because the parsing here is not clever.  So for spool we now use the
second form.

Argument:
  address    points to the string; if there is a port, the '.' in the string
             is overwritten with zero to terminate the address; if the string

int sep = 0;
uschar *s;
ip_address_item * yield = NULL, * last = NULL, * next;
BOOL taint = is_tainted(list);

while ((s = string_nextinlist(&list, &sep, NULL, 0)))
  {

  address above. The field in the ip_address_item is large enough to hold an
  IPv6 address. */

  next = store_get(sizeof(ip_address_item), list);
  next->next = NULL;
  Ustrcpy(next->address, s);
  next->port = port;

{
ip_address_item *running_interfaces = NULL;

if (!local_interface_data)
  {
  void *reset_item = store_mark();
  ip_address_item *dlist = host_build_ifacelist(CUS local_interfaces,

    struct sockaddr_in6 *sk = (struct sockaddr_in6 *)arg;
    yield = US inet_ntop(family, &(sk->sin6_addr), CS addr_buffer,
      sizeof(addr_buffer));
    if (portptr) *portptr = ntohs(sk->sin6_port);
    }
  else
    {
    struct sockaddr_in *sk = (struct sockaddr_in *)arg;
    yield = US inet_ntop(family, &(sk->sin_addr), CS addr_buffer,
      sizeof(addr_buffer));
    if (portptr) *portptr = ntohs(sk->sin_port);
    }
  }
else

if (type < 0)
  {
  yield = US inet_ntoa(((struct sockaddr_in *)arg)->sin_addr);
  if (portptr) *portptr = ntohs(((struct sockaddr_in *)arg)->sin_port);
  }
else
  yield = US inet_ntoa(*((struct in_addr *)arg));


/* If there is no buffer, put the string into some new store. */

if (!buffer) buffer = store_get(46, GET_UNTAINTED);

/* Callers of this function with a non-NULL buffer must ensure that it is
large enough to hold an IPv6 address, namely, at least 46 bytes. That's what

  c++;
  }

*--c = '\0';	/* drop trailing colon */

/* debug_printf("%s: D k %d <%s> <%s>\n", __FUNCTION__, k, buffer, buffer + 2*(k+1)); */
if (k >= 0)
  {			/* collapse */
  c = d + 2*(k+1);

host_is_tls_on_connect_port(int port)
{
int sep = 0;
const uschar * list = tls_in.on_connect_ports;
const uschar *list = tls_in.on_connect_ports;
uschar *s;
uschar *end;

if (tls_in.on_connect) return TRUE;

for (uschar * s, * end; s = string_nextinlist(&list, &sep, NULL, 0); )
  if (Ustrtol(s, &end, 10) == port)
    return TRUE;



  if (hosts->h_aliases)
    {
    int count = 1;  /* need 1 more for terminating NULL */
    uschar **ptr;

    for (uschar ** aliases = USS hosts->h_aliases; *aliases; aliases++) count++;
    store_pool = POOL_PERM;
    ptr = sender_host_aliases = store_get(count * sizeof(uschar *), GET_UNTAINTED);
    store_pool = POOL_TAINT_PERM;

    for (uschar ** aliases = USS hosts->h_aliases; *aliases; aliases++)

      {
      uschar **aptr = NULL;
      int ssize = 264;
      int count = 1;  /* need 1 more for terminating NULL */
      int old_pool = store_pool;

      sender_host_dnssec = dns_is_secure(dnsa);

      /* Get store for the list of aliases. For compatibility with
      gethostbyaddr, we make an empty list if there are none. */

      aptr = sender_host_aliases = store_get(count * sizeof(uschar *), GET_UNTAINTED);

      /* Re-scan and extract the names */


           rr;
           rr = dns_next_rr(dnsa, &dnss, RESET_NEXT)) if (rr->type == T_PTR)
        {
        uschar * s = store_get(ssize, GET_TAINTED);	/* names are tainted */

        /* If an overlong response was received, the data will have been
        truncated and dn_expand may fail. */

  {
  uschar **aliases = sender_host_aliases;
  debug_printf("IP address lookup yielded \"%s\"\n", sender_host_name);
  while (*aliases) debug_printf("  alias \"%s\"\n", *aliases++);
  }

/* We need to verify that a forward lookup on the name we found does indeed


  if (!hostdata)
    {
    uschar * error;
    switch (error_num)
      {
      case HOST_NOT_FOUND: error = US"HOST_NOT_FOUND";	break;
      case TRY_AGAIN:      error = US"TRY_AGAIN";   temp_error = TRUE; break;
      case NO_RECOVERY:    error = US"NO_RECOVERY"; temp_error = TRUE; break;
      case NO_DATA:        error = US"NO_DATA";		break;
    #if NO_DATA != NO_ADDRESS
      case NO_ADDRESS:     error = US"NO_ADDRESS";	break;
    #endif
      default: error = US"?"; break;
      }

    DEBUG(D_host_lookup) debug_printf("%s(af=%s) returned %d (%s)\n",
      f.running_in_test_harness ? "host_fake_gethostbyname" :
#if HAVE_IPV6
# if HAVE_GETIPNODEBYNAME
        "getipnodebyname",
# else
        "gethostbyname2",
# endif
#else
	"gethostbyname",
#endif
      af == AF_INET ? "inet" : "inet6", error_num, error);

    if (error_num == TRY_AGAIN || error_num == NO_RECOVERY) temp_error = TRUE;
    continue;
    }
  if (!(hostdata->h_addr_list)[0]) continue;

  /* Replace the name with the fully qualified one if necessary, and fill in
  the fully_qualified_name pointer. */

  if (hostdata->h_name[0] && Ustrcmp(host->name, hostdata->h_name) != 0)
      Ustrcmp(host->name, hostdata->h_name) != 0)
    host->name = string_copy_dnsdomain(US hostdata->h_name);
  if (fully_qualified_name) *fully_qualified_name = host->name;

  /* Get the list of addresses. IPv4 and IPv6 addresses can be distinguished
  by their different lengths. Scan the list, ignoring any that are to be

      host_ntoa(ipv4_addr? AF_INET:AF_INET6, *addrlist, NULL, NULL);

    #ifndef STAND_ALONE
    if (  ignore_target_hosts
       && verify_check_this_host(&ignore_target_hosts, NULL, host->name,
	    text_address, NULL) == OK)
      {
      DEBUG(D_host_lookup)
        debug_printf("ignored host %s [%s]\n", host->name, text_address);

      }
    #endif

    /* If this is the first address, last is NULL and we put the data in the
    original block. */

    if (!last)
      {
      host->address = text_address;
      host->port = PORT_NONE;


    else
      {
      host_item *next = store_get(sizeof(host_item), GET_UNTAINTED);
      next->name = host->name;
#ifndef DISABLE_TLS
      next->certname = host->certname;

NULL. If temp_error is set, at least one of the lookups gave a temporary error,
so we pass that back. */

if (!host->address)
  {
  uschar *msg =
    #ifndef STAND_ALONE
    !message_id[0] && smtp_in
      ? string_sprintf("no IP address found for host %s (during %s)", host->name,
          smtp_get_connection_info()) :
    #endif
    string_sprintf("no IP address found for host %s", host->name);


RETURN_AGAIN:
  {
#ifndef STAND_ALONE
  int rc;
  const uschar *save = deliver_domain;
  deliver_domain = host->name;  /* set $domain */

      "returning HOST_FIND_FAILED\n", host->name);
    return HOST_FIND_FAILED;
    }
#endif
  return HOST_FIND_AGAIN;
  }
}

BOOL v6_find_again = FALSE;
BOOL dnssec_fail = FALSE;
int i;
dns_answer * dnsa;

#ifndef DISABLE_TLS
/* Copy the host name at this point to the value which is used for

  return HOST_FOUND;
  }

dnsa = store_get_dns_answer();

/* On an IPv6 system, unless IPv6 is disabled, go round the loop up to twice,
looking for AAAA records the first time. However, unless doing standalone
testing, we force an IPv4 lookup if the domain matches dns_ipv4_lookup global.

  int type = types[i];
  int randoffset = i == (whichrrs & HOST_FIND_IPV4_FIRST ? 1 : 0)
    ? 500 : 0;  /* Ensures v6/4 sort order */
  dns_answer * dnsa = store_get_dns_answer();
  dns_scan dnss;

  int rc = dns_lookup_timerwrap(dnsa, host->name, type, fully_qualified_name);

    {
    if (i == 0)  /* Just tried for an A record, i.e. end of loop */
      {
      if (host->address != NULL)
        i = HOST_FOUND;  /* AAAA was found */
      else if (rc == DNS_AGAIN || rc == DNS_FAIL || v6_find_again)
        i = HOST_FIND_AGAIN;
      else
	i = HOST_FIND_FAILED;    /* DNS_NOMATCH or DNS_NODATA */
      goto out;
      }

    /* Tried for an AAAA record: remember if this was a temporary

	/* Not a duplicate */

	new_sort_key = host->mx * 1000 + random_number(500) + randoffset;
	next = store_get(sizeof(host_item), GET_UNTAINTED);

	/* New address goes first: insert the new block after the first one
	(so as not to disturb the original pointer) but put the new address

/* Control gets here only if the second lookup (the A record) succeeded.
However, the address may not be filled in if it was ignored. */

i = host->address
  ? HOST_FOUND
  : dnssec_fail
  ? HOST_FIND_SECURITY
  : HOST_IGNORED;

out:
  store_free_dns_answer(dnsa);
  return i;
}



#endif
      { yield = HOST_FIND_AGAIN; goto out; }
    DEBUG(D_host_lookup) debug_printf("DNS_%s treated as DNS_NODATA "
      "(domain in srv_fail_domains)\n", rc == DNS_FAIL ? "FAIL":"AGAIN");
    }
  }


  /* Make a new host item and seek the correct insertion place */
    {
    int sort_key = precedence * 1000 + weight;
    host_item * next = store_get(sizeof(host_item), GET_UNTAINTED);
    next->name = string_copy_dnsdomain(data);
    next->address = NULL;
    next->port = port;

out:

dns_init(FALSE, FALSE, FALSE);	/* clear the dnssec bit for getaddrbyname */
store_free_dns_answer(dnsa);
return yield;
}


rc = dns_lookup_timerwrap(dnsa, buffer, T_TLSA, &fullname);
sec = dns_is_secure(dnsa);
DEBUG(D_transport)
  debug_printf("TLSA lookup ret %s %sDNSSEC\n", dns_rc_names[rc], sec ? "" : "not ");

switch (rc)
  {


disable_ipv6 = FALSE;
primary_hostname = US"";
store_init();
store_pool = POOL_MAIN;
debug_selector = D_host_lookup|D_interface;
debug_file = stdout;




*************************************************/

/* Copyright (c) University of Cambridge 1995 - 2018 */
/* Copyright (c) The Exim Maintainers 2020 - 2021 */
/* See the file NOTICE for conditions of use and distribution. */

/* Functions for doing things with sockets. With the advent of IPv6 this has

  return sizeof(sin->v6);
  }
else
#else     /* HAVE_IPv6 */
af = af;  /* Avoid compiler warning */
#endif    /* HAVE_IPV6 */

/* Setup code when using IPv4 socket. The wildcard address is "". */

  s_len = sizeof(s_in6);
  }
else
#else     /* HAVE_IPV6 */
af = af;  /* Avoid compiler warning */
#endif    /* HAVE_IPV6 */

/* For an IPv4 address, use an IPv4 sockaddr structure, even on a system with

  for (int port = portlo; port <= porthi; port++)
    if (ip_connect(fd, af, h->address, port, timeout, fastopen_blob) == 0)
      {
      if (fd6 >= 0 && fd != fd6) close(fd6);
      if (fd4 >= 0 && fd != fd4) close(fd4);
      if (connhost)
	{
	h->port = port;

BOOL
fd_ready(int fd, time_t timelimit)
{
int rc, time_left = timelimit - time(NULL);
int time_left = timelimit - time(NULL);
int rc;

if (time_left <= 0)
  {


do
  {
  struct timeval tv = { .tv_sec = time_left, .tv_usec = 0 };
  FD_ZERO (&select_inset);
  FD_SET (fd, &select_inset);

  /*DEBUG(D_transport) debug_printf("waiting for data on fd\n");*/
  rc = poll_one_fd(fd, POLLIN, time_left * 1000);

  /* If some interrupt arrived, just retry. We presume this to be rare,
  but it can happen (e.g. the SIGUSR1 signal sent by exiwhat causes

  /* Checking the FD_ISSET is not enough, if we're interrupted, the
  select_inset may still contain the 'input'. */
  }
while (rc < 0);
return TRUE;
}


Lines 3-8 Link Here

(-)exim.orig/src/local_scan.c (-2 / +1 lines)
3	*************************************************/	3	*************************************************/
4		4
5	/* Copyright (c) University of Cambridge 1995 - 2009 */	5	/* Copyright (c) University of Cambridge 1995 - 2009 */
		6	/* Copyright (c) The Exim Maintainers 2021 */
6	/* See the file NOTICE for conditions of use and distribution. */	7	/* See the file NOTICE for conditions of use and distribution. */
7		8
8		9
Lines 57-64 Link Here
57	int	58	int
58	local_scan(int fd, uschar **return_text)	59	local_scan(int fd, uschar **return_text)
59	{	60	{
60	fd = fd; /* Keep picky compilers happy */
61	return_text = return_text;
62	return LOCAL_SCAN_ACCEPT;	61	return LOCAL_SCAN_ACCEPT;
63	}	62	}
64		63




*     Exim - an Internet mail transport agent    *
*************************************************/

/* Copyright (c) The Exim Maintainers 2020 - 2022 */
/* Copyright (c) University of Cambridge 1995 - 2020 */
/* Copyright (c) The Exim Maintainers 2020 */
/* See the file NOTICE for conditions of use and distribution. */

/* This file is the header that is the only Exim header to be included in the

each time a new feature is added (in a way that doesn't break backward
compatibility). */

#define LOCAL_SCAN_ABI_VERSION_MAJOR 6
#define LOCAL_SCAN_ABI_VERSION_MINOR 0
#define LOCAL_SCAN_ABI_VERSION \
  LOCAL_SCAN_ABI_VERSION_MAJOR.LOCAL_SCAN_ABI_VERSION_MINOR


extern int     body_linecount;         /* Line count in body */
extern int     body_zerocount;         /* Binary zero count in body */
extern uschar *expand_string_message;  /* Error info for failing expansion */
extern const uschar *headers_charset;  /* Charset for RFC 2047 decoding */
extern header_line *header_last;       /* Final header */
extern header_line *header_list;       /* First header */
extern BOOL    host_checking;          /* Set when checking a host */

extern int     lss_match_host(uschar *, uschar *, uschar *);
extern void    receive_add_recipient(uschar *, int);
extern BOOL    receive_remove_recipient(uschar *);
extern uschar *rfc2047_decode(uschar *, BOOL, const uschar *, int, int *,
			      uschar **);
extern int     smtp_fflush(void);
extern void    smtp_printf(const char *, BOOL, ...) PRINTF_FUNCTION(1,3);
extern void    smtp_vprintf(const char *, BOOL, va_list);

	string_sprintf_trc(fmt, US __FUNCTION__, __LINE__, __VA_ARGS__)
extern uschar *string_sprintf_trc(const char *, const uschar *, unsigned, ...) ALMOST_PRINTF(1,4);

#define store_get(size, proto_mem) \
	store_get_3((size), (proto_mem), __FUNCTION__, __LINE__)
extern void   *store_get_3(int, const void *, const char *, int)	ALLOC ALLOC_SIZE(1) WARN_UNUSED_RESULT;
#define store_get_perm(size, proto_mem) \
	store_get_perm_3((size), (proto_mem), __FUNCTION__, __LINE__)
extern void   *store_get_perm_3(int, const void *, const char *, int)	ALLOC ALLOC_SIZE(1) WARN_UNUSED_RESULT;


#if defined(LOCAL_SCAN) || defined(DLFUNC_IMPL)


extern uschar * string_copy_function(const uschar *);
extern uschar * string_copyn_function(const uschar *, int n);
extern uschar * string_copy_taint_function(const uschar *, const void * proto_mem);
extern pid_t    child_open_exim_function(int *, const uschar *);
extern pid_t    child_open_exim2_function(int *, uschar *, uschar *, const uschar *);
extern pid_t    child_open_function(uschar **, uschar **, int, int *, int *, BOOL, const uschar *);




*     Exim - an Internet mail transport agent    *
*************************************************/

/* Copyright (c) The Exim Maintainers 2020 - 2022 */
/* Copyright (c) University of Cambridge 1995 - 2018 */
/* Copyright (c) The Exim Maintainers 2020 */
/* See the file NOTICE for conditions of use and distribution. */

/* Functions for writing log files. The code for maintaining datestamped


#include "exim.h"

#define LOG_NAME_SIZE 256
#define MAX_SYSLOG_LEN 870

#define LOG_MODE_FILE   1


static uschar mainlog_name[LOG_NAME_SIZE];
static uschar rejectlog_name[LOG_NAME_SIZE];
static uschar debuglog_name[LOG_NAME_SIZE];

static uschar *mainlog_datestamp = NULL;
static uschar *rejectlog_datestamp = NULL;

number definitions in macros.h */

static const uschar * exim_errstrings[] = {
  [0] = US"",
  [- ERRNO_UNKNOWNERROR] =	US"unknown error",
  [- ERRNO_USERSLASH] =		US"user slash",
  [- ERRNO_EXISTRACE] =		US"exist race",
  [- ERRNO_NOTREGULAR] =	US"not regular",
  [- ERRNO_NOTDIRECTORY] =	US"not directory",
  [- ERRNO_BADUGID] =		US"bad ugid",
  [- ERRNO_BADMODE] =		US"bad mode",
  [- ERRNO_INODECHANGED] =	US"inode changed",
  [- ERRNO_LOCKFAILED] =	US"lock failed",
  [- ERRNO_BADADDRESS2] =	US"bad address2",
  [- ERRNO_FORBIDPIPE] =	US"forbid pipe",
  [- ERRNO_FORBIDFILE] =	US"forbid file",
  [- ERRNO_FORBIDREPLY] =	US"forbid reply",
  [- ERRNO_MISSINGPIPE] =	US"missing pipe",
  [- ERRNO_MISSINGFILE] =	US"missing file",
  [- ERRNO_MISSINGREPLY] =	US"missing reply",
  [- ERRNO_BADREDIRECT] =	US"bad redirect",
  [- ERRNO_SMTPCLOSED] =	US"smtp closed",
  [- ERRNO_SMTPFORMAT] =	US"smtp format",
  [- ERRNO_SPOOLFORMAT] =	US"spool format",
  [- ERRNO_NOTABSOLUTE] =	US"not absolute",
  [- ERRNO_EXIMQUOTA] =		US"Exim-imposed quota",
  [- ERRNO_HELD] =		US"held",
  [- ERRNO_FILTER_FAIL] =	US"Delivery filter process failure",
  [- ERRNO_CHHEADER_FAIL] =	US"Delivery add/remove header failure",
  [- ERRNO_WRITEINCOMPLETE] =	US"Delivery write incomplete error",
  [- ERRNO_EXPANDFAIL] =	US"Some expansion failed",
  [- ERRNO_GIDFAIL] =		US"Failed to get gid",
  [- ERRNO_UIDFAIL] =		US"Failed to get uid",
  [- ERRNO_BADTRANSPORT] =	US"Unset or non-existent transport",
  [- ERRNO_MBXLENGTH] =		US"MBX length mismatch",
  [- ERRNO_UNKNOWNHOST] =	US"Lookup failed routing or in smtp tpt",
  [- ERRNO_FORMATUNKNOWN] =	US"Can't match format in appendfile",
  [- ERRNO_BADCREATE] =		US"Creation outside home in appendfile",
  [- ERRNO_LISTDEFER] =		US"Can't check a list; lookup defer",
  [- ERRNO_DNSDEFER] =		US"DNS lookup defer",
  [- ERRNO_TLSFAILURE] =	US"Failed to start TLS session",
  [- ERRNO_TLSREQUIRED] =	US"Mandatory TLS session not started",
  [- ERRNO_CHOWNFAIL] =		US"Failed to chown a file",
  [- ERRNO_PIPEFAIL] =		US"Failed to create a pipe",
  [- ERRNO_CALLOUTDEFER] =	US"When verifying",
  [- ERRNO_AUTHFAIL] =		US"When required by client",
  [- ERRNO_CONNECTTIMEOUT] =	US"Used internally in smtp transport",
  [- ERRNO_RCPT4XX] =		US"RCPT gave 4xx error",
  [- ERRNO_MAIL4XX] =		US"MAIL gave 4xx error",
  [- ERRNO_DATA4XX] =		US"DATA gave 4xx error",
  [- ERRNO_PROXYFAIL] =		US"Negotiation failed for proxy configured host",
  [- ERRNO_AUTHPROB] =		US"Authenticator 'other' failure",
  [- ERRNO_UTF8_FWD] =		US"target not supporting SMTPUTF8",
  [- ERRNO_HOST_IS_LOCAL] =	US"host is local",
  [- ERRNO_TAINT] =		US"tainted filename",

  [- ERRNO_RRETRY] =		US"Not time for routing",

  [- ERRNO_LRETRY] =		US"Not time for local delivery",
  [- ERRNO_HRETRY] =		US"Not time for any remote host",
  [- ERRNO_LOCAL_ONLY] =	US"Local-only delivery",
  [- ERRNO_QUEUE_DOMAIN] =	US"Domain in queue_domains",
  [- ERRNO_TRETRY] =		US"Transport concurrency limit",

  [- ERRNO_EVENT] =		US"Event requests alternate response",
};



*/

static int
log_open_already_exim(const uschar * const name)
{
int fd = -1;
const int flags = O_WRONLY | O_APPEND | O_CREAT | O_NONBLOCK;

  uschar *lastslash = Ustrrchr(name, '/');
  *lastslash = 0;
  created = directory_make(NULL, name, LOG_DIRECTORY_MODE, FALSE);
  DEBUG(D_any)
    if (created)
      debug_printf("created log directory %s\n", name);
    else
      debug_printf("failed to create log directory %s: %s\n", name, strerror(errno));
  *lastslash = '/';
  if (created) fd = Uopen(name, flags, LOG_MODE);
  }




/* Inspired by OpenSSH's mm_send_fd(). Thanks!
Send fd over socketpair.
Return: true iff good.
*/

static BOOL
log_send_fd(const int sock, const int fd)
{
struct msghdr msg;

  char buf[CMSG_SPACE(sizeof(int))];
} cmsgbuf;
struct cmsghdr *cmsg;
struct iovec vec;
char ch = 'A';
struct iovec vec = {.iov_base = &ch, .iov_len = 1};
ssize_t n;

memset(&msg, 0, sizeof(msg));

cmsg->cmsg_type = SCM_RIGHTS;
*(int *)CMSG_DATA(cmsg) = fd;

vec.iov_base = &ch;
vec.iov_len = 1;
msg.msg_iov = &vec;
msg.msg_iovlen = 1;

while ((n = sendmsg(sock, &msg, 0)) == -1 && errno == EINTR);
return n == 1;
return 0;
}

/* Inspired by OpenSSH's mm_receive_fd(). Thanks!
Return fd passed over socketpair, or -1 on error.
*/

static int
log_recv_fd(const int sock)

  char buf[CMSG_SPACE(sizeof(int))];
} cmsgbuf;
struct cmsghdr *cmsg;
struct iovec vec;
ssize_t n;
char ch = '\0';
struct iovec vec = {.iov_base = &ch, .iov_len = 1};
ssize_t n;
int fd;

memset(&msg, 0, sizeof(msg));
vec.iov_base = &ch;
vec.iov_len = 1;
msg.msg_iov = &vec;
msg.msg_iovlen = 1;


msg.msg_control = &cmsgbuf.buf;
msg.msg_controllen = sizeof(cmsgbuf.buf);

while ((n = recvmsg(sock, &msg, 0)) == -1 && errno == EINTR) ;
if (n != 1 || ch != 'A') return -1;

if (!(cmsg = CMSG_FIRSTHDR(&msg))) return -1;
if (cmsg == NULL) return -1;
if (cmsg->cmsg_type != SCM_RIGHTS) return -1;
if ((fd = *(const int *)CMSG_DATA(cmsg)) < 0) return -1;
if (fd < 0) return -1;
return fd;
}


*/

int
log_open_as_exim(const uschar * const name)
{
int fd = -1;
const uid_t euid = geteuid();

if (euid == exim_uid)
  {
  fd = log_open_already_exim(name);
  }
else if (euid == root_uid)
  {
  int sock[2];
  if (socketpair(AF_UNIX, SOCK_STREAM, 0, sock) == 0)
    {
    const pid_t pid = fork();
    if (pid == 0)
      {
      (void)close(sock[0]);
      if (  setgroups(1, &exim_gid) != 0
         || setgid(exim_gid) != 0
         || setuid(exim_uid) != 0

         || getuid() != exim_uid || geteuid() != exim_uid
         || getgid() != exim_gid || getegid() != exim_gid

         || (fd = log_open_already_exim(name)) < 0
         || !log_send_fd(sock[1], fd)
	 ) _exit(EXIT_FAILURE);
      (void)close(sock[1]);
      _exit(EXIT_SUCCESS);
      }

  if (flags != -1) (void)fcntl(fd, F_SETFL, flags & ~O_NONBLOCK);
  }
else
  {
  errno = EACCES;
  }

return fd;
}

it does not exist. This may be called recursively on failure, in order to open
the panic log.

The directory is in the static variable file_path. This is static so that
the work of sorting out the path is done just once per Exim process.

Exim is normally configured to avoid running as root wherever possible, the log

*/

static void
open_log(int * fd, int type, const uschar * tag)
{
uid_t euid;
BOOL ok, ok2;


ok = string_format(buffer, sizeof(buffer), CS file_path, log_names[type]);

switch (type)
it gets statted to see if it has been cycled. With a datestamp, the datestamp
will be compared. The static slot for saving it is the same size as buffer,
and the text has been checked above to fit, so this use of strcpy() is OK. */

if (type == lt_main && string_datestamp_offset >= 0)
  {
  case lt_main:
    /* Save the name of the mainlog for rollover processing. Without a datestamp,
    it gets statted to see if it has been cycled. With a datestamp, the datestamp
    will be compared. The static slot for saving it is the same size as buffer,
    and the text has been checked above to fit, so this use of strcpy() is OK. */
    Ustrcpy(mainlog_name, buffer);
    if (string_datestamp_offset > 0)
      mainlog_datestamp = mainlog_name + string_datestamp_offset;
    break;
  rejectlog_datestamp = rejectlog_name + string_datestamp_offset;
  }

/* and deal with the debug log (which keeps the datestamp, but does not
update it) */

  case lt_reject:
    /* Ditto for the reject log */
    Ustrcpy(rejectlog_name, buffer);
    if (string_datestamp_offset > 0)
      rejectlog_datestamp = rejectlog_name + string_datestamp_offset;
    break;
    ok2 = string_format(buffer, sizeof(buffer), "%s%s",
      debuglog_name, tag);
    if (ok2)
      Ustrcpy(debuglog_name, buffer);
    }
  }

  case lt_debug:
    /* and deal with the debug log (which keeps the datestamp, but does not
    update it) */
    Ustrcpy(debuglog_name, buffer);
    if (tag)
      {
      if (is_tainted(tag))
      	die(US"exim: tainted tag for debug log filename",
      	      US"Logging failure; please try later");

      /* this won't change the offset of the datestamp */
      ok2 = string_format(buffer, sizeof(buffer), "%s%s",
        debuglog_name, tag);
      if (ok2)
        Ustrcpy(debuglog_name, buffer);
      }
    break;

  default:
    /* Remove any datestamp if this is the panic log. This is rare, so there's no
    need to optimize getting the datestamp length. We remove one non-alphanumeric
    char afterwards if at the start, otherwise one before. */
    if (string_datestamp_offset >= 0)
      {
      uschar * from = buffer + string_datestamp_offset;
      uschar * to = from + string_datestamp_length;

      if (from == buffer || from[-1] == '/')
        {
        if (!isalnum(*to)) to++;
        }
      else
        if (!isalnum(from[-1])) from--;

      /* This copy is ok, because we know that to is a substring of from. But
      due to overlap we must use memmove() not Ustrcpy(). */
      memmove(from, to, Ustrlen(to)+1);
      }
    break;
  }

/* If the file name is too long, it is an unrecoverable disaster */


/* We now have the file name. After a successful open, return. */

if ((*fd = log_open_as_exim(buffer)) >= 0)

if (*fd >= 0)
  {
  return;
  }

euid = geteuid();


}


/* Close mainlog, unless we do not see a chance to open the file mainlog later
again.  This will happen if we log from a transport process (which has dropped
privs); something we traditionally avoid, but the introduction of taint-tracking
and resulting detection of errors is makinng harder. */

void
mainlog_close(void)
{
if (mainlogfd < 0
   || !(geteuid() == 0 || geteuid() == exim_uid))
  return;
(void)close(mainlogfd);
mainlogfd = -1;
mainlog_inode = 0;

      "More than one path given in log_file_path: using %s", file_path);
  }

/* Optionally trigger debug */

if (flags & LOG_PANIC && dtrigger_selector & BIT(DTi_panictrigger))
  debug_trigger_fire();

/* If debugging, show all log entries, but don't show headers. Do it all
in one go so that it doesn't get split when multi-processing. */


    panic_recurseflag = FALSE;

    if (panic_save_buffer)
      (void) write(paniclogfd, panic_save_buffer, Ustrlen(panic_save_buffer));
      int i = write(paniclogfd, panic_save_buffer, Ustrlen(panic_save_buffer));
      i = i;	/* compiler quietening */
      }

    written_len = write_to_fd_buf(paniclogfd, g->s, g->ptr);
    if (written_len != g->ptr)

*/

void
decode_bits(unsigned int * selector, size_t selsize, int * notall,
  const uschar * string, bit_table * options, int count, uschar * which,
  int flags)
{
uschar *errmsg;
if (!string) return;

  {
  char *end;    /* Not uschar */
  memset(selector, 0, sizeof(*selector)*selsize);
  *selector = strtoul(CCS string+1, &end, 0);
  if (!*end) return;
  errmsg = string_sprintf("malformed numeric %s_selector setting: %s", which,
    string);

else for(;;)
  {
  BOOL adding;
  const uschar * s;
  int len;
  bit_table * start, * end;

  Uskip_whitespace(&string);
  if (!*string) return;


The first use of this is in ACL logic, "control = debug/tag=foo/opts=+expand"
which can be combined with conditions, etc, to activate extra logging only
for certain sources. The second use is inetd wait mode debug preservation.

It might be nice, in ACL-initiated pretrigger mode, to not create the file
immediately but only upon a trigger - but we'd need another cmdline option
to pass the name through child_exxec_exim(). */

void
debug_logging_activate(const uschar * tag_name, const uschar * opts)
{
int fd = -1;

if (debug_file)
  {
  debug_printf("DEBUGGING ACTIVATED FROM WITHIN CONFIG.\n"

  return;
  }

if (tag_name && (Ustrchr(tag_name, '/') != NULL))
  {
  log_write(0, LOG_MAIN|LOG_PANIC, "debug tag may not contain a '/' in: %s",
      tag_name);


if (!*file_path) set_file_path();

open_log(&debug_fd, lt_debug, tag_name);

if (debug_fd != -1)
  debug_file = fdopen(debug_fd, "w");
else
  log_write(0, LOG_MAIN|LOG_PANIC, "unable to open debug log");
}


void
debug_logging_from_spool(const uschar * filename)
{
if (debug_fd < 0)
  {
  Ustrncpy(debuglog_name, filename, sizeof(debuglog_name));
  if ((debug_fd = log_open_as_exim(filename)) >= 0)
    debug_file = fdopen(debug_fd, "w");
  DEBUG(D_deliver) debug_printf("debug enabled by spoolfile\n");
  }
/*
else DEBUG(D_deliver)
  debug_printf("debug already active; ignoring spoolfile '%s'\n", filename);
*/
}


void
debug_logging_stop(BOOL kill)
{
debug_pretrigger_discard();
if (!debug_file || !debuglog_name[0]) return;

debug_selector = 0;
fclose(debug_file);
debug_file = NULL;
debug_fd = -1;
if (kill) unlink_log(lt_debug);
}






*     Exim - an Internet mail transport agent    *
*************************************************/

/* Copyright (c) The Exim Maintainers 2022 */
/* Copyright (c) University of Cambridge 1995 - 2015 */
/* Copyright (c) The Exim Maintainers 2020 */
/* See the file NOTICE for conditions of use and distribution. */



  void (*tidy)(void);             /* tidy function */
  uschar *(*quote)(               /* quoting function */
    uschar *,                     /* string to quote */
    uschar *,                     /* additional data from quote name */
    unsigned);			  /* lookup type index */
  gstring * (*version_report)(    /* diagnostic function */
    gstring *);                   /* string to appand to */
} lookup_info;

/* This magic number is used by the following lookup_module_info structure
   for checking API compatibility. It used to be equivalent to the string"LMM3" */
#define LOOKUP_MODULE_INFO_MAGIC 0x4c4d4935
/* Version 2 adds: version_report */
/* Version 3 change: non/cache becomes TTL in seconds */
/* Version 4 add: index on quoting function */
/* Version 5 change: version report now adds to a gstring */

typedef struct lookup_module_info {
  uint magic;




 * Exim - CDB database lookup module
 * ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 *
 * Copyright (c) The Exim Maintainers 2020 - 2022
 * Copyright (c) 1998 Nigel Metheringham, Planet Online Ltd
 * Copyright (c) The Exim Maintainers 2020
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License


if ((fileno = Uopen(filename, O_RDONLY, 0)) < 0)
  {
  *errmsg = string_open_failed("%s for cdb lookup", filename);
  *errmsg = string_open_failed(errno, "%s for cdb lookup", filename);
  errno = save_errno;
  return NULL;
  }

if (fstat(fileno, &statbuf) != 0)
  {
  *errmsg = string_open_failed("fstat(%s) failed - cannot do cdb lookup",
  *errmsg = string_open_failed(errno,
			      "fstat(%s) failed - cannot do cdb lookup",
			      filename);
  errno = save_errno;
  return NULL;
  }



if (statbuf.st_size < CDB_HASH_TABLE)
  {
  *errmsg = string_open_failed("%s too short for cdb lookup", filename);
  *errmsg = string_open_failed(errno,
			      "%s too short for cdb lookup",
			      filename);
  errno = save_errno;
  return NULL;
  }

/* Having got a file open we need the structure to put things in */
cdbp = store_get(sizeof(struct cdb_state), GET_UNTAINTED);
/* store_get() does not return if memory was not available... */
/* preload the structure.... */
cdbp->fileno = fileno;

/* get a buffer to stash the basic offsets in - this should speed
things up a lot - especially on multiple lookups */

cdbp->cdb_offsets = store_get(CDB_HASH_TABLE, GET_UNTAINTED);

/* now fill the buffer up... */


  /* read of hash table failed, oh dear, oh.....  time to give up I think....
  call the close routine (deallocs the memory), and return NULL */

  *errmsg = string_open_failed("cannot read header from %s for cdb lookup",
			      "cannot read header from %s for cdb lookup",
			      filename);
  cdb_close(cdbp);
  return NULL;

hash_offlen,
hash_slotnm;

/* Keep picky compilers happy */
do_cache = do_cache;

key_hash = cdb_hash(keystring, key_len);

hash_offset_entry = CDB_HASH_ENTRY * (key_hash & CDB_HASH_MASK);

	   /* ... and the returned result.  Assume it is not
	   tainted, lacking any way of telling.  */

	   *result = store_get(item_dat_len + 1, GET_UNTAINTED);
	   memcpy(*result, item_ptr, item_dat_len);
	   (*result)[item_dat_len] = 0;
	   return OK;

    if (item_key_len == key_len)
      {					/* finally check if key matches */
      rmark reset_point = store_mark();
      uschar * item_key = store_get(key_len, GET_TAINTED); /* keys liable to be tainted */

      if (cdb_bread(cdbp->fileno, item_key, key_len) == -1) return DEFER;
      if (Ustrncmp(keystring, item_key, key_len) == 0)

        /* then we build a new result string.  We know we have enough
        memory so disable Coverity errors about the tainted item_dat_ken */

        *result = store_get(item_dat_len + 1, GET_UNTAINTED);
        /* coverity[tainted_data] */
        if (cdb_bread(cdbp->fileno, *result, item_dat_len) == -1)
	  return DEFER;


#include "../version.h"

gstring *
cdb_version_report(gstring * g)
{
#ifdef DYNLOOKUP
g = string_fmt_append(g, "Library version: CDB: Exim version %s\n", EXIM_VERSION_STR);
#endif
return g;
}






*     Exim - an Internet mail transport agent    *
*************************************************/

/* Copyright (c) The Exim Maintainers 2020 - 2022 */
/* Copyright (c) University of Cambridge 1995 - 2018 */
/* Copyright (c) The Exim Maintainers 2020 */
/* See the file NOTICE for conditions of use and distribution. */

#include "../exim.h"

{
uschar * dirname = string_copy(filename);
uschar * s;
EXIM_DB * yield = NULL;

if ((s = Ustrrchr(dirname, '/'))) *s = '\0';
if (!(yield = exim_dbopen(filename, dirname, O_RDONLY, 0)))
  *errmsg = string_open_failed("%s as a %s file", filename, EXIM_DBTYPE);
  {
  int save_errno = errno;
  *errmsg = string_open_failed(errno, "%s as a %s file", filename, EXIM_DBTYPE);
  errno = save_errno;
  }
return yield;
}


  gid_t *owngroups, uschar **errmsg)
{
int rc;
handle = handle;    /* Keep picky compilers happy */

#if defined(USE_DB) || defined(USE_TDB) || defined(USE_GDBM)
rc = lf_check_file(-1, filename, S_IFREG, modemask, owners, owngroups,

EXIM_DB *d = (EXIM_DB *)handle;
EXIM_DATUM key, data;

exim_datum_init(&key);               /* Some DBM libraries require datums to */
exim_datum_init(&data);              /* be cleared before use. */
length++;
exim_datum_data_set(&key,
  memcpy(store_get(length, keystring), keystring, length)); /* key can have embedded NUL */
exim_datum_size_set(&key, length);
EXIM_DATUM_DATA(key) = CS keystring;
EXIM_DATUM_SIZE(key) = length + 1;

if (exim_dbget(d, &key, &data))
  {
  *result = string_copyn(exim_datum_data_get(&data), exim_datum_size_get(&data));
  exim_datum_free(&data);            /* Some DBM libraries need a free() call */
  return OK;
  }
return FAIL;

or less than, the length of the delimited list passed in + 1. */

buflen = length + 3;
key_buffer = store_get(buflen, keystring);

key_buffer[0] = '\0';


void
static dbmdb_close(void *handle)
{
exim_dbclose((EXIM_DB *)handle);
}




#include "../version.h"

gstring *
dbm_version_report(gstring * g)
{
#ifdef DYNLOOKUP
g = string_fmt_append(g, "Library version: DBM: Exim version %s\n", EXIM_VERSION_STR);
#endif
return g;
}






*     Exim - an Internet mail transport agent    *
*************************************************/

/* Copyright (c) The Exim Maintainers 2020 - 2022 */
/* Copyright (c) University of Cambridge 1995 - 2018 */
/* Copyright (c) The Exim Maintainers 2020 */
/* See the file NOTICE for conditions of use and distribution. */

#include "../exim.h"

static void *
dnsdb_open(const uschar * filename, uschar **errmsg)
{
filename = filename;   /* Keep picky compilers happy */
errmsg = errmsg;       /* Ditto */
return (void *)(-1);   /* Any non-0 value */
}



gstring * yield = string_get(256);

handle = handle;           /* Keep picky compilers happy */
filename = filename;
length = length;
do_cache = do_cache;

/* If the string starts with '>' we change the output separator.
If it's followed by ';' or ',' we set the TXT output separator. */


    else
      {
      *errmsg = US"unsupported dnsdb defer behaviour";
      rc = DEFER;
      goto out;
      }
    }
  else if (strncmpic(keystring, US"dnssec_", 7) == 0)

    else
      {
      *errmsg = US"unsupported dnsdb dnssec behaviour";
      rc = DEFER;
      goto out;
      }
    }
  else if (strncmpic(keystring, US"retrans_", 8) == 0)

    if ((timeout_sec = readconf_readtime(keystring += 8, ',', FALSE)) <= 0)
      {
      *errmsg = US"unsupported dnsdb timeout value";
      rc = DEFER;
      goto out;
      }
    dns_retrans = timeout_sec;
    while (*keystring != ',') keystring++;

    if ((retries = (int)strtol(CCS keystring + 6, CSS &keystring, 0)) < 0)
      {
      *errmsg = US"unsupported dnsdb retry count";
      rc = DEFER;
      goto out;
      }
    dns_retry = retries;
    }

  if (*keystring++ != ',')
    {
    *errmsg = US"dnsdb modifier syntax error";
    rc = DEFER;
    goto out;
    }
  while (isspace(*keystring)) keystring++;
  }

  if (i >= nelem(type_names))
    {
    *errmsg = US"unsupported DNS record type";
    rc = DEFER;
    goto out;
    }

  keystring = equals + 1;

	dns_retrans = save_retrans;
	dns_retry = save_retry;
	dns_init(FALSE, FALSE, FALSE);			/* clr dnssec bit */
	rc = DEFER;					/* always defer */
	goto out;
	}
      if (defer_mode == PASS) failrc = DEFER;         /* defer only if all do */
      continue;                                       /* treat defer as fail */

dns_retry = save_retry;
dns_init(FALSE, FALSE, FALSE);	/* clear the dnssec bit for getaddrbyname */

if (!yield || !yield->ptr)
  rc = failrc;
else
  {
  *result = string_from_gstring(yield);
  rc = OK;
  }

out:

store_free_dns_answer(dnsa);
return rc;
}




#include "../version.h"

gstring *
dnsdb_version_report(gstring * g)
{
#ifdef DYNLOOKUP
g = string_fmt_append(g, "Library version: DNSDB: Exim version %s\n", EXIM_VERSION_STR);
#endif
return g;
}






*     Exim - an Internet mail transport agent    *
*************************************************/

/* Copyright (c) The Exim Maintainers 2020 - 2022 */
/* Copyright (c) University of Cambridge 1995 - 2015 */
/* Copyright (c) The Exim Maintainers 2020 */
/* See the file NOTICE for conditions of use and distribution. */

/* The idea for this code came from Matthew Byng-Maddick, but his original has

DIR * dp = exim_opendir(dirname);
if (!dp)
  {
  *errmsg = string_open_failed("%s for directory search", dirname);
  *errmsg = string_open_failed(errno, "%s for directory search", dirname);
  errno = save_errno;
  return NULL;
  }
closedir(dp);

uschar * filename;
unsigned flags = 0;

handle = handle;  /* Keep picky compilers happy */
length = length;
do_cache = do_cache;

if (Ustrchr(keystring, '/') != 0)
  {
  *errmsg = string_sprintf("key for dsearch lookup contains a slash: %s",

  {
  /* Since the filename exists in the filesystem, we can return a
  non-tainted result. */
  *result = string_copy_taint(flags & RET_FULL ? filename : keystring, GET_UNTAINTED);
  return OK;
  }



#include "../version.h"

gstring *
dsearch_version_report(gstring * g)
{
#ifdef DYNLOOKUP
g = string_fmt_append(g, "Library version: dsearch: Exim version %s\n", EXIM_VERSION_STR);
#endif
return g;
}






*     Exim - an Internet mail transport agent    *
*************************************************/

/* Copyright (c) The Exim Maintainers 2020 - 2022 */
/* Copyright (c) University of Cambridge 1995 - 2018 */
/* Copyright (c) The Exim Maintainers 2020 */
/* See the file NOTICE for conditions of use and distribution. */

/* The code in this module was contributed by Ard Biesheuvel. */

  }
else
  {
  cn = store_get(sizeof(ibase_connection), GET_UNTAINTED);
  cn->server = server_copy;
  cn->dbh = NULL;
  cn->transh = NULL;


/* Lacking any information, assume that the data is untainted */
reset_point = store_mark();
out_sqlda = store_get(XSQLDA_LENGTH(1), GET_UNTAINTED);
out_sqlda->version = SQLDA_VERSION1;
out_sqlda->sqln = 1;


/* re-allocate the output structure if there's more than one field */
if (out_sqlda->sqln < out_sqlda->sqld)
  {
  XSQLDA *new_sqlda = store_get(XSQLDA_LENGTH(out_sqlda->sqld), GET_UNTAINTED);
  if (isc_dsql_describe
      (status, &stmth, out_sqlda->version, new_sqlda))
    {

  switch (var->sqltype & ~1)
    {
    case SQL_VARYING:
	var->sqldata = CS store_get(sizeof(char) * var->sqllen + 2, GET_UNTAINTED);
	break;
    case SQL_TEXT:
	var->sqldata = CS store_get(sizeof(char) * var->sqllen, GET_UNTAINTED);
	break;
    case SQL_SHORT:
	var->sqldata = CS  store_get(sizeof(short), GET_UNTAINTED);
	break;
    case SQL_LONG:
	var->sqldata = CS  store_get(sizeof(ISC_LONG), GET_UNTAINTED);
	break;
#ifdef SQL_INT64
    case SQL_INT64:
	var->sqldata = CS  store_get(sizeof(ISC_INT64), GET_UNTAINTED);
	break;
#endif
    case SQL_FLOAT:
	var->sqldata = CS  store_get(sizeof(float), GET_UNTAINTED);
	break;
    case SQL_DOUBLE:
	var->sqldata = CS  store_get(sizeof(double), GET_UNTAINTED);
	break;
#ifdef SQL_TIMESTAMP
    case SQL_DATE:
	var->sqldata = CS  store_get(sizeof(ISC_QUAD), GET_UNTAINTED);
	break;
#else
    case SQL_TIMESTAMP:
	var->sqldata = CS  store_get(sizeof(ISC_TIMESTAMP), GET_UNTAINTED);
	break;
    case SQL_TYPE_DATE:
	var->sqldata = CS  store_get(sizeof(ISC_DATE), GET_UNTAINTED);
	break;
    case SQL_TYPE_TIME:
	var->sqldata = CS  store_get(sizeof(ISC_TIME), GET_UNTAINTED);
	break;
  #endif
    }
  if (var->sqltype & 1)
    var->sqlind = (short *) store_get(sizeof(short), GET_UNTAINTED);
  }

/* finally, we're ready to execute the statement */

int sep = 0;
uschar *server;
uschar *list = ibase_servers;
uschar buffer[512];

/* Keep picky compilers happy */
do_cache = do_cache;

DEBUG(D_lookup) debug_printf_indent("Interbase query: %s\n", query);

while ((server = string_nextinlist(&list, &sep, NULL, 0)))
  {
  BOOL defer_break = FALSE;
  int rc = perform_ibase_search(query, server, result, errmsg, &defer_break);

Arguments:
  s          the string to be quoted
  opt        additional option text or NULL if none
  idx	     lookup type index

Returns:     the processed string or NULL for a bad option
*/

static uschar *
ibase_quote(uschar * s, uschar * opt, unsigned idx)
{
int c;
int count = 0;
uschar * t = s, * quoted;

if (opt)
  return NULL;            /* No options recognized */

while ((c = *t++))
  if (c == '\'') count++;

t = quoted = store_get_quoted(Ustrlen(s) + count + 1, s, idx);

while ((c = *s++))
  if (c == '\'') { *t++ = '\''; *t++ = '\''; }
  else *t++ = c;

    while ((c = *s++) != 0) {
        if (Ustrchr("'", c) != NULL) {
            *t++ = '\'';
            *t++ = '\'';
/*    switch(c)
      {
      case '\n': *t++ = 'n';
      break;
      case '\t': *t++ = 't';
      break;
      case '\r': *t++ = 'r';
      break;
      case '\b': *t++ = 'b';
      break;
      default:   *t++ = c;
      break;
      }*/
        } else
            *t++ = c;
    }

*t = 0;
return quoted;
}




#include "../version.h"

gstring *
ibase_version_report(gstring * g)
{
#ifdef DYNLOOKUP
g = string_fmt_append(g, "Library version: ibase: Exim version %s\n", EXIM_VERSION_STR));
#endif
return g;
}






*     Exim - an Internet mail transport agent    *
*************************************************/

/* Copyright (c) The Exim Maintainers 2021 - 2022 */
/* Copyright (c) Jeremy Harris 2019 - 2020 */
/* See the file NOTICE for conditions of use and distribution. */

#include "../exim.h"

static void *
json_malloc(size_t nbytes)
{
void * p = store_get((int)nbytes, GET_UNTAINTED);
/* debug_printf("%s %d: %p\n", __FUNCTION__, (int)nbytes, p); */
return p;
}

json_set_alloc_funcs(json_malloc, json_free);

if (!(f = Ufopen(filename, "rb")))
  *errmsg = string_open_failed("%s for json search", filename);
  int save_errno = errno;
  *errmsg = string_open_failed(errno, "%s for json search", filename);
  errno = save_errno;
  return NULL;
  }
return f;
}


uschar * key;
int sep = 0;

length = length;	/* Keep picky compilers happy */
do_cache = do_cache;	/* Keep picky compilers happy */

rewind(f);
if (!(j = json_loadf(f, 0, &jerr)))
  {


#include "../version.h"

gstring *
json_version_report(gstring * g)
{
return string_fmt_append(g, "Library version: json: Jansonn version %s\n", JANSSON_VERSION);
}






*     Exim - an Internet mail transport agent    *
*************************************************/

/* Copyright (c) The Exim Maintainers 2020 - 2022 */
/* Copyright (c) University of Cambridge 1995 - 2018 */
/* Copyright (c) The Exim Maintainers 2020 */
/* See the file NOTICE for conditions of use and distribution. */

/* Many thanks to Stuart Lynne for contributing the original code for this


  /* Now add this connection to the chain of cached connections */

  lcp = store_get(sizeof(LDAP_CONNECTION), GET_UNTAINTED);
  lcp->host = host ? string_copy(host) : NULL;
  lcp->bound = FALSE;
  lcp->user = NULL;

uschar *user = NULL;
uschar *password = NULL;
uschar *local_servers = NULL;
uschar *server;
const uschar *list;

while (isspace(*url)) url++;

    &defer_break, user, password, sizelimit, timelimit, tcplimit, dereference,
    referrals);

/* Loop through the servers until OK or FAIL. Use local_servers list
if defined in the lookup, otherwise use the global default list */

list = local_servers ? local_servers : eldap_default_servers;
for (uschar * server; server = string_nextinlist(&list, &sep, NULL, 0); )
  {
  int rc, port = 0;
  int port = 0;
  uschar *colon = Ustrchr(server, ':');
  if (colon)
    {

  int length, uschar ** result, uschar ** errmsg, uint * do_cache,
  const uschar * opts)
{
/* Keep picky compilers happy */
do_cache = do_cache;
return(control_ldap_search(ldap_url, SEARCH_LDAP_SINGLE, result, errmsg));
}


  int length, uschar ** result, uschar ** errmsg, uint * do_cache,
  const uschar * opts)
{
/* Keep picky compilers happy */
do_cache = do_cache;
return(control_ldap_search(ldap_url, SEARCH_LDAP_MULTIPLE, result, errmsg));
}


  int length, uschar ** result, uschar ** errmsg, uint * do_cache,
  const uschar * opts)
{
/* Keep picky compilers happy */
do_cache = do_cache;
return(control_ldap_search(ldap_url, SEARCH_LDAP_DN, result, errmsg));
}


eldapauth_find(void * handle, const uschar * filename, const uschar * ldap_url,
  int length, uschar ** result, uschar ** errmsg, uint * do_cache)
{
/* Keep picky compilers happy */
do_cache = do_cache;
return(control_ldap_search(ldap_url, SEARCH_LDAP_AUTH, result, errmsg));
}


static void
eldap_tidy(void)
{
LDAP_CONNECTION *lcp = NULL;
eldap_dn = NULL;

for (LDAP_CONNECTION *lcp; lcp = ldap_connections; ldap_connections = lcp->next)
  {
  DEBUG(D_lookup) debug_printf_indent("unbind LDAP connection to %s:%d\n",
    lcp->host, lcp->port);
  if(lcp->bound) ldap_unbind(lcp->ld);
    ldap_unbind(lcp->ld);
  ldap_connections = lcp->next;
  }
}


  s          the string to be quoted
  opt        additional option text or NULL if none
             only "dn" is recognized
  idx	     lookup type index

Returns:     the processed string or NULL for a bad option
*/



static uschar *
eldap_quote(uschar * s, uschar * opt, unsigned idx)
{
int c, count = 0, len = 0;
int count = 0;
int len = 0;
BOOL dn = FALSE;
uschar * t = s, * quoted;
uschar *quoted;

/* Test for a DN quotation. */

if (opt)
  {
  if (Ustrcmp(opt, "dn") != 0) return NULL;    /* No others recognized */
  dn = TRUE;

possibly escaped character. The really fast way would be just to test for
non-alphanumerics, but it is probably better to spot a few others that are
never escaped, because if there are no specials at all, we can avoid copying
the string.
XXX No longer true; we always copy, to support quoted-enforcement */

while ((c = *t++))
  {
  len++;
  if (!isalnum(c) && Ustrchr(ALWAYS_LITERAL, c) == NULL) count += 5;
  }
/*if (count == 0) return s;*/

/* Get sufficient store to hold the quoted string */

t = quoted = store_get_quoted(len + count + 1, s, idx);

/* Handle plain quote_ldap */

if (!dn)
  {
  while ((c = *s++))
    {
    if (!isalnum(c))
      {


else
  {
  uschar * ss = s + len;

  /* Find the last char before any trailing spaces */



#include "../version.h"

gstring *
ldap_version_report(gstring * g)
{
#ifdef DYNLOOKUP
g = string_fmt_append(g, "Library version: LDAP: Exim version %s\n", EXIM_VERSION_STR);
#endif
return g;
}



Lines 2-9 Link Here

(-)exim.orig/src/lookups/lf_sqlperform.c (-1 / +1 lines)
2	* Exim - an Internet mail transport agent *	2	* Exim - an Internet mail transport agent *
3	*************************************************/	3	*************************************************/
4		4
		5	/* Copyright (c) The Exim Maintainers 2020 - 2022 */
5	/* Copyright (c) University of Cambridge 1995 - 2018 */	6	/* Copyright (c) University of Cambridge 1995 - 2018 */
6	/* Copyright (c) The Exim Maintainers 2020 */
7	/* See the file NOTICE for conditions of use and distribution. */	7	/* See the file NOTICE for conditions of use and distribution. */
8		8
9		9




*     Exim - an Internet mail transport agent    *
*************************************************/

/* Copyright (c) The Exim Maintainers 2020 - 2022 */
/* Copyright (c) University of Cambridge 2016 - 2018 */
/* Copyright (c) The Exim Maintainers 2020 */
/* See the file NOTICE for conditions of use and distribution. */

#include "../exim.h"

#ifdef LOOKUP_LMDB

#include <lmdb.h>


int ret, save_errno;
const uschar * errstr;

lmdb_p = store_get(sizeof(Lmdbstrct), GET_UNTAINTED);
lmdb_p->txn = NULL;

if ((ret = mdb_env_create(&db_env)))


#include "../version.h"

gstring *
lmdb_version_report(gstring * g)
{
g = string_fmt_append(g, "Library version: LMDB: Compile: %d.%d.%d\n",
			  MDB_VERSION_MAJOR, MDB_VERSION_MINOR, MDB_VERSION_PATCH);
#ifdef DYNLOOKUP
g = string_fmt_append(g, "                        Exim version %s\n", EXIM_VERSION_STR);
#endif
return g;
}

static lookup_info lmdb_lookup_info = {

static lookup_info *_lookup_list[] = { &lmdb_lookup_info };
lookup_module_info lmdb_lookup_module_info = { LOOKUP_MODULE_INFO_MAGIC, _lookup_list, 1 };

#endif /* LOOKUP_LMDB */




*     Exim - an Internet mail transport agent    *
*************************************************/

/* Copyright (c) The Exim Maintainers 2020 - 2022 */
/* Copyright (c) University of Cambridge 1995 - 2018 */
/* Copyright (c) The Exim Maintainers 2020 */
/* See the file NOTICE for conditions of use and distribution. */

#include "../exim.h"

static void *
lsearch_open(const uschar * filename, uschar ** errmsg)
{
FILE * f = Ufopen(filename, "rb");
if (!f)
  *errmsg = string_open_failed("%s for linear search", filename);
  int save_errno = errno;
  *errmsg = string_open_failed(errno, "%s for linear search", filename);
  errno = save_errno;
  return NULL;
  }
return f;
}


static int
internal_lsearch_find(void * handle, const uschar * filename,
  const uschar * keystring, int length, uschar ** result, uschar ** errmsg,
  int type, const uschar * opts)
{
FILE *f = handle;
BOOL ret_full = FALSE;
BOOL this_is_eol = TRUE;
int old_pool = store_pool;
rmark reset_point = NULL;
uschar buffer[4096];

if (opts)
  {
  int sep = ',';
  uschar * ele;

  while ((ele = string_nextinlist(&opts, &sep, NULL, 0)))
    if (Ustrcmp(ele, "ret=full") == 0)
      { ret_full = TRUE; break; }
  }

/* Wildcard searches may use up some store, because of expansions. We don't
want them to fill up our search store. What we do is set the pool to the main
pool and get a point to reset to later. Wildcard searches could also issue
lookups, but internal_search_find will take care of that, and the cache will be
safely stored in the search pool again. */

if (type == LSEARCH_WILD || type == LSEARCH_NWILD)
  {
  store_pool = POOL_MAIN;
  reset_point = store_mark();
  }

filename = filename;  /* Keep picky compilers happy */
errmsg = errmsg;

rewind(f);
for (BOOL this_is_eol, last_was_eol = TRUE;
     Ufgets(buffer, sizeof(buffer), f) != NULL;
     last_was_eol = this_is_eol)
  {

  if (*s == '\"')
    {
    uschar *t = s++;
    while (*s && *s != '\"')
      {
      *t++ = *s == '\\' ? string_interpret_escape(CUSS &s) : *s;
        else *t++ = *s;
      s++;
      }
    if (*s != 0) s++;               /* Past terminating " */
    linekeylength = t - buffer;
    if (*s) s++;			/* Past terminating " */
    if (ret_full)
      memmove(t, s, Ustrlen(s)+1);	/* copy the rest of line also */
    }

  /* Otherwise it is terminated by a colon or white space */

  else
    {
    while (*s && *s != ':' && !isspace(*s)) s++;
    linekeylength = s - buffer;
    }


    /* A plain lsearch treats each key as a literal */

    case LSEARCH_PLAIN:
      if (linekeylength != length || strncmpic(buffer, keystring, length) != 0)
	continue;
      break;      /* Key matched */

    /* A wild lsearch treats each key as a possible wildcarded string; no
    expansion is done for nwildlsearch. */

        UCHAR_MAX+1,              /* Single-item list */
        NULL,                     /* No anchor */
        NULL,                     /* No caching */
        MCL_STRING + (type == LSEARCH_WILD ? 0 : MCL_NOEXPAND),
        TRUE,                     /* Caseless */
        NULL);
      buffer[linekeylength] = save;

      if (rc == DEFER) return DEFER;
      }

      /* The key has matched. If the search involved a regular expression, it
      might have caused numerical variables to be set. However, their values will
      be in the wrong storage pool for external use. Copying them to the standard
      pool is not feasible because of the caching of lookup results - a repeated
      lookup will not match the regular expression again. Therefore, we drop
      all numeric variables at this point. */

      expand_nmax = -1;
      break;

    /* Compare an ip address against a list of network/ip addresses. We have to
    allow for the "*" case specially. */

    case LSEARCH_IP:
      if (linekeylength == 1 && buffer[0] == '*')
	{
	if (length != 1 || keystring[0] != '*') continue;
	}
      else if (length == 1 && keystring[0] == '*') continue;
      else
	{
	int maskoffset;
	int save = buffer[linekeylength];
	buffer[linekeylength] = 0;
	if (string_is_ip_address(buffer, &maskoffset) == 0 ||
	    !host_is_in_net(keystring, buffer, maskoffset)) continue;
	buffer[linekeylength] = save;
	}
      break;      /* Key matched */
    }

  /* The key has matched. Skip spaces after the key, and allow an optional
  colon after the spaces. This is an odd specification, but it's for
  compatibility. */

  if (!ret_full)
    if (Uskip_whitespace(&s) == ':')
      {
      s++;
      Uskip_whitespace(&s);
      }

  /* Reset dynamic store, if we need to, and revert to the search pool */



  this_is_comment = FALSE;
  yield = string_get(100);
  if (ret_full)
    yield = string_cat(yield, buffer);
  else if (*s)
    yield = string_cat(yield, s);

  /* Now handle continuations */

  int length, uschar ** result, uschar ** errmsg, uint * do_cache,
  const uschar * opts)
{
do_cache = do_cache;  /* Keep picky compilers happy */
return internal_lsearch_find(handle, filename, keystring, length, result,
  errmsg, LSEARCH_PLAIN, opts);
}



  int length, uschar ** result, uschar ** errmsg, uint * do_cache,
  const uschar * opts)
{
do_cache = do_cache;  /* Keep picky compilers happy */
return internal_lsearch_find(handle, filename, keystring, length, result,
  errmsg, LSEARCH_WILD, opts);
}



  int length, uschar ** result, uschar ** errmsg, uint * do_cache,
  const uschar * opts)
{
do_cache = do_cache;  /* Keep picky compilers happy */
return internal_lsearch_find(handle, filename, keystring, length, result,
  errmsg, LSEARCH_NWILD, opts);
}



  int length, uschar ** result, uschar ** errmsg, uint * do_cache,
  const uschar * opts)
{
do_cache = do_cache;  /* Keep picky compilers happy */

if ((length == 1 && keystring[0] == '*') ||
    string_is_ip_address(keystring, NULL) != 0)
  return internal_lsearch_find(handle, filename, keystring, length, result,
    errmsg, LSEARCH_IP, opts);

*errmsg = string_sprintf("\"%s\" is not a valid iplsearch key (an IP "
"address, with optional CIDR mask, is wanted): "


#include "../version.h"

gstring *
lsearch_version_report(gstring * g)
{
#ifdef DYNLOOKUP
g = string_fmt_append(g, "Library version: lsearch: Exim version %s\n", EXIM_VERSION_STR));
#endif
return g;
}






# Make file for building Exim's lookup modules.
# This is called from the main make file, after cd'ing
# to the lookups subdirectory.
#
# Copyright (c) The Exim Maintainers 2021

# nb: at build time, the version of this file used will have had some
#     extra variable definitions and prepended to it and module build rules

.c.so:;          @echo "$(CC) -shared $*.c"
		 $(FE)$(CC) $(LOOKUP_$*_INCLUDE) $(LOOKUP_$*_LIBS) -DDYNLOOKUP $(CFLAGS_DYNAMIC) $(CFLAGS) $(INCLUDE) $(DLFLAGS) $*.c -o $@

lf_check_file.o: $(HDRS) lf_check_file.c  lf_functions.h
lf_quote.o:      $(HDRS) lf_quote.c       lf_functions.h
lf_sqlperform.o: $(HDRS) lf_sqlperform.c  lf_functions.h

cdb.o:           $(HDRS) cdb.c
dbmdb.o:         $(HDRS) dbmdb.c
dnsdb.o:         $(HDRS) dnsdb.c
dsearch.o:       $(HDRS) dsearch.c
ibase.o:         $(HDRS) ibase.c
ldap.o:          $(HDRS) ldap.c
lmdb.o:          $(HDRS) lmdb.c
json.o:          $(HDRS) json.c
lsearch.o:       $(HDRS) lsearch.c
mysql.o:         $(HDRS) mysql.c
nis.o:           $(HDRS) nis.c
nisplus.o:       $(HDRS) nisplus.c
oracle.o:        $(HDRS) oracle.c
passwd.o:        $(HDRS) passwd.c
pgsql.o:         $(HDRS) pgsql.c
readsock.o:      $(HDRS) readsock.c
redis.o:         $(HDRS) redis.c
spf.o:           $(HDRS) spf.c
sqlite.o:        $(HDRS) sqlite.c
testdb.o:        $(HDRS) testdb.c
whoson.o:        $(HDRS) whoson.c

cdb.so:           $(HDRS) cdb.c
dbmdb.so:         $(HDRS) dbmdb.c
dnsdb.so:         $(HDRS) dnsdb.c
dsearch.so:       $(HDRS) dsearch.c
ibase.so:         $(HDRS) ibase.c
json.so:          $(HDRS) json.c
ldap.so:          $(HDRS) ldap.c
lmdb.so:          $(HDRS) lmdb.c
lsearch.so:       $(HDRS) lsearch.c
mysql.so:         $(HDRS) mysql.c
nis.so:           $(HDRS) nis.c
nisplus.so:       $(HDRS) nisplus.c
oracle.so:        $(HDRS) oracle.c
passwd.so:        $(HDRS) passwd.c
pgsql.so:         $(HDRS) pgsql.c
redis.so:         $(HDRS) redis.c
spf.so:           $(HDRS) spf.c
sqlite.so:        $(HDRS) sqlite.c
testdb.so:        $(HDRS) testdb.c
whoson.so:        $(HDRS) whoson.c

# End




*     Exim - an Internet mail transport agent    *
*************************************************/

/* Copyright (c) The Exim Maintainers 2020 - 2022 */
/* Copyright (c) University of Cambridge 1995 - 2018 */
/* Copyright (c) The Exim Maintainers 2020 */
/* See the file NOTICE for conditions of use and distribution. */

/* Thanks to Paul Kelly for contributing the original code for these


  /* Get store for a new handle, initialize it, and connect to the server */

  mysql_handle = store_get(sizeof(MYSQL), GET_UNTAINTED);
  mysql_init(mysql_handle);
  mysql_options(mysql_handle, MYSQL_READ_DEFAULT_GROUP, CS group);
  if (mysql_real_connect(mysql_handle,


  /* Add the connection to the cache */

  cn = store_get(sizeof(mysql_connection), GET_UNTAINTED);
  cn->server = server_copy;
  cn->handle = mysql_handle;
  cn->next = mysql_connections;

    {
    DEBUG(D_lookup) debug_printf_indent("MYSQL: query was not one that returns data\n");
    result = string_cat(result,
	       string_sprintf("%lld", mysql_affected_rows(mysql_handle)));
    *do_cache = 0;
    goto MYSQL_EXIT;
    }


while ((mysql_row_data = mysql_fetch_row(mysql_result)))
  {
  unsigned long * lengths = mysql_fetch_lengths(mysql_result);

  if (result)
    result = string_catn(result, US"\n", 1);

			result);

  else if (mysql_row_data[0] != NULL)    /* NULL value yields nothing */
      result = lengths[0] == 0 && !result
	? string_get(1)		/* for 0-len string result ensure non-null gstring */
        : string_catn(result, US mysql_row_data[0], lengths[0]);
  }

/* more results? -1 = no, >0 = error, 0 = yes (keep looping)

Arguments:
  s          the string to be quoted
  opt        additional option text or NULL if none
  idx	     lookup type index

Returns:     the processed string or NULL for a bad option
*/

static uschar *
mysql_quote(uschar * s, uschar * opt, unsigned idx)
{
int c, count = 0;
uschar * t = s, * quoted;
uschar *t = s;
uschar *quoted;

if (opt) return NULL;     /* No options recognized */

while ((c = *t++))
  if (Ustrchr("\n\t\r\b\'\"\\", c) != NULL) count++;

/* Old code:  if (count == 0) return s;
Now always allocate and copy, to track the quoted status. */

t = quoted = store_get_quoted(Ustrlen(s) + count + 1, s, idx);

while ((c = *s++))
  {
  if (Ustrchr("\n\t\r\b\'\"\\", c) != NULL)
    {
    *t++ = '\\';
    switch(c)
      {
      case '\n': *t++ = 'n'; break;
      case '\t': *t++ = 't'; break;
      case '\r': *t++ = 'r'; break;
      case '\b': *t++ = 'b'; break;
      default:   *t++ = c;   break;
      break;
      case '\b': *t++ = 'b';
      break;
      default:   *t++ = c;
      break;
      }
    }
  else *t++ = c;


#include "../version.h"

gstring *
mysql_version_report(gstring * g)
{
g = string_fmt_append(g,
  "Library version: MySQL: Compile: %lu %s [%s]\n"
  "                        Runtime: %lu %s\n",
        (long)EXIM_MxSQL_VERSION_ID, EXIM_MxSQL_VERSION_STR, EXIM_MxSQL_BASE_STR,
        mysql_get_client_version(), mysql_get_client_info());
#ifdef DYNLOOKUP
g = string_fmt_append(g,
  "                        Exim version %s\n", EXIM_VERSION_STR);
#endif
return g;
}

/* These are the lookup_info blocks for this driver */




*     Exim - an Internet mail transport agent    *
*************************************************/

/* Copyright (c) The Exim Maintainers 2020 - 2022 */
/* Copyright (c) University of Cambridge 1995 - 2015 */
/* Copyright (c) The Exim Maintainers 2020 */
/* See the file NOTICE for conditions of use and distribution. */

#include "../exim.h"


#include "../version.h"

gstring *
nis_version_report(gstring * g)
{
#ifdef DYNLOOKUP
g = string_fmt_append(g, "Library version: NIS: Exim version %s\n", EXIM_VERSION_STR);
#endif
return g;
}






*     Exim - an Internet mail transport agent    *
*************************************************/

/* Copyright (c) The Exim Maintainers 2020 - 2022 */
/* Copyright (c) University of Cambridge 1995 - 2018 */
/* Copyright (c) The Exim Maintainers 2020 */
/* See the file NOTICE for conditions of use and distribution. */

#include "../exim.h"

Arguments:
  s          the string to be quoted
  opt        additional option text or NULL if none
  idx	     lookup type index

Returns:     the processed string or NULL for a bad option
*/

static uschar *
nisplus_quote(uschar * s, uschar * opt, unsigned idx)
{
int count = 0;
uschar * quoted, * t = s;
uschar *t = s;

if (opt) return NULL;    /* No options recognized */

while (*t) if (*t++ == '\"') count++;
if (count == 0) return s;

t = quoted = store_get_quoted(Ustrlen(s) + count + 1, s, idx);

while (*s)
  {
  *t++ = *s;
  if (*s++ == '\"') *t++ = '\"';


#include "../version.h"

gstring *
nisplus_version_report(gstring * g)
{
#ifdef DYNLOOKUP
g = string_fmt_append(g, "Library version: NIS+: Exim version %s\n", EXIM_VERSION_STR);
#endif
return g;
}






*     Exim - an Internet mail transport agent    *
*************************************************/

/* Copyright (c) The Exim Maintainers 2020 - 2022 */
/* Copyright (c) University of Cambridge 1995 - 2015 */
/* Copyright (c) The Exim Maintainers 2020 */
/* See the file NOTICE for conditions of use and distribution. */

/* Interface to an Oracle database. This code was originally supplied by


  /* Get store for a new connection, initialize it, and connect to the server */

   oracle_handle = store_get(sizeof(struct cda_def), GET_UNTAINTED);
   hda = store_get(HDA_SIZE, GET_UNTAINTED);
   memset(hda,'\0',HDA_SIZE);

  /*


  /* Add the connection to the cache */

  cn = store_get(sizeof(oracle_connection), GET_UNTAINTED);
  cn->server = server_copy;
  cn->handle = oracle_handle;
  cn->next = oracle_connections;


/* We have a connection. Open a cursor and run the query */

cda = store_get(sizeof(Cda_Def), GET_UNTAINTED);

if (oopen(cda, oracle_handle, (text *)0, -1, -1, (text *)0, -1) != 0)
  {

/* Find the number of fields returned and sort out their types. If the number
is one, we don't add field names to the data. Otherwise we do. */

def = store_get(sizeof(Ora_Define)*MAX_SELECT_LIST_SIZE, GET_UNTAINTED);
desc = store_get(sizeof(Ora_Describe)*MAX_SELECT_LIST_SIZE, GET_UNTAINTED);

if ((num_fields = describe_define(cda,def,desc)) == -1)
  {

int sep = 0;
uschar *server;
uschar *list = oracle_servers;
uschar buffer[512];

do_cache = do_cache;   /* Placate picky compilers */

DEBUG(D_lookup) debug_printf_indent("ORACLE query: %s\n", query);

while ((server = string_nextinlist(&list, &sep, NULL, 0)))
  {
  BOOL defer_break;
  int rc = perform_oracle_search(query, server, result, errmsg, &defer_break);

Arguments:
  s          the string to be quoted
  opt        additional option text or NULL if none
  idx	     lookup type index

Returns:     the processed string or NULL for a bad option
*/

static uschar *
oracle_quote(uschar * s, uschar * opt, unsigned idx)
{
int c, count = 0;
uschar * t = s, * quoted;
uschar *t = s;
uschar *quoted;

if (opt) return NULL;    /* No options are recognized */

while ((c = *t++))
  if (strchr("\n\t\r\b\'\"\\", c) != NULL) count++;

t = quoted = store_get_quoted((int)Ustrlen(s) + count + 1, s, idx);
t = quoted = store_get((int)strlen(s) + count + 1, is_tainted(s));

while ((c = *s++))
  {
  if (strchr("\n\t\r\b\'\"\\", c) != NULL)
    {


#include "../version.h"

gstring *
oracle_version_report(gstring * g)
{
#ifdef DYNLOOKUP
g = string_fmt_append(g, "Library version: Oracle: Exim version %s\n", EXIM_VERSION_STR);
#endif
return g;
}






*     Exim - an Internet mail transport agent    *
*************************************************/

/* Copyright (c) The Exim Maintainers 2020 - 2022 */
/* Copyright (c) University of Cambridge 1995 - 2015 */
/* Copyright (c) The Exim Maintainers 2020 */
/* See the file NOTICE for conditions of use and distribution. */

#include "../exim.h"

static void *
passwd_open(const uschar * filename, uschar ** errmsg)
{
filename = filename;     /* Keep picky compilers happy */
errmsg = errmsg;
return (void *)(-1);     /* Just return something non-null */
}


{
struct passwd *pw;

handle = handle;         /* Keep picky compilers happy */
filename = filename;
length = length;
errmsg = errmsg;
do_cache = do_cache;

if (!route_finduser(keystring, &pw, NULL)) return FAIL;
*result = string_sprintf("*:%d:%d:%s:%s:%s", (int)pw->pw_uid, (int)pw->pw_gid,
  pw->pw_gecos, pw->pw_dir, pw->pw_shell);


#include "../version.h"

gstring *
passwd_version_report(gstring * g)
{
#ifdef DYNLOOKUP
g = string_fmt_append(g, "Library version: passwd: Exim version %s\n", EXIM_VERSION_STR);
#endif
return g;
}

static lookup_info _lookup_info = {




*     Exim - an Internet mail transport agent    *
*************************************************/

/* Copyright (c) The Exim Maintainers 2020 - 2022 */
/* Copyright (c) University of Cambridge 1995 - 2018 */
/* Copyright (c) The Exim Maintainers 2020 */
/* See the file NOTICE for conditions of use and distribution. */

/* Thanks to Petr Cech for contributing the original code for these


  /* Add the connection to the cache */

  cn = store_get(sizeof(pgsql_connection), GET_UNTAINTED);
  cn->server = server_copy;
  cn->handle = pg_conn;
  cn->next = pgsql_connections;

      uschar *tmp = US PQgetvalue(pg_result, i, j);
      result = lf_quote(US PQfname(pg_result, j), tmp, Ustrlen(tmp), result);
      }
  if (!result) result = string_get(1);
  }

/* If result is NULL then no data has been found and so we return FAIL. */

Arguments:
  s          the string to be quoted
  opt        additional option text or NULL if none
  idx	     lookup type index

Returns:     the processed string or NULL for a bad option
*/

static uschar *
pgsql_quote(uschar * s, uschar * opt, unsigned idx)
{
int count = 0, c;
uschar * t = s, * quoted;
uschar *t = s;
uschar *quoted;

if (opt) return NULL;     /* No options recognized */

while ((c = *t++))
  if (Ustrchr("\n\t\r\b\'\"\\", c) != NULL) count++;

t = quoted = store_get_quoted(Ustrlen(s) + count + 1, s, idx);
t = quoted = store_get(Ustrlen(s) + count + 1, is_tainted(s));

while ((c = *s++))
  {
  if (c == '\'')
    {

    *t++ = '\\';
    switch(c)
      {
      case '\n': *t++ = 'n'; break;
      case '\t': *t++ = 't'; break;
      case '\r': *t++ = 'r'; break;
      case '\b': *t++ = 'b'; break;
      default:   *t++ = c;   break;
      break;
      case '\b': *t++ = 'b';
      break;
      default:   *t++ = c;
      break;
      }
    }
  else *t++ = c;


#include "../version.h"

gstring *
pgsql_version_report(gstring * g)
{
#ifdef DYNLOOKUP
g = string_fmt_append(g, "Library version: PostgreSQL: Exim version %s\n", EXIM_VERSION_STR);
#endif

/* Version reporting: there appears to be no available information about

can access the server version and the chosen protocol version, but those
aren't really what we want.  It might make sense to debug_printf those
when the connection is established though? */

return g;
}






*     Exim - an Internet mail transport agent    *
*************************************************/

/* Copyright (c) The Exim Maintainers 2021 - 2022 */
/* Copyright (c) Jeremy Harris 2020 */
/* See the file NOTICE for conditions of use and distribution. */


internal_readsock_open(client_conn_ctx * cctx, const uschar * sspec,
  int timeout, BOOL do_tls, uschar ** errmsg)
{
int sep = ',';
uschar * ele;
const uschar * server_name;
host_item host;



  sigalrm_seen = FALSE;
  ALARM(timeout);
  rc = connect(cctx->sock, (struct sockaddr *) &sockun, sizeof(sockun));
  ALARM_CLR(0);
  if (sigalrm_seen)
    {

#ifndef DISABLE_TLS
if (do_tls)
  {
  union sockaddr_46 interface_sock;
  EXIM_SOCKLEN_T size = sizeof(interface_sock);
  smtp_connect_args conn_args = {.host = &host };
  tls_support tls_dummy = { .sni = NULL };
  uschar * errstr;

  if (getsockname(cctx->sock, (struct sockaddr *) &interface_sock, &size) == 0)
    conn_args.sending_ip_address = host_ntoa(-1, &interface_sock, NULL, NULL);
  else
    {
    *errmsg = string_sprintf("getsockname failed: %s", strerror(errno));
    goto bad;
    }

  if (!tls_client_start(cctx, &conn_args, NULL, &tls_dummy, &errstr))
    {
    *errmsg = string_sprintf("TLS connect failed: %s", errstr);

static void *
readsock_open(const uschar * filename, uschar ** errmsg)
{
client_conn_ctx * cctx = store_get(sizeof(*cctx), GET_UNTAINTED);
cctx->sock = -1;
cctx->tls_ctx = NULL;
DEBUG(D_lookup) debug_printf_indent("readsock: allocated context\n");

} lf = {.do_shutdown = TRUE};
uschar * eol = NULL;
int timeout = 5;
FILE * fp;
gstring * yield;
int ret = DEFER;


and might need later write ops on the socket, the stdio must be in
writable mode or the underlying socket goes non-writable. */

if (!cctx->tls_ctx)
  fp = fdopen(cctx->sock, lf.do_shutdown ? "rb" : "wb");

sigalrm_seen = FALSE;
#ifdef DISABLE_TLS
if (TRUE)
#else
if (!cctx->tls_ctx)
#endif
  {
  FILE * fp = fdopen(cctx->sock, "rb");
  if (!fp)
    {
    log_write(0, LOG_MAIN|LOG_PANIC, "readsock fdopen: %s\n", strerror(errno));
    goto out;
    }
  ALARM(timeout);
  yield = cat_file(fp, NULL, eol);
  }
else
  {
  ALARM(timeout);
  yield = cat_file_tls(cctx->tls_ctx, NULL, eol);
  }

ALARM_CLR(0);

if (sigalrm_seen)




*     Exim - an Internet mail transport agent    *
*************************************************/

/* Copyright (c) The Exim Maintainers 2020 - 2022 */
/* Copyright (c) University of Cambridge 1995 - 2018 */
/* Copyright (c) The Exim Maintainers 2020 */
/* See the file NOTICE for conditions of use and distribution. */

#include "../exim.h"

    }

  /* Add the connection to the cache */
  cn = store_get(sizeof(redis_connection), GET_UNTAINTED);
  cn->server = server_copy;
  cn->handle = redis_handle;
  cn->next = redis_connections;

Arguments:
  s          the string to be quoted
  opt        additional option text or NULL if none
  idx	     lookup type index

Returns:     the processed string or NULL for a bad option
*/

static uschar *
redis_quote(uschar * s, uschar * opt, unsigned idx)
{
int c, count = 0;
uschar * t = s, * quoted;
uschar *t = s;
uschar *quoted;

if (opt) return NULL;     /* No options recognized */

while ((c = *t++))
  if (isspace(c) || c == '\\') count++;

t = quoted = store_get_quoted(Ustrlen(s) + count + 1, s, idx);
t = quoted = store_get(Ustrlen(s) + count + 1, is_tainted(s));

while ((c = *s++))
  {
  if (isspace(c) || c == '\\') *t++ = '\\';
  *t++ = c;

*************************************************/
#include "../version.h"

gstring *
redis_version_report(gstring * g)
{
g = string_fmt_append(g,
  "Library version: REDIS: Compile: %d [%d]\n", HIREDIS_MAJOR, HIREDIS_MINOR);
#ifdef DYNLOOKUP
g = string_fmt_append(g,
  "                        Exim version %s\n", EXIM_VERSION_STR);
#endif
return g;
}






/* Exim - SPF lookup module using libspf2
   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Copyright (c) The Exim Maintainers 2020 - 2022
Copyright (c) 2005 Chris Webb, Arachsys Internet Services Ltd

This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.

Copyright (c) The Exim Maintainers 2020
*/

#include "../exim.h"


#include "../version.h"

gstring *
spf_version_report(gstring * g)
{
#ifdef DYNLOOKUP
g = string_fmt_append(g, "Library version: SPF: Exim version %s\n", EXIM_VERSION_STR));
#endif
return g;
}






*     Exim - an Internet mail transport agent    *
*************************************************/

/* Copyright (c) The Exim Maintainers 2020 - 2022 */
/* Copyright (c) University of Cambridge 1995 - 2018 */
/* Copyright (c) The Exim Maintainers 2020 */
/* See the file NOTICE for conditions of use and distribution. */

#include "../exim.h"

  /* For multiple fields, include the field name too */
  for (int i = 0; i < argc; i++)
    {
    uschar * value = US(argv[i] ? argv[i] : "<NULL>");
    res = lf_quote(US azColName[i], value, Ustrlen(value), res);
    }
  }

else
  res = string_cat(res, argv[0] ? US argv[0] : US "<NULL>");

/* always return a non-null gstring, even for a zero-length string result */
*(gstring **)arg = res ? res : string_get(1);
return 0;
}


  return FAIL;
  }

if (!res) *do_cache = 0;	/* on fail, wipe cache */

*result = string_from_gstring(res);
return OK;

Arguments:
  s          the string to be quoted
  opt        additional option text or NULL if none
  idx	     lookup type index

Returns:     the processed string or NULL for a bad option
*/

static uschar *
sqlite_quote(uschar * s, uschar * opt, unsigned idx)
{
int c, count = 0;
uschar * t = s, * quoted;
uschar *t = s;
uschar *quoted;

if (opt) return NULL;     /* No options recognized */

while ((c = *t++)) if (c == '\'') count++;
count += t - s;

t = quoted = store_get_quoted(count + 1, s, idx);
t = quoted = store_get(Ustrlen(s) + count + 1, is_tainted(s));

while ((c = *s++))
  {
  if (c == '\'') *t++ = '\'';
  *t++ = c;


#include "../version.h"

gstring *
sqlite_version_report(gstring * g)
{
g = string_fmt_append(g,
  "Library version: SQLite: Compile: %s\n"
  "                         Runtime: %s\n",
        SQLITE_VERSION, sqlite3_libversion());
#ifdef DYNLOOKUP
g = string_fmt_append(g,
  "                         Exim version %s\n", EXIM_VERSION_STR);
#endif
return g;
}

static lookup_info _lookup_info = {




*     Exim - an Internet mail transport agent    *
*************************************************/

/* Copyright (c) The Exim Maintainers 2020 - 2022 */
/* Copyright (c) University of Cambridge 1995 - 2015 */
/* Copyright (c) The Exim Maintainers 2020 */
/* See the file NOTICE for conditions of use and distribution. */

#include "../exim.h"

static void *
testdb_open(const uschar * filename, uschar ** errmsg)
{
filename = filename;   /* Keep picky compilers happy */
errmsg = errmsg;
return (void *)(1);    /* Just return something non-null */
}


  int length, uschar ** result, uschar ** errmsg, uint * do_cache,
  const uschar * opts)
{
handle = handle;          /* Keep picky compilers happy */
filename = filename;
length = length;

if (Ustrcmp(query, "fail") == 0)
  {
  *errmsg = US"testdb lookup forced FAIL";


#include "../version.h"

gstring *
testdb_version_report(gstring * g)
{
#ifdef DYNLOOKUP
g = string_fmt_append(g, "Library version: TestDB: Exim version %s\n", EXIM_VERSION_STR);
#endif
return g;
}






*     Exim - an Internet mail transport agent    *
*************************************************/

/* Copyright (c) The Exim Maintainers 2020 - 2022 */
/* Copyright (c) University of Cambridge 1995 - 2015 */
/* Copyright (c) The Exim Maintainers 2020 */
/* See the file NOTICE for conditions of use and distribution. */

/* This code originally came from Robert Wal. */

static void *
whoson_open(const uschar * filename, uschar ** errmsg)
{
filename = filename;   /* Keep picky compilers happy */
errmsg = errmsg;
return (void *)(1);    /* Just return something non-null */
}


  uschar ** result, uschar ** errmsg, uint * do_cache, const uschar * opts)
{
uschar buffer[80];
handle = handle;          /* Keep picky compilers happy */
filename = filename;
length = length;
errmsg = errmsg;
do_cache = do_cache;

switch (wso_query(CS query, CS buffer, sizeof(buffer)))
  {


#include "../version.h"

gstring *
whoson_version_report(gstring * g)
{
g = string_fmt_append(g,
  "Library version: Whoson: Runtime: %s\n", wso_version());
#ifdef DYNLOOKUP
g = string_fmt_append(g,
  "                         Exim version %s\n", EXIM_VERSION_STR);
#endif
return g;
}

static lookup_info _lookup_info = {




*     Exim - an Internet mail transport agent    *
*************************************************/

/* Copyright (c) The Exim Maintainers 2020 - 2022 */
/* Copyright (c) Jeremy Harris 1995 - 2018 */
/* Copyright (c) The Exim Maintainers 2020 */
/* See the file NOTICE for conditions of use and distribution. */

/* Create a static data structure with the predefined macros, to be

#ifdef SUPPORT_SOCKS
  builtin_macro_create(US"_HAVE_SOCKS");
#endif
#if defined(SUPPORT_SRS)
  builtin_macro_create(US"_HAVE_NATIVE_SRS");	/* beware clash with _HAVE_SRS */
#endif
#ifdef TCP_FASTOPEN
  builtin_macro_create(US"_HAVE_TCP_FASTOPEN");
#endif
#ifdef EXPERIMENTAL_LMDB
  builtin_macro_create(US"_HAVE_LMDB");
#endif
#ifdef SUPPORT_SPF
  builtin_macro_create(US"_HAVE_SPF");
#endif
#ifdef SUPPORT_SRS
  builtin_macro_create(US"_HAVE_SRS");
#endif
#if defined(EXPERIMENTAL_SRS_NATIVE)
  builtin_macro_create(US"_HAVE_NATIVE_SRS");	/* beware clash with _HAVE_SRS */
#endif
#ifdef EXPERIMENTAL_ARC
  builtin_macro_create(US"_HAVE_ARC");
#endif

#ifdef EXPERIMENTAL_DSN_INFO
  builtin_macro_create(US"_HAVE_DSN_INFO");
#endif
#ifndef DISABLE_TLS_RESUME
  builtin_macro_create(US"_HAVE_TLS_RESUME");
#endif


#ifdef LOOKUP_IBASE
  builtin_macro_create(US"_HAVE_LOOKUP_IBASE");
#endif
#ifdef LOOKUP_LMDB
  builtin_macro_create(US"_HAVE_LMDB");
  builtin_macro_create(US"_HAVE_LOOKUP_LMDB");
#endif
#ifdef LOOKUP_LDAP
  builtin_macro_create(US"_HAVE_LOOKUP_JSON");
#endif
#ifdef LOOKUP_LDAP
  builtin_macro_create(US"_HAVE_LOOKUP_LDAP");
#endif
#ifdef EXPERIMENTAL_LMDB
  builtin_macro_create(US"_HAVE_LOOKUP_LMDB");
#endif
#ifdef LOOKUP_MYSQL
  builtin_macro_create(US"_HAVE_LOOKUP_MYSQL");
#endif

# endif
#endif

features_acl();
features_crypto();

#ifdef WITH_CONTENT_SCAN
features_malware();
#endif
}

static void
exp_features(void)
{
#ifdef EXPERIMENTAL_ARC
  builtin_macro_create(US"_EXP_ARC");
#endif
#ifdef EXPERIMENTAL_BRIGHTMAIL
  builtin_macro_create(US"_EXP_BMI");
#endif
#ifdef EXPERIMENTAL_DCC
  builtin_macro_create(US"_EXP_DCC");
#endif
#ifdef EXPERIMENTAL_DSN_INFO
  builtin_macro_create(US"_EXP_DSNI");
#endif
#ifdef EXPERIMENTAL_ESMTP_LIMITS
  builtin_macro_create(US"_EXP_LIMITS");
#endif
#ifdef EXPERIMENTAL_QUEUEFILE
  builtin_macro_create(US"_EXP_QUEUEFILE");
#endif
}



{
printf("#include \"exim.h\"\n");
features();
exp_features();
options();
params();


Lines 3-8 Link Here

(-)exim.orig/src/macro_predef.h (+2 lines)
3	*************************************************/	3	*************************************************/
4		4
5	/* Copyright (c) Jeremy Harris 2017 - 2018 */	5	/* Copyright (c) Jeremy Harris 2017 - 2018 */
		6	/* Copyright (c) The Exim Maintainers 2021 */
6	/* See the file NOTICE for conditions of use and distribution. */	7	/* See the file NOTICE for conditions of use and distribution. */
7		8
8	/* Global functions */	9	/* Global functions */
Lines 12-17 Link Here
12	extern void builtin_macro_create_var(const uschar , const uschar );	13	extern void builtin_macro_create_var(const uschar , const uschar );
13	extern void options_from_list(optionlist , unsigned, const uschar , uschar *);	14	extern void options_from_list(optionlist , unsigned, const uschar , uschar *);
14		15
		16	extern void features_acl(void);
15	extern void features_malware(void);	17	extern void features_malware(void);
16	extern void features_crypto(void);	18	extern void features_crypto(void);
17	extern void options_main(void);	19	extern void options_main(void);




*     Exim - an Internet mail transport agent    *
*************************************************/

/* Copyright (c) The Exim Maintainers 2020 - 2022 */
/* Copyright (c) University of Cambridge 1995 - 2018 */
/* Copyright (c) The Exim Maintainers 2020 */
/* See the file NOTICE for conditions of use and distribution. */



  ((uschar)(c) > 127 && print_topbitchars))


/* Convenience for testing strings */

#define streqic(Foo, Bar) (strcmpic(Foo, Bar) == 0)


/* When built with TLS support, the act of flushing SMTP output becomes
a no-op once an SSL session is in progress. */



/* Debugging control */

#define LOG_NAME_SIZE 256
#define DEBUG(x)      if (debug_selector & (x))
#define HDEBUG(x)     if (host_checking || debug_selector & (x))

/* The default From: text for DSNs */


#define WAIT_NAME_MAX 50
#define WAIT_CONT_MAX 1000

/* Wait this long before determining that a Proxy Protocol configured
host isn't speaking the protocol, and so is disallowed. Can be moved to
runtime configuration if per site settings become needed. */
#ifdef SUPPORT_PROXY
#define PROXY_NEGOTIATION_TIMEOUT_SEC 3
#define PROXY_NEGOTIATION_TIMEOUT_USEC 0
#endif

/* Fixed option values for all PCRE functions */

#define PCRE_COPT 0   /* compile */


/* Macros for trivial functions */

#define mac_ismsgid(s)	(regex_match(regex_ismsgid, (s), -1, NULL))
  (pcre_exec(regex_ismsgid,NULL,CS s,Ustrlen(s),0,PCRE_EOPT,NULL,0) >= 0)


/* Options for dns_next_rr */

#define DELIVER_MUA_FAILED         2  /* Failure when mua_wrapper is set */
#define DELIVER_NOT_ATTEMPTED      3  /* Not tried (no msg or is locked */

/* Returns from DNS lookup functions. Use dns_rc_names[] for debug strings */

enum { DNS_SUCCEED, DNS_NOMATCH, DNS_NODATA, DNS_AGAIN, DNS_FAIL };


                                         D_timestamp   | \
                                         D_resolver))

/* Bits for debug triggers */

enum {
  DTi_panictrigger,
  DTi_pretrigger,
};

/* Options bits for logging. Those that have values < BITWORDSIZE can be used
in calls to log_write(). The others are put into later words in log_selector
and are only ever tested independently, so they do not need bit mask

  Li_outgoing_port,
  Li_pid,
  Li_pipelining,
  Li_protocol_detail,
  Li_proxy,
  Li_queue_time,
  Li_queue_time_exclusive,
  Li_queue_time_overall,
  Li_receive_time,
  Li_received_sender,

#define ERRNO_AUTHPROB       (-48)   /* Authenticator "other" failure */
#define ERRNO_UTF8_FWD       (-49)   /* target not supporting SMTPUTF8 */
#define ERRNO_HOST_IS_LOCAL  (-50)   /* Transport refuses to talk to localhost */
#define ERRNO_TAINT          (-51)   /* Transport refuses to talk use tainted filename */

/* These must be last, so all retry deferments can easily be identified */

#define ERRNO_RETRY_BASE     (-52)   /* Base to test against */
#define ERRNO_RRETRY         (-52)   /* Not time for routing */

#define ERRNO_WARN_BASE      (-53)   /* Base to test against */
#define ERRNO_LRETRY         (-53)   /* Not time for local delivery */
#define ERRNO_HRETRY         (-54)   /* Not time for any remote host */
#define ERRNO_LOCAL_ONLY     (-55)   /* Local-only delivery */
#define ERRNO_QUEUE_DOMAIN   (-56)   /* Domain in queue_domains */
#define ERRNO_TRETRY         (-57)   /* Transport concurrency limit */
#define ERRNO_EVENT	     (-58)   /* Event processing request alternate response */




#define vopt_callout_recippmaster 0x0100   /* use postmaster to verify recip */
#define vopt_callout_hold	  0x0200   /* lazy close connection */
#define vopt_success_on_redirect  0x0400
#define vopt_quota                0x0800   /* quota check, to local/appendfile */

/* Values for fields in callout cache records */



/* Options for transport_write_message */

#define topt_add_return_path    0x0001
#define topt_add_delivery_date  0x0002
#define topt_add_envelope_to    0x0004
#define topt_escape_headers     0x0008	/* Apply escape check to headers */
#define topt_use_crlf           0x0010	/* Terminate lines with CRLF */
#define topt_no_headers         0x0020	/* Omit headers */
#define topt_no_body            0x0040	/* Omit body */
#define topt_end_dot            0x0080	/* Send terminating dot line */
#define topt_no_flush		0x0100	/* more data expected after message (eg QUIT) */
#define topt_use_bdat		0x0200	/* prepend chunks with RFC3030 BDAT header */
#define topt_output_string	0x0400	/* create string rather than write to fd */
#define topt_continuation	0x0800	/* do not reset buffer */
#define topt_not_socket		0x1000	/* cannot do socket-only syscalls */

/* Options for smtp_write_command */

enum {
  SCMD_FLUSH = 0,	/* write to kernel */
  SCMD_MORE,		/* write to kernel, but likely more soon */
  SCMD_BUFFER		/* stash in application cmd output buffer */

#define ACL_BIT_MIME		BIT(ACL_WHERE_MIME)
#define ACL_BIT_DKIM		BIT(ACL_WHERE_DKIM)
#define ACL_BIT_DATA		BIT(ACL_WHERE_DATA)
#ifdef DISABLE_PRDR
# define ACL_BIT_PRDR		0
#else
# define ACL_BIT_PRDR		BIT(ACL_WHERE_PRDR)
#endif
#define ACL_BIT_NOTSMTP		BIT(ACL_WHERE_NOTSMTP)

#define ACL_BIT_DELIVERY	BIT(ACL_WHERE_DELIVERY)
#define ACL_BIT_UNKNOWN		BIT(ACL_WHERE_UNKNOWN)

#define ACL_BITS_HAVEDATA	(ACL_BIT_MIME | ACL_BIT_DKIM | ACL_BIT_DATA \
				| ACL_BIT_PRDR \
				| ACL_BIT_NOTSMTP | ACL_BIT_QUIT | ACL_BIT_NOTQUIT)


/* Situations for spool_write_header() */




/* Options on tls_close */
#define TLS_NO_SHUTDOWN		0	/* Just forget the context */
#define TLS_SHUTDOWN_NOWAIT	1	/* Send alert; do not wait */
#define TLS_SHUTDOWN_WAIT	2	/* Send alert & wait for peer's alert */
#define TLS_SHUTDOWN_WONLY	3	/* only wait for peer's alert */


#ifdef COMPILE_UTILITY


#define AUTHS_REGEX US"\\n250[\\s\\-]AUTH\\s+([\\-\\w \\t]+)(?:\\n|$)"

#define EARLY_PIPE_FEATURE_NAME "PIPECONNECT"
#define EARLY_PIPE_FEATURE_LEN  11


/* Flags for auth_client_item() */

Lines 2-10 Link Here

(-)exim.orig/src/malware.c (-115 / +144 lines)
2	* Exim - an Internet mail transport agent *	2	* Exim - an Internet mail transport agent *
3	*************************************************/	3	*************************************************/
4		4
5	/* Copyright (c) Tom Kistner <tom@duncanthrax.net> 2003 - 2015	5	/*
		6	* Copyright (c) The Exim Maintainers 2015 - 2022
		7	* Copyright (c) Tom Kistner <tom@duncanthrax.net> 2003 - 2015
6	* License: GPL	8	* License: GPL
7	* Copyright (c) The Exim Maintainers 2015 - 2020
8	*/	9	*/
9		10
10	/* Code for calling virus (malware) scanners. Called from acl.c. */	11	/* Code for calling virus (malware) scanners. Called from acl.c. */
Lines 129-136 Link Here
129	#define MALWARE_TIMEOUT 120 /* default timeout, seconds */	130	#define MALWARE_TIMEOUT 120 /* default timeout, seconds */
130		131
131	static const uschar * malware_regex_default = US ".+";	132	static const uschar * malware_regex_default = US ".+";
132	static const pcre * malware_default_re = NULL;	133	static const pcre2_code * malware_default_re = NULL;
133
134		134
135		135
136	#ifndef DISABLE_MAL_CLAM	136	#ifndef DISABLE_MAL_CLAM
Lines 157-191 Link Here
157	# define DERR_BAD_CALL (1<<15) /* wrong command */	157	# define DERR_BAD_CALL (1<<15) /* wrong command */
158		158
159	static const uschar * drweb_re_str = US "infected\\swith\\s*(.+?)$";	159	static const uschar * drweb_re_str = US "infected\\swith\\s*(.+?)$";
160	static const pcre * drweb_re = NULL;	160	static const pcre2_code * drweb_re = NULL;
161	#endif	161	#endif
162		162
163	#ifndef DISABLE_MAL_FSECURE	163	#ifndef DISABLE_MAL_FSECURE
164	static const uschar * fsec_re_str = US "\\S{0,5}INFECTED\\t[^\\t]\\t([^\\t]+)\\t\\S$";	164	static const uschar * fsec_re_str = US "\\S{0,5}INFECTED\\t[^\\t]\\t([^\\t]+)\\t\\S$";
165	static const pcre * fsec_re = NULL;	165	static const pcre2_code * fsec_re = NULL;
166	#endif	166	#endif
167		167
168	#ifndef DISABLE_MAL_KAV	168	#ifndef DISABLE_MAL_KAV
169	static const uschar * kav_re_sus_str = US "suspicion:\\s(.+?)\\s$";	169	static const uschar * kav_re_sus_str = US "suspicion:\\s(.+?)\\s$";
170	static const uschar * kav_re_inf_str = US "infected:\\s(.+?)\\s$";	170	static const uschar * kav_re_inf_str = US "infected:\\s(.+?)\\s$";
171	static const pcre * kav_re_sus = NULL;	171	static const pcre2_code * kav_re_sus = NULL;
172	static const pcre * kav_re_inf = NULL;	172	static const pcre2_code * kav_re_inf = NULL;
173	#endif	173	#endif
174		174
175	#ifndef DISABLE_MAL_AVAST	175	#ifndef DISABLE_MAL_AVAST
176	static const uschar * ava_re_clean_str = US "(?!\\\\)\\t\\[\\+\\]";	176	static const uschar * ava_re_clean_str = US "(?!\\\\)\\t\\[\\+\\]";
177	static const uschar * ava_re_virus_str = US "(?!\\\\)\\t\\[L\\]\\d+\\.0\\t0\\s(.*)";	177	static const uschar * ava_re_virus_str = US "(?!\\\\)\\t\\[L\\]\\d+\\.0\\t0\\s(.*)";
178	static const uschar * ava_re_error_str = US "(?!\\\\)\\t\\[E\\]\\d+\\.0\\tError\\s\\d+\\s(.*)";	178	static const uschar * ava_re_error_str = US "(?!\\\\)\\t\\[E\\]\\d+\\.0\\tError\\s\\d+\\s(.*)";
179	static const pcre * ava_re_clean = NULL;	179	static const pcre2_code * ava_re_clean = NULL;
180	static const pcre * ava_re_virus = NULL;	180	static const pcre2_code * ava_re_virus = NULL;
181	static const pcre * ava_re_error = NULL;	181	static const pcre2_code * ava_re_error = NULL;
182	#endif	182	#endif
183		183
184	#ifndef DISABLE_MAL_FFROT6D	184	#ifndef DISABLE_MAL_FFROT6D
185	static const uschar * fprot6d_re_error_str = US "^\\d+\\s<(.+?)>$";	185	static const uschar * fprot6d_re_error_str = US "^\\d+\\s<(.+?)>$";
186	static const uschar * fprot6d_re_virus_str = US "^\\d+\\s<infected:\\s+(.+?)>\\s+.+$";	186	static const uschar * fprot6d_re_virus_str = US "^\\d+\\s<infected:\\s+(.+?)>\\s+.+$";
187	static const pcre * fprot6d_re_error = NULL;	187	static const pcre2_code * fprot6d_re_error = NULL;
188	static const pcre * fprot6d_re_virus = NULL;	188	static const pcre2_code * fprot6d_re_virus = NULL;
189	#endif	189	#endif
190		190
191		191
Lines 220-225 Link Here
220	/* Some (currently avast only) use backslash escaped whitespace,	220	/* Some (currently avast only) use backslash escaped whitespace,
221	this function undoes these escapes */	221	this function undoes these escapes */
222		222
		223	#ifndef DISABLE_MAL_AVAST
223	static inline void	224	static inline void
224	unescape(uschar *p)	225	unescape(uschar *p)
225	{	226	{
Lines 228-233 Link Here
228	if (*p == '\\' && (isspace(p[1]) \|\| p[1] == '\\'))	229	if (*p == '\\' && (isspace(p[1]) \|\| p[1] == '\\'))
229	for (p0 = p; p0; ++p0) p0 = p0[1];	230	for (p0 = p; p0; ++p0) p0 = p0[1];
230	}	231	}
		232	#endif
231		233
232	/* --- malware__defer --- /	234	/* --- malware__defer --- /
233	static inline int	235	static inline int
Lines 250-262 Link Here
250	return malware_panic_defer(string_sprintf("%s %s : %s",	252	return malware_panic_defer(string_sprintf("%s %s : %s",
251	scanent->name, hostport ? hostport : CUS"", str));	253	scanent->name, hostport ? hostport : CUS"", str));
252	}	254	}
253	static inline int
254	m_log_defer(struct scan * scanent, const uschar * hostport,
255	const uschar * str)
256	{
257	return malware_log_defer(string_sprintf("%s %s : %s",
258	scanent->name, hostport ? hostport : CUS"", str));
259	}
260	/* --- m__defer_3 /	255	/* --- m__defer_3 /
261	static inline int	256	static inline int
262	m_panic_defer_3(struct scan * scanent, const uschar * hostport,	257	m_panic_defer_3(struct scan * scanent, const uschar * hostport,
Lines 277-284 Link Here
277	m_tcpsocket(const uschar * hostname, unsigned int port,	272	m_tcpsocket(const uschar * hostname, unsigned int port,
278	host_item * host, uschar ** errstr, const blob * fastopen_blob)	273	host_item * host, uschar ** errstr, const blob * fastopen_blob)
279	{	274	{
280	return ip_connectedsocket(SOCK_STREAM, hostname, port, port, 5,	275	int fd = ip_connectedsocket(SOCK_STREAM, hostname, port, port, 5,
281	host, errstr, fastopen_blob);	276	host, errstr, fastopen_blob);
		277	#ifdef EXIM_TFO_FREEBSD
		278	/* Under some fault conditions, FreeBSD 12.2 seen to send a (non-TFO) SYN
		279	and, getting no response, wait for a long time. Impose a 5s max. */
		280	if (fd >= 0)
		281	(void) poll_one_fd(fd, POLLOUT, 5 * 1000);
		282	#endif
		283	return fd;
282	}	284	}
283	#endif	285	#endif
284		286
Lines 296-332 Link Here
296	return sock;	298	return sock;
297	}	299	}
298		300
299	static const pcre *	301	static const pcre2_code *
300	m_pcre_compile(const uschar * re, uschar ** errstr)	302	m_pcre_compile(const uschar * re, uschar ** errstr)
301	{	303	{
302	const uschar * rerror;	304	int err;
303	int roffset;	305	PCRE2_SIZE roffset;
304	const pcre * cre;	306	const pcre2_code * cre;
305		307
306	if (!(cre = pcre_compile(CS re, PCRE_COPT, CCSS &rerror, &roffset, NULL)))	308	if (!(cre = pcre2_compile((PCRE2_SPTR)re, PCRE2_ZERO_TERMINATED,
307	*errstr= string_sprintf("regular expression error in '%s': %s at offset %d",	309	PCRE_COPT, &err, &roffset, pcre_cmp_ctx)))
308	re, rerror, roffset);	310	{
		311	uschar errbuf[128];
		312	pcre2_get_error_message(err, errbuf, sizeof(errbuf));
		313	*errstr= string_sprintf("regular expression error in '%s': %s at offset %ld",
		314	re, errbuf, (long)roffset);
		315	}
309	return cre;	316	return cre;
310	}	317	}
311		318
312	uschar *	319	uschar *
313	m_pcre_exec(const pcre * cre, uschar * text)	320	m_pcre_exec(const pcre2_code * cre, uschar * text)
314	{	321	{
315	int ovector[10*3];	322	pcre2_match_data * md = pcre2_match_data_create(2, pcre_gen_ctx);
316	int i = pcre_exec(cre, NULL, CS text, Ustrlen(text), 0, 0,	323	int i = pcre2_match(cre, text, PCRE2_ZERO_TERMINATED, 0, 0, md, pcre_mtc_ctx);
317	ovector, nelem(ovector));	324	PCRE2_UCHAR * substr = NULL;
318	uschar * substr = NULL;	325	PCRE2_SIZE slen;
		326
319	if (i >= 2) /* Got it */	327	if (i >= 2) /* Got it */
320	pcre_get_substring(CS text, ovector, i, 1, CCSS &substr);	328	pcre2_substring_get_bynumber(md, 1, &substr, &slen);
321	return substr;	329	return US substr;
322	}	330	}
323		331
324	static const pcre *	332	static const pcre2_code *
325	m_pcre_nextinlist(const uschar ** list, int * sep,	333	m_pcre_nextinlist(const uschar ** list, int * sep,
326	char * listerr, uschar ** errstr)	334	char * listerr, uschar ** errstr)
327	{	335	{
328	const uschar * list_ele;	336	const uschar * list_ele;
329	const pcre * cre = NULL;	337	const pcre2_code * cre = NULL;
330		338
331	if (!(list_ele = string_nextinlist(list, sep, NULL, 0)))	339	if (!(list_ele = string_nextinlist(list, sep, NULL, 0)))
332	*errstr = US listerr;	340	*errstr = US listerr;
Lines 386-391 Link Here
386	}	394	}
387		395
388	/* return TRUE iff size as requested */	396	/* return TRUE iff size as requested */
		397	#ifndef DISABLE_MAL_DRWEB
389	static BOOL	398	static BOOL
390	recv_len(int sock, void * buf, int size, time_t tmo)	399	recv_len(int sock, void * buf, int size, time_t tmo)
391	{	400	{
Lines 393-398 Link Here
393	? recv(sock, buf, size, 0) == size	402	? recv(sock, buf, size, 0) == size
394	: FALSE;	403	: FALSE;
395	}	404	}
		405	#endif
396		406
397		407
398		408
Lines 574-580 Link Here
574	uschar *scanner_name;	584	uschar *scanner_name;
575	unsigned long mbox_size;	585	unsigned long mbox_size;
576	FILE *mbox_file;	586	FILE *mbox_file;
577	const pcre *re;	587	const pcre2_code *re;
578	uschar * errstr;	588	uschar * errstr;
579	struct scan * scanent;	589	struct scan * scanent;
580	const uschar * scanner_options;	590	const uschar * scanner_options;
Lines 916-922 Link Here
916	/* read and concatenate virus names into one string */	926	/* read and concatenate virus names into one string */
917	for (int i = 0; i < drweb_vnum; i++)	927	for (int i = 0; i < drweb_vnum; i++)
918	{	928	{
919	int ovector[10*3];	929	pcre2_match_data * md = pcre2_match_data_create(2, pcre_gen_ctx);
920		930
921	/* read the size of report */	931	/* read the size of report */
922	if (!recv_len(malware_daemon_ctx.sock, &drweb_slen, sizeof(drweb_slen), tmo))	932	if (!recv_len(malware_daemon_ctx.sock, &drweb_slen, sizeof(drweb_slen), tmo))
Lines 925-931 Link Here
925	drweb_slen = ntohl(drweb_slen);	935	drweb_slen = ntohl(drweb_slen);
926		936
927	/* assume tainted, since it is external input */	937	/* assume tainted, since it is external input */
928	tmpbuf = store_get(drweb_slen, TRUE);	938	tmpbuf = store_get(drweb_slen, GET_TAINTED);
929		939
930	/* read report body */	940	/* read report body */
931	if (!recv_len(malware_daemon_ctx.sock, tmpbuf, drweb_slen, tmo))	941	if (!recv_len(malware_daemon_ctx.sock, tmpbuf, drweb_slen, tmo))
Lines 934-955 Link Here
934	tmpbuf[drweb_slen] = '\0';	944	tmpbuf[drweb_slen] = '\0';
935		945
936	/* try matcher on the line, grab substring */	946	/* try matcher on the line, grab substring */
937	result = pcre_exec(drweb_re, NULL, CS tmpbuf, Ustrlen(tmpbuf), 0, 0,	947	result = pcre2_match(drweb_re, (PCRE2_SPTR)tmpbuf, PCRE2_ZERO_TERMINATED,
938	ovector, nelem(ovector));	948	0, 0, md, pcre_mtc_ctx);
939	if (result >= 2)	949	if (result >= 2)
940	{	950	{
941	const char * pre_malware_nb;	951	PCRE2_SIZE * ovec = pcre2_get_ovector_pointer(md);
942
943	pcre_get_substring(CS tmpbuf, ovector, result, 1, &pre_malware_nb);
944		952
945	if (i==0) /* the first name we just copy to malware_name */	953	if (i==0) /* the first name we just copy to malware_name */
946	g = string_cat(NULL, US pre_malware_nb);	954	g = string_catn(NULL, US ovec[2], ovec[3] - ovec[2]);
947		955
948	/XXX could be string_append_listele? /
949	else /* concatenate each new virus name to previous */	956	else /* concatenate each new virus name to previous */
950	g = string_append(g, 2, "/", pre_malware_nb);	957	{
951		958	g = string_catn(g, US"/", 1);
952	pcre_free_substring(pre_malware_nb);	959	g = string_catn(g, US ovec[2], ovec[3] - ovec[2]);
		960	}
953	}	961	}
954	}	962	}
955	malware_name = string_from_gstring(g);	963	malware_name = string_from_gstring(g);
Lines 1142-1148 Link Here
1142	int kav_rc;	1150	int kav_rc;
1143	unsigned long kav_reportlen;	1151	unsigned long kav_reportlen;
1144	int bread;	1152	int bread;
1145	const pcre *kav_re;	1153	const pcre2_code *kav_re;
1146	uschar *p;	1154	uschar *p;
1147		1155
1148	/* get current date and time, build scan request */	1156	/* get current date and time, build scan request */
Lines 1251-1258 Link Here
1251	case M_CMDL: /* "cmdline" scanner type ---------------------------------- */	1259	case M_CMDL: /* "cmdline" scanner type ---------------------------------- */
1252	{	1260	{
1253	const uschar *cmdline_scanner = scanner_options;	1261	const uschar *cmdline_scanner = scanner_options;
1254	const pcre *cmdline_trigger_re;	1262	const pcre2_code *cmdline_trigger_re;
1255	const pcre *cmdline_regex_re;	1263	const pcre2_code *cmdline_regex_re;
1256	uschar * file_name;	1264	uschar * file_name;
1257	uschar * commandline;	1265	uschar * commandline;
1258	void (*eximsigchld)(int);	1266	void (*eximsigchld)(int);
Lines 1446-1454 Link Here
1446	uschar av_buffer[1024];	1454	uschar av_buffer[1024];
1447	uschar *hostname = US"";	1455	uschar *hostname = US"";
1448	host_item connhost;	1456	host_item connhost;
1449	uschar *clamav_fbuf;	1457	int clam_fd;
1450	int clam_fd, result;
1451	off_t fsize;
1452	unsigned int fsize_uint;	1458	unsigned int fsize_uint;
1453	BOOL use_scan_command = FALSE;	1459	BOOL use_scan_command = FALSE;
1454	clamd_address * cv[MAX_CLAMD_SERVERS];	1460	clamd_address * cv[MAX_CLAMD_SERVERS];
Lines 1466-1474 Link Here
1466	int subsep = ' ';	1472	int subsep = ' ';
1467		1473
1468	/* Local file; so we def want to use_scan_command and don't want to try	1474	/* Local file; so we def want to use_scan_command and don't want to try
1469	* passing IP/port combinations */	1475	passing IP/port combinations */
1470	use_scan_command = TRUE;	1476	use_scan_command = TRUE;
1471	cd = (clamd_address *) store_get(sizeof(clamd_address), FALSE);	1477	cd = (clamd_address *) store_get(sizeof(clamd_address), GET_UNTAINTED);
1472		1478
1473	/* extract socket-path part */	1479	/* extract socket-path part */
1474	sublist = scanner_options;	1480	sublist = scanner_options;
Lines 1502-1508 Link Here
1502	continue;	1508	continue;
1503	}	1509	}
1504		1510
1505	cd = (clamd_address *) store_get(sizeof(clamd_address), FALSE);	1511	cd = (clamd_address *) store_get(sizeof(clamd_address), GET_UNTAINTED);
1506		1512
1507	/* extract host and port part */	1513	/* extract host and port part */
1508	sublist = scanner_options;	1514	sublist = scanner_options;
Lines 1555-1570 Link Here
1555	{ cmd_str.data = US"zINSTREAM"; cmd_str.len = 10; }	1561	{ cmd_str.data = US"zINSTREAM"; cmd_str.len = 10; }
1556	else	1562	else
1557	{	1563	{
1558	cmd_str.data = string_sprintf("SCAN %s\n", eml_filename);	1564	int n;
1559	cmd_str.len = Ustrlen(cmd_str.data);	1565	cmd_str.data = string_sprintf("SCAN %s\n%n", eml_filename, &n);
		1566	cmd_str.len = n; /* .len is a size_t */
1560	}	1567	}
1561		1568
1562	/* We have some network servers specified */	1569	/* We have some network servers specified */
1563	if (num_servers)	1570	if (num_servers)
1564	{	1571	{
1565	/* Confirmed in ClamAV source (0.95.3) that the TCPAddr option of clamd	1572	/* Confirmed in ClamAV source (0.95.3) that the TCPAddr option of clamd
1566	* only supports AF_INET, but we should probably be looking to the	1573	only supports AF_INET, but we should probably be looking to the
1567	* future and rewriting this to be protocol-independent anyway. */	1574	future and rewriting this to be protocol-independent anyway. */
1568		1575
1569	while (num_servers > 0)	1576	while (num_servers > 0)
1570	{	1577	{
Lines 1575-1590 Link Here
1575	cd->hostspec, cd->tcp_port);	1582	cd->hostspec, cd->tcp_port);
1576		1583
1577	/* Lookup the host. This is to ensure that we connect to the same IP	1584	/* Lookup the host. This is to ensure that we connect to the same IP
1578	* on both connections (as one host could resolve to multiple ips) */	1585	on both connections (as one host could resolve to multiple ips) */
1579	for (;;)	1586	for (;;)
1580	{	1587	{
1581	/XXX we trust that the cmd_str is ideempotent /	1588	/XXX we trust that the cmd_str is idempotent /
1582	if ((malware_daemon_ctx.sock = m_tcpsocket(cd->hostspec, cd->tcp_port,	1589	if ((malware_daemon_ctx.sock = m_tcpsocket(cd->hostspec, cd->tcp_port,
1583	&connhost, &errstr, &cmd_str)) >= 0)	1590	&connhost, &errstr,
		1591	use_scan_command ? &cmd_str : NULL)) >= 0)
1584	{	1592	{
1585	/* Connection successfully established with a server */	1593	/* Connection successfully established with a server */
1586	hostname = cd->hostspec;	1594	hostname = cd->hostspec;
1587	cmd_str.len = 0;	1595	if (use_scan_command) cmd_str.len = 0;
1588	break;	1596	break;
1589	}	1597	}
1590	if (cd->retry <= 0) break;	1598	if (cd->retry <= 0) break;
Lines 1618-1637 Link Here
1618	}	1626	}
1619		1627
1620	/* have socket in variable "sock"; command to use is semi-independent of	1628	/* have socket in variable "sock"; command to use is semi-independent of
1621	* the socket protocol. We use SCAN if is local (either Unix/local	1629	the socket protocol. We use SCAN if is local (either Unix/local
1622	* domain socket, or explicitly told local) else we stream the data.	1630	domain socket, or explicitly told local) else we stream the data.
1623	* How we stream the data depends upon how we were built. */	1631	How we stream the data depends upon how we were built. */
1624		1632
1625	if (!use_scan_command)	1633	if (!use_scan_command)
1626	{	1634	{
		1635	struct stat st;
		1636	#if defined(EXIM_TCP_CORK) && !defined(OS_SENDFILE)
		1637	BOOL corked = TRUE;
		1638	#endif
1627	/* New protocol: "zINSTREAM\n" followed by a sequence of <length><data>	1639	/* New protocol: "zINSTREAM\n" followed by a sequence of <length><data>
1628	chunks, <n> a 4-byte number (network order), terminated by a zero-length	1640	chunks, <n> a 4-byte number (network order), terminated by a zero-length
1629	chunk. */	1641	chunk. We only send one chunk. */
1630		1642
1631	DEBUG(D_acl) debug_printf_indent(	1643	DEBUG(D_acl) debug_printf_indent(
1632	"Malware scan: issuing %s new-style remote scan (zINSTREAM)\n",	1644	"Malware scan: issuing %s new-style remote scan (zINSTREAM)\n",
1633	scanner_name);	1645	scanner_name);
1634		1646
		1647	#if defined(EXIM_TCP_CORK)
		1648	(void) setsockopt(malware_daemon_ctx.sock, IPPROTO_TCP, EXIM_TCP_CORK,
		1649	US &on, sizeof(on));
		1650	#endif
1635	/* Pass the string to ClamAV (10 = "zINSTREAM\0"), if not already sent */	1651	/* Pass the string to ClamAV (10 = "zINSTREAM\0"), if not already sent */
1636	if (cmd_str.len)	1652	if (cmd_str.len)
1637	if (send(malware_daemon_ctx.sock, cmd_str.data, cmd_str.len, 0) < 0)	1653	if (send(malware_daemon_ctx.sock, cmd_str.data, cmd_str.len, 0) < 0)
Lines 1640-1646 Link Here
1640	strerror(errno)),	1656	strerror(errno)),
1641	malware_daemon_ctx.sock);	1657	malware_daemon_ctx.sock);
1642		1658
1643	/* calc file size */
1644	if ((clam_fd = exim_open2(CS eml_filename, O_RDONLY)) < 0)	1659	if ((clam_fd = exim_open2(CS eml_filename, O_RDONLY)) < 0)
1645	{	1660	{
1646	int err = errno;	1661	int err = errno;
Lines 1649-1714 Link Here
1649	eml_filename, strerror(err)),	1664	eml_filename, strerror(err)),
1650	malware_daemon_ctx.sock);	1665	malware_daemon_ctx.sock);
1651	}	1666	}
1652	if ((fsize = lseek(clam_fd, 0, SEEK_END)) < 0)	1667	if (fstat(clam_fd, &st) < 0)
1653	{	1668	{
1654	int err;	1669	int err = errno;
1655	b_seek: err = errno;
1656	(void)close(clam_fd);	1670	(void)close(clam_fd);
1657	return m_panic_defer_3(scanent, NULL,	1671	return m_panic_defer_3(scanent, NULL,
1658	string_sprintf("can't seek spool file %s: %s",	1672	string_sprintf("can't stat spool file %s: %s",
1659	eml_filename, strerror(err)),	1673	eml_filename, strerror(err)),
1660	malware_daemon_ctx.sock);	1674	malware_daemon_ctx.sock);
1661	}	1675	}
1662	fsize_uint = (unsigned int) fsize;	1676	fsize_uint = (unsigned int) st.st_size;
1663	if ((off_t)fsize_uint != fsize)	1677	if ((off_t)fsize_uint != st.st_size)
1664	{	1678	{
1665	(void)close(clam_fd);	1679	(void)close(clam_fd);
1666	return m_panic_defer_3(scanent, NULL,	1680	return m_panic_defer_3(scanent, NULL,
1667	string_sprintf("seeking spool file %s, size overflow",	1681	string_sprintf("stat spool file %s, size overflow", eml_filename),
1668	eml_filename),
1669	malware_daemon_ctx.sock);	1682	malware_daemon_ctx.sock);
1670	}	1683	}
1671	if (lseek(clam_fd, 0, SEEK_SET) < 0)
1672	goto b_seek;
1673		1684
1674	if (!(clamav_fbuf = store_malloc(fsize_uint)))	1685	/* send file size */
1675	{	1686	send_size = htonl(fsize_uint);
1676	(void)close(clam_fd);	1687	if (send(malware_daemon_ctx.sock, &send_size, sizeof(send_size), 0) < 0)
1677	return m_panic_defer_3(scanent, NULL,	1688	return m_panic_defer_3(scanent, NULL,
1678	string_sprintf("unable to allocate memory %u for file (%s)",	1689	string_sprintf("unable to send file size to socket (%s)", hostname),
1679	fsize_uint, eml_filename),
1680	malware_daemon_ctx.sock);	1690	malware_daemon_ctx.sock);
1681	}
1682		1691
1683	if ((result = read(clam_fd, clamav_fbuf, fsize_uint)) < 0)	1692	/* send file body */
		1693	while (fsize_uint)
1684	{	1694	{
1685	int err = errno;	1695	#ifdef OS_SENDFILE
1686	store_free(clamav_fbuf); (void)close(clam_fd);	1696	int n = os_sendfile(malware_daemon_ctx.sock, clam_fd, NULL, (size_t)fsize_uint);
1687	return m_panic_defer_3(scanent, NULL,	1697	if (n < 0)
1688	string_sprintf("can't read spool file %s: %s",	1698	return m_panic_defer_3(scanent, NULL,
1689	eml_filename, strerror(err)),	1699	string_sprintf("unable to send file body to socket (%s): %s", hostname, strerror(errno)),
1690	malware_daemon_ctx.sock);	1700	malware_daemon_ctx.sock);
		1701	fsize_uint -= n;
		1702	#else
		1703	int n = MIN(fsize_uint, big_buffer_size);
		1704	if ((n = read(clam_fd, big_buffer, n)) < 0)
		1705	return m_panic_defer_3(scanent, NULL,
		1706	string_sprintf("can't read spool file %s: %s",
		1707	eml_filename, strerror(errno)),
		1708	malware_daemon_ctx.sock);
		1709	if (send(malware_daemon_ctx.sock, big_buffer, (size_t)n, 0) < 0)
		1710	return m_panic_defer_3(scanent, NULL,
		1711	string_sprintf("unable to send file body to socket (%s): %s", hostname, strerror(errno)),
		1712	malware_daemon_ctx.sock);
		1713	fsize_uint -= n;
		1714	# ifdef EXIM_TCP_CORK
		1715	if (corked)
		1716	{
		1717	corked = FALSE;
		1718	(void) setsockopt(malware_daemon_ctx.sock, IPPROTO_TCP, EXIM_TCP_CORK,
		1719	US &off, sizeof(off));
		1720	}
		1721	# endif
		1722	#endif /!OS_SENDFILE/
		1723
1691	}	1724	}
1692	(void)close(clam_fd);
1693		1725
1694	/* send file body to socket */
1695	send_size = htonl(fsize_uint);
1696	send_final_zeroblock = 0;	1726	send_final_zeroblock = 0;
1697	if ((send(malware_daemon_ctx.sock, &send_size, sizeof(send_size), 0) < 0) \|\|	1727	if (send(malware_daemon_ctx.sock, &send_final_zeroblock, sizeof(send_final_zeroblock), 0) < 0)
1698	(send(malware_daemon_ctx.sock, clamav_fbuf, fsize_uint, 0) < 0) \|\|
1699	(send(malware_daemon_ctx.sock, &send_final_zeroblock, sizeof(send_final_zeroblock), 0) < 0))
1700	{
1701	store_free(clamav_fbuf);
1702	return m_panic_defer_3(scanent, NULL,	1728	return m_panic_defer_3(scanent, NULL,
1703	string_sprintf("unable to send file body to socket (%s)", hostname),	1729	string_sprintf("unable to send file terminator to socket (%s)", hostname),
1704	malware_daemon_ctx.sock);	1730	malware_daemon_ctx.sock);
1705	}	1731	#ifdef OS_SENDFILE
1706	store_free(clamav_fbuf);	1732	(void) setsockopt(malware_daemon_ctx.sock, IPPROTO_TCP, EXIM_TCP_CORK,
		1733	US &off, sizeof(off));
		1734	#endif
1707	}	1735	}
1708	else	1736	else
1709	{ /* use scan command */	1737	{ /* use scan command */
1710	/* Send a SCAN command pointing to a filename; then in the then in the	1738	/* Send a SCAN command pointing to a filename; then in the then in the
1711	* scan-method-neutral part, read the response back */	1739	scan-method-neutral part, read the response back */
1712		1740
1713	/* ================================================================= */	1741	/* ================================================================= */
1714		1742
Lines 1733-1742 Link Here
1733	malware_daemon_ctx.sock);	1761	malware_daemon_ctx.sock);
1734		1762
1735	/* Do not shut down the socket for writing; a user report noted that	1763	/* Do not shut down the socket for writing; a user report noted that
1736	* clamd 0.70 does not react well to this. */	1764	clamd 0.70 does not react well to this. */
1737	}	1765	}
1738	/* Commands have been sent, no matter which scan method or connection	1766	/* Commands have been sent, no matter which scan method or connection
1739	* type we're using; now just read the result, independent of method. */	1767	type we're using; now just read the result, independent of method. */
1740		1768
1741	/* Read the result */	1769	/* Read the result */
1742	memset(av_buffer, 0, sizeof(av_buffer));	1770	memset(av_buffer, 0, sizeof(av_buffer));
Lines 1782-1787 Link Here
1782	/* strip newline at the end (won't be present for zINSTREAM)	1810	/* strip newline at the end (won't be present for zINSTREAM)
1783	(also any trailing whitespace, which shouldn't exist, but we depend upon	1811	(also any trailing whitespace, which shouldn't exist, but we depend upon
1784	this below, so double-check) */	1812	this below, so double-check) */
		1813
1785	p = av_buffer + Ustrlen(av_buffer) - 1;	1814	p = av_buffer + Ustrlen(av_buffer) - 1;
1786	if (p == '\n') p = '\0';	1815	if (p == '\n') p = '\0';
1787		1816
Lines 1792-1798 Link Here
1792	if (*p) ++p;	1821	if (*p) ++p;
1793		1822
1794	/* colon in returned output? */	1823	/* colon in returned output? */
1795	if(!(p = Ustrchr(av_buffer,':')))	1824	if (!(p = Ustrchr(av_buffer,':')))
1796	return m_panic_defer(scanent, CUS callout_address, string_sprintf(	1825	return m_panic_defer(scanent, CUS callout_address, string_sprintf(
1797	"ClamAV returned malformed result (missing colon): %s",	1826	"ClamAV returned malformed result (missing colon): %s",
1798	av_buffer));	1827	av_buffer));
Lines 1856-1863 Link Here
1856	uschar * linebuffer;	1885	uschar * linebuffer;
1857	uschar * sockline_scanner;	1886	uschar * sockline_scanner;
1858	uschar sockline_scanner_default[] = "%s\n";	1887	uschar sockline_scanner_default[] = "%s\n";
1859	const pcre *sockline_trig_re;	1888	const pcre2_code *sockline_trig_re;
1860	const pcre *sockline_name_re;	1889	const pcre2_code *sockline_name_re;
1861		1890
1862	/* find scanner command line */	1891	/* find scanner command line */
1863	if ( (sockline_scanner = string_nextinlist(&av_scanner_work, &sep,	1892	if ( (sockline_scanner = string_nextinlist(&av_scanner_work, &sep,
Lines 2096-2102 Link Here
2096	if (malware_name) /* Nothing else matters, just read on */	2125	if (malware_name) /* Nothing else matters, just read on */
2097	break;	2126	break;
2098		2127
2099	if (pcre_exec(ava_re_clean, NULL, CS buf, slen, 0, 0, NULL, 0) == 0)	2128	if (regex_match(ava_re_clean, buf, slen, NULL))
2100	break;	2129	break;
2101		2130
2102	if ((malware_name = m_pcre_exec(ava_re_virus, buf)))	2131	if ((malware_name = m_pcre_exec(ava_re_virus, buf)))
Lines 2117-2123 Link Here
2117	break;	2146	break;
2118	}	2147	}
2119	}	2148	}
2120	else if (pcre_exec(ava_re_error, NULL, CS buf, slen, 0, 0, NULL, 0) == 0)	2149	else if (regex_match(ava_re_error, buf, slen, NULL))
2121	{	2150	{
2122	log_write(0, LOG_MAIN, "internal scanner error (ignored): %s", buf);	2151	log_write(0, LOG_MAIN, "internal scanner error (ignored): %s", buf);
2123	break;	2152	break;




*     Exim - an Internet mail transport agent    *
*************************************************/

/* Copyright (c) The Exim Maintainers 2020 - 2022 */
/* Copyright (c) University of Cambridge 1995 - 2018 */
/* Copyright (c) The Exim Maintainers 2020 */
/* See the file NOTICE for conditions of use and distribution. */

/* Functions for matching strings */

uschar *keyquery, *result, *semicolon;
void *handle;

error = error;  /* Keep clever compilers from complaining */

if (valueptr) *valueptr = NULL;

/* For regular expressions, use cb->origsubject rather than cb->subject so that


if (pattern[0] == '^')
  {
  const pcre2_code * re = regex_must_compile(pattern, cb->caseless, FALSE);
  if (expand_setup < 0
      ? !regex_match(re, s, -1, NULL)
      : !regex_match_and_setup(re, s, 0, expand_setup)
     )
    return FAIL;


/* Set the parameters for the three different kinds of lookup. */

keyquery = search_args(search_type, s, semicolon+1, &filename, opts);
Uskip_whitespace(&keyquery);

if (mac_islookup(search_type, lookup_absfilequery))
  {
  filename = keyquery;
  while (*keyquery && !isspace(*keyquery)) keyquery++;
  filename = string_copyn(filename, keyquery - filename);
  Uskip_whitespace(&keyquery);
  }

else if (!mac_islookup(search_type, lookup_querystyle))
  {
  filename = keyquery;
  keyquery = s;
  }

/* Now do the actual lookup; throw away the data returned unless it was asked
for; partial matching is all handled inside search_find(). Note that there is

  void *arg, int type, const uschar *name, const uschar **valueptr)
{
int yield = OK;
unsigned int * original_cache_bits = *cache_ptr;
BOOL include_unknown = FALSE, ignore_unknown = FALSE,
      include_defer = FALSE, ignore_defer = FALSE;
BOOL include_defer = FALSE;
BOOL ignore_defer = FALSE;
const uschar *list;
uschar *sss;
uschar *ot = NULL;


HDEBUG(D_any)
  {
  uschar * listname = readconf_find_option(listptr);
  if (*listname) ot = string_sprintf("%s in %s?", name, listname);
  }

/* If the list is empty, the answer is no. Skip the debugging output for


if (!*listptr)
  {
  HDEBUG(D_lists) if (ot) debug_printf_indent("%s no (option unset)\n", ot);
  return FAIL;
  }


    {
    if (f.expand_string_forcedfail)
      {
      HDEBUG(D_lists) debug_printf_indent("expansion of \"%s\" forced failure: "
        "assume not in this list\n", *listptr);
      return FAIL;
      }

  }

/* For an unnamed list, use the expanded version in comments */
#define LIST_LIMIT_PR 2048

HDEBUG(D_any) if (!ot)
  {
  int n, m;
  gstring * g = string_fmt_append(NULL, "%s in \"%n%.*s%n\"",
    name, &n, LIST_LIMIT_PR, list, &m);
  if (m - n >= LIST_LIMIT_PR) g = string_catn(g, US"...", 3);
  g = string_catn(g, US"?", 1);
  gstring_release_unused(g);
  ot = string_from_gstring(g);
  }

/* Now scan the list and process each item in turn, until one of them matches,
or we hit an error. */

            so we use the permanent store pool */

            store_pool = POOL_PERM;
            p = store_get(sizeof(namedlist_cacheblock), GET_UNTAINTED);
            p->key = string_copy(get_check_key(arg, type));



            p->next = nb->cache_data;
            nb->cache_data = p;
            if (*valueptr)
              DEBUG(D_lists) debug_printf_indent("data from lookup saved for "
                "cache for %s: key '%s' value '%s'\n", ss, p->key, *valueptr);
            }
          }


      else
        {
        DEBUG(D_lists) debug_printf_indent("cached %s match for %s\n",
          (bits & (-bits)) == bits ? "yes" : "no", ss);

        cached = US" - cached";

              *valueptr = p->data;
              break;
              }
          DEBUG(D_lists) debug_printf_indent("cached lookup data = %s\n", *valueptr);
          }
        }



      if ((bits & (-bits)) == bits)    /* Only one of the two bits is set */
        {
        HDEBUG(D_lists) debug_printf_indent("%s %s (matched \"%s\"%s)\n", ot,
          yield == OK ? "yes" : "no", sss, cached);
        return yield;
        }
      }

      switch ((func)(arg, ss, valueptr, &error))
        {
        case OK:
	  HDEBUG(D_lists) debug_printf_indent("%s %s (matched \"%s\")\n", ot,
	    (yield == OK)? "yes" : "no", sss);
	  return yield;


	    error = string_sprintf("DNS lookup of \"%s\" deferred", ss);
	  if (ignore_defer)
	    {
	    HDEBUG(D_lists) debug_printf_indent("%s: item ignored by +ignore_defer\n",
	      error);
	    break;
	    }

        case ERROR:
	  if (ignore_unknown)
	    {
	    HDEBUG(D_lists) debug_printf_indent("%s: item ignored by +ignore_unknown\n",
	      error);
	    }
	  else
	    {
	    HDEBUG(D_lists) debug_printf_indent("%s %s (%s)\n", ot,
	      include_unknown? "yes":"no", error);
	    if (!include_unknown)
	      {

      if (listname[0] == 0)
        listname = string_sprintf("\"%s\"", *listptr);
      log_write(0, LOG_MAIN|LOG_PANIC_DIE, "%s",
        string_open_failed("%s when checking %s", sss, listname));
      }

    /* Trailing comments are introduced by #, but in an address list or local

        sss = ss + 1;
        }

      ss = filebuffer + Ustrlen(filebuffer);		/* trailing space */
      while (ss > filebuffer && isspace(ss[-1])) ss--;
      *ss = 0;

      ss = filebuffer;
      while (isspace(*ss)) ss++;			/* leading space */

      if (!*ss) continue;				/* ignore empty */

      file_yield = yield;				/* positive yield */
      sss = ss;						/* for debugging */

      if (*ss == '!')					/* negation */
        {
        file_yield = (file_yield == OK)? FAIL : OK;
        while (isspace((*(++ss))));

        {
        case OK:
	  (void)fclose(f);
	  HDEBUG(D_lists) debug_printf_indent("%s %s (matched \"%s\" in %s)\n", ot,
	    yield == OK ? "yes" : "no", sss, filename);

	  /* The "pattern" being matched came from the file; we use a stack-local.

	    error = string_sprintf("DNS lookup of %s deferred", ss);
	  if (ignore_defer)
	    {
	    HDEBUG(D_lists) debug_printf_indent("%s: item ignored by +ignore_defer\n",
	      error);
	    break;
	    }

        case ERROR:		/* host name lookup failed - this can only */
	  if (ignore_unknown)	/* be for an incoming host (not outgoing) */
	    {
	    HDEBUG(D_lists) debug_printf_indent("%s: item ignored by +ignore_unknown\n",
	      error);
	    }
	  else
	   {
	    HDEBUG(D_lists) debug_printf_indent("%s %s (%s)\n", ot,
	      include_unknown? "yes":"no", error);
	    (void)fclose(f);
	    if (!include_unknown)

/* End of list reached: if the last item was negated yield OK, else FAIL. */

HDEBUG(D_lists)
  debug_printf_indent("%s %s (end of list)\n", ot, yield == OK ? "no":"yes");
return yield == OK ? FAIL : OK;

/* Something deferred */

static int
check_address(void *arg, const uschar *pattern, const uschar **valueptr, uschar **error)
{
check_address_block * cb = (check_address_block *)arg;
check_string_block csb;
int rc;
int expand_inc = 0;
unsigned int * null = NULL;
const uschar * listptr;
uschar * subject = cb->address;
const uschar * s;
uschar * pdomain, * sdomain;
uschar * value = NULL;

DEBUG(D_lists) debug_printf_indent("address match test: subject=%s pattern=%s\n",

DEBUG(D_lists) debug_printf("address match test: subject=%s pattern=%s\n",
  subject, pattern);

/* Find the subject's domain */

because other patterns expect to have a local part and a domain to match
against. */

if (!*subject) return *pattern ? FAIL : OK;

/* If the pattern starts with "@@" we have a split lookup, where the domain is
looked up to obtain a list of local parts. If the subject's local part is just

  {
  int watchdog = 50;
  uschar *list, *ss;
  uschar buffer[1024];

  if (sdomain == subject + 1 && *subject == '*') return FAIL;


    /* Look up the local parts provided by the list; negation is permitted.
    If a local part has to begin with !, a regex can be used. */

    while ((ss = string_nextinlist(CUSS &list, &sep, NULL, 0)))
      {
      int local_yield;


      expand_nlength[cb->expand_setup] = sllen - cllen;
      expand_inc = 1;
      }
    value = string_copyn(pattern + 1, cllen);
    }
  else
    {

        ? strncmpic(subject, pattern, sllen) != 0
	: Ustrncmp(subject, pattern, sllen) != 0) return FAIL;
    }
    value = string_copyn(pattern, sllen);
  }

/* If the local part matched, or was not being checked, check the domain using

listptr = pdomain ? pdomain + 1 : pattern;
if (valueptr) *valueptr = NULL;

  {
  const uschar * dvalue = NULL;
  rc = match_check_list(
    &listptr,                  /* list of one item */
    UCHAR_MAX+1,               /* impossible separator; single item */
    &domainlist_anchor,        /* it's a domain list */
    &null,                     /* ptr to NULL means no caching */
    check_string,              /* the function to do one test */
    &csb,                      /* its data */
    MCL_DOMAIN + MCL_NOEXPAND, /* domain list; don't expand */
    csb.subject,               /* string for messages */
    &dvalue);                       /* where to pass back lookup data */
  if (valueptr && (value || dvalue))
    *valueptr = string_sprintf("%s@%s",
		  value ? value : US"", dvalue ? dvalue : US"");
  }
return rc;
}



patterns.) Otherwise just the domain is lower cases. A magic item "+caseful" in
the list can be used to restore a caseful copy of the local part from the
original address.
Limit the subject address size to avoid mem-exhaustion attacks.  The size chosen
is historical (we used to use big_buffer here). */

if ((len = Ustrlen(address)) > BIG_BUFFER_SIZE) len = BIG_BUFFER_SIZE;
ab.address = string_copyn(address, len);

Lines 2-10 Link Here

(-)exim.orig/src/mime.c (-3 / +4 lines)
2	* Exim - an Internet mail transport agent *	2	* Exim - an Internet mail transport agent *
3	*************************************************/	3	*************************************************/
4		4
5	/* Copyright (c) Tom Kistner <tom@duncanthrax.net> 2004 - 2015	5	/*
		6	* Copyright (c) The Exim Maintainers 2015 - 2022
		7	* Copyright (c) Tom Kistner <tom@duncanthrax.net> 2004 - 2015
6	* License: GPL	8	* License: GPL
7	* Copyright (c) The Exim Maintainers 2015 - 2020
8	*/	9	*/
9		10
10	#include "exim.h"	11	#include "exim.h"
Lines 501-507 Link Here
501	struct mime_boundary_context nested_context;	502	struct mime_boundary_context nested_context;
502		503
503	/* reserve a line buffer to work in. Assume tainted data. */	504	/* reserve a line buffer to work in. Assume tainted data. */
504	header = store_get(MIME_MAX_HEADER_SIZE+1, TRUE);	505	header = store_get(MIME_MAX_HEADER_SIZE+1, GET_TAINTED);
505		506
506	/* Not actually used at the moment, but will be vital to fixing	507	/* Not actually used at the moment, but will be vital to fixing
507	* some RFC 2046 nonconformance later... */	508	* some RFC 2046 nonconformance later... */




*     Exim - an Internet mail transport agent    *
*************************************************/

/* Copyright (c) The Exim Maintainers 2020 - 2022 */
/* Copyright (c) University of Cambridge 1995 - 2018 */
/* Copyright (c) The Exim Maintainers 2020 */
/* See the file NOTICE for conditions of use and distribution. */

/* Functions for sending messages to sender or to mailmaster. */

  if (bounce_return_body && message_file)
    {
    BOOL enddot = f.dot_ends && message_file == stdin;
    uschar * buf = store_get(bounce_return_linesize_limit+2, GET_TAINTED);

    if (firstline) fprintf(fp, "%s", CS firstline);


uschar *item, *localpart, *domain;
const uschar *listptr = errors_copy;
uschar *yield = NULL;
uschar buffer[256];
int sep = 0;
int llen;



/* Scan through the configured items */

while ((item = string_nextinlist(&listptr, &sep, NULL, 0)))
  {
  const uschar *newaddress = item;
  const uschar *pattern = string_dequote(&newaddress);

Lines 2-9 Link Here

(-)exim.orig/src/mytypes.h (-5 / +14 lines)
2	* Exim - an Internet mail transport agent *	2	* Exim - an Internet mail transport agent *
3	*************************************************/	3	*************************************************/
4		4
		5	/* Copyright (c) The Exim Maintainers 2020 - 2022 */
5	/* Copyright (c) University of Cambridge 1995 - 2018 */	6	/* Copyright (c) University of Cambridge 1995 - 2018 */
6	/* Copyright (c) The Exim Maintainers 2020 */
7	/* See the file NOTICE for conditions of use and distribution. */	7	/* See the file NOTICE for conditions of use and distribution. */
8		8
9		9
Lines 30-57 Link Here
30		30
31		31
32	/* If gcc is being used to compile Exim, we can use its facility for checking	32	/* If gcc is being used to compile Exim, we can use its facility for checking
33	the arguments of printf-like functions. This is done by a macro. */	33	the arguments of printf-like functions. This is done by a macro.
		34	OpenBSD has unfortunately taken to objecting to use of %n in printf
		35	so we have to give up on all of the available parameter checking. */
34		36
35	#if defined(__GNUC__) \|\| defined(__clang__)	37	#if defined(__GNUC__) \|\| defined(__clang__)
36	# define PRINTF_FUNCTION(A,B) __attribute__((format(printf,A,B)))	38	# ifndef __OpenBSD__
		39	# define PRINTF_FUNCTION(A,B) __attribute__((format(printf,A,B)))
		40	# endif
37	# define ARG_UNUSED __attribute__((__unused__))	41	# define ARG_UNUSED __attribute__((__unused__))
		42	# define FUNC_MAYBE_UNUSED __attribute__((__unused__))
38	# define WARN_UNUSED_RESULT __attribute__((__warn_unused_result__))	43	# define WARN_UNUSED_RESULT __attribute__((__warn_unused_result__))
39	# define ALLOC __attribute__((malloc))	44	# define ALLOC __attribute__((malloc))
40	# define ALLOC_SIZE(A) __attribute__((alloc_size(A)))	45	# define ALLOC_SIZE(A) __attribute__((alloc_size(A)))
41	# define NORETURN __attribute__((noreturn))	46	# define NORETURN __attribute__((noreturn))
42	#else	47	#else
43	# define PRINTF_FUNCTION(A,B)
44	# define ARG_UNUSED /**/	48	# define ARG_UNUSED /**/
		49	# define FUNC_MAYBE_UNUSED /**/
45	# define WARN_UNUSED_RESULT /**/	50	# define WARN_UNUSED_RESULT /**/
46	# define ALLOC /**/	51	# define ALLOC /**/
47	# define ALLOC_SIZE(A) /**/	52	# define ALLOC_SIZE(A) /**/
48	# define NORETURN /**/	53	# define NORETURN /**/
49	#endif	54	#endif
50		55
		56	#ifndef PRINTF_FUNCTION
		57	# define PRINTF_FUNCTION(A,B) /**/
		58	#endif
		59
51	#ifdef WANT_DEEPER_PRINTF_CHECKS	60	#ifdef WANT_DEEPER_PRINTF_CHECKS
52	# define ALMOST_PRINTF(A, B) PRINTF_FUNCTION(A, B)	61	# define ALMOST_PRINTF(A, B) PRINTF_FUNCTION(A, B)
53	#else	62	#else
54	# define ALMOST_PRINTF(A, B)	63	# define ALMOST_PRINTF(A, B) /**/
55	#endif	64	#endif
56		65
57		66

Lines 2-7 Link Here

(-)exim.orig/src/os.c (-8 / +11 lines)
2	* Exim - an Internet mail transport agent *	2	* Exim - an Internet mail transport agent *
3	*************************************************/	3	*************************************************/
4		4
		5	/* Copyright (c) The Exim Maintainers 2021 - 2022 */
5	/* Copyright (c) University of Cambridge 1995 - 2018 */	6	/* Copyright (c) University of Cambridge 1995 - 2018 */
6	/* See the file NOTICE for conditions of use and distribution. */	7	/* See the file NOTICE for conditions of use and distribution. */
7		8
Lines 495-503 Link Here
495		496
496	for (struct ifaddrs * ifa = ifalist; ifa; ifa = ifa->ifa_next)	497	for (struct ifaddrs * ifa = ifalist; ifa; ifa = ifa->ifa_next)
497	{	498	{
498	if (ifa->ifa_addr->sa_family != AF_INET	499	struct sockaddr * ifa_addr = ifa->ifa_addr;
		500	if (!ifa_addr) continue;
		501	if (ifa_addr->sa_family != AF_INET
499	#if HAVE_IPV6	502	#if HAVE_IPV6
500	&& ifa->ifa_addr->sa_family != AF_INET6	503	&& ifa_addr->sa_family != AF_INET6
501	#endif /* HAVE_IPV6 */	504	#endif /* HAVE_IPV6 */
502	)	505	)
503	continue;	506	continue;
Lines 508-519 Link Here
508	/* Create a data block for the address, fill in the data, and put it on the	511	/* Create a data block for the address, fill in the data, and put it on the
509	chain. */	512	chain. */
510		513
511	next = store_get(sizeof(ip_address_item), FALSE);	514	next = store_get(sizeof(ip_address_item), GET_UNTAINTED);
512	next->next = NULL;	515	next->next = NULL;
513	next->port = 0;	516	next->port = 0;
514	(void)host_ntoa(-1, ifa->ifa_addr, next->address, NULL);	517	(void)host_ntoa(-1, ifa_addr, next->address, NULL);
515		518
516	if (yield == NULL)	519	if (!yield)
517	yield = last = next;	520	yield = last = next;
518	else	521	else
519	{	522	{
Lines 743-749 Link Here
743	/* Create a data block for the address, fill in the data, and put it on the	746	/* Create a data block for the address, fill in the data, and put it on the
744	chain. */	747	chain. */
745		748
746	next = store_get(sizeof(ip_address_item), FALSE);	749	next = store_get(sizeof(ip_address_item), GET_UNTAINTED);
747	next->next = NULL;	750	next->next = NULL;
748	next->port = 0;	751	next->port = 0;
749	(void)host_ntoa(-1, addrp, next->address, NULL);	752	(void)host_ntoa(-1, addrp, next->address, NULL);
Lines 775-787 Link Here
775	ip_address_item *	778	ip_address_item *
776	os_common_find_running_interfaces(void)	779	os_common_find_running_interfaces(void)
777	{	780	{
778	ip_address_item *yield = store_get(sizeof(address_item), FALSE);	781	ip_address_item *yield = store_get(sizeof(address_item), GET_UNTAINTED);
779	yield->address = US"127.0.0.1";	782	yield->address = US"127.0.0.1";
780	yield->port = 0;	783	yield->port = 0;
781	yield->next = NULL;	784	yield->next = NULL;
782		785
783	#if HAVE_IPV6	786	#if HAVE_IPV6
784	yield->next = store_get(sizeof(address_item), FALSE);	787	yield->next = store_get(sizeof(address_item), GET_UNTAINTED);
785	yield->next->address = US"::1";	788	yield->next->address = US"::1";
786	yield->next->port = 0;	789	yield->next->port = 0;
787	yield->next->next = NULL;	790	yield->next->next = NULL;




*     Exim - an Internet mail transport agent    *
*************************************************/

/* Copyright (c) The Exim Maintainers 2020 - 2022 */
/* Copyright (c) University of Cambridge 1995 - 2018 */
/* Copyright (c) The Exim Maintainers 2020 */
/* See the file NOTICE for conditions of use and distribution. */

/* Functions for parsing addresses */


#ifdef STAND_ALONE

address_item *
deliver_make_addr(uschar *address, BOOL copy)
{
address_item *addr = store_get(sizeof(address_item), GET_UNTAINTED);
addr->next = NULL;
addr->parent = NULL;
addr->address = address;
return addr;
}

uschar *
rewrite_address(uschar *recipient, BOOL dummy1, BOOL dummy2, rewrite_rule
  *dummy3, int dummy4)
{
return recipient;
}

uschar *
rewrite_address_qualify(uschar *recipient, BOOL dummy1)
{
return recipient;
}

*/

uschar *
parse_find_address_end(const uschar *s, BOOL nl_ends)
{
BOOL source_routing = *s == '@';
int no_term = source_routing? 1 : 0;

    }
  }

return US s;
}



in []. Make sure the output is set to the null string if there is a syntax
error as well as if there is no domain at all.

Optionally, msg_id domain literals ( printable-ascii enclosed in [] )
are permitted.

Arguments:
  s          current character pointer
  t          where to put the domain
  msg_id_literals     flag for relaxed domain-literal processing
  errorptr   put error message here on failure (*t will be 0 on exit)

Returns:     new character pointer
*/

static const uschar *
read_domain(const uschar *s, uschar *t, BOOL msg_id_literals, uschar **errorptr)
{
uschar *tt = t;
s = skip_comment(s);

    t += 5;
    s += 5;
    }

  if (msg_id_literals)
    while (*s >= 33 && *s <= 90 || *s >= 94 && *s <= 126) *t++ = *s++;
  else
    while (*s == '.' || *s == ':' || isxdigit(*s)) *t++ = *s++;

  if (*s == ']') *t++ = *s++; else
    {

    *tt = 0;
    }

  if (!allow_domain_literals && !msg_id_literals)
    {
    *errorptr = US"domain literals not allowed";
    *tt = 0;

while (*s == '@')
  {
  *t++ = '@';
  s = read_domain(s+1, t, FALSE, errorptr);
  if (*t == 0) return s;
  t += Ustrlen((const uschar *)t);
  if (*s != ',') break;

      t += Ustrlen((const uschar *)t);
      *t++ = *s++;
      *domainptr = t;
      s = read_domain(s, t, FALSE, errorptr);
      }
return s;
}

parse_extract_address(const uschar *mailbox, uschar **errorptr, int *start, int *end,
  int *domain, BOOL allow_null)
{
uschar * yield = store_get(Ustrlen(mailbox) + 1, mailbox);
const uschar *startptr, *endptr;
const uschar *s = US mailbox;
uschar *t = US yield;


if (*s != '@' && *s != '<')
  {
  if (!*s || *s == ';')
    {
    if (!*t) FAILED(US"empty address");
    endptr = last_comment_position;
    goto PARSE_SUCCEEDED;              /* Bare local part */
    }

    }

  endptr = s;
  if (*errorptr) goto PARSE_FAILED;
  while (bracket_count-- > 0) if (*s++ != '>')
    {
    *errorptr = s[-1] == 0

not enclosed in <> as well, which is indicated by an empty first local
part preceding '@'. The source routing is, however, ignored. */

else if (!*t)
  {
  uschar *domainptr = yield;
  s = read_route(s, t, errorptr);
  if (*errorptr) goto PARSE_FAILED;
  *t = 0;         /* Ensure route is ignored - probably overkill */
  s = read_addr_spec(s, t, 0, errorptr, &domainptr);
  if (*errorptr) goto PARSE_FAILED;
  *domain = domainptr - yield;
  endptr = last_comment_position;
  if (*domain == 0) FAILED(US"domain missing in source-routed address");

  t += Ustrlen((const uschar *)t);
  *t++ = *s++;
  *domain = t - yield;
  s = read_domain(s, t, TRUE, errorptr);
  if (!*t) goto PARSE_FAILED;
  endptr = last_comment_position;
  }


move it back past white space if necessary. */

PARSE_SUCCEEDED:
if (*s)
  {
  if (f.parse_found_group && *s == ';')
    {

*/

const uschar *
parse_quote_2047(const uschar *string, int len, const uschar *charset,
  BOOL fold)
{
const uschar * s = string;
int hlen, l;

    { g = string_catn(g, s, 1); first_byte = FALSE; }
  }

if (coded)
  string = string_from_gstring(g = string_catn(g, US"?=", 2));
else
  g->ptr = -1;

gstring_release_unused(g);
return string;
}



/* No non-printers; use the RFC 822 quoting rules */

if (len <= 0 || len >= INT_MAX/4)
  return string_copy_taint(CUS"", phrase);
  return string_copy_taint(CUS"", is_tainted(phrase));
  }

buffer = store_get((len+1)*4, phrase);

s = phrase;
end = s + len;

*/

int
parse_forward_list(const uschar *s, int options, address_item **anchor,
  uschar **error, const uschar *incoming_domain, const uschar *directory,
  error_block **syntax_errors)
{
int count = 0;


for (;;)
  {
  int len, special = 0, specopt = 0, specbit = 0;
  const uschar * ss, * nexts;
  address_item * addr;
  int specbit = 0;
  uschar *ss, *nexts;
  address_item *addr;
  BOOL inquote = FALSE;

  for (;;)
    {
    while (isspace(*s) || *s == ',') s++;
    if (*s == '#') { while (*s && *s != '\n') s++; } else break;
    }

  /* When we reach the end of the list, we return FF_DELIVERED if any child

    syntax error has been skipped. I now think it is the wrong approach, but
    have left this here just in case, and for the record. */

#ifdef NEVER
    if (count > 0) return FF_DELIVERED;   /* Something was generated */

    if (!syntax_errors ||          /* Not skipping syntax errors, or */
       !*syntax_errors)            /*   we didn't actually skip any */
      return FF_NOTDELIVERED;

    *error = string_sprintf("no addresses generated: syntax error in %s: %s",
       (*syntax_errors)->text2, (*syntax_errors)->text1);
    return FF_ERROR;
#endif

    }

  /* Find the end of the next address. Quoted strings in addresses may contain


  /* Remove any trailing spaces; we know there's at least one non-space. */

  while (isspace(ss[-1])) ss--;

  /* We now have s->start and ss->end of the next address. Remove quotes
  if they completely enclose, remembering the address started with a quote

    ss--;
    inquote = TRUE;
    while (s < ss && isspace(*s)) s++;
    while (ss > s && isspace(ss[-1])) ss--;
    }

  /* Set up the length of the address. */

  len = ss - s;

  DEBUG(D_route) debug_printf("extract item: %.*s\n", len, s);
    {
    int save = s[len];
    s[len] = 0;
    debug_printf("extract item: %s\n", s);
    s[len] = save;
    }

  /* Handle special addresses if permitted. If the address is :unknown:
  ignore it - this is for backward compatibility with old alias files. You

  else if (Ustrncmp(s, ":fail:", 6) == 0)
    { special = FF_FAIL; specopt = RDO_FAIL; }  /* specbit is 0 */

  if (special)
    {
    uschar * ss = Ustrchr(s+1, ':') + 1; /* line after the special... */
    if ((options & specopt) == specbit)
      {
      *error = string_sprintf("\"%.*s\" is not permitted", len, s);
      return FF_ERROR;
      }
    while (*ss && isspace(*ss)) ss++;	/* skip leading whitespace */
    if ((len = Ustrlen(ss)) > 0)	/* ignore trailing newlines */
      for (const uschar * t = ss + len - 1; t >= ss && *t == '\n'; t--) len--;
    *error = string_copyn(ss, len);	/* becomes the error */
    return special;
    }



  if (Ustrncmp(s, ":include:", 9) == 0)
    {
    uschar * filebuf;
    uschar filename[256];
    const uschar * t = s+9;
    int flen = len - 9;
    int frc;
    struct stat statbuf;
    address_item * last;
    FILE * f;

    while (flen > 0 && isspace(*t)) { t++; flen--; }


      return FF_ERROR;
      }

    if (flen > sizeof(filename)-1)
      {
      *error = string_sprintf("included file name \"%s\" is too long", t);
      return FF_ERROR;

    if (directory)
      {
      int len = Ustrlen(directory);
      uschar * p;

      while (len > 0 && directory[len-1] == '/') len--;		/* ignore trailing '/' */
      p = filename + len;
      if (Ustrncmp(filename, directory, len) != 0 || *p != '/')
        {
        *error = string_sprintf("included file %s is not in directory %s",

      with a flag that fails symlinks. */

      {
      int fd = exim_open2(CCS directory, O_RDONLY);
      if (fd < 0)
	{
	*error = string_sprintf("failed to open directory %s", directory);

	{
	uschar temp;
	int fd2;
	uschar * q = p + 1;		/* skip dividing '/' */

	while (*q == '/') q++;		/* skip extra '/' */
	while (*++p && *p != '/') ;	/* end of component */
	temp = *p;
	*p = '\0';



    if (!f)
      {
      *error = string_open_failed("included file %s", filename);
      return FF_INCLUDEFAIL;
      }


      return FF_ERROR;
      }

    filebuf = store_get(statbuf.st_size + 1, filename);
    if (fread(filebuf, 1, statbuf.st_size, f) != statbuf.st_size)
      {
      *error = string_sprintf("error while reading included file %s: %s",

    {
    int start, end, domain;
    const uschar *recipient = NULL;
    uschar * s_ltd = string_copyn(s, len);
    s[len] = 0;

    /* If it starts with \ and the rest of it parses as a valid mail address
    without a domain, carry on with that address, but qualify it with the
    incoming domain. Otherwise arrange for the address to fall through,
    causing an error message on the re-parse. */

    if (*s_ltd == '\\')
      {
      recipient =
        parse_extract_address(s_ltd+1, error, &start, &end, &domain, FALSE);
      if (recipient)
        recipient = domain != 0 ? NULL :
          string_sprintf("%s@%s", recipient, incoming_domain);

    /* Try parsing the item as an address. */

    if (!recipient) recipient =
      parse_extract_address(s_ltd, error, &start, &end, &domain, FALSE);

    /* If item starts with / or | and is not a valid address, or there
    is no domain, treat it as a file or pipe. If it was a quoted item,
    remove the quoting occurrences of \ within it. */

    if ((*s_ltd == '|' || *s_ltd == '/') && (!recipient || domain == 0))
      {
      uschar * t = store_get(Ustrlen(s_ltd) + 1, s_ltd);
      uschar * p = t, * q = s_ltd;

      while (*q)
        {
        if (inquote)
          {
          *p++ = *q == '\\' ? *++q : *q;
          q++;
          }
        else *p++ = *q++;

      *p = 0;
      addr = deliver_make_addr(t, TRUE);
      setflag(addr, af_pfr);                   /* indicates pipe/file/reply */
      if (*s_ltd != '|') setflag(addr, af_file);   /* indicates file */
      }

    /* Item must be an address. Complain if not, else qualify, rewrite and set


    else
      {
      if (!recipient)
        {
        if (Ustrcmp(*error, "empty address") == 0)
          {
          *error = NULL;
          s[len] = save;
          s = nexts;
          continue;
          }

        if (syntax_errors)
          {
          error_block * e = store_get(sizeof(error_block), GET_UNTAINTED);
          error_block * last = *syntax_errors;
          if (last)
            {
            while (last->next) last = last->next;
            last->next = e;
            }
          else
	    *syntax_errors = e;
          e->next = NULL;
          e->text1 = *error;
          e->text2 = s_ltd;
          s[len] = save;
          s = nexts;
          continue;
          }
        else
          {
          *error = string_sprintf("%s in \"%s\"", *error, s_ltd);
          s[len] = save;   /* _after_ using it for *error */
          return FF_ERROR;
          }
        }

      /* Address was successfully parsed. Rewrite, and then make an address
      block. */

      recipient = options & RDO_REWRITE
	? rewrite_address(recipient, TRUE, FALSE, global_rewrite_rules,
			  rewrite_existflags)
	: rewrite_address_qualify(recipient, TRUE);	/*XXX loses track of const */
      addr = deliver_make_addr(US recipient, TRUE);  /* TRUE => copy recipient, so deconst ok */
      }

    /* Add the original data to the output chain. */
    output chain. */

    s[len] = save;
    addr->next = *anchor;
    *anchor = addr;
    count++;

line. Therefore, take care to release unwanted store afterwards. */

reset_point = store_mark();
id = *yield = store_get(Ustrlen(str) + 1, str);
*id++ = *str++;

str = read_addr_spec(str, id, '>', error, &domain);

int start, end, domain;
uschar buffer[1024];

store_init();
big_buffer = store_malloc(big_buffer_size);

/* strip_trailing_dot = TRUE; */




/*
 *  PDKIM - a RFC4871 (DKIM) implementation
 *
 *  Copyright (c) The Exim Maintainers 2021 - 2022
 *  Copyright (C) 2009 - 2016  Tom Kistner <tom@duncanthrax.net>
 *  Copyright (C) 2016 - 2020  Jeremy Harris <jgh@exim.org>
 *

static pdkim_stringlist *
pdkim_prepend_stringlist(pdkim_stringlist * base, const uschar * str)
{
pdkim_stringlist * new_entry = store_get(sizeof(pdkim_stringlist), GET_UNTAINTED);

memset(new_entry, 0, sizeof(pdkim_stringlist));
new_entry->value = string_copy(str);

{
BOOL past_field_name = FALSE;
BOOL seen_wsp = FALSE;
uschar * relaxed = store_get(len+3, GET_TAINTED);
uschar * q = relaxed;

for (const uschar * p = header; p - header < len; p++)

int nchar = 0;
uschar * q;
const uschar * p = str;
uschar * n = store_get(Ustrlen(str)+1, GET_TAINTED);

*n = '\0';
q = n;

BOOL in_b_val = FALSE;
int where = PDKIM_HDR_LIMBO;

sig = store_get(sizeof(pdkim_signature), GET_UNTAINTED);
memset(sig, 0, sizeof(pdkim_signature));
sig->bodylength = -1;


sig->keytype = -1;
sig->hashtype = -1;

q = sig->rawsig_no_b_val = store_get(Ustrlen(raw_hdr)+1, GET_TAINTED);

for (uschar * p = raw_hdr; ; p++)
  {

int sep = ';';
pdkim_pubkey * pub;

pub = store_get(sizeof(pdkim_pubkey), GET_TAINTED);
memset(pub, 0, sizeof(pdkim_pubkey));

while ((ele = string_nextinlist(&raw_record, &sep, NULL, 0)))

{
for (pdkim_bodyhash * b = ctx->bodyhash; b; b = b->next)     /* Finish hashes */
  {
  DEBUG(D_acl) debug_printf("DKIM: finish bodyhash %s/%s/%ld len %ld\n",
      pdkim_hashes[b->hashtype].dkim_hashname, pdkim_canons[b->canon_method],
      b->bodylength, b->signed_body_bytes);
  exim_sha_finish(&b->body_hash_ctx, &b->bh);
  }



  DEBUG(D_acl)
    {
    debug_printf("DKIM [%s]%s Body bytes (%s) hashed: %lu\n"
		 "DKIM [%s]%s Body %s computed: ",
	sig->domain, sig->selector, pdkim_canons[b->canon_method], b->signed_body_bytes,
	sig->domain, sig->selector, pdkim_hashes[b->hashtype].dkim_hashname);
    pdkim_hexprint(CUS b->bh.data, b->bh.len);
    }



if (sig->created > 0)
  {
  uschar minibuf[21];

  snprintf(CS minibuf, sizeof(minibuf), "%lu", sig->created);
  hdr = pdkim_headcat(&col, hdr, US";", US"t=", minibuf);


if (sig->expires > 0)
  {
  uschar minibuf[21];

  snprintf(CS minibuf, sizeof(minibuf), "%lu", sig->expires);
  hdr = pdkim_headcat(&col, hdr, US";", US"x=", minibuf);


if (sig->bodylength >= 0)
  {
  uschar minibuf[21];

  snprintf(CS minibuf, sizeof(minibuf), "%lu", sig->bodylength);
  hdr = pdkim_headcat(&col, hdr, US";", US"l=", minibuf);

	  rh = pdkim_relax_header(rh, TRUE);	/* cook header for relaxed canon */

	/* Feed header to the hash algorithm */
	exim_sha_update_string(&hhash_ctx, CUS rh);

	/* Remember headers block for signing (when the library cannot do incremental)  */
	/*XXX we could avoid doing this for all but the GnuTLS/RSA case */

	      : string_copy(CUS hdrs->value);

	    /* Feed header to the hash algorithm */
	    exim_sha_update_string(&hhash_ctx, CUS rh);

	    DEBUG(D_acl) pdkim_quoteprint(rh, Ustrlen(rh));
	    hdrs->tag = 1;

    }

  /* Finalize header hash */
  exim_sha_update_string(&hhash_ctx, CUS sig_hdr);
  exim_sha_finish(&hhash_ctx, &hhash);

  DEBUG(D_acl)

{
pdkim_ctx * ctx;

ctx = store_get(sizeof(pdkim_ctx), GET_UNTAINTED);
memset(ctx, 0, sizeof(pdkim_ctx));

if (dot_stuffing) ctx->flags = PDKIM_DOT_TERM;
/* The line-buffer is for message data, hence tainted */
ctx->linebuf = store_get(PDKIM_MAX_BODY_LINE_LEN, GET_TAINTED);
ctx->dns_txt_callback = dns_txt_callback;
ctx->cur_header = string_get_tainted(36, GET_TAINTED);

return ctx;
}


/* Allocate & init one signature struct */

sig = store_get(sizeof(pdkim_signature), GET_UNTAINTED);
memset(sig, 0, sizeof(pdkim_signature));

sig->bodylength = -1;

     && canon_method == b->canon_method
     && bodylength == b->bodylength)
    {
    DEBUG(D_receive) debug_printf("DKIM: using existing bodyhash %s/%s/%ld\n",
      pdkim_hashes[hashtype].dkim_hashname, pdkim_canons[canon_method], bodylength);
    return b;
    }

DEBUG(D_receive) debug_printf("DKIM: new bodyhash %s/%s/%ld\n",
    pdkim_hashes[hashtype].dkim_hashname, pdkim_canons[canon_method], bodylength);
b = store_get(sizeof(pdkim_bodyhash), GET_UNTAINTED);
b->next = ctx->bodyhash;
b->hashtype = hashtype;
b->canon_method = canon_method;

memset(ctx, 0, sizeof(pdkim_ctx));
ctx->flags = dot_stuffed ? PDKIM_MODE_SIGN | PDKIM_DOT_TERM : PDKIM_MODE_SIGN;
/* The line buffer is for message data, hence tainted */
ctx->linebuf = store_get(PDKIM_MAX_BODY_LINE_LEN, GET_TAINTED);
DEBUG(D_acl) ctx->dns_txt_callback = dns_txt_callback;
}





/*
 *  PDKIM - a RFC4871 (DKIM) implementation
 *  Copyright (c) The Exim Maintainers 1995 - 2022
 *  Copyright (C) 1995 - 2020  Exim maintainers
 *
 *  signing/verification interface
 */

#ifdef SIGN_GNUTLS
# define EXIM_GNUTLS_LIBRARY_LOG_LEVEL 3

# ifndef GNUTLS_VERIFY_ALLOW_BROKEN
#  define GNUTLS_VERIFY_ALLOW_BROKEN 0
# endif


/* Logging function which can be registered with
 *   gnutls_global_set_log_function()

    default:		return US"nonhandled hash type";
    }

  if ((rc = gnutls_pubkey_verify_hash2(verify_ctx->key, algo,
	      GNUTLS_VERIFY_ALLOW_BROKEN, &k, &s)) < 0)
    ret = US gnutls_strerror(rc);
  }


  }

#define SIGSPACE 128
sig->data = store_get(SIGSPACE, GET_UNTAINTED);

if (gcry_mpi_cmp (sign_ctx->p, sign_ctx->q) > 0)
  {

if (  (ctx = EVP_MD_CTX_new())
   && EVP_DigestSignInit(ctx, NULL, md, NULL, sign_ctx->key) > 0
   && EVP_DigestSign(ctx, NULL, &siglen, NULL, 0) > 0
   && (sig->data = store_get(siglen, GET_UNTAINTED))

   /* Obtain the signature (slen could change here!) */
   && EVP_DigestSign(ctx, sig->data, &siglen, data->data, data->len) > 0

   && EVP_DigestSignInit(ctx, NULL, md, NULL, sign_ctx->key) > 0
   && EVP_DigestSignUpdate(ctx, data->data, data->len) > 0
   && EVP_DigestSignFinal(ctx, NULL, &siglen) > 0
   && (sig->data = store_get(siglen, GET_UNTAINTED))
 
   /* Obtain the signature (slen could change here!) */
   && EVP_DigestSignFinal(ctx, sig->data, &siglen) > 0

Lines 2-9 Link Here

(-)exim.orig/src/perl.c (-1 / +5 lines)
2	* Exim - an Internet mail transport agent *	2	* Exim - an Internet mail transport agent *
3	*************************************************/	3	*************************************************/
4		4
		5	/* Copyright (c) The Exim Maintainers 1999 - 2022 */
5	/* Copyright (c) 1998 Malcolm Beattie */	6	/* Copyright (c) 1998 Malcolm Beattie */
6	/* Copyright (C) 1999 - 2018 Exim maintainers */
7		7
8	/* Modified by PH to get rid of the "na" usage, March 1999.	8	/* Modified by PH to get rid of the "na" usage, March 1999.
9	Modified further by PH for general tidying for Exim 4.	9	Modified further by PH for general tidying for Exim 4.
Lines 15-20 Link Here
15	/* See the file NOTICE for conditions of use and distribution. */	15	/* See the file NOTICE for conditions of use and distribution. */
16		16
17	#include <assert.h>	17	#include <assert.h>
		18
		19	#define HINTSDB_H
		20	#define DBFUNCTIONS_H
		21
18	#include "exim.h"	22	#include "exim.h"
19		23
20	#define EXIM_TRUE TRUE	24	#define EXIM_TRUE TRUE

Lines 2-9 Link Here

(-)exim.orig/src/queue.c (-16 / +26 lines)
2	* Exim - an Internet mail transport agent *	2	* Exim - an Internet mail transport agent *
3	*************************************************/	3	*************************************************/
4		4
		5	/* Copyright (c) The Exim Maintainers 2020 - 2022 */
5	/* Copyright (c) University of Cambridge 1995 - 2018 */	6	/* Copyright (c) University of Cambridge 1995 - 2018 */
6	/* Copyright (c) The Exim Maintainers 2020 */
7	/* See the file NOTICE for conditions of use and distribution. */	7	/* See the file NOTICE for conditions of use and distribution. */
8		8
9	/* Functions that operate on the input queue. */	9	/* Functions that operate on the input queue. */
Lines 26-31 Link Here
26	#define LOG2_MAXNODES 32	26	#define LOG2_MAXNODES 32
27		27
28		28
		29	#ifndef DISABLE_TLS
		30	static BOOL queue_tls_init = FALSE;
		31	#endif
29		32
30	/*************************************************	33	/*************************************************
31	* Helper sort function for queue_get_spool_list *	34	* Helper sort function for queue_get_spool_list *
Lines 211-218 Link Here
211	(*pcount)++;	214	(*pcount)++;
212	else	215	else
213	{	216	{
214	queue_filename *next =	217	queue_filename * next =
215	store_get(sizeof(queue_filename) + Ustrlen(name), is_tainted(name));	218	store_get(sizeof(queue_filename) + Ustrlen(name), name);
216	Ustrcpy(next->text, name);	219	Ustrcpy(next->text, name);
217	next->dir_uschar = subdirchar;	220	next->dir_uschar = subdirchar;
218		221
Lines 347-354 Link Here
347	{	350	{
348	BOOL force_delivery = f.queue_run_force \|\| deliver_selectstring != NULL \|\|	351	BOOL force_delivery = f.queue_run_force \|\| deliver_selectstring != NULL \|\|
349	deliver_selectstring_sender != NULL;	352	deliver_selectstring_sender != NULL;
350	const pcre *selectstring_regex = NULL;	353	const pcre2_code *selectstring_regex = NULL;
351	const pcre *selectstring_regex_sender = NULL;	354	const pcre2_code *selectstring_regex_sender = NULL;
352	uschar *log_detail = NULL;	355	uschar *log_detail = NULL;
353	int subcount = 0;	356	int subcount = 0;
354	uschar subdirs[64];	357	uschar subdirs[64];
Lines 566-574 Link Here
566		569
567	else if ( deliver_selectstring_sender	570	else if ( deliver_selectstring_sender
568	&& !(f.deliver_selectstring_sender_regex	571	&& !(f.deliver_selectstring_sender_regex
569	? (pcre_exec(selectstring_regex_sender, NULL,	572	? regex_match(selectstring_regex_sender, sender_address, -1, NULL)
570	CS sender_address, Ustrlen(sender_address), 0, PCRE_EOPT,
571	NULL, 0) >= 0)
572	: (strstric(sender_address, deliver_selectstring_sender, FALSE)	573	: (strstric(sender_address, deliver_selectstring_sender, FALSE)
573	!= NULL)	574	!= NULL)
574	) )	575	) )
Lines 587-594 Link Here
587	{	588	{
588	uschar *address = recipients_list[i].address;	589	uschar *address = recipients_list[i].address;
589	if ( (f.deliver_selectstring_regex	590	if ( (f.deliver_selectstring_regex
590	? (pcre_exec(selectstring_regex, NULL, CS address,	591	? regex_match(selectstring_regex, address, -1, NULL)
591	Ustrlen(address), 0, PCRE_EOPT, NULL, 0) >= 0)
592	: (strstric(address, deliver_selectstring, FALSE) != NULL)	592	: (strstric(address, deliver_selectstring, FALSE) != NULL)
593	)	593	)
594	&& tree_search(tree_nonrecipients, address) == NULL	594	&& tree_search(tree_nonrecipients, address) == NULL
Lines 654-659 Link Here
654	report_time_since(&timestamp_startup, US"queue msg selected");	654	report_time_since(&timestamp_startup, US"queue msg selected");
655	#endif	655	#endif
656		656
		657	#ifndef DISABLE_TLS
		658	if (!queue_tls_init)
		659	{
		660	queue_tls_init = TRUE;
		661	/* Preload TLS library info for smtp transports. Once, and only if we
		662	have a delivery to do. */
		663	tls_client_creds_reload(FALSE);
		664	}
		665	#endif
		666
657	single_item_retry:	667	single_item_retry:
658	if ((pid = exim_fork(US"qrun-delivery")) == 0)	668	if ((pid = exim_fork(US"qrun-delivery")) == 0)
659	{	669	{
Lines 891-898 Link Here
891	queue_filename *last = NULL;	901	queue_filename *last = NULL;
892	for (int i = 0; i < count; i++)	902	for (int i = 0; i < count; i++)
893	{	903	{
894	queue_filename *next =	904	queue_filename * next =
895	store_get(sizeof(queue_filename) + Ustrlen(list[i]) + 2, is_tainted(list[i]));	905	store_get(sizeof(queue_filename) + Ustrlen(list[i]) + 2, list[i]);
896	sprintf(CS next->text, "%s-H", list[i]);	906	sprintf(CS next->text, "%s-H", list[i]);
897	next->dir_uschar = '*';	907	next->dir_uschar = '*';
898	next->next = NULL;	908	next->next = NULL;
Lines 1338-1352 Link Here
1338	deliver_domain = dom	1348	deliver_domain = dom
1339	? CUS string_copyn(addr+dom, end - dom) : CUS"";	1349	? CUS string_copyn(addr+dom, end - dom) : CUS"";
1340		1350
1341	event_raise(event_action, US"msg:fail:internal",	1351	(void) event_raise(event_action, US"msg:fail:internal",
1342	string_sprintf("message removed by %s", username));	1352	string_sprintf("message removed by %s", username), NULL);
1343		1353
1344	deliver_localpart = save_local;	1354	deliver_localpart = save_local;
1345	deliver_domain = save_domain;	1355	deliver_domain = save_domain;
1346	}	1356	}
1347	}	1357	}
1348	}	1358	}
1349	(void) event_raise(event_action, US"msg:complete", NULL);	1359	(void) event_raise(event_action, US"msg:complete", NULL, NULL);
1350	#endif	1360	#endif
1351	log_write(0, LOG_MAIN, "removed by %s", username);	1361	log_write(0, LOG_MAIN, "removed by %s", username);
1352	log_write(0, LOG_MAIN, "Completed");	1362	log_write(0, LOG_MAIN, "Completed");
Lines 1537-1543 Link Here
1537	/******************************************************************************/	1547	/******************************************************************************/
1538	/******************************************************************************/	1548	/******************************************************************************/
1539		1549
1540	#ifdef EXPERIMENTAL_QUEUE_RAMP	1550	#ifndef DISABLE_QUEUE_RAMP
1541	void	1551	void
1542	queue_notify_daemon(const uschar * msgid)	1552	queue_notify_daemon(const uschar * msgid)
1543	{	1553	{




*     Exim - an Internet mail transport agent    *
*************************************************/

/* Copyright (c) The Exim maintainers 2020 - 2022 */
/* Copyright (c) University of Cambridge 1995 - 2018 */
/* Copyright (c) The Exim maintainers 2020 */
/* See the file NOTICE for conditions of use and distribution. */

/* This module contains code for extracting addresses from a forwarding list

*/

static uschar *
rda_get_file_contents(const redirect_block *rdata, int options, uschar **error,
  int *yield)
{
FILE *fwd;


DEFAULT_ERROR:
  default:
    *error = string_open_failed("%s", filename);
    *yield = FF_ERROR;
    return NULL;
  }


/* Read the file in one go in order to minimize the time we have it open. */

filebuf = store_get(statbuf.st_size + 1, filename);

if (fread(filebuf, 1, statbuf.st_size, fwd) != statbuf.st_size)
  {

*/

static int
rda_extract(const redirect_block * rdata, int options,
  const uschar * include_directory, const uschar * sieve_vacation_directory,
  const uschar * sieve_enotify_mailto_owner, const uschar * sieve_useraddress,
  const uschar * sieve_subaddress, address_item ** generated, uschar ** error,
  error_block ** eblockp, int * filtertype)
{
const uschar * data;

if (rdata->isfile)
  {

static int
rda_write_string(int fd, const uschar *s)
{
int len = s ? Ustrlen(s) + 1 : 0;
return (  write(fd, &len, sizeof(int)) != sizeof(int)
       || (s   &&  write(fd, s, len) != len)
       )
       ? -1 : 0;
}

  /* We know we have enough memory so disable the error on "len" */
  /* coverity[tainted_data] */
  /* We trust the data source, so untainted */
  if (read(fd, *sp = store_get(len, GET_UNTAINTED), len) != len) return FALSE;
return TRUE;
}


*/

int
rda_interpret(redirect_block * rdata, int options,
  const uschar * include_directory, const uschar * sieve_vacation_directory,
  const uschar * sieve_enotify_mailto_owner, const uschar * sieve_useraddress,
  const uschar * sieve_subaddress, const ugid_block * ugid, address_item ** generated,
  uschar ** error, error_block ** eblockp, int * filtertype, const uschar * rname)
{
int fd, rc, pfd[2];
int yield, status;

    uschar *s;
    if (!rda_read_string(fd, &s)) goto DISASTER;
    if (!s) break;
    e = store_get(sizeof(error_block), GET_UNTAINTED);
    e->next = NULL;
    e->text1 = s;
    if (!rda_read_string(fd, &s)) goto DISASTER;


    if (i > 0)
      {
      addr->pipe_expandn = store_get((i+1) * sizeof(uschar *), GET_UNTAINTED);
      addr->pipe_expandn[i] = NULL;
      while (--i >= 0) addr->pipe_expandn[i] = expandn[i];
      }

    if (read(fd, &reply_options, sizeof(int)) != sizeof(int)) goto DISASTER;
    if ((reply_options & REPLY_EXISTS) != 0)
      {
      addr->reply = store_get(sizeof(reply_item), GET_UNTAINTED);

      addr->reply->file_expand = (reply_options & REPLY_EXPAND) != 0;
      addr->reply->return_message = (reply_options & REPLY_RETURN) != 0;

  *error = string_sprintf("internal problem in %s: failure to transfer "
    "data from subprocess: status=%04x%s%s%s", rname,
    status, readerror,
    *error ? US": error=" : US"",
    *error ? *error : US"");
  log_write(0, LOG_MAIN|LOG_PANIC, "%s", *error);
  }
else if (status != 0)
  {
  log_write(0, LOG_MAIN|LOG_PANIC, "internal problem in %s: unexpected status "
    "%04x from redirect subprocess (but data correctly received)", rname,
    status);
  }

FINAL_EXIT:
(void)close(fd);

Lines 2-9 Link Here

(-)exim.orig/src/readconf.c (-127 / +144 lines)
2	* Exim - an Internet mail transport agent *	2	* Exim - an Internet mail transport agent *
3	*************************************************/	3	*************************************************/
4		4
		5	/* Copyright (c) The Exim Maintainers 2020 - 2022 */
5	/* Copyright (c) University of Cambridge 1995 - 2018 */	6	/* Copyright (c) University of Cambridge 1995 - 2018 */
6	/* Copyright (c) The Exim Maintainers 2020 */
7	/* See the file NOTICE for conditions of use and distribution. */	7	/* See the file NOTICE for conditions of use and distribution. */
8		8
9	/* Functions for reading the configuration file, and for displaying	9	/* Functions for reading the configuration file, and for displaying
Lines 181-186 Link Here
181	#ifdef SUPPORT_PROXY	181	#ifdef SUPPORT_PROXY
182	{ "hosts_proxy", opt_stringptr, {&hosts_proxy} },	182	{ "hosts_proxy", opt_stringptr, {&hosts_proxy} },
183	#endif	183	#endif
		184	#ifndef DISABLE_TLS
		185	{ "hosts_require_alpn", opt_stringptr, {&hosts_require_alpn} },
		186	#endif
		187	{ "hosts_require_helo", opt_stringptr, {&hosts_require_helo} },
184	{ "hosts_treat_as_local", opt_stringptr, {&hosts_treat_as_local} },	188	{ "hosts_treat_as_local", opt_stringptr, {&hosts_treat_as_local} },
185	#ifdef LOOKUP_IBASE	189	#ifdef LOOKUP_IBASE
186	{ "ibase_servers", opt_stringptr, {&ibase_servers} },	190	{ "ibase_servers", opt_stringptr, {&ibase_servers} },
Lines 201-206 Link Here
201	{ "ldap_start_tls", opt_bool, {&eldap_start_tls} },	205	{ "ldap_start_tls", opt_bool, {&eldap_start_tls} },
202	{ "ldap_version", opt_int, {&eldap_version} },	206	{ "ldap_version", opt_int, {&eldap_version} },
203	#endif	207	#endif
		208	#ifdef EXPERIMENTAL_ESMTP_LIMITS
		209	{ "limits_advertise_hosts", opt_stringptr, {&limits_advertise_hosts} },
		210	#endif
204	{ "local_from_check", opt_bool, {&local_from_check} },	211	{ "local_from_check", opt_bool, {&local_from_check} },
205	{ "local_from_prefix", opt_stringptr, {&local_from_prefix} },	212	{ "local_from_prefix", opt_stringptr, {&local_from_prefix} },
206	{ "local_from_suffix", opt_stringptr, {&local_from_suffix} },	213	{ "local_from_suffix", opt_stringptr, {&local_from_suffix} },
Lines 259-268 Link Here
259	{ "print_topbitchars", opt_bool, {&print_topbitchars} },	266	{ "print_topbitchars", opt_bool, {&print_topbitchars} },
260	{ "process_log_path", opt_stringptr, {&process_log_path} },	267	{ "process_log_path", opt_stringptr, {&process_log_path} },
261	{ "prod_requires_admin", opt_bool, {&prod_requires_admin} },	268	{ "prod_requires_admin", opt_bool, {&prod_requires_admin} },
		269	#ifdef SUPPORT_PROXY
		270	{ "proxy_protocol_timeout", opt_time, {&proxy_protocol_timeout} },
		271	#endif
262	{ "qualify_domain", opt_stringptr, {&qualify_domain_sender} },	272	{ "qualify_domain", opt_stringptr, {&qualify_domain_sender} },
263	{ "qualify_recipient", opt_stringptr, {&qualify_domain_recipient} },	273	{ "qualify_recipient", opt_stringptr, {&qualify_domain_recipient} },
264	{ "queue_domains", opt_stringptr, {&queue_domains} },	274	{ "queue_domains", opt_stringptr, {&queue_domains} },
265	#ifdef EXPERIMENTAL_QUEUE_RAMP	275	#ifndef DISABLE_QUEUE_RAMP
266	{ "queue_fast_ramp", opt_bool, {&queue_fast_ramp} },	276	{ "queue_fast_ramp", opt_bool, {&queue_fast_ramp} },
267	#endif	277	#endif
268	{ "queue_list_requires_admin",opt_bool, {&queue_list_requires_admin} },	278	{ "queue_list_requires_admin",opt_bool, {&queue_list_requires_admin} },
Lines 297-308 Link Here
297	{ "smtp_accept_max", opt_int, {&smtp_accept_max} },	307	{ "smtp_accept_max", opt_int, {&smtp_accept_max} },
298	{ "smtp_accept_max_nonmail", opt_int, {&smtp_accept_max_nonmail} },	308	{ "smtp_accept_max_nonmail", opt_int, {&smtp_accept_max_nonmail} },
299	{ "smtp_accept_max_nonmail_hosts", opt_stringptr, {&smtp_accept_max_nonmail_hosts} },	309	{ "smtp_accept_max_nonmail_hosts", opt_stringptr, {&smtp_accept_max_nonmail_hosts} },
300	{ "smtp_accept_max_per_connection", opt_int, {&smtp_accept_max_per_connection} },	310	{ "smtp_accept_max_per_connection", opt_stringptr, {&smtp_accept_max_per_connection} },
301	{ "smtp_accept_max_per_host", opt_stringptr, {&smtp_accept_max_per_host} },	311	{ "smtp_accept_max_per_host", opt_stringptr, {&smtp_accept_max_per_host} },
302	{ "smtp_accept_queue", opt_int, {&smtp_accept_queue} },	312	{ "smtp_accept_queue", opt_int, {&smtp_accept_queue} },
303	{ "smtp_accept_queue_per_connection", opt_int, {&smtp_accept_queue_per_connection} },	313	{ "smtp_accept_queue_per_connection", opt_int, {&smtp_accept_queue_per_connection} },
304	{ "smtp_accept_reserve", opt_int, {&smtp_accept_reserve} },	314	{ "smtp_accept_reserve", opt_int, {&smtp_accept_reserve} },
305	{ "smtp_active_hostname", opt_stringptr, {&raw_active_hostname} },	315	{ "smtp_active_hostname", opt_stringptr, {&raw_active_hostname} },
		316	{ "smtp_backlog_monitor", opt_int, {&smtp_backlog_monitor} },
306	{ "smtp_banner", opt_stringptr, {&smtp_banner} },	317	{ "smtp_banner", opt_stringptr, {&smtp_banner} },
307	{ "smtp_check_spool_space", opt_bool, {&smtp_check_spool_space} },	318	{ "smtp_check_spool_space", opt_bool, {&smtp_check_spool_space} },
308	{ "smtp_connect_backlog", opt_int, {&smtp_connect_backlog} },	319	{ "smtp_connect_backlog", opt_int, {&smtp_connect_backlog} },
Lines 335-349 Link Here
335	{ "sqlite_dbfile", opt_stringptr, {&sqlite_dbfile} },	346	{ "sqlite_dbfile", opt_stringptr, {&sqlite_dbfile} },
336	{ "sqlite_lock_timeout", opt_int, {&sqlite_lock_timeout} },	347	{ "sqlite_lock_timeout", opt_int, {&sqlite_lock_timeout} },
337	#endif	348	#endif
338	#ifdef EXPERIMENTAL_SRS
339	{ "srs_config", opt_stringptr, {&srs_config} },
340	{ "srs_hashlength", opt_int, {&srs_hashlength} },
341	{ "srs_hashmin", opt_int, {&srs_hashmin} },
342	{ "srs_maxage", opt_int, {&srs_maxage} },
343	{ "srs_secrets", opt_stringptr, {&srs_secrets} },
344	{ "srs_usehash", opt_bool, {&srs_usehash} },
345	{ "srs_usetimestamp", opt_bool, {&srs_usetimestamp} },
346	#endif
347	{ "strict_acl_vars", opt_bool, {&strict_acl_vars} },	349	{ "strict_acl_vars", opt_bool, {&strict_acl_vars} },
348	{ "strip_excess_angle_brackets", opt_bool, {&strip_excess_angle_brackets} },	350	{ "strip_excess_angle_brackets", opt_bool, {&strip_excess_angle_brackets} },
349	{ "strip_trailing_dot", opt_bool, {&strip_trailing_dot} },	351	{ "strip_trailing_dot", opt_bool, {&strip_trailing_dot} },
Lines 367-372 Link Here
367	{ "timezone", opt_stringptr, {&timezone_string} },	369	{ "timezone", opt_stringptr, {&timezone_string} },
368	{ "tls_advertise_hosts", opt_stringptr, {&tls_advertise_hosts} },	370	{ "tls_advertise_hosts", opt_stringptr, {&tls_advertise_hosts} },
369	#ifndef DISABLE_TLS	371	#ifndef DISABLE_TLS
		372	{ "tls_alpn", opt_stringptr, {&tls_alpn} },
370	{ "tls_certificate", opt_stringptr, {&tls_certificate} },	373	{ "tls_certificate", opt_stringptr, {&tls_certificate} },
371	{ "tls_crl", opt_stringptr, {&tls_crl} },	374	{ "tls_crl", opt_stringptr, {&tls_crl} },
372	{ "tls_dh_max_bits", opt_int, {&tls_dh_max_bits} },	375	{ "tls_dh_max_bits", opt_int, {&tls_dh_max_bits} },
Lines 379-385 Link Here
379	{ "tls_privatekey", opt_stringptr, {&tls_privatekey} },	382	{ "tls_privatekey", opt_stringptr, {&tls_privatekey} },
380	{ "tls_remember_esmtp", opt_bool, {&tls_remember_esmtp} },	383	{ "tls_remember_esmtp", opt_bool, {&tls_remember_esmtp} },
381	{ "tls_require_ciphers", opt_stringptr, {&tls_require_ciphers} },	384	{ "tls_require_ciphers", opt_stringptr, {&tls_require_ciphers} },
382	# ifdef EXPERIMENTAL_TLS_RESUME	385	# ifndef DISABLE_TLS_RESUME
383	{ "tls_resumption_hosts", opt_stringptr, {&tls_resumption_hosts} },	386	{ "tls_resumption_hosts", opt_stringptr, {&tls_resumption_hosts} },
384	# endif	387	# endif
385	{ "tls_try_verify_hosts", opt_stringptr, {&tls_try_verify_hosts} },	388	{ "tls_try_verify_hosts", opt_stringptr, {&tls_try_verify_hosts} },
Lines 643-649 Link Here
643	macro_item *	646	macro_item *
644	macro_create(const uschar * name, const uschar * val, BOOL command_line)	647	macro_create(const uschar * name, const uschar * val, BOOL command_line)
645	{	648	{
646	macro_item * m = store_get(sizeof(macro_item), FALSE);	649	macro_item * m = store_get(sizeof(macro_item), GET_UNTAINTED);
647		650
648	READCONF_DEBUG fprintf(stderr, "%s: '%s' '%s'\n", __FUNCTION__, name, val);	651	READCONF_DEBUG fprintf(stderr, "%s: '%s' '%s'\n", __FUNCTION__, name, val);
649	m->next = NULL;	652	m->next = NULL;
Lines 1073-1079 Link Here
1073		1076
1074	if (config_lines)	1077	if (config_lines)
1075	save_config_position(config_filename, config_lineno);	1078	save_config_position(config_filename, config_lineno);
1076	save = store_get(sizeof(config_file_item), FALSE);	1079	save = store_get(sizeof(config_file_item), GET_UNTAINTED);
1077	save->next = config_file_stack;	1080	save->next = config_file_stack;
1078	config_file_stack = save;	1081	config_file_stack = save;
1079	save->file = config_file;	1082	save->file = config_file;
Lines 1422-1428 Link Here
1422	static rewrite_rule *	1425	static rewrite_rule *
1423	readconf_one_rewrite(const uschar p, int existflags, BOOL isglobal)	1426	readconf_one_rewrite(const uschar p, int existflags, BOOL isglobal)
1424	{	1427	{
1425	rewrite_rule *next = store_get(sizeof(rewrite_rule), FALSE);	1428	rewrite_rule * next = store_get(sizeof(rewrite_rule), GET_UNTAINTED);
1426		1429
1427	next->next = NULL;	1430	next->next = NULL;
1428	next->key = string_dequote(&p);	1431	next->key = string_dequote(&p);
Lines 1855-1860 Link Here
1855	flagptr = (int *)ol3->v.value;	1858	flagptr = (int *)ol3->v.value;
1856	}	1859	}
1857		1860
		1861	/* This will trap if sptr is tainted. Not sure if that can happen */
1858	while ((p = string_nextinlist(CUSS &sptr, &sep, big_buffer, BIG_BUFFER_SIZE)))	1862	while ((p = string_nextinlist(CUSS &sptr, &sep, big_buffer, BIG_BUFFER_SIZE)))
1859	{	1863	{
1860	rewrite_rule *next = readconf_one_rewrite(p, flagptr, FALSE);	1864	rewrite_rule *next = readconf_one_rewrite(p, flagptr, FALSE);
Lines 1999-2004 Link Here
1999	while (count-- > 1)	2003	while (count-- > 1)
2000	{	2004	{
2001	int sep = 0;	2005	int sep = 0;
		2006	/* If p is tainted we trap. Not sure that can happen */
2002	(void)string_nextinlist(&p, &sep, big_buffer, BIG_BUFFER_SIZE);	2007	(void)string_nextinlist(&p, &sep, big_buffer, BIG_BUFFER_SIZE);
2003	if (!route_finduser(big_buffer, NULL, &uid))	2008	if (!route_finduser(big_buffer, NULL, &uid))
2004	log_write(0, LOG_PANIC_DIE\|LOG_CONFIG_IN, "user %s was not found",	2009	log_write(0, LOG_PANIC_DIE\|LOG_CONFIG_IN, "user %s was not found",
Lines 2040-2045 Link Here
2040	while (count-- > 1)	2045	while (count-- > 1)
2041	{	2046	{
2042	int sep = 0;	2047	int sep = 0;
		2048	/* If p is tainted we trap. Not sure that can happen */
2043	(void)string_nextinlist(&p, &sep, big_buffer, BIG_BUFFER_SIZE);	2049	(void)string_nextinlist(&p, &sep, big_buffer, BIG_BUFFER_SIZE);
2044	if (!route_findgroup(big_buffer, &gid))	2050	if (!route_findgroup(big_buffer, &gid))
2045	log_write(0, LOG_PANIC_DIE\|LOG_CONFIG_IN, "group %s was not found",	2051	log_write(0, LOG_PANIC_DIE\|LOG_CONFIG_IN, "group %s was not found",
Lines 2997-3003 Link Here
2997	BOOL forcecache = FALSE;	3003	BOOL forcecache = FALSE;
2998	uschar *ss;	3004	uschar *ss;
2999	tree_node *t;	3005	tree_node *t;
3000	namedlist_block * nb = store_get(sizeof(namedlist_block), FALSE);	3006	namedlist_block * nb = store_get_perm(sizeof(namedlist_block), FALSE);
3001		3007
3002	if (Ustrncmp(s, "_cache", 6) == 0)	3008	if (Ustrncmp(s, "_cache", 6) == 0)
3003	{	3009	{
Lines 3015-3021 Link Here
3015	Uskip_whitespace(&s);	3021	Uskip_whitespace(&s);
3016	ss = s;	3022	ss = s;
3017	while (isalnum(s) \|\| s == '_') s++;	3023	while (isalnum(s) \|\| s == '_') s++;
3018	t = store_get(sizeof(tree_node) + s-ss, is_tainted(ss));	3024	t = store_get(sizeof(tree_node) + s-ss, ss);
3019	Ustrncpy(t->name, ss, s-ss);	3025	Ustrncpy(t->name, ss, s-ss);
3020	t->name[s-ss] = 0;	3026	t->name[s-ss] = 0;
3021	Uskip_whitespace(&s);	3027	Uskip_whitespace(&s);
Lines 3122-3181 Link Here
3122		3128
3123	/* Loop through the possible file names */	3129	/* Loop through the possible file names */
3124		3130
		3131	/* Should never be a tainted list */
3125	while((filename = string_nextinlist(&list, &sep, big_buffer, big_buffer_size)))	3132	while((filename = string_nextinlist(&list, &sep, big_buffer, big_buffer_size)))
3126	{	3133	{
3127		3134
3128	/* Cut out all the fancy processing unless specifically wanted */	3135	/* Cut out all the fancy processing unless specifically wanted */
3129		3136
3130	#if defined(CONFIGURE_FILE_USE_NODE) \|\| defined(CONFIGURE_FILE_USE_EUID)	3137	#if defined(CONFIGURE_FILE_USE_NODE) \|\| defined(CONFIGURE_FILE_USE_EUID)
3131	uschar *suffix = filename + Ustrlen(filename);	3138	uschar *suffix = filename + Ustrlen(filename);
3132		3139
3133	/* Try for the node-specific file if a node name exists */	3140	/* Try for the node-specific file if a node name exists */
3134		3141
3135	#ifdef CONFIGURE_FILE_USE_NODE	3142	# ifdef CONFIGURE_FILE_USE_NODE
3136	struct utsname uts;	3143	struct utsname uts;
3137	if (uname(&uts) >= 0)	3144	if (uname(&uts) >= 0)
3138	{	3145	{
3139	#ifdef CONFIGURE_FILE_USE_EUID	3146	# ifdef CONFIGURE_FILE_USE_EUID
3140	sprintf(CS suffix, ".%ld.%.256s", (long int)original_euid, uts.nodename);	3147	sprintf(CS suffix, ".%ld.%.256s", (long int)original_euid, uts.nodename);
3141	config_file = Ufopen(filename, "rb");	3148	if (!(config_file = Ufopen(filename, "rb")))
3142	if (config_file == NULL)	3149	# endif /* CONFIGURE_FILE_USE_EUID */
3143	#endif /* CONFIGURE_FILE_USE_EUID */
3144	{	3150	{
3145	sprintf(CS suffix, ".%.256s", uts.nodename);	3151	sprintf(CS suffix, ".%.256s", uts.nodename);
3146	config_file = Ufopen(filename, "rb");	3152	config_file = Ufopen(filename, "rb");
3147	}	3153	}
3148	}	3154	}
3149	#endif /* CONFIGURE_FILE_USE_NODE */	3155	# endif /* CONFIGURE_FILE_USE_NODE */
3150		3156
3151	/* Otherwise, try the generic name, possibly with the euid added */	3157	/* Otherwise, try the generic name, possibly with the euid added */
3152		3158
3153	#ifdef CONFIGURE_FILE_USE_EUID	3159	# ifdef CONFIGURE_FILE_USE_EUID
3154	if (config_file == NULL)	3160	if (!config_file)
3155	{	3161	{
3156	sprintf(CS suffix, ".%ld", (long int)original_euid);	3162	sprintf(CS suffix, ".%ld", (long int)original_euid);
3157	config_file = Ufopen(filename, "rb");	3163	config_file = Ufopen(filename, "rb");
3158	}	3164	}
3159	#endif /* CONFIGURE_FILE_USE_EUID */	3165	# endif /* CONFIGURE_FILE_USE_EUID */
3160		3166
3161	/* Finally, try the unadorned name */	3167	/* Finally, try the unadorned name */
3162		3168
3163	if (config_file == NULL)	3169	if (!config_file)
3164	{	3170	{
3165	*suffix = 0;	3171	*suffix = 0;
3166	config_file = Ufopen(filename, "rb");	3172	config_file = Ufopen(filename, "rb");
3167	}	3173	}
3168	#else /* if neither defined */	3174	#else /* if neither defined */
3169		3175
3170	/* This is the common case when the fancy processing is not included. */	3176	/* This is the common case when the fancy processing is not included. */
3171		3177
3172	config_file = Ufopen(filename, "rb");	3178	config_file = Ufopen(filename, "rb");
3173	#endif	3179	#endif
3174		3180
3175	/* If the file does not exist, continue to try any others. For any other	3181	/* If the file does not exist, continue to try any others. For any other
3176	error, break out (and die). */	3182	error, break out (and die). */
3177		3183
3178	if (config_file != NULL \|\| errno != ENOENT) break;	3184	if (config_file \|\| errno != ENOENT) break;
3179	}	3185	}
3180		3186
3181	/* On success, save the name for verification; config_filename is used when	3187	/* On success, save the name for verification; config_filename is used when
Lines 3198-3236 Link Here
3198	config_main_directory = last_slash == filename ? US"/" : string_copyn(filename, last_slash - filename);	3204	config_main_directory = last_slash == filename ? US"/" : string_copyn(filename, last_slash - filename);
3199	else	3205	else
3200	{	3206	{
3201	/* relative configuration file name: working dir + / + basename(filename) */	3207	/* relative configuration file name: working dir + / + basename(filename) */
3202		3208
3203	uschar buf[PATH_MAX];	3209	uschar buf[PATH_MAX];
3204	gstring * g;	3210	gstring * g;
3205		3211
3206	if (os_getcwd(buf, PATH_MAX) == NULL)	3212	if (os_getcwd(buf, PATH_MAX) == NULL)
3207	{	3213	{
3208	perror("exim: getcwd");	3214	perror("exim: getcwd");
3209	exit(EXIT_FAILURE);	3215	exit(EXIT_FAILURE);
3210	}	3216	}
3211	g = string_cat(NULL, buf);	3217	g = string_cat(NULL, buf);
3212		3218
3213	/* If the dir does not end with a "/", append one */	3219	/* If the dir does not end with a "/", append one */
3214	if (g->s[g->ptr-1] != '/')	3220	if (g->s[g->ptr-1] != '/')
3215	g = string_catn(g, US"/", 1);	3221	g = string_catn(g, US"/", 1);
3216		3222
3217	/* If the config file contains a "/", extract the directory part */	3223	/* If the config file contains a "/", extract the directory part */
3218	if (last_slash)	3224	if (last_slash)
3219	g = string_catn(g, filename, last_slash - filename);	3225	g = string_catn(g, filename, last_slash - filename);
3220		3226
3221	config_main_directory = string_from_gstring(g);	3227	config_main_directory = string_from_gstring(g);
3222	}	3228	}
3223	config_directory = config_main_directory;	3229	config_directory = config_main_directory;
3224	}	3230	}
3225	else	3231	else
3226	{	3232	if (!filename)
3227	if (filename == NULL)
3228	log_write(0, LOG_MAIN\|LOG_PANIC_DIE, "non-existent configuration file(s): "	3233	log_write(0, LOG_MAIN\|LOG_PANIC_DIE, "non-existent configuration file(s): "
3229	"%s", config_main_filelist);	3234	"%s", config_main_filelist);
3230	else	3235	else
3231	log_write(0, LOG_MAIN\|LOG_PANIC_DIE, "%s", string_open_failed(errno,	3236	log_write(0, LOG_MAIN\|LOG_PANIC_DIE, "%s",
3232	"configuration file %s", filename));	3237	string_open_failed("configuration file %s", filename));
3233	}
3234		3238
3235	/* Now, once we found and opened our configuration file, we change the directory	3239	/* Now, once we found and opened our configuration file, we change the directory
3236	to a safe place. Later we change to $spool_directory. */	3240	to a safe place. Later we change to $spool_directory. */
Lines 3250-3268 Link Here
3250	log_write(0, LOG_MAIN\|LOG_PANIC_DIE, "failed to stat configuration file %s",	3254	log_write(0, LOG_MAIN\|LOG_PANIC_DIE, "failed to stat configuration file %s",
3251	big_buffer);	3255	big_buffer);
3252		3256
3253	if ((statbuf.st_uid != root_uid /* owner not root */	3257	if ( statbuf.st_uid != root_uid /* owner not root */
3254	#ifdef CONFIGURE_OWNER	3258	#ifdef CONFIGURE_OWNER
3255	&& statbuf.st_uid != config_uid /* owner not the special one */	3259	&& statbuf.st_uid != config_uid /* owner not the special one */
3256	#endif	3260	#endif
3257	) \|\| /* or */	3261	\|\| /* or */
3258	(statbuf.st_gid != root_gid /* group not root & */	3262	statbuf.st_gid != root_gid /* group not root & */
3259	#ifdef CONFIGURE_GROUP	3263	#ifdef CONFIGURE_GROUP
3260	&& statbuf.st_gid != config_gid /* group not the special one */	3264	&& statbuf.st_gid != config_gid /* group not the special one */
3261	#endif	3265	#endif
3262	&& (statbuf.st_mode & 020) != 0) \|\| /* group writeable */	3266	&& (statbuf.st_mode & 020) != 0 /* group writeable */
3263	/* or */	3267	\|\| /* or */
3264	((statbuf.st_mode & 2) != 0)) /* world writeable */	3268	(statbuf.st_mode & 2) != 0 /* world writeable */
3265		3269	)
3266	log_write(0, LOG_MAIN\|LOG_PANIC_DIE, "Exim configuration file %s has the "	3270	log_write(0, LOG_MAIN\|LOG_PANIC_DIE, "Exim configuration file %s has the "
3267	"wrong owner, group, or mode", big_buffer);	3271	"wrong owner, group, or mode", big_buffer);
3268		3272
Lines 3275-3281 Link Here
3275	if (statbuf.st_size > 8192)	3279	if (statbuf.st_size > 8192)
3276	{	3280	{
3277	rmark r = store_mark();	3281	rmark r = store_mark();
3278	void * dummy = store_get((int)statbuf.st_size, FALSE);	3282	void * dummy = store_get((int)statbuf.st_size, GET_UNTAINTED);
3279	store_reset(r);	3283	store_reset(r);
3280	}	3284	}
3281	}	3285	}
Lines 3309-3319 Link Here
3309	read_named_list(&hostlist_anchor, &hostlist_count,	3313	read_named_list(&hostlist_anchor, &hostlist_count,
3310	MAX_NAMED_LIST, t+8, US"host list", hide);	3314	MAX_NAMED_LIST, t+8, US"host list", hide);
3311		3315
3312	else if (Ustrncmp(t, US"addresslist", 11) == 0)	3316	else if (Ustrncmp(t, "addresslist", 11) == 0)
3313	read_named_list(&addresslist_anchor, &addresslist_count,	3317	read_named_list(&addresslist_anchor, &addresslist_count,
3314	MAX_NAMED_LIST, t+11, US"address list", hide);	3318	MAX_NAMED_LIST, t+11, US"address list", hide);
3315		3319
3316	else if (Ustrncmp(t, US"localpartlist", 13) == 0)	3320	else if (Ustrncmp(t, "localpartlist", 13) == 0)
3317	read_named_list(&localpartlist_anchor, &localpartlist_count,	3321	read_named_list(&localpartlist_anchor, &localpartlist_count,
3318	MAX_NAMED_LIST, t+13, US"local part list", hide);	3322	MAX_NAMED_LIST, t+13, US"local part list", hide);
3319		3323
Lines 3332-3338 Link Here
3332	/* If the timezone string is empty, set it to NULL, implying no TZ variable	3336	/* If the timezone string is empty, set it to NULL, implying no TZ variable
3333	wanted. */	3337	wanted. */
3334		3338
3335	if (timezone_string != NULL && *timezone_string == 0) timezone_string = NULL;	3339	if (timezone_string && !*timezone_string) timezone_string = NULL;
3336		3340
3337	/* The max retry interval must not be greater than 24 hours. */	3341	/* The max retry interval must not be greater than 24 hours. */
3338		3342
Lines 3353-3362 Link Here
3353	canonize it. Some people like upper case letters in their host names, so we	3357	canonize it. Some people like upper case letters in their host names, so we
3354	don't force the case. */	3358	don't force the case. */
3355		3359
3356	if (primary_hostname == NULL)	3360	if (!primary_hostname)
3357	{	3361	{
3358	const uschar *hostname;	3362	const uschar * hostname;
3359	struct utsname uts;	3363	struct utsname uts;
		3364
3360	if (uname(&uts) < 0)	3365	if (uname(&uts) < 0)
3361	log_write(0, LOG_MAIN\|LOG_PANIC_DIE, "uname() failed to yield host name");	3366	log_write(0, LOG_MAIN\|LOG_PANIC_DIE, "uname() failed to yield host name");
3362	hostname = US uts.nodename;	3367	hostname = US uts.nodename;
Lines 3366-3398 Link Here
3366	int af = AF_INET;	3371	int af = AF_INET;
3367	struct hostent *hostdata;	3372	struct hostent *hostdata;
3368		3373
3369	#if HAVE_IPV6	3374	#if HAVE_IPV6
3370	if (!disable_ipv6 && (dns_ipv4_lookup == NULL \|\|	3375	if ( !disable_ipv6
3371	match_isinlist(hostname, CUSS &dns_ipv4_lookup, 0, NULL, NULL,	3376	&& ( !dns_ipv4_lookup
		3377	\|\| match_isinlist(hostname, CUSS &dns_ipv4_lookup, 0, NULL, NULL,
3372	MCL_DOMAIN, TRUE, NULL) != OK))	3378	MCL_DOMAIN, TRUE, NULL) != OK))
3373	af = AF_INET6;	3379	af = AF_INET6;
3374	#else	3380	#endif
3375	af = AF_INET;
3376	#endif
3377		3381
3378	for (;;)	3382	for (;;)
3379	{	3383	{
3380	#if HAVE_IPV6	3384	#if HAVE_IPV6
3381	#if HAVE_GETIPNODEBYNAME	3385	# if HAVE_GETIPNODEBYNAME
3382	int error_num;	3386	int error_num;
3383	hostdata = getipnodebyname(CS hostname, af, 0, &error_num);	3387	hostdata = getipnodebyname(CS hostname, af, 0, &error_num);
3384	#else	3388	#else
3385	hostdata = gethostbyname2(CS hostname, af);	3389	hostdata = gethostbyname2(CS hostname, af);
3386	#endif	3390	# endif
3387	#else	3391	#else
3388	hostdata = gethostbyname(CS hostname);	3392	hostdata = gethostbyname(CS hostname);
3389	#endif	3393	#endif
3390		3394
3391	if (hostdata != NULL)	3395	if (hostdata)
3392	{	3396	{ hostname = US hostdata->h_name; break; }
3393	hostname = US hostdata->h_name;
3394	break;
3395	}
3396		3397
3397	if (af == AF_INET) break;	3398	if (af == AF_INET) break;
3398	af = AF_INET;	3399	af = AF_INET;
Lines 3435-3440 Link Here
3435	"\"%s\": %s", log_file_path, expand_string_message);	3436	"\"%s\": %s", log_file_path, expand_string_message);
3436		3437
3437	ss = s;	3438	ss = s;
		3439	/* should never be a tainted list */
3438	while ((sss = string_nextinlist(&ss, &sep, big_buffer, big_buffer_size)))	3440	while ((sss = string_nextinlist(&ss, &sep, big_buffer, big_buffer_size)))
3439	{	3441	{
3440	uschar *t;	3442	uschar *t;
Lines 3479-3485 Link Here
3479		3481
3480	/* Expand pid_file_path */	3482	/* Expand pid_file_path */
3481		3483
3482	if (*pid_file_path != 0)	3484	if (*pid_file_path)
3483	{	3485	{
3484	if (!(s = expand_string(pid_file_path)))	3486	if (!(s = expand_string(pid_file_path)))
3485	log_write(0, LOG_MAIN\|LOG_PANIC_DIE, "failed to expand pid_file_path "	3487	log_write(0, LOG_MAIN\|LOG_PANIC_DIE, "failed to expand pid_file_path "
Lines 3489-3495 Link Here
3489		3491
3490	/* Set default value of process_log_path */	3492	/* Set default value of process_log_path */
3491		3493
3492	if (!process_log_path \|\| *process_log_path =='\0')	3494	if (!process_log_path \|\| !*process_log_path)
3493	process_log_path = string_sprintf("%s/exim-process.info", spool_directory);	3495	process_log_path = string_sprintf("%s/exim-process.info", spool_directory);
3494		3496
3495	/* Compile the regex for matching a UUCP-style "From_" line in an incoming	3497	/* Compile the regex for matching a UUCP-style "From_" line in an incoming
Lines 3541-3547 Link Here
3541	log_write(0, LOG_PANIC_DIE\|LOG_CONFIG,	3543	log_write(0, LOG_PANIC_DIE\|LOG_CONFIG,
3542	"error in errors_reply_to (%s): %s", errors_reply_to, errmess);	3544	"error in errors_reply_to (%s): %s", errors_reply_to, errmess);
3543		3545
3544	if (domain == 0)	3546	if (!domain)
3545	log_write(0, LOG_PANIC_DIE\|LOG_CONFIG,	3547	log_write(0, LOG_PANIC_DIE\|LOG_CONFIG,
3546	"errors_reply_to (%s) does not contain a domain", errors_reply_to);	3548	"errors_reply_to (%s) does not contain a domain", errors_reply_to);
3547	}	3549	}
Lines 3549-3556 Link Here
3549	/* If smtp_accept_queue or smtp_accept_max_per_host is set, then	3551	/* If smtp_accept_queue or smtp_accept_max_per_host is set, then
3550	smtp_accept_max must also be set. */	3552	smtp_accept_max must also be set. */
3551		3553
3552	if (smtp_accept_max == 0 &&	3554	if (smtp_accept_max == 0 && (smtp_accept_queue > 0 \|\| smtp_accept_max_per_host))
3553	(smtp_accept_queue > 0 \|\| smtp_accept_max_per_host != NULL))
3554	log_write(0, LOG_PANIC_DIE\|LOG_CONFIG,	3555	log_write(0, LOG_PANIC_DIE\|LOG_CONFIG,
3555	"smtp_accept_max must be set if smtp_accept_queue or "	3556	"smtp_accept_max must be set if smtp_accept_queue or "
3556	"smtp_accept_max_per_host is set");	3557	"smtp_accept_max_per_host is set");
Lines 3571-3577 Link Here
3571	host_number_string, expand_string_message);	3572	host_number_string, expand_string_message);
3572	n = Ustrtol(s, &end, 0);	3573	n = Ustrtol(s, &end, 0);
3573	while (isspace(*end)) end++;	3574	while (isspace(*end)) end++;
3574	if (*end != 0)	3575	if (*end)
3575	log_write(0, LOG_PANIC_DIE\|LOG_CONFIG,	3576	log_write(0, LOG_PANIC_DIE\|LOG_CONFIG,
3576	"localhost_number value is not a number: %s", s);	3577	"localhost_number value is not a number: %s", s);
3577	if (n > LOCALHOST_MAX)	3578	if (n > LOCALHOST_MAX)
Lines 3648-3654 Link Here
3648	{	3649	{
3649	int len = dd->options_len;	3650	int len = dd->options_len;
3650	d->info = dd;	3651	d->info = dd;
3651	d->options_block = store_get(len, FALSE);	3652	d->options_block = store_get_perm(len, FALSE);
3652	memcpy(d->options_block, dd->options_block, len);	3653	memcpy(d->options_block, dd->options_block, len);
3653	for (int i = 0; i < *(dd->options_count); i++)	3654	for (int i = 0; i < *(dd->options_count); i++)
3654	dd->options[i].type &= ~opt_set;	3655	dd->options[i].type &= ~opt_set;
Lines 3664-3669 Link Here
3664		3665
3665		3666
3666		3667
		3668	static void
		3669	driver_init_fini(driver_instance * d, const uschar * class)
		3670	{
		3671	if (!d->driver_name)
		3672	log_write(0, LOG_PANIC_DIE\|LOG_CONFIG,
		3673	"no driver defined for %s \"%s\"", class, d->name);
		3674	(d->info->init)(d);
		3675	}
		3676
		3677
3667	/*************************************************	3678	/*************************************************
3668	* Initialize driver list *	3679	* Initialize driver list *
3669	*************************************************/	3680	*************************************************/
Lines 3724-3734 Link Here
3724	{	3735	{
3725	if (d)	3736	if (d)
3726	{	3737	{
3727	if (!d->driver_name)
3728	log_write(0, LOG_PANIC_DIE\|LOG_CONFIG,
3729	"no driver defined for %s \"%s\"", class, d->name);
3730	/* s is using big_buffer, so this call had better not */	3738	/* s is using big_buffer, so this call had better not */
3731	(d->info->init)(d);	3739	driver_init_fini(d, class);
3732	d = NULL;	3740	d = NULL;
3733	}	3741	}
3734	if (!macro_read_assignment(buffer)) exim_exit(EXIT_FAILURE);	3742	if (!macro_read_assignment(buffer)) exim_exit(EXIT_FAILURE);
Lines 3744-3755 Link Here
3744	/* Finish off initializing the previous driver. */	3752	/* Finish off initializing the previous driver. */
3745		3753
3746	if (d)	3754	if (d)
3747	{	3755	driver_init_fini(d, class);
3748	if (!d->driver_name)
3749	log_write(0, LOG_PANIC_DIE\|LOG_CONFIG,
3750	"no driver defined for %s \"%s\"", class, d->name);
3751	(d->info->init)(d);
3752	}
3753		3756
3754	/* Check that we haven't already got a driver of this name */	3757	/* Check that we haven't already got a driver of this name */
3755		3758
Lines 3761-3771 Link Here
3761	/* Set up a new driver instance data block on the chain, with	3764	/* Set up a new driver instance data block on the chain, with
3762	its default values installed. */	3765	its default values installed. */
3763		3766
3764	d = store_get(instance_size, FALSE);	3767	d = store_get_perm(instance_size, FALSE);
3765	memcpy(d, instance_default, instance_size);	3768	memcpy(d, instance_default, instance_size);
3766	*p = d;	3769	*p = d;
3767	p = &d->next;	3770	p = &d->next;
3768	d->name = string_copy(name);	3771	d->name = string_copy(name);
		3772	d->srcfile = config_filename;
		3773	d->srcline = config_lineno;
3769		3774
3770	/* Clear out the "set" bits in the generic options */	3775	/* Clear out the "set" bits in the generic options */
3771		3776
Lines 3813-3824 Link Here
3813	/* Run the initialization function for the final driver. */	3818	/* Run the initialization function for the final driver. */
3814		3819
3815	if (d)	3820	if (d)
3816	{	3821	driver_init_fini(d, class);
3817	if (!d->driver_name)
3818	log_write(0, LOG_PANIC_DIE\|LOG_CONFIG,
3819	"no driver defined for %s \"%s\"", class, d->name);
3820	(d->info->init)(d);
3821	}
3822	}	3822	}
3823		3823
3824		3824
Lines 4058-4064 Link Here
4058	const uschar *pp;	4058	const uschar *pp;
4059	uschar *error;	4059	uschar *error;
4060		4060
4061	next = store_get(sizeof(retry_config), FALSE);	4061	next = store_get(sizeof(retry_config), GET_UNTAINTED);
4062	next->next = NULL;	4062	next->next = NULL;
4063	*chain = next;	4063	*chain = next;
4064	chain = &(next->next);	4064	chain = &(next->next);
Lines 4102-4108 Link Here
4102		4102
4103	while (*p)	4103	while (*p)
4104	{	4104	{
4105	retry_rule *rule = store_get(sizeof(retry_rule), FALSE);	4105	retry_rule * rule = store_get(sizeof(retry_rule), GET_UNTAINTED);
4106	*rchain = rule;	4106	*rchain = rule;
4107	rchain = &(rule->next);	4107	rchain = &(rule->next);
4108	rule->next = NULL;	4108	rule->next = NULL;
Lines 4180-4190 Link Here
4180		4180
4181	for (auth_instance * bu = au->next; bu; bu = bu->next)	4181	for (auth_instance * bu = au->next; bu; bu = bu->next)
4182	if (strcmpic(au->public_name, bu->public_name) == 0)	4182	if (strcmpic(au->public_name, bu->public_name) == 0)
4183	if ((au->client && bu->client) \|\| (au->server && bu->server))	4183	if ( au->client && bu->client
		4184	\|\| au->server && bu->server)
4184	log_write(0, LOG_PANIC_DIE\|LOG_CONFIG, "two %s authenticators "	4185	log_write(0, LOG_PANIC_DIE\|LOG_CONFIG, "two %s authenticators "
4185	"(%s and %s) have the same public name (%s)",	4186	"(%s and %s) have the same public name (%s)",
4186	au->client ? US"client" : US"server", au->name, bu->name,	4187	au->client && bu->client ? US"client" : US"server",
4187	au->public_name);	4188	au->name, bu->name, au->public_name);
4188	#ifndef DISABLE_PIPE_CONNECT	4189	#ifndef DISABLE_PIPE_CONNECT
4189	nauths++;	4190	nauths++;
4190	#endif	4191	#endif
Lines 4195-4200 Link Here
4195	}	4196	}
4196		4197
4197		4198
		4199	/* For error messages, a string describing the config location associated
		4200	with current processing. NULL if we are not in an authenticator. */
		4201
		4202	uschar *
		4203	authenticator_current_name(void)
		4204	{
		4205	if (!authenticator_name) return NULL;
		4206	return string_sprintf(" (authenticator %s, %s %d)", authenticator_name, driver_srcfile, driver_srcline);
		4207	}
		4208
		4209
		4210
4198		4211
4199		4212
4200	/*************************************************	4213	/*************************************************
Lines 4251-4257 Link Here
4251	if (*p != ':' \|\| name[0] == 0)	4264	if (*p != ':' \|\| name[0] == 0)
4252	log_write(0, LOG_PANIC_DIE\|LOG_CONFIG_IN, "missing or malformed ACL name");	4265	log_write(0, LOG_PANIC_DIE\|LOG_CONFIG_IN, "missing or malformed ACL name");
4253		4266
4254	node = store_get(sizeof(tree_node) + Ustrlen(name), is_tainted(name));	4267	node = store_get_perm(sizeof(tree_node) + Ustrlen(name), name);
4255	Ustrcpy(node->name, name);	4268	Ustrcpy(node->name, name);
4256	if (!tree_insertnode(&acl_anchor, node))	4269	if (!tree_insertnode(&acl_anchor, node))
4257	log_write(0, LOG_PANIC_DIE\|LOG_CONFIG_IN,	4270	log_write(0, LOG_PANIC_DIE\|LOG_CONFIG_IN,
Lines 4396-4402 Link Here
4396	static config_line_item *current;	4409	static config_line_item *current;
4397	config_line_item *next;	4410	config_line_item *next;
4398		4411
4399	next = (config_line_item*) store_get(sizeof(config_line_item), FALSE);	4412	next = (config_line_item*) store_get(sizeof(config_line_item), GET_UNTAINTED);
4400	next->line = string_copy(line);	4413	next->line = string_copy(line);
4401	next->next = NULL;	4414	next->next = NULL;
4402		4415
Lines 4413-4437 Link Here
4413	{	4426	{
4414	const int TS = terse ? 0 : 2;	4427	const int TS = terse ? 0 : 2;
4415	int indent = 0;	4428	int indent = 0;
		4429	rmark r = NULL;
4416		4430
4417	for (config_line_item * i = config_lines; i; i = i->next)	4431	for (const config_line_item * i = config_lines; i; i = i->next)
4418	{	4432	{
4419	uschar *current;	4433	uschar * current, * p;
4420	uschar *p;	4434
		4435	if (r) store_reset(r);
		4436	r = store_mark();
4421		4437
4422	/* skip over to the first non-space */	4438	/* skip over to the first non-space */
4423	for (current = i->line; current && isspace(current); ++current)	4439	for (current = string_copy(i->line); current && isspace(current); ++current)
4424	;	4440	;
4425		4441
4426	if (*current == '\0')	4442	if (!*current)
4427	continue;	4443	continue;
4428		4444
4429	/* Collapse runs of spaces. We stop this if we encounter one of the	4445	/* Collapse runs of spaces. We stop this if we encounter one of the
4430	* following characters: "'$, as this may indicate careful formatting */	4446	following characters: "'$, as this may indicate careful formatting */
4431	for (p = current; *p; ++p)	4447
		4448	for (p = current; p; p++) if (isspace(p))
4432	{	4449	{
4433	uschar *next;	4450	uschar *next;
4434	if (!isspace(*p)) continue;
4435	if (p != ' ') p = ' ';	4451	if (p != ' ') p = ' ';
4436		4452
4437	for (next = p; isspace(*next); ++next)	4453	for (next = p; isspace(*next); ++next)
Lines 4485-4490 Link Here
4485	/* rest is public */	4501	/* rest is public */
4486	printf("%*s%s\n", indent, "", current);	4502	printf("%*s%s\n", indent, "", current);
4487	}	4503	}
		4504	if (r) store_reset(r);
4488	}	4505	}
4489		4506
4490	#endif /!MACRO_PREDEF/	4507	#endif /!MACRO_PREDEF/




*     Exim - an Internet mail transport agent    *
*************************************************/

/* Copyright (c) The Exim Maintainers 2020 - 2022 */
/* Copyright (c) University of Cambridge 1995 - 2018 */
/* Copyright (c) The Exim Maintainers 2020 */
/* See the file NOTICE for conditions of use and distribution. */

/* Code for receiving a message and setting up spool files. */

the file. (When SMTP input is occurring, different functions are used by
changing the pointer variables.) */

uschar stdin_buf[4096];
uschar * stdin_inptr = stdin_buf;
uschar * stdin_inend = stdin_buf;
int c = getc(stdin);

static BOOL
stdin_refill(void)
{
size_t rc = fread(stdin_buf, 1, sizeof(stdin_buf), stdin);
if (rc <= 0)
  receive_bomb_out(US"data-timeout", NULL);   /* Does not return */
  }
if (had_data_sigint)
  {
  if (had_data_timeout)
    {
    fprintf(stderr, "exim: timed out while reading - message abandoned\n");
    log_write(L_lost_incoming_connection,
	      LOG_MAIN, "timed out while reading local message");
    receive_bomb_out(US"data-timeout", NULL);   /* Does not return */
    }
  if (had_data_sigint)
    {
    if (filter_test == FTEST_NONE)
      {
      fprintf(stderr, "\nexim: %s received - message abandoned\n",
	had_data_sigint == SIGTERM ? "SIGTERM" : "SIGINT");
      log_write(0, LOG_MAIN, "%s received while reading local message",
	had_data_sigint == SIGTERM ? "SIGTERM" : "SIGINT");
      }
    receive_bomb_out(US"signal-exit", NULL);    /* Does not return */
    }
  return FALSE;
  }
stdin_inend = stdin_buf + rc;
stdin_inptr = stdin_buf;
return TRUE;
}

int
stdin_getc(unsigned lim)
{
if (stdin_inptr >= stdin_inend)
  if (!stdin_refill())
      return EOF;
return *stdin_inptr++;
}


BOOL
stdin_hasc(void)
{
return stdin_inptr < stdin_inend;
}

int
stdin_ungetc(int c)
{
if (stdin_inptr <= stdin_buf)
  log_write(0, LOG_MAIN|LOG_PANIC_DIE, "buffer underflow in stdin_ungetc");

*--stdin_inptr = c;
return c;
}

int
stdin_feof(void)
{
return stdin_hasc() ? FALSE : feof(stdin);
}

int

  empty item in a list. */

  if (*p == 0) p = US":";
  /* should never be a tainted list */
  while ((path = string_nextinlist(&p, &sep, buffer, sizeof(buffer))))
    if (Ustrcmp(path, "syslog") != 0)
      break;

    }

  recipients_list_max = recipients_list_max ? 2*recipients_list_max : 50;
  recipients_list = store_get(recipients_list_max * sizeof(recipient_item), GET_UNTAINTED);
  if (oldlist)
    memcpy(recipients_list, oldlist, oldmax * sizeof(recipient_item));
  }


static void
log_close_chk(void)
{
if (!receive_timeout && !receive_hasc())
  {
  struct timeval t;
  timesince(&t, &received_time);
  if (t.tv_sec > 30*60)
    mainlog_close();
  else
    if (poll_one_fd(0, POLLIN, (30*60 - t.tv_sec) * 1000) == 0)
      mainlog_close();
    FD_ZERO(&r); FD_SET(0, &r);
    t.tv_sec = 30*60 - t.tv_sec; t.tv_usec = 0;
    if (select(1, &r, NULL, NULL, &t) == 0) mainlog_close();
    }
  }
}


  {
  int last_ch = '\n';

/*XXX we do a gettimeofday before checking for every received char,
which is hardly clever.  The function-indirection doesn't help, but
an additional function to check for nonempty read buffer would help.
See stdin_getc() / smtp_getc() / tls_getc() / bdat_getc(). */

  for ( ;
       log_close_chk(), (ch = (receive_getc)(GETC_BUFFER_UNLIMITED)) != EOF;
       last_ch = ch)

*/

static int
read_message_bdat_smtp(FILE * fout)
{
int linelength = 0, ch;
enum CH_STATE ch_state = LF_SEEN;

}

static int
read_message_bdat_smtp_wire(FILE * fout)
{
int ch;


    const uschar * list = acl_removed_headers;
    int sep = ':';         /* This is specified as a colon-separated list */
    uschar *s;
    uschar buffer[128];

    while ((s = string_nextinlist(&list, &sep, NULL, 0)))
      if (header_testname(h, s, Ustrlen(s), FALSE))
	{
	h->type = htype_old;

void
received_header_gen(void)
{
uschar * received;
uschar * timestamp = expand_string(US"${tod_full}");
header_line * received_header= header_list;

timestamp = expand_string(US"${tod_full}");
if (recipients_count == 1) received_for = recipients_list[0].address;
received = expand_string(received_header_text);
received_for = NULL;

the result of the expansion is an empty string, we leave the header marked as
"old" so as to refrain from adding a Received header. */

if (!received[0])
  {
  received_header->text = string_sprintf("Received: ; %s\n", timestamp);
  received_header->type = htype_old;
  }
else
  {
  received_header->text = string_sprintf("%s;\n\t%s\n", received, timestamp);
  received_header->type = htype_received;
  }


int  error_rc = error_handling == ERRORS_SENDER
	? errors_sender_rc : EXIT_FAILURE;
int  header_size = 256;
int  start, end, domain;
int  id_resolution = 0;
int  had_zero = 0;
int  prevlines_length = 0;
const int id_resolution = BASE_62 == 62 ? 5000 : 10000;

int ptr = 0;


uschar *timestamp;
int tslen;

/* Time of creation of message_id */

static struct timeval message_id_tv = { 0, 0 };


/* Release any open files that might have been cached while preparing to
accept the message - e.g. by verifying addresses - because reading a message

header. Temporarily mark it as "old", i.e. not to be used. We keep header_last
pointing to the end of the chain to make adding headers simple. */

received_header = header_list = header_last = store_get(sizeof(header_line), GET_UNTAINTED);
header_list->next = NULL;
header_list->type = htype_old;
header_list->text = NULL;
header_list->slen = 0;

/* Control block for the next header to be read.
The data comes from the message, so is tainted. */

reset_point = store_mark();
next = store_get(sizeof(header_line), GET_UNTAINTED);
next->text = store_get(header_size, GET_TAINTED);

/* Initialize message id to be null (indicating no message read), and the
header names list to be the normal list. Indicate there is no data file open

if (sender_host_address) dmarc_init();	/* initialize libopendmarc */
#endif

/* In SMTP sessions we may receive several messages in one connection. Before
each subsequent one, we wait for the clock to tick at the level of message-id
granularity.
This is so that the combination of time+pid is unique, even on systems where the
pid can be re-used within our time interval. We can't shorten the interval
without re-designing the message-id. See comments above where the message id is
created. This is Something For The Future.
Do this wait any time we have previously created a message-id, even if we
rejected the message.  This gives unique IDs for logging done by ACLs.
The initial timestamp must have been obtained via exim_gettime() to avoid
issues on Linux with suspend/resume. */

if (message_id_tv.tv_sec)
  {
  message_id_tv.tv_usec = (message_id_tv.tv_usec/id_resolution) * id_resolution;
  exim_wait_tick(&message_id_tv, id_resolution);
  }

/* Remember the time of reception. Exim uses time+pid for uniqueness of message
ids, and fractions of a second are required. See the comments that precede the
message id creation below.
We use a routine that if possible uses a monotonic clock, and can be used again
after reception for the tick-wait even under the Linux non-Posix behaviour. */

else
  exim_gettime(&message_id_tv);

/* For other uses of the received time we can operate with granularity of one
second, and for that we use the global variable received_time. This is for
things like ultimate message timeouts.
For this we do not care about the Linux suspend/resume problem, so rather than
use exim_gettime() everywhere we use a plain gettimeofday() here. */

gettimeofday(&received_time, NULL);

/* If SMTP input, set the special handler for timeouts. The alarm() calls
happen in the smtp_getc() function when it refills its buffer. */

  /* If we hit EOF on a SMTP connection, it's an error, since incoming
  SMTP must have a correct "." terminator. */

  if (smtp_input /* && !smtp_batched_input */)
    if (ch == EOF)
      {
      smtp_reply = handle_lost_connection(US" (header)");
      smtp_yield = FALSE;
      goto TIDYUP;                       /* Skip to end of function */
      }
    else if (ch == ERR)
      goto TIDYUP;

  /* See if we are at the current header's size limit - there must be at least
  four bytes left. This allows for the new character plus a zero, plus two for

      goto OVERSIZE;
    header_size *= 2;

    if (!store_extend(next->text, oldsize, header_size))
      next->text = store_newblock(next->text, header_size, ptr);
    if (!store_extend(next->text, TRUE, oldsize, header_size))
      next->text = store_newblock(next->text, TRUE, header_size, ptr);
    }

  /* Cope with receiving a binary zero. There is dispute about whether

  those from data files use just LF. Treat LF in local SMTP input as a
  terminator too. Treat EOF as a line terminator always. */

  if (ch < 0) goto EOL;

  /* FUDGE: There are sites out there that don't send CRs before their LFs, and
  other MTAs accept this. We are therefore forced into this "liberalisation"

  prevent further reading), and break out of the loop, having freed the
  empty header, and set next = NULL to indicate no data line. */

  if (f.dot_ends && ptr == 0 && ch == '.')
    {
    ch = (receive_getc)(GETC_BUFFER_UNLIMITED);
    if (ch == '\r')

      ch = (receive_getc)(GETC_BUFFER_UNLIMITED);
      if (ch != '\n')
        {
	if (ch >= 0) receive_ungetc(ch);
        ch = '\r';              /* Revert to CR */
        }
      }

    /* Otherwise, put back the character after CR, and turn the bare CR
    into LF SP. */

    if (ch >= 0) (receive_ungetc)(ch);
    next->text[ptr++] = '\n';
    message_size++;
    ch = ' ';

  whitespace character. If it is, we have a continuation of this header line.
  There is always space for at least one character at this point. */

  if (ch >= 0)
    {
    int nextch = (receive_getc)(GETC_BUFFER_UNLIMITED);
    if (nextch == ' ' || nextch == '\t')

	goto OVERSIZE;
      continue;                      /* Iterate the loop */
      }
    else if (nextch >= 0)	/* not EOF, ERR etc */
      (receive_ungetc)(nextch);   /* For next time */
    else ch = nextch;                   /* Cause main loop to exit at end */
    }

  /* We have got to the real line end. Terminate the string and release store


  else
    {
    uschar * p = next->text;

    /* If not a valid header line, break from the header reading loop, leaving
    next != NULL, indicating that it holds the first line of the body. */

    }

  /* The line has been handled. If we have hit EOF, break out of the loop,
  indicating no pending data line and no more data for the message */

  if (ch < 0)
    {
    next = NULL;
    if (ch == EOF)	message_ended = END_DOT;
    else if (ch == ERR) message_ended = END_PROTOCOL;
    break;
    }

  /* Set up for the next header */

  reset_point = store_mark();
  header_size = 256;
  next = store_get(sizeof(header_line), GET_UNTAINTED);
  next->text = store_get(header_size, GET_TAINTED);
  ptr = 0;
  had_zero = 0;
  prevlines_length = 0;

/* End of file on any SMTP connection is an error. If an incoming SMTP call
is dropped immediately after valid headers, the next thing we will see is EOF.
We must test for this specially, as further down the reading of the data is
skipped if already at EOF.
In CHUNKING mode, a protocol error makes us give up on the message. */

if (smtp_input)
  if ((receive_feof)())
    {
    smtp_reply = handle_lost_connection(US" (after header)");
    smtp_yield = FALSE;
    goto TIDYUP;			/* Skip to end of function */
    }
  else if (message_ended == END_PROTOCOL)
    {
    smtp_reply = US"";			/* no reply needed */
    goto TIDYUP;
    }

/* If this is a filter test run and no headers were read, output a warning
in case there is a mistake in the test message. */

        white space that follows the newline must not be removed - it is part
        of the header. */

        pp = recipient = store_get(ss - s + 1, s);
        for (uschar * p = s; p < ss; p++) if (*p != '\n') *pp++ = *p;
        *pp = 0;


        if (!recipient && Ustrcmp(errmess, "empty address") != 0)
          {
          int len = Ustrlen(s);
          error_block * b = store_get(sizeof(error_block), GET_UNTAINTED);
          while (len > 0 && isspace(s[len-1])) len--;
          b->next = NULL;
          b->text1 = string_printing(string_copyn(s, len));

Ustrncpy(message_id + 7, string_base62((long int)getpid()), 6);

/* Deal with the case where the host number is set. The value of the number was
checked when it was read, to ensure it isn't too big. */
left in id_resolution so that an appropriate wait can be done after receiving
the message, if necessary (we hope it won't be). */

if (host_number_string)
  {
  id_resolution = BASE_62 == 62 ? 5000 : 10000;
  sprintf(CS(message_id + MESSAGE_ID_LENGTH - 3), "-%2s",
    string_base62((long int)(
      host_number * (1000000/id_resolution) +
        message_id_tv.tv_usec/id_resolution)) + 4);
  }

/* Host number not set: final field is just the fractional time at an
appropriate resolution. */

else
  {
  id_resolution = BASE_62 == 62 ? 500 : 1000;
  sprintf(CS(message_id + MESSAGE_ID_LENGTH - 3), "-%2s",
    string_base62((long int)(message_id_tv.tv_usec/id_resolution)) + 4);
  }

/* Add the current message id onto the current process info string if
it will fit. */


if (LOGGING(received_recipients))
  {
  raw_recipients = store_get(recipients_count * sizeof(uschar *), GET_UNTAINTED);
  for (int i = 0; i < recipients_count; i++)
    raw_recipients[i] = string_copy(recipients_list[i].address);
  raw_recipients_count = recipients_count;

recipients will get here only if the conditions were right (allow_unqualified_
recipient is TRUE). */

DEBUG(D_rewrite)
  { debug_printf_indent("qualify & rewrite recipients list\n"); acl_level++; }
for (int i = 0; i < recipients_count; i++)
  recipients_list[i].address =	/* deconst ok as src was not cont */
    US rewrite_address(recipients_list[i].address, TRUE, TRUE,
      global_rewrite_rules, rewrite_existflags);
DEBUG(D_rewrite) acl_level--;

/* If there is no From: header, generate one for local (without
suppress_local_fixups) or submission_mode messages. If there is no sender

if (  !from_header
   && ((!sender_host_address && !f.suppress_local_fixups) || f.submission_mode))
  {
  const uschar * oname = US"";

  /* Use the originator_name if this is a locally submitted message and the
  caller is not trusted. For trusted callers, use it only if -F was used to

/* If there are any rewriting rules, apply them to the sender address, unless
it has already been rewritten as part of verification for SMTP input. */

DEBUG(D_rewrite)
  { debug_printf("global rewrite rules\n"); acl_level++; }
if (global_rewrite_rules && !sender_address_unrewritten && *sender_address)
  {
  /* deconst ok as src was not const */

  DEBUG(D_receive|D_rewrite)
    debug_printf("rewritten sender = %s\n", sender_address);
  }
DEBUG(D_rewrite) acl_level--;


/* The headers must be run through rewrite_header(), because it ensures that

documented as happening *after* recipient addresses are taken from the headers
by the -t command line option. An added Sender: gets rewritten here. */

DEBUG(D_rewrite)
  { debug_printf("rewrite headers\n"); acl_level++; }
for (header_line * h = header_list->next, * newh; h; h = h->next)
  if ((newh = rewrite_header(h, NULL, NULL, global_rewrite_rules,
			      rewrite_existflags, TRUE)))
    h = newh;
DEBUG(D_rewrite) acl_level--;


/* An RFC 822 (sic) message is not legal unless it has at least one of "to",

/* No I/O errors were encountered while writing the data file. */

DEBUG(D_receive) debug_printf("Data file written for message %s\n", message_id);
gettimeofday(&received_time_complete, NULL);


/* If there were any bad addresses extracted by -t, or there were no recipients

if (LOGGING(tls_cipher) && tls_in.cipher)
  {
  g = string_append(g, 2, US" X=", tls_in.cipher);
# ifndef DISABLE_TLS_RESUME
  if (LOGGING(tls_resumption) && tls_in.resumption & RESUME_USED)
    g = string_catn(g, US"*", 1);
# endif

#endif

if (LOGGING(receive_time))
  {
  struct timeval diff = received_time_complete;
  timediff(&diff, &received_time);
  g = string_append(g, 2, US" RT=", string_timediff(&diff));
  }

if (*queue_name)
  g = string_append(g, 2, US" Q=", queue_name);

  uschar * old_id;
  BOOL save_allow_domain_literals = allow_domain_literals;
  allow_domain_literals = TRUE;
  int start, end, domain;

  old_id = parse_extract_address(Ustrchr(msgid_header->text, ':') + 1,
    &errmsg, &start, &end, &domain, FALSE);
  allow_domain_literals = save_allow_domain_literals;

/* Before sending an SMTP response in a TCP/IP session, we check to see if the
connection has gone away. This can only be done if there is no unconsumed input
waiting in the local input buffer. We can test for this by calling
receive_hasc(). RFC 2920 (pipelining) explicitly allows for additional
input to be sent following the final dot, so the presence of following input is
not an error.


connection will vanish between the time of this test and the sending of the
response, but the chance of this happening should be small. */

if (  smtp_input && sender_host_address && !f.sender_host_notsocket
   && !receive_hasc())
  {
  if (poll_one_fd(fileno(smtp_in), POLLIN, 0) != 0)
  fd_set select_check;
  FD_ZERO(&select_check);
  FD_SET(fileno(smtp_in), &select_check);
  tv.tv_sec = 0;
  tv.tv_usec = 0;

  if (select(fileno(smtp_in) + 1, &select_check, NULL, NULL, &tv) != 0)
    {
    int c = (receive_getc)(GETC_BUFFER_UNLIMITED);
    if (c != EOF) (receive_ungetc)(c);
    else
      {
      smtp_notquit_exit(US"connection-lost", NULL, NULL);
      smtp_reply = US"";    /* No attempt to send a response */



TIDYUP:
/* In SMTP sessions we may receive several messages in one connection. After
each one, we wait for the clock to tick at the level of message-id granularity.
This is so that the combination of time+pid is unique, even on systems where the
pid can be re-used within our time interval. We can't shorten the interval
without re-designing the message-id. See comments above where the message id is
created. This is Something For The Future.
Do this wait any time we have created a message-id, even if we rejected the
message.  This gives unique IDs for logging done by ACLs. */

if (id_resolution != 0)
  {
  message_id_tv.tv_usec = (message_id_tv.tv_usec/id_resolution) * id_resolution;
  exim_wait_tick(&message_id_tv, id_resolution);
  id_resolution = 0;
  }


process_info[process_info_len] = 0;			/* Remove message id */
if (spool_data_file && cutthrough_done == NOT_TRIED)
  {


      else if (chunking_state > CHUNKING_OFFERED)
	{
	/* If there is more input waiting, no need to flush (probably the client
	pipelined QUIT after data).  We check only the in-process buffer, not
	the socket. */

        smtp_printf("250- %u byte chunk, total %d\r\n250 OK id=%s\r\n",
	    receive_hasc(),
	    chunking_datasize, message_size+message_linecount, message_id);
	chunking_state = CHUNKING_OFFERED;
	}
      else
        smtp_printf("250 OK id=%s\r\n", receive_hasc(), message_id);

      if (host_checking)
        fprintf(stdout,

Lines 2-10 Link Here

(-)exim.orig/src/regex.c (-18 / +27 lines)
2	* Exim - an Internet mail transport agent *	2	* Exim - an Internet mail transport agent *
3	*************************************************/	3	*************************************************/
4		4
5	/* Copyright (c) Tom Kistner <tom@duncanthrax.net> 2003-2015	5	/*
		6	* Copyright (c) The Exim Maintainers 2016 - 2022
		7	* Copyright (c) Tom Kistner <tom@duncanthrax.net> 2003-2015
6	* License: GPL	8	* License: GPL
7	* Copyright (c) The Exim Maintainers 2016 - 2018
8	*/	9	*/
9		10
10	/* Code for matching regular expressions against headers and body.	11	/* Code for matching regular expressions against headers and body.
Lines 17-23 Link Here
17		18
18	/* Structure to hold a list of Regular expressions */	19	/* Structure to hold a list of Regular expressions */
19	typedef struct pcre_list {	20	typedef struct pcre_list {
20	pcre *re;	21	pcre2_code *re;
21	uschar *pcre_text;	22	uschar *pcre_text;
22	struct pcre_list *next;	23	struct pcre_list *next;
23	} pcre_list;	24	} pcre_list;
Lines 32-39 Link Here
32	{	33	{
33	int sep = 0;	34	int sep = 0;
34	uschar *regex_string;	35	uschar *regex_string;
35	const char *pcre_error;
36	int pcre_erroffset;
37	pcre_list *re_list_head = NULL;	36	pcre_list *re_list_head = NULL;
38	pcre_list *ri;	37	pcre_list *ri;
39		38
Lines 41-59 Link Here
41	while ((regex_string = string_nextinlist(&list, &sep, NULL, 0)))	40	while ((regex_string = string_nextinlist(&list, &sep, NULL, 0)))
42	if (strcmpic(regex_string, US"false") != 0 && Ustrcmp(regex_string, "0") != 0)	41	if (strcmpic(regex_string, US"false") != 0 && Ustrcmp(regex_string, "0") != 0)
43	{	42	{
44	pcre *re;	43	pcre2_code * re;
		44	int err;
		45	PCRE2_SIZE pcre_erroffset;
45		46
46	/* compile our regular expression */	47	/* compile our regular expression */
47	if (!(re = pcre_compile( CS regex_string,	48	if (!(re = pcre2_compile( (PCRE2_SPTR) regex_string, PCRE2_ZERO_TERMINATED,
48	0, &pcre_error, &pcre_erroffset, NULL )))	49	0, &err, &pcre_erroffset, pcre_cmp_ctx)))
49	{	50	{
		51	uschar errbuf[128];
		52	pcre2_get_error_message(err, errbuf, sizeof(errbuf));
50	log_write(0, LOG_MAIN,	53	log_write(0, LOG_MAIN,
51	"regex acl condition warning - error in regex '%s': %s at offset %d, skipped.",	54	"regex acl condition warning - error in regex '%s': %s at offset %ld, skipped.",
52	regex_string, pcre_error, pcre_erroffset);	55	regex_string, errbuf, (long)pcre_erroffset);
53	continue;	56	continue;
54	}	57	}
55		58
56	ri = store_get(sizeof(pcre_list), FALSE);	59	ri = store_get(sizeof(pcre_list), GET_UNTAINTED);
57	ri->re = re;	60	ri->re = re;
58	ri->pcre_text = regex_string;	61	ri->pcre_text = regex_string;
59	ri->next = re_list_head;	62	ri->next = re_list_head;
Lines 65-89 Link Here
65	static int	68	static int
66	matcher(pcre_list * re_list_head, uschar * linebuffer, int len)	69	matcher(pcre_list * re_list_head, uschar * linebuffer, int len)
67	{	70	{
68	for(pcre_list * ri = re_list_head; ri; ri = ri->next)	71	pcre2_match_data * md = pcre2_match_data_create(REGEX_VARS + 1, pcre_gen_ctx);
		72
		73	for (pcre_list * ri = re_list_head; ri; ri = ri->next)
69	{	74	{
70	int ovec[3*(REGEX_VARS+1)];
71	int n;	75	int n;
72		76
73	/* try matcher on the line */	77	/* try matcher on the line */
74	if ((n = pcre_exec(ri->re, NULL, CS linebuffer, len, 0, 0, ovec, nelem(ovec))) > 0)	78	if ((n = pcre2_match(ri->re, (PCRE2_SPTR)linebuffer, len, 0, 0, md, pcre_mtc_ctx)) > 0)
75	{	79	{
76	Ustrncpy(regex_match_string_buffer, ri->pcre_text,	80	Ustrncpy(regex_match_string_buffer, ri->pcre_text,
77	sizeof(regex_match_string_buffer)-1);	81	sizeof(regex_match_string_buffer)-1);
78	regex_match_string = regex_match_string_buffer;	82	regex_match_string = regex_match_string_buffer;
79		83
80	for (int nn = 1; nn < n; nn++)	84	for (int nn = 1; nn < n; nn++)
81	regex_vars[nn-1] =	85	{
82	string_copyn(linebuffer + ovec[nn2], ovec[nn2+1] - ovec[nn*2]);	86	PCRE2_UCHAR * cstr;
		87	PCRE2_SIZE cslen;
		88	pcre2_substring_get_bynumber(md, nn, &cstr, &cslen);
		89	regex_vars[nn-1] = CUS cstr;
		90	}
83		91
84	return OK;	92	return OK;
85	}	93	}
86	}	94	}
		95	pcre2_match_data_free(md);
87	return FAIL;	96	return FAIL;
88	}	97	}
89		98
Lines 125-131 Link Here
125	return FAIL; /* no regexes -> nothing to do */	134	return FAIL; /* no regexes -> nothing to do */
126		135
127	/* match each line against all regexes */	136	/* match each line against all regexes */
128	linebuffer = store_get(32767, TRUE); /* tainted */	137	linebuffer = store_get(32767, GET_TAINTED);
129	while (fgets(CS linebuffer, 32767, mbox_file))	138	while (fgets(CS linebuffer, 32767, mbox_file))
130	{	139	{
131	if ( mime_stream && mime_current_boundary /* check boundary */	140	if ( mime_stream && mime_current_boundary /* check boundary */
Lines 196-202 Link Here
196	}	205	}
197		206
198	/* get 32k memory, tainted */	207	/* get 32k memory, tainted */
199	mime_subject = store_get(32767, TRUE);	208	mime_subject = store_get(32767, GET_TAINTED);
200		209
201	mime_subject_len = fread(mime_subject, 1, 32766, f);	210	mime_subject_len = fread(mime_subject, 1, 32766, f);
202		211




*     Exim - an Internet mail transport agent    *
*************************************************/

/* Copyright (c) The Exim Maintainers 2020 - 2022 */
/* Copyright (c) University of Cambridge 1995 - 2018 */
/* Copyright (c) The Exim Maintainers 2020 */
/* See the file NOTICE for conditions of use and distribution. */

/* Functions concerned with retrying unsuccessful deliveries. */

{
BOOL yield = FALSE;
time_t now = time(NULL);
uschar * host_key, * message_key;
open_db dbblock, * dbm_file;
tree_node * node;
dbdata_retry * host_retry_record, * message_retry_record;
dbdata_retry *host_retry_record, *message_retry_record;

*retry_host_key = *retry_message_key = NULL;


/* Generate the host key for the unusable tree and the retry database. Ensure
host names are lower cased (that's what %S does). */

host_key = include_ip_address
  ? string_sprintf("T:%S:%s%s", host->name, host->address, portstring)
  : string_sprintf("T:%S%s", host->name, portstring);

/* Generate the message-specific key */


void
retry_add_item(address_item *addr, uschar *key, int flags)
{
retry_item * rti = store_get(sizeof(retry_item), GET_UNTAINTED);
host_item * host = addr->host_used;

rti->next = addr->retries;

	  ? US string_printing(rti->message)
	  : US"unknown error";
        message_length = Ustrlen(message);
        if (message_length > EXIM_DB_RLIMIT) message_length = EXIM_DB_RLIMIT;

        /* Read a retry record from the database or construct a new one.
        Ignore an old one if it is too old since it was last updated. */

        if (!retry_record)
          {
          retry_record = store_get(sizeof(dbdata_retry) + message_length,
				   message);
          message_space = message_length;
          retry_record->first_failed = now;
          retry_record->last_try = now;

	if (message_length > message_space)
	  {
	  dbdata_retry * newr =
	    store_get(sizeof(dbdata_retry) + message_length, message);
	  memcpy(newr, retry_record, sizeof(dbdata_retry));
	  retry_record = newr;
	  }




*     Exim - an Internet mail transport agent    *
*************************************************/

/* Copyright (c) The Exim Maintainers 2021 - 2022 */
/* Copyright (c) University of Cambridge 1995 - 2018 */
/* See the file NOTICE for conditions of use and distribution. */



if (whole) *whole = FALSE;

/* Scan the rewriting rules, ignoring any without matching flag */

for (rewrite_rule * rule = rewrite_rules;
     rule && !done;
     rule_number++, rule = rule->next) if (rule->flags & flag)
  {
  int start, end, pdomain;
  int count = 0;

  uschar *error, *new;
  const uschar * newparsed;

  /* Ensure that the flag matches the flags in the rule. */

  if (!(rule->flags & flag)) continue;

  /* Come back here for a repeat after a successful rewrite. We do this
  only so many times. */


header_line *newh = NULL;
rmark function_reset_point = store_mark();
uschar *s = Ustrchr(h->text, ':') + 1;

while (isspace(*s)) s++;

DEBUG(D_rewrite)
  debug_printf_indent("rewrite_one_header: type=%c:\n  %s", h->type, h->text);

f.parse_allow_group = TRUE;     /* Allow group syntax */


  the next address, saving the start of the old one. */

  *ss = 0;
  recipient = parse_extract_address(s, &errmess, &start, &end, &domain, FALSE);

  *ss = terminator;
  sprev = s;
  s = ss + (terminator ? 1 : 0);
  while (isspace(*s)) s++;

  /* There isn't much we can do for syntactic disasters at this stage.

  empty address, overlong addres. Sometimes the result matters, sometimes not.
  It seems this function is called for *any* header we see. */


  if (!recipient)
    {
    /* Handle unparesable addresses in the header. Slightly ugly because a
    null output from the extract can also result from a header without an
    address, "To: undisclosed recpients:;" being the classic case. */
    needs more effort to decide if the returned empty address matters.
    Now this will now break test 471 again.

    471 fails now because it uses an overlong address, for wich parse_extract_address()
    returns an empty address (which was not expected).

    Checking the output and exit if rewrite_rules or routed_old are present
    isn't a good idea either: It's enough to have *any* rewrite rule
    in the configuration plus "To: undisclosed recpients:;" to exit(), which
    is not what we want.
    */

    if ((rewrite_rules || routed_old) && Ustrcmp(errmess, "empty address") != 0)
      {
      log_write(0, LOG_MAIN, "rewrite: %s", errmess);
      exim_exit(EXIT_FAILURE);
      }
#endif
    loop_reset_point = store_reset(loop_reset_point);
    continue;
    }

  as abc@xyz, which the DNS lookup turns into abc@xyz.foo.com). However, if no
  change is made here, don't bother carrying on. */

  if (routed_old)
    {
    if (domain <= 0 || strcmpic(recipient+domain, routed_old) != 0) continue;
    recipient[domain-1] = 0;

  "whole" flag set, adjust the pointers so that the whole address gets
  replaced, except possibly a final \n. */

  if (existflags & flag)
    {
    BOOL whole;
    /* deconst ok as recipient was notconst */

    int oldlen = end - start;

    header_line * prev = newh ? newh : h;
    uschar * newt = store_get_perm(prev->slen - oldlen + newlen + 4, GET_TAINTED);
    uschar * newtstart = newt;

    int type = prev->type;


    store_reset(function_reset_point);
    function_reset_point = store_mark();
    newh = store_get(sizeof(header_line), GET_UNTAINTED);
    newh->type = type;
    newh->slen = slen;
    newh->text = string_copyn(newtstart, slen);

    /* Set up for scanning the rest of the header */

    s = newh->text + remlen;
    DEBUG(D_rewrite) debug_printf("remainder: %s", *s ? s : US"\n");
    }
  }


/* If a rewrite happened and "replace" is true, put the new header into the
chain following the old one, and mark the old one as replaced. */

if (newh && replace)
  {
  newh->next = h->next;
  if (!newh->next) header_last = newh;
  h->type = htype_old;
  h->next = newh;
  }




*     Exim - an Internet mail transport agent    *
*************************************************/

/* Copyright (c) The Exim Maintainers 2020 - 2022 */
/* Copyright (c) University of Cambridge 1995 - 2018 */
/* Copyright (c) The Exim Maintainers 2020 */
/* See the file NOTICE for conditions of use and distribution. */

/* This file contains a function for decoding message header lines that may

int len = 0;
uschar *ptr;

ptr = *ptrptr = store_get(Ustrlen(string) + 1, string);  /* No longer than this */

while (*string != 0)
  {

*/

uschar *
rfc2047_decode2(uschar *string, BOOL lencheck, const uschar *target,
  int zeroval, int *lenptr, int *sizeptr, uschar **error)
{
int size = Ustrlen(string);
size_t dlen;

translated into a multibyte code such as UTF-8. That's why we use the dynamic
string building code. */

yield = store_get(sizeof(gstring) + ++size, string);
yield->size = size;
yield->ptr = 0;
yield->s = US(yield + 1);

argument. */

uschar *
rfc2047_decode(uschar *string, BOOL lencheck, const uschar *target, int zeroval,
  int *lenptr, uschar **error)
{
return rfc2047_decode2(string, lencheck, target, zeroval, lenptr, NULL, error);

Lines 2-9 Link Here

(-)exim.orig/src/route.c (-11 / +30 lines)
2	* Exim - an Internet mail transport agent *	2	* Exim - an Internet mail transport agent *
3	*************************************************/	3	*************************************************/
4		4
		5	/* Copyright (c) The Exim Maintainers 2020 - 2022 */
5	/* Copyright (c) University of Cambridge 1995 - 2018 */	6	/* Copyright (c) University of Cambridge 1995 - 2018 */
6	/* Copyright (c) The Exim Maintainers 2020 */
7	/* See the file NOTICE for conditions of use and distribution. */	7	/* See the file NOTICE for conditions of use and distribution. */
8		8
9	/* Functions concerned with routing, and the list of generic router options. */	9	/* Functions concerned with routing, and the list of generic router options. */
Lines 288-294 Link Here
288		288
289	/* Build a host list if fallback hosts is set. */	289	/* Build a host list if fallback hosts is set. */
290		290
291	host_build_hostlist(&(r->fallback_hostlist), r->fallback_hosts, FALSE);	291	{
		292	int old_pool = store_pool;
		293	store_pool = POOL_PERM;
		294	host_build_hostlist(&r->fallback_hostlist, r->fallback_hosts, FALSE);
		295	store_pool = old_pool;
		296	}
292		297
293	/* Check redirect_router and pass_router are valid */	298	/* Check redirect_router and pass_router are valid */
294		299
Lines 607-620 Link Here
607	BOOL ugid_set = FALSE;	612	BOOL ugid_set = FALSE;
608	const uschar *listptr;	613	const uschar *listptr;
609	uschar *check;	614	uschar *check;
610	uschar buffer[1024];
611		615
612	if (!s) return OK;	616	if (!s) return OK;
613		617
614	DEBUG(D_route) debug_printf("checking require_files\n");	618	DEBUG(D_route) debug_printf("checking require_files\n");
615		619
616	listptr = s;	620	listptr = s;
617	while ((check = string_nextinlist(&listptr, &sep, buffer, sizeof(buffer))))	621	while ((check = string_nextinlist(&listptr, &sep, NULL, 0)))
618	{	622	{
619	int rc;	623	int rc;
620	int eacces_code = 0;	624	int eacces_code = 0;
Lines 1495-1501 Link Here
1495		1499
1496	if (!(node = tree_search(*root, name)))	1500	if (!(node = tree_search(*root, name)))
1497	{ /* name should never be tainted */	1501	{ /* name should never be tainted */
1498	node = store_get(sizeof(tree_node) + Ustrlen(name), FALSE);	1502	node = store_get(sizeof(tree_node) + Ustrlen(name), GET_UNTAINTED);
1499	Ustrcpy(node->name, name);	1503	Ustrcpy(node->name, name);
1500	(void)tree_insertnode(root, node);	1504	(void)tree_insertnode(root, node);
1501	}	1505	}
Lines 1666-1672 Link Here
1666	addr->prefix_v = string_copyn(addr->local_part, vlen);	1670	addr->prefix_v = string_copyn(addr->local_part, vlen);
1667	}	1671	}
1668	else	1672	else
1669	addr->prefix = string_copyn_taint(addr->local_part, plen, FALSE);	1673	addr->prefix = string_copyn_taint(addr->local_part, plen, GET_UNTAINTED);
1670	addr->local_part += plen;	1674	addr->local_part += plen;
1671	DEBUG(D_route) debug_printf("stripped prefix %s\n", addr->prefix);	1675	DEBUG(D_route) debug_printf("stripped prefix %s\n", addr->prefix);
1672	}	1676	}
Lines 1689-1695 Link Here
1689	int lplen = Ustrlen(addr->local_part) - slen;	1693	int lplen = Ustrlen(addr->local_part) - slen;
1690	addr->suffix = vlen	1694	addr->suffix = vlen
1691	? addr->local_part + lplen	1695	? addr->local_part + lplen
1692	: string_copy_taint(addr->local_part + lplen, slen);	1696	: string_copy_taint(addr->local_part + lplen, GET_UNTAINTED);
1693	addr->suffix_v = addr->suffix + Ustrlen(addr->suffix) - vlen;	1697	addr->suffix_v = addr->suffix + Ustrlen(addr->suffix) - vlen;
1694	addr->local_part = string_copyn(addr->local_part, lplen);	1698	addr->local_part = string_copyn(addr->local_part, lplen);
1695	DEBUG(D_route) debug_printf("stripped suffix %s\n", addr->suffix);	1699	DEBUG(D_route) debug_printf("stripped suffix %s\n", addr->suffix);
Lines 1706-1711 Link Here
1706	the local part sorted. */	1710	the local part sorted. */
1707		1711
1708	router_name = r->name;	1712	router_name = r->name;
		1713	driver_srcfile = r->srcfile;
		1714	driver_srcline = r->srcline;
1709	deliver_set_expansions(addr);	1715	deliver_set_expansions(addr);
1710		1716
1711	/* For convenience, the pre-router checks are in a separate function, which	1717	/* For convenience, the pre-router checks are in a separate function, which
Lines 1713-1719 Link Here
1713		1719
1714	if ((rc = check_router_conditions(r, addr, verify, &pw, &error)) != OK)	1720	if ((rc = check_router_conditions(r, addr, verify, &pw, &error)) != OK)
1715	{	1721	{
1716	router_name = NULL;	1722	driver_srcfile = router_name = NULL; driver_srcline = 0;
1717	if (rc == SKIP) continue;	1723	if (rc == SKIP) continue;
1718	addr->message = error;	1724	addr->message = error;
1719	yield = rc;	1725	yield = rc;
Lines 1764-1770 Link Here
1764	{	1770	{
1765	DEBUG(D_route)	1771	DEBUG(D_route)
1766	debug_printf("\"more\"=false: skipping remaining routers\n");	1772	debug_printf("\"more\"=false: skipping remaining routers\n");
1767	router_name = NULL;	1773	driver_srcfile = router_name = NULL; driver_srcline = 0;
1768	r = NULL;	1774	r = NULL;
1769	break;	1775	break;
1770	}	1776	}
Lines 1816-1822 Link Here
1816	yield = (r->info->code)(r, addr, pw, verify, paddr_local, paddr_remote,	1822	yield = (r->info->code)(r, addr, pw, verify, paddr_local, paddr_remote,
1817	addr_new, addr_succeed);	1823	addr_new, addr_succeed);
1818		1824
1819	router_name = NULL;	1825	driver_srcfile = router_name = NULL; driver_srcline = 0;
1820		1826
1821	if (yield == FAIL)	1827	if (yield == FAIL)
1822	{	1828	{
Lines 2044-2053 Link Here
2044	addr->message = expand_hide_passwords(addr->message);	2050	addr->message = expand_hide_passwords(addr->message);
2045		2051
2046	deliver_set_expansions(NULL);	2052	deliver_set_expansions(NULL);
2047	router_name = NULL;	2053	driver_srcfile = router_name = NULL; driver_srcline = 0;
2048	f.disable_logging = FALSE;	2054	f.disable_logging = FALSE;
2049	return yield;	2055	return yield;
2050	}	2056	}
2051		2057
		2058
		2059
		2060	/* For error messages, a string describing the config location associated
		2061	with current processing. NULL if we are not in a router. */
		2062	/* Name only, for now */
		2063
		2064	uschar *
		2065	router_current_name(void)
		2066	{
		2067	if (!router_name) return NULL;
		2068	return string_sprintf(" (router %s, %s %d)", router_name, driver_srcfile, driver_srcline);
		2069	}
		2070
2052	#endif /!MACRO_PREDEF/	2071	#endif /!MACRO_PREDEF/
2053	/* End of route.c */	2072	/* End of route.c */




*************************************************/

/* Copyright (c) University of Cambridge 1995 - 2018 */
/* Copyright (c) The Exim Maintainers 2020 - 2021 */
/* See the file NOTICE for conditions of use and distribution. */



uschar *remove_headers;
header_line *extra_headers;

addr_new = addr_new;  /* Keep picky compilers happy */
addr_succeed = addr_succeed;

DEBUG(D_route) debug_printf("%s router called for %s\n  domain = %s\n",
  rblock->name, addr->address, addr->domain);





*     Exim - an Internet mail transport agent    *
*************************************************/

/* Copyright (c) The Exim Maintainers 2020 - 2022 */
/* Copyright (c) University of Cambridge 1995 - 2018 */
/* Copyright (c) The Exim Maintainers 2020 */
/* See the file NOTICE for conditions of use and distribution. */

#include "../exim.h"

const uschar *listptr;
uschar widen_buffer[256];

addr_new = addr_new;          /* Keep picky compilers happy */
addr_succeed = addr_succeed;

DEBUG(D_route)
  debug_printf("%s router called for %s\n  domain = %s\n",
    rblock->name, addr->address, addr->domain);

   && (verify != v_sender || !ob->rewrite_headers || addr->parent))
  {
  listptr = ob->widen_domains;
  /* not expanded so should never be tainted */
  widen = string_nextinlist(&listptr, &widen_sep, widen_buffer,
    sizeof(widen_buffer));


  else if (widen)
    {
    h.name = string_sprintf("%s.%s", addr->domain, widen);
    /* not expanded so should never be tainted */
    widen = string_nextinlist(&listptr, &widen_sep, widen_buffer,
      sizeof(widen_buffer));
    DEBUG(D_route) debug_printf("%s router widened %s to %s\n", rblock->name,

/* Get store in which to preserve the original host item, chained on
to the address. */

addr->host_list = store_get(sizeof(host_item), GET_UNTAINTED);
addr->host_list[0] = h;

/* Fill in the transport and queue the address for delivery. */




*     Exim - an Internet mail transport agent    *
*************************************************/

/* Copyright (c) The Exim Maintainers 2020 - 2022 */
/* Copyright (c) University of Cambridge 1995 - 2018 */
/* Copyright (c) The Exim Maintainers 2020 */
/* See the file NOTICE for conditions of use and distribution. */



ipliteral_router_options_block *ob =
  (ipliteral_router_options_block *)(rblock->options_block);
*/
rblock = rblock;
}



int len = Ustrlen(domain);
int rc, ipv;

addr_new = addr_new;         /* Keep picky compilers happy */
addr_succeed = addr_succeed;

DEBUG(D_route) debug_printf("%s router called for %s: domain = %s\n",
  rblock->name, addr->address, addr->domain);



/* Set up a host item */

h = store_get(sizeof(host_item), GET_UNTAINTED);

h->next = NULL;
h->address = string_copy(ip);




*     Exim - an Internet mail transport agent    *
*************************************************/

/* Copyright (c) The Exim Maintainers 2020 - 2022 */
/* Copyright (c) University of Cambridge 1995 - 2018 */
/* Copyright (c) The Exim Maintainers 2020 */
/* See the file NOTICE for conditions of use and distribution. */



uschar *hostname, *reroute, *domain;
const uschar *listptr;
uschar host_buffer[256];
host_item *host = store_get(sizeof(host_item), GET_UNTAINTED);
address_item *new_addr;
iplookup_router_options_block *ob =
  (iplookup_router_options_block *)(rblock->options_block);
const pcre2_code *re = ob->re_response_pattern;
int count, query_len, rc;
int sep = 0;

addr_local = addr_local;    /* Keep picky compilers happy */
addr_remote = addr_remote;
addr_succeed = addr_succeed;
pw = pw;

DEBUG(D_route) debug_printf("%s router called for %s: domain = %s\n",
  rblock->name, addr->address, addr->domain);

reply = store_get(256, GET_TAINTED);

/* Build the query string to send. If not explicitly given, a default of
"user@domain user@domain" is used. */

being a host list. */

listptr = ob->hosts;
/* not expanded so should never be tainted */
while ((hostname = string_nextinlist(&listptr, &sep, host_buffer,
       sizeof(host_buffer))))
  {

Lines 3-8 Link Here

(-)exim.orig/src/routers/iplookup.h (-1 / +2 lines)
3	*************************************************/	3	*************************************************/
4		4
5	/* Copyright (c) University of Cambridge 1995 - 2009 */	5	/* Copyright (c) University of Cambridge 1995 - 2009 */
		6	/* Copyright (c) The Exim Maintainers 2021 */
6	/* See the file NOTICE for conditions of use and distribution. */	7	/* See the file NOTICE for conditions of use and distribution. */
7		8
8		9
Lines 17-23 Link Here
17	uschar *query;	18	uschar *query;
18	uschar *response_pattern;	19	uschar *response_pattern;
19	uschar *reroute;	20	uschar *reroute;
20	const pcre *re_response_pattern;	21	const pcre2_code *re_response_pattern;
21	BOOL optional;	22	BOOL optional;
22	} iplookup_router_options_block;	23	} iplookup_router_options_block;
23		24




*     Exim - an Internet mail transport agent    *
*************************************************/

/* Copyright (c) The Exim Maintainers 2020 - 2022 */
/* Copyright (c) University of Cambridge 1995 - 2018 */
/* Copyright (c) The Exim Maintainers 2020 */
/* See the file NOTICE for conditions of use and distribution. */



BOOL individual_transport_set = FALSE;
BOOL randomize = ob->hosts_randomize;

addr_new = addr_new;           /* Keep picky compilers happy */
addr_succeed = addr_succeed;

DEBUG(D_route) debug_printf("%s router called for %s\n  domain = %s\n",
  rblock->name, addr->address, addr->domain);


  int sep = -(';');             /* Default is semicolon */
  listptr = ob->route_list;

  while ((route_item = string_nextinlist(&listptr, &sep, NULL, 0)))
    {
    int rc;


  if (hostlist[0])
    {
    host_item *h;
    addr->host_list = h = store_get(sizeof(host_item), GET_UNTAINTED);
    h->name = string_copy(hostlist);
    h->address = NULL;
    h->port = PORT_NONE;

defined for these hosts. It will be a remote one, as a local transport is
dealt with above. However, we don't need one if verifying only. */

if (!transport && verify == v_none)
    {
    log_write(0, LOG_MAIN, "Error in %s router: no transport defined",
      rblock->name);




*     Exim - an Internet mail transport agent    *
*************************************************/

/* Copyright (c) The Exim Maintainers 2020 - 2022 */
/* Copyright (c) University of Cambridge 1995 - 2018 */
/* Copyright (c) The Exim Maintainers 2020 */
/* See the file NOTICE for conditions of use and distribution. */

#include "../exim.h"


/* A command must be given */

if (!ob->command)
  log_write(0, LOG_PANIC_DIE|LOG_CONFIG_FOR, "%s router:\n  "
    "a command specification is required", rblock->name);

/* A uid/gid must be supplied */

if (!ob->cmd_uid_set && !ob->expand_cmd_uid)
  log_write(0, LOG_PANIC_DIE|LOG_CONFIG_FOR, "%s router:\n  "
    "command_user must be specified", rblock->name);
}

  &addr_prop.remove_headers);
if (rc != OK) return rc;

#ifdef EXPERIMENTAL_SRS
addr_prop.srs_sender = NULL;
#endif

/* Get the fixed or expanded uid under which the command is to run
(initialization ensures that one or the other is set). */

if (  !ob->cmd_uid_set
   && !route_find_expanded_user(ob->expand_cmd_uid, rblock->name, US"router",
	&upw, &uid, &(addr->message)))
      &upw, &uid, &(addr->message)))
    return DEFER;
  }

/* Get the fixed or expanded gid, or take the gid from the passwd entry. */

if (!ob->cmd_gid_set)
  if (ob->expand_cmd_gid)
  if (ob->expand_cmd_gid != NULL)
    {
    if (route_find_expanded_group(ob->expand_cmd_gid, rblock->name,
        US"router", &gid, &(addr->message)))
      return DEFER;
    }
  else if (upw)
    {
    gid = upw->pw_gid;
    }
  else
    {
    addr->message = string_sprintf("command_user set without command_group "
      "for %s router", rblock->name);
    return DEFER;
    }
  }

DEBUG(D_route) debug_printf("requires uid=%ld gid=%ld current_directory=%s\n",
  (long int)uid, (long int)gid, current_directory);

    TRUE,                               /* expand the arguments */
    0,                                  /* not relevant when... */
    NULL,                               /* no transporting address */
    FALSE,				/* args must be untainted */
    US"queryprogram router",            /* for error messages */
    &addr->message))                    /* where to put error message */
  {
  return DEFER;
  }

/* Create the child process, making it a group leader. */


rword = buffer;
while (isspace(*rword)) rword++;
rdata = rword;
while (*rdata && !isspace(*rdata)) rdata++;
if (*rdata) *rdata++ = 0;

/* The word must be a known yield name. If it is "REDIRECT", the rest of the
line is redirection data, as for a .forward file. It may not contain filter

    NULL,                        /* sieve subaddress not relevant */
    &ugid,                       /* uid/gid (but not set) */
    &generated,                  /* where to hang the results */
    &addr->message,              /* where to put messages */
    NULL,                        /* don't skip syntax errors */
    &filtertype,                 /* not used; will always be FILTER_FORWARD */
    string_sprintf("%s router", rblock->name));

    response after verifying. */

    case FF_DEFER:
      if (!addr->message) addr->message = US"forced defer";
      else addr->user_message = addr->message;
      return DEFER;

    case FF_FAIL:
      add_generated(rblock, addr_new, addr, generated, &addr_prop);
      if (!addr->message) addr->message = US"forced rejection";
      else addr->user_message = addr->message;
      return FAIL;

    case FF_DELIVERED:
      break;

    case FF_NOTDELIVERED:    /* an empty redirection list is bad */
      addr->message = US"no addresses supplied";
    /* Fall through */

    case FF_ERROR:
    default:
      addr->basic_errno = ERRNO_BADREDIRECT;
      addr->message = string_sprintf("error in redirect data: %s", addr->message);
      return DEFER;
    }

  /* Handle the generated addresses, if any. */

  }

/* The command yielded "ACCEPT". The rest of the string is a number of keyed
fields from which we can fish out values using the equivalent of the "extract"
expansion function. */
i.e. set lookup_value. */

lookup_value = rdata;
s = expand_string(US"${extract{data}{$value}}");
if (*s != 0) addr_prop.address_data = string_copy(s);

if ((s = expand_getkeyed(US"data", rdata)) && *s)
  addr_prop.address_data = string_copy(s);

/* If we found a transport name, find the actual transport */

if ((s = expand_getkeyed(US"transport", rdata)) && *s)
  {
  transport_instance *transport;
  for (transport = transports; transport; transport = transport->next)


else
  {
  if (!rf_get_transport(rblock->transport_name, &rblock->transport, addr,
       rblock->name, US"transport"))
    return DEFER;
  addr->transport = rblock->transport;


/* See if a host list is given, and if so, look up the addresses. */

if ((s = expand_getkeyed(US"hosts", rdata)) && *s)
s = expand_string(US"${extract{hosts}{$value}}");

if (*s != 0)
  {
  int lookup_type = LK_DEFAULT;
  uschar * ss = expand_getkeyed(US"lookup", rdata);
  lookup_value = NULL;

  if (ss && *ss)
    {
    if (Ustrcmp(ss, "byname") == 0) lookup_type = LK_BYNAME;
    else if (Ustrcmp(ss, "bydns") == 0) lookup_type = LK_BYDNS;


/* Queue the address for local or remote delivery. */

return rf_queue_add(addr, addr_local, addr_remote, rblock, pw) ? OK : DEFER;
  OK : DEFER;
}

#endif   /*!MACRO_PREDEF*/




*     Exim - an Internet mail transport agent    *
*************************************************/

/* Copyright (c) The Exim Maintainers 2020 - 2022 */
/* Copyright (c) University of Cambridge 1995 - 2018 */
/* Copyright (c) The Exim Maintainers 2020 */
/* See the file NOTICE for conditions of use and distribution. */



  { "sieve_useraddress", opt_stringptr,		LOFF(sieve_useraddress) },
  { "sieve_vacation_directory", opt_stringptr,	LOFF(sieve_vacation_directory) },
  { "skip_syntax_errors", opt_bool,		LOFF(skip_syntax_errors) },
#ifdef EXPERIMENTAL_SRS
  { "srs",                opt_stringptr,	LOFF(srs) },
  { "srs_alias",          opt_stringptr,	LOFF(srs_alias) },
  { "srs_condition",      opt_stringptr,	LOFF(srs_condition) },
  { "srs_dbinsert",       opt_stringptr,	LOFF(srs_dbinsert) },
  { "srs_dbselect",       opt_stringptr,	LOFF(srs_dbselect) },
#endif
  { "syntax_errors_text", opt_stringptr,	LOFF(syntax_errors_text) },
  { "syntax_errors_to",   opt_stringptr,	LOFF(syntax_errors_to) }
};

  NULL,        /* qualify_domain */
  NULL,        /* owners */
  NULL,        /* owngroups */
#ifdef EXPERIMENTAL_SRS
  NULL,        /* srs */
  NULL,        /* srs_alias */
  NULL,        /* srs_condition */
  NULL,        /* srs_dbinsert */
  NULL,        /* srs_dbselect */
#endif
  022,         /* modemask */
  RDO_REWRITE | RDO_PREPEND_HOME, /* bit_options */
  FALSE,       /* check_ancestor */

    if (next->address[0] == '|')
      {
      address_pipe = next->address;
      if (rf_get_transport(ob->pipe_transport_name, &ob->pipe_transport,
          next, rblock->name, US"pipe_transport"))
        next->transport = ob->pipe_transport;
      address_pipe = NULL;
      }
    else if (next->address[0] == '>')
      {
      if (rf_get_transport(ob->reply_transport_name, &ob->reply_transport,
          next, rblock->name, US"reply_transport"))
        next->transport = ob->reply_transport;
      }

          next->transport = ob->directory_transport;
        }
      else
        if (rf_get_transport(ob->file_transport_name, &ob->file_transport,
        if (rf_get_transport(ob->file_transport_name, &(ob->file_transport),
            next, rblock->name, US"file_transport"))
          next->transport = ob->file_transport;

      address_file = NULL;
      }
    }

int frc = 0;
int xrc = 0;

addr_local = addr_local;     /* Keep picky compilers happy */
addr_remote = addr_remote;

/* Initialize the data to be propagated to the children */

addr_prop.address_data = deliver_address_data;

addr_prop.variables = NULL;
tree_dup((tree_node **)&addr_prop.variables, addr->prop.variables);

#ifdef EXPERIMENTAL_SRS
addr_prop.srs_sender = NULL;
#endif
#ifdef SUPPORT_I18N
addr_prop.utf8_msg = addr->prop.utf8_msg;
addr_prop.utf8_downcvt = addr->prop.utf8_downcvt;

  ugid.gid_set = TRUE;
  }

#ifdef EXPERIMENTAL_SRS
  /* Perform SRS on recipient/return-path as required  */

  if(ob->srs != NULL)
  {
    BOOL usesrs = TRUE;

    if(ob->srs_condition != NULL)
      usesrs = expand_check_condition(ob->srs_condition, "srs_condition expansion failed", NULL);

    if(usesrs)
    {
      int srs_action = 0, n_srs;
      uschar *res;
      uschar *usedomain;

      /* What are we doing? */
      if(Ustrcmp(ob->srs, "forward") == 0)
        srs_action = 1;
      else if(Ustrcmp(ob->srs, "reverseandforward") == 0)
      {
        srs_action = 3;

        if((ob->srs_dbinsert == NULL) ^ (ob->srs_dbselect == NULL))
          return DEFER;
      }
      else if(Ustrcmp(ob->srs, "reverse") == 0)
        srs_action = 2;

      /* Reverse SRS */
      if(srs_action & 2)
      {
        srs_orig_recipient = addr->address;

        eximsrs_init();
        if(ob->srs_dbselect)
          eximsrs_db_set(TRUE, ob->srs_dbselect);
/* Comment this out for now...
//        else
//          eximsrs_db_set(TRUE, NULL);
*/

        if((n_srs = eximsrs_reverse(&res, addr->address)) == OK)
        {
          srs_recipient = res;
          DEBUG(D_any)
            debug_printf("SRS (reverse): Recipient '%s' rewritten to '%s'\n", srs_orig_recipient, srs_recipient);
        }

        eximsrs_done();

        if(n_srs != OK)
          return n_srs;
      }

      /* Forward SRS */
      /* No point in actually performing SRS if we are just verifying a recipient */
      if((srs_action & 1) && verify == v_none &&
         (sender_address ? sender_address[0] != 0 : FALSE))
      {

        srs_orig_sender = sender_address;
        eximsrs_init();
        if(ob->srs_dbinsert)
          eximsrs_db_set(FALSE, ob->srs_dbinsert);
/* Comment this out for now...
//        else
//          eximsrs_db_set(FALSE, NULL);
*/

        if (!(usedomain = ob->srs_alias ? expand_string(ob->srs_alias) : NULL))
          usedomain = string_copy(deliver_domain);

        if((n_srs = eximsrs_forward(&res, sender_address, usedomain)) == OK)
        {
          addr_prop.srs_sender = res;
          DEBUG(D_any)
            debug_printf("SRS (forward): Sender '%s' rewritten to '%s'\n", srs_orig_sender, res);
        }

        eximsrs_done();

        if(n_srs != OK)
          return n_srs;
      }
    }
  }
#endif

/* Call the function that interprets redirection data, either inline or from a
file. This is a separate function so that the system filter can use it. It will
run the function in a subprocess if necessary. If qualify_preserve_domain is

frc = rda_interpret(&redirect, options, ob->include_directory,
  ob->sieve_vacation_directory, ob->sieve_enotify_mailto_owner,
  ob->sieve_useraddress, ob->sieve_subaddress, &ugid, &generated,
  &addr->message, ob->skip_syntax_errors? &eblock : NULL, &filtertype,
  string_sprintf("%s router (recipient is %s)", rblock->name, addr->address));

qualify_domain_recipient = save_qualify_domain_recipient;

      addr->message = yield == FAIL ? US"forced rejection" : US"forced defer";
    else
      {
      uschar * matched;
      if (  ob->forbid_smtp_code
	 && regex_match(regex_smtp_code, addr->message, -1, &matched))
	    Ustrlen(addr->message), 0, PCRE_EOPT,
	    ovector, sizeof(ovector)/sizeof(int)) >= 0)
	{
	DEBUG(D_route) debug_printf("SMTP code at start of error message "
	  "is ignored because forbid_smtp_code is set\n");
	addr->message += Ustrlen(matched);
	}
      addr->user_message = addr->message;
      setflag(addr, af_pass_message);


    if (filtertype != FILTER_FORWARD && ob->skip_syntax_errors)
      {
      eblock = store_get(sizeof(error_block), GET_UNTAINTED);
      eblock->next = NULL;
      eblock->text1 = addr->message;
      eblock->text2 = NULL;




*     Exim - an Internet mail transport agent    *
*************************************************/

/* Copyright (c) The Exim Maintainers 2021 - 2022 */
/* Copyright (c) University of Cambridge 1995 - 2009 */
/* See the file NOTICE for conditions of use and distribution. */


  uid_t  *owners;
  gid_t  *owngroups;

#ifdef EXPERIMENTAL_SRS
  uschar *srs;
  uschar *srs_alias;
  uschar *srs_condition;
  uschar *srs_dbinsert;
  uschar *srs_dbselect;
#endif

  int   modemask;
  int   bit_options;
  BOOL  check_ancestor;




*     Exim - an Internet mail transport agent    *
*************************************************/

/* Copyright (c) The Exim Maintainers 2022 */
/* Copyright (c) University of Cambridge 1995 - 2018 */
/* See the file NOTICE for conditions of use and distribution. */


rf_change_domain(address_item *addr, const uschar *domain, BOOL rewrite,
  address_item **addr_new)
{
address_item * parent = store_get(sizeof(address_item), GET_UNTAINTED);
uschar * at = Ustrrchr(addr->address, '@');
uschar * address = string_sprintf("%.*s@%s",
  (int)(at - addr->address), addr->address, domain);

DEBUG(D_route) debug_printf("domain changed to %s\n", domain);




*     Exim - an Internet mail transport agent    *
*************************************************/

/* Copyright (c) The Exim Maintainers 2021 - 2022 */
/* Copyright (c) University of Cambridge 1995 - 2018 */
/* See the file NOTICE for conditions of use and distribution. */


  {
  const uschar * list = rblock->extra_headers;
  int sep = '\n';
  uschar * s, * t;
  int slen;

  while ((s = string_nextinlist(&list, &sep, NULL, 0)))
    if (!(s = expand_string(t = s)))
      {
      if (!f.expand_string_forcedfail)
	{
	addr->message = string_sprintf(
	  "%s router failed to expand add_headers item \"%s\": %s",
	  rblock->name, t, expand_string_message);
	return DEFER;
	}
      }

      shared with other addresses. The output function outputs them in reverse
      order. */

      header_line *  h = store_get(sizeof(header_line), GET_UNTAINTED);

      /* We used to use string_sprintf() to add the newline if needed, but that
      causes problems if the header line is exceedingly long (e.g. adding

	h->text = s;
      else
	{
	h->text = store_get(slen+2, s);
	memcpy(h->text, s, slen);
	h->text[slen++] = '\n';
	h->text[slen] = 0;

  {
  const uschar * list = rblock->remove_headers;
  int sep = ':';
  uschar * s, * t;
  gstring * g = NULL;

  if (*remove_headers)
    g = string_cat(NULL, *remove_headers);

  while ((s = string_nextinlist(&list, &sep, NULL, 0)))
    if (!(s = expand_string(t = s)))
      {
      if (!f.expand_string_forcedfail)
	{
	addr->message = string_sprintf(
	  "%s router failed to expand remove_headers item \"%s\": %s",
	  rblock->name, t, expand_string_message);
	return DEFER;
	}
      }

Lines 2-7 Link Here

(-)exim.orig/src/routers/rf_get_transport.c (+1 lines)
2	* Exim - an Internet mail transport agent *	2	* Exim - an Internet mail transport agent *
3	*************************************************/	3	*************************************************/
4		4
		5	/* Copyright (c) The Exim Maintainers 2021 - 2022 */
5	/* Copyright (c) University of Cambridge 1995 - 2009 */	6	/* Copyright (c) University of Cambridge 1995 - 2009 */
6	/* See the file NOTICE for conditions of use and distribution. */	7	/* See the file NOTICE for conditions of use and distribution. */
7		8

Lines 3-8 Link Here

(-)exim.orig/src/routers/rf_queue_add.c (+1 lines)
3	*************************************************/	3	*************************************************/
4		4
5	/* Copyright (c) University of Cambridge 1995 - 2018 */	5	/* Copyright (c) University of Cambridge 1995 - 2018 */
		6	/* Copyright (c) The Exim Maintainers 2021 */
6	/* See the file NOTICE for conditions of use and distribution. */	7	/* See the file NOTICE for conditions of use and distribution. */
7		8
8	#include "../exim.h"	9	#include "../exim.h"




*     Exim - an Internet mail transport agent    *
*************************************************/

/* Copyright (c) The Exim Maintainers 2020 - 2022 */
/* Copyright (c) University of Cambridge 1995 - 2015 */
/* Copyright (c) The Exim Maintainers 2020 */
/* See the file NOTICE for conditions of use and distribution. */

/* A set of functions to search databases in various formats. An open

*/

int
search_findtype(const uschar * name, int len)
{
for (int bot = 0, top = lookup_list_count; top > bot; )
int top = lookup_list_count;
while (top > bot)
  {
  int mid = (top + bot)/2;
  int c = Ustrncmp(name, lookup_list[mid]->name, len);

  if (c > 0) bot = mid + 1; else top = mid;
  }

search_error_message = string_sprintf("unknown lookup type \"%.*s\"", len, name);
return -1;
}


}


/* Set the parameters for the three different kinds of lookup.
Arguments:
 search_type	the search-type code
 search		the search-type string
 query		argument for the search; filename or query
 fnamep		pointer to return filename
 opts		options

Return:	keyquery	the search-type (for single-key) or query (for query-type)
 */
uschar *
search_args(int search_type, uschar * search, uschar * query, uschar ** fnamep,
  const uschar * opts)
{
Uskip_whitespace(&query);
if (mac_islookup(search_type, lookup_absfilequery))
  {					/* query-style but with file (sqlite) */
  int sep = ',';

  /* Check options first for new-style file spec */
  if (opts) for (uschar * s; s = string_nextinlist(&opts, &sep, NULL, 0); )
    if (Ustrncmp(s, "file=", 5) == 0)
      {
      *fnamep = s+5;
      return query;
      }

  /* If no filename from options, use old-tyle space-sep prefix on query */
  if (*query == '/')
    {
    uschar * s = query;
    while (*query && !isspace(*query)) query++;
    *fnamep = string_copyn(s, query - s);
    Uskip_whitespace(&query);
    }
  else
    *fnamep = NULL;
  return query;		/* remainder after file skipped */
  }
if (!mac_islookup(search_type, lookup_querystyle))
  {					/* single-key */
  *fnamep = query;
  return search;	/* modifiers important so use "keyquery" for them */
  }
*fnamep = NULL;				/* else query-style */
return query;
}



/*************************************************
*               Release cached resources         *


if (!t)
  {
  t = store_get(sizeof(tree_node) + Ustrlen(keybuffer), GET_UNTAINTED);
  t->data.ptr = c = store_get(sizeof(search_cache), GET_UNTAINTED);
  c->item_cache = NULL;
  Ustrcpy(t->name, keybuffer);
  tree_insertnode(&search_tree, t);

               NULL for query-style searches
  keystring    the keystring for single-key+file lookups, or
               the querystring for query-style lookups
  cache_rd     FALSE to avoid lookup in cache layer
  opts	       type-specific options

Returns:       a pointer to a dynamic string containing the answer,


static uschar *
internal_search_find(void * handle, const uschar * filename, uschar * keystring,
  BOOL cache_rd, const uschar * opts)
{
tree_node * t = (tree_node *)handle;
search_cache * c = (search_cache *)(t->data.ptr);

store_pool = POOL_SEARCH;

/* Look up the data for the key, unless it is already in the cache for this
file. No need to check c->item_cache for NULL, tree_search will do so. Check
whether we want to use the cache entry last so that we can always replace it. */

if (  (t = tree_search(c->item_cache, keystring))
   && (!(e = t->data.ptr)->expiry || e->expiry > time(NULL))
   && (!opts && !e->opts  ||  opts && e->opts && Ustrcmp(opts, e->opts) == 0)
   && cache_rd
   )
  { /* Data was in the cache already; set the pointer from the tree node */
  data = e->data.ptr;

    {
    if (t)
      debug_printf_indent("cached data found but %s; ",
	e->expiry && e->expiry <= time(NULL) ? "out-of-date"
	: cache_rd ? "wrong opts" : "no_rd option set");
    debug_printf_indent("%s lookup required for %s%s%s\n",
      filename ? US"file" : US"database",
      keystring,
      filename ? US"\n  in " : US"", filename ? filename : US"");
    if (!filename && is_tainted(keystring))
      {
      debug_printf_indent("                             ");
      debug_print_taint(keystring);
      }
    }

  /* Check that the query, for query-style lookups,
  is either untainted or properly quoted for the lookup type.

  XXX Should we this move into lf_sqlperform() ?  The server-taint check is there.
  */

  if (  !filename && lookup_list[search_type]->quote
     && is_tainted(keystring) && !is_quoted_like(keystring, search_type))
    {
    uschar * s = acl_current_verb();
    if (!s) s = authenticator_current_name();	/* must be before transport */
    if (!s) s = transport_current_name();	/* must be before router */
    if (!s) s = router_current_name();	/* GCC ?: would be good, but not in clang */
    if (!s) s = US"";
#ifdef enforce_quote_protection_notyet
    search_error_message = string_sprintf(
      "tainted search query is not properly quoted%s: %s%s",
      s, keystring);
    f.search_find_defer = TRUE;
#else
     {
      int q = quoter_for_address(keystring);
      /* If we're called from a transport, no privs to open the paniclog;
      the logging punts to using stderr - and that seems to stop the debug
      stream. */
      log_write(0,
	transport_name ? LOG_MAIN : LOG_MAIN|LOG_PANIC,
	"tainted search query is not properly quoted%s: %s", s, keystring);

      DEBUG(D_lookup) debug_printf_indent("search_type %d (%s) quoting %d (%s)\n",
	search_type, lookup_list[search_type]->name,
	q, is_real_quoter(q) ? lookup_list[q]->name : US"none");
     }
#endif
    }

  /* Call the code for the different kinds of search. DEFER is handled

  distinguish if necessary. */

  if (lookup_list[search_type]->find(c->handle, filename, keystring, keylength,
	  &data, &search_error_message, &do_cache, opts) == DEFER)
    f.search_find_defer = TRUE;

  /* A record that has been found is now in data, which is either NULL
  or points to a bit of dynamic store. Cache the result of the lookup if
  caching is permitted. Lookups can disable caching, when they did something
  that changes their data. The mysql and pgsql lookups do this when an
  UPDATE/INSERT query was executed.  Lookups can also set a TTL for the
  cache entry; the dnsdb lookup does.
  Finally, the caller can request no caching by setting an option. */

  else if (do_cache)
    {
    DEBUG(D_lookup) debug_printf_indent("%s cache entry\n",
      t ? "replacing old" : "creating new");
    if (!t)	/* No existing entry.  Create new one. */
      {
      int len = keylength + 1;
      /* The cache node value should never be expanded so use tainted mem */
      e = store_get(sizeof(expiring_data) + sizeof(tree_node) + len, GET_TAINTED);
      t = (tree_node *)(e+1);
      memcpy(t->name, keystring, len);
      t->data.ptr = e;

    e->data.ptr = data;
    }

/* If caching was disabled, empty the cache tree. We just set the cache
pointer to NULL here, because we cannot release the store at this stage. */

  else
    {

  int partial, const uschar * affix, int affixlen, int starflags,
  int * expand_setup, const uschar * opts)
{
tree_node * t = (tree_node *)handle;
BOOL set_null_wild = FALSE, cache_rd = TRUE, ret_key = FALSE;
uschar * yield;

DEBUG(D_lookup)
  {


  }

/* Parse global lookup options. Also, create a new options list with
the global options dropped so that the cache-modifiers are not
used in the cache key. */

if (opts)
  {
  int sep = ',';
  gstring * g = NULL;

  for (uschar * ele; ele = string_nextinlist(&opts, &sep, NULL, 0); )
    if (Ustrcmp(ele, "ret=key") == 0) ret_key = TRUE;
    else if (Ustrcmp(ele, "cache=no_rd") == 0) cache_rd = FALSE;
    else g = string_append_listele(g, ',', ele);

  opts = string_from_gstring(g);
  }

/* Arrange to put this database at the top of the LRU chain if it is a type
that opens real files. */


/* First of all, try to match the key string verbatim. If matched a complete
entry but could have been partial, flag to set up variables. */

yield = internal_search_find(handle, filename, keystring, cache_rd, opts);
if (f.search_find_defer) return NULL;

if (yield) { if (partial >= 0) set_null_wild = TRUE; }

  if (affixlen == 0) keystring2 = keystring; else
    {
    keystring2 = store_get(len + affixlen + 1,
	  is_tainted(keystring) || is_tainted(affix) ? GET_TAINTED : GET_UNTAINTED);
    Ustrncpy(keystring2, affix, affixlen);
    Ustrcpy(keystring2 + affixlen, keystring);
    DEBUG(D_lookup) debug_printf_indent("trying partial match %s\n", keystring2);
    yield = internal_search_find(handle, filename, keystring2, cache_rd, opts);
    if (f.search_find_defer) return NULL;
    }


        }

      DEBUG(D_lookup) debug_printf_indent("trying partial match %s\n", keystring3);
      yield = internal_search_find(handle, filename, keystring3,
		cache_rd, opts);
      if (f.search_find_defer) return NULL;
      if (yield)
        {

    *atat = '*';

    DEBUG(D_lookup) debug_printf_indent("trying default match %s\n", atat);
    yield = internal_search_find(handle, filename, atat, cache_rd, opts);
    *atat = savechar;
    if (f.search_find_defer) return NULL;


if (!yield  &&  starflags & (SEARCH_STAR|SEARCH_STARAT))
  {
  DEBUG(D_lookup) debug_printf_indent("trying to match *\n");
  yield = internal_search_find(handle, filename, US"*", cache_rd, opts);
  if (yield && expand_setup && *expand_setup >= 0)
    {
    *expand_setup += 1;

than the result.  Return a de-tainted version of the key on the grounds that
it have been validated by the lookup. */

if (yield && ret_key)
  yield = string_copy_taint(keystring, GET_UNTAINTED);
  int sep = ',';
  for (uschar * ele; ele = string_nextinlist(&opts, &sep, NULL, 0); )
    if (Ustrcmp(ele, "ret=key") == 0)
      {
      DEBUG(D_lookup) debug_printf_indent("lookup ret=key: %s\n", keystring);
      yield = string_copy_taint(keystring, FALSE);
      break;
      }
  }

return yield;
}




*     Exim - an Internet mail transport agent    *
*************************************************/

/*
 * Copyright (c) The Exim Maintainers 2016 - 2022
 * Copyright (c) Michael Haardt 2003 - 2015
 * See the file NOTICE for conditions of use and distribution.
 */



struct Sieve
  {
  const uschar *filter;
  const uschar *pc;
  int line;
  const uschar *errmsg;

  int require_enotify;
  struct Notification *notified;
#endif
  const uschar *enotify_mailto_owner;
#ifdef SUBADDRESS
  int require_subaddress;
#endif

  int require_vacation;
  int vacation_ran;
#endif
  const uschar *vacation_directory;
  const uschar *subaddress;
  const uschar *useraddress;
  int require_copy;

    dst->length=0;
  else
    {
    dst->character = store_get(dst->length+1, src->character); /* plus one for \0 */
    new=dst->character;
    }
  for (const uschar * start = src->character, * end = start + src->length;

        filter->errmsg=US"Invalid URI encoding";
        return -1;
        }
      new = store_get(sizeof(string_item), GET_UNTAINTED);
      new->text = store_get(to.length+1, to.character);
      if (to.length) memcpy(new->text, to.character, to.length);
      new->text[to.length] = '\0';
      new->next = *recipient;
      *recipient = new;
      }
    else
      {
      filter->errmsg = US"Missing addr-spec in URI";
      return -1;
      }
    if (*uri=='%') uri+=3;

      }
    if (hname.length==2 && strcmpic(hname.character, US"to")==0)
      {
      new=store_get(sizeof(string_item), GET_UNTAINTED);
      new->text = store_get(hvalue.length+1, hvalue.character);
      if (hvalue.length) memcpy(new->text, hvalue.character, hvalue.length);
      new->text[hvalue.length]='\0';
      new->next=*recipient;

      struct String *new;

      dataCapacity = dataCapacity ? dataCapacity * 2 : 4;
      new = store_get(sizeof(struct String) * dataCapacity, GET_UNTAINTED);

      if (d) memcpy(new,d,sizeof(struct String)*dataLength);
      d = new;

  }
else /* single string */
  {
  if (!(d=store_get(sizeof(struct String)*2, GET_UNTAINTED)))
    return -1;

  m=parse_string(filter,&d[0]);

        if (!already)
          /* New notification, process it */
          {
          struct Notification * sent = store_get(sizeof(struct Notification), GET_UNTAINTED);
          sent->method=method;
          sent->importance=importance;
          sent->message=message;

		? expand_string(US"$local_part_prefix$local_part$local_part_suffix@$domain")
		: from.character);
              for (string_item * p = recipient; p; p=p->next)
	       	fprintf(f, "To: %s\n",p->text);
              fprintf(f, "Auto-Submitted: auto-notified; %s\n", filter->enotify_mailto_owner);
              if (header.length > 0) fprintf(f, "%s", header.character);
              if (message.length==-1)
                {
                message.character=US"Notification";

		fprintf(f, "Subject: %s\n", parse_quote_2047(message.character,
		  message.length, US"utf-8", TRUE));
              fprintf(f,"\n");
              if (body.length > 0) fprintf(f, "%s\n", body.character);
              fflush(f);
              (void)fclose(f);
              (void)child_close(pid, 0);

          }
        for (struct String * a = addresses; a->length != -1; ++a)
          {
          string_item * new = store_get(sizeof(string_item), GET_UNTAINTED);

          new->text = store_get(a->length+1, a->character);
          if (a->length) memcpy(new->text,a->character,a->length);
          new->text[a->length]='\0';
          new->next=aliases;

          addr->prop.ignore_error = TRUE;
          addr->next = *generated;
          *generated = addr;
          addr->reply = store_get(sizeof(reply_item), GET_UNTAINTED);
          memset(addr->reply,0,sizeof(reply_item)); /* XXX */
          addr->reply->to = string_copy(sender_address);
          if (from.length==-1)


if (parse_white(filter)==-1) return -1;

if (exec && filter->vacation_directory && filter_test == FTEST_NONE)
  {
  DIR *oncelogdir;
  struct dirent *oncelog;

    while ((oncelog = readdir(oncelogdir)))
      if (strlen(oncelog->d_name)==32)
        {
        uschar *s = string_sprintf("%s/%s", filter->vacation_directory, oncelog->d_name);
        if (Ustat(s,&properties) == 0 && properties.st_mtime+VACATION_MAX_DAYS*86400 < now)
          Uunlink(s);
        }
    closedir(oncelogdir);

#ifdef ENOTIFY
    else if (eq_octet(check,&str_enotify,0))
      {
      if (!filter->enotify_mailto_owner)
        {
        filter->errmsg=CUS "enotify disabled";
        return -1;

#ifdef VACATION
    else if (eq_octet(check,&str_vacation,0))
      {
      if (filter_test == FTEST_NONE && !filter->vacation_directory)
        {
        filter->errmsg=CUS "vacation disabled";
        return -1;

*/

int
sieve_interpret(const uschar * filter, int options,
  const uschar * vacation_directory, const uschar * enotify_mailto_owner,
  const uschar * useraddress, const uschar * subaddress,
  address_item ** generated, uschar ** error)
{
struct Sieve sieve;
int r;
uschar * msg;

options = options; /* Keep picky compilers happy */
error = error;

DEBUG(D_route) debug_printf("Sieve: start of processing\n");
sieve.filter = filter;

if (!vacation_directory)
  sieve.vacation_directory = NULL;
else if (!(sieve.vacation_directory = expand_cstring(vacation_directory)))
  {
  *error = string_sprintf("failed to expand \"%s\" "
    "(sieve_vacation_directory): %s", vacation_directory,
    expand_string_message);
  return FF_ERROR;
      expand_string_message);
    return FF_ERROR;
    }
  }

if (!enotify_mailto_owner)
  sieve.enotify_mailto_owner = NULL;
else if (!(sieve.enotify_mailto_owner = expand_cstring(enotify_mailto_owner)))
  {
  *error = string_sprintf("failed to expand \"%s\" "
    "(sieve_enotify_mailto_owner): %s", enotify_mailto_owner,
    expand_string_message);
  return FF_ERROR;
      expand_string_message);
    return FF_ERROR;
    }
  }

sieve.useraddress = useraddress

sieve.subaddress = subaddress;

#ifdef COMPILE_SYNTAX_CHECKER
if (parse_start(&sieve, 0, generated) == 1)
#else
if (parse_start(&sieve, 1, generated) == 1)
#endif
  {
  if (sieve.keep)
    {
    add_addr(generated, US"inbox", 1, 0, 0, 0);
    msg = US"Implicit keep";
    r = FF_DELIVERED;
    }

    msg = US"No implicit keep";
    r = FF_DELIVERED;
    }
  }
else
  {
  msg = string_sprintf("Sieve error: %s in line %d",sieve.errmsg,sieve.line);




*     Exim - an Internet mail transport agent    *
*************************************************/

/* Copyright (c) The Exim Maintainers 2020 - 2022 */
/* Copyright (c) University of Cambridge 1995 - 2018 */
/* Copyright (c) The Exim Maintainers 2020 */
/* See the file NOTICE for conditions of use and distribution. */

/* Functions for handling an incoming SMTP call. */

#endif
  BOOL dsn_advertised			:1;
  BOOL esmtp				:1;
  BOOL helo_verify_required		:1;
  BOOL helo_verify			:1;
  BOOL helo_seen			:1;
  BOOL helo_accept_junk			:1;

  BOOL smtputf8_advertised		:1;
#endif
} fl = {
  .helo_verify_required = FALSE,
  .helo_verify = FALSE,
  .smtp_exit_function_called = FALSE,
};

/* This list of names is used for performing the smtp_no_mail logging action.
It must be kept in step with the SCH_xxx enumerations. */

uschar * smtp_names[] =
  {
  US"NONE", US"AUTH", US"DATA", US"BDAT", US"EHLO", US"ETRN", US"EXPN",
  US"HELO", US"HELP", US"MAIL", US"NOOP", US"QUIT", US"RCPT", US"RSET",

static void smtp_rset_handler(void);

/*************************************************
*          Recheck synchronization               *
*************************************************/

/* Synchronization checks can never be perfect because a packet may be on its
way but not arrived when the check is done.  Normally, the checks happen when
commands are read: Exim ensures that there is no more input in the input buffer.
In normal cases, the response to the command will be fast, and there is no
further check.

However, for some commands an ACL is run, and that can include delays. In those
cases, it is useful to do another check on the input just before sending the
response. This also applies at the start of a connection. This function does
that check by means of the select() function, as long as the facility is not
disabled or inappropriate. A failure of select() is ignored.

When there is unwanted input, we read it so that it appears in the log of the
error.

Arguments: none
Returns:   TRUE if all is well; FALSE if there is input pending
*/

static BOOL
wouldblock_reading(void)
{
int fd, rc;
fd_set fds;
struct timeval tzero;

#ifndef DISABLE_TLS
if (tls_in.active.sock >= 0)
 return !tls_could_read();
#endif

if (smtp_inptr < smtp_inend)
  return FALSE;

fd = fileno(smtp_in);
FD_ZERO(&fds);
FD_SET(fd, &fds);
tzero.tv_sec = 0;
tzero.tv_usec = 0;
rc = select(fd + 1, (SELECT_ARG2_TYPE *)&fds, NULL, NULL, &tzero);

if (rc <= 0) return TRUE;     /* Not ready to read */
rc = smtp_getc(GETC_BUFFER_UNLIMITED);
if (rc < 0) return TRUE;      /* End of file or error */

smtp_ungetc(rc);
return FALSE;
}

static BOOL
check_sync(void)
{
if (!smtp_enforce_sync || !sender_host_address || f.sender_host_notsocket)
  return TRUE;

return wouldblock_reading();
}


/* If there's input waiting (and we're doing pipelineing) then we can pipeline
a reponse with the one following. */

static BOOL
pipeline_response(void)
{
if (  !smtp_enforce_sync || !sender_host_address
   || f.sender_host_notsocket || !f.smtp_in_pipelining_advertised)
  return FALSE;

if (wouldblock_reading()) return FALSE;
f.smtp_in_pipelining_used = TRUE;
return TRUE;
}


#ifndef DISABLE_PIPE_CONNECT
static BOOL
pipeline_connect_sends(void)
{
if (!sender_host_address || f.sender_host_notsocket || !fl.pipe_connect_acceptable)
  return FALSE;

if (wouldblock_reading()) return FALSE;
f.smtp_in_early_pipe_used = TRUE;
return TRUE;
}
#endif

/*************************************************
*          Log incomplete transactions           *
*************************************************/



if (recipients_count > 0)
  {
  raw_recipients = store_get(recipients_count * sizeof(uschar *), GET_UNTAINTED);
  for (int i = 0; i < recipients_count; i++)
    raw_recipients[i] = recipients_list[i].address;
  raw_recipients_count = recipients_count;

}


/******************************************************************************/
/* SMTP input buffer handling.  Most of these are similar to stdio routines.  */

static void
smtp_buf_init(void)
{
/* Set up the buffer for inputting using direct read() calls, and arrange to
call the local functions instead of the standard C ones.  Place a NUL at the
end of the buffer to safety-stop C-string reads from it. */

if (!(smtp_inbuffer = US malloc(IN_BUFFER_SIZE)))
  log_write(0, LOG_MAIN|LOG_PANIC_DIE, "malloc() failed for SMTP input buffer");
smtp_inbuffer[IN_BUFFER_SIZE-1] = '\0';

smtp_inptr = smtp_inend = smtp_inbuffer;
smtp_had_eof = smtp_had_error = 0;
}



/* Refill the buffer, and notify DKIM verification code.
Return false for error or EOF.

smtp_refill(unsigned lim)
{
int rc, save_errno;

if (!smtp_out) return FALSE;
fflush(smtp_out);
if (smtp_receive_timeout > 0) ALARM(smtp_receive_timeout);

return TRUE;
}

/*************************************************
*          SMTP version of getc()                *
*************************************************/

/* Check if there is buffered data */

BOOL
smtp_hasc(void)
{
return smtp_inptr < smtp_inend;
}

/* SMTP version of getc()

This gets the next byte from the SMTP input buffer. If the buffer is empty,
it flushes the output, and refills the buffer, with a timeout. The signal
handler is set appropriately by the calling function. This function is not used
after a connection has negotiated itself into an TLS/SSL state.

int
smtp_getc(unsigned lim)
{
if (!smtp_hasc() && !smtp_refill(lim)) return EOF;
  if (!smtp_refill(lim))
    return EOF;
return *smtp_inptr++;
}

/* Get many bytes, refilling buffer if needed */

uschar *
smtp_getbuf(unsigned * len)
{
unsigned size;
uschar * buf;

if (!smtp_hasc() && !smtp_refill(*len))
  { *len = 0; return NULL; }
    { *len = 0; return NULL; }

if ((size = smtp_inend - smtp_inptr) > *len) size = *len;
buf = smtp_inptr;

return buf;
}

/* Copy buffered data to the dkim feed.
Called, unless TLS, just before starting to read message headers. */

void
smtp_get_cache(unsigned lim)
{
#ifndef DISABLE_DKIM
int n = smtp_inend - smtp_inptr;
if (n > lim)
  n = lim;
if (n > 0)
  dkim_exim_verify_feed(smtp_inptr, n);
#endif
}


/* SMTP version of ungetc()
Puts a character back in the input buffer. Only ever called once.

Arguments:
  ch           the character

Returns:       the character
*/

int
smtp_ungetc(int ch)
{
if (smtp_inptr <= smtp_inbuffer)	/* NB: NOT smtp_hasc() ! */
  log_write(0, LOG_MAIN|LOG_PANIC_DIE, "buffer underflow in smtp_ungetc");

*--smtp_inptr = ch;
return ch;
}


/* SMTP version of feof()
Tests for a previous EOF

Arguments:     none
Returns:       non-zero if the eof flag is set
*/

int
smtp_feof(void)
{
return smtp_had_eof;
}


/* SMTP version of ferror()
Tests for a previous read error, and returns with errno
restored to what it was when the error was detected.

Arguments:     none
Returns:       non-zero if the error flag is set
*/

int
smtp_ferror(void)
{
errno = smtp_had_error;
return smtp_had_error;
}


/* Check if a getc will block or not */

static BOOL
smtp_could_getc(void)
{
int fd, rc;
fd_set fds;
struct timeval tzero = {.tv_sec = 0, .tv_usec = 0};

if (smtp_inptr < smtp_inend)
  return TRUE;

fd = fileno(smtp_in);
FD_ZERO(&fds);
FD_SET(fd, &fds);
rc = select(fd + 1, (SELECT_ARG2_TYPE *)&fds, NULL, NULL, &tzero);

if (rc <= 0) return FALSE;     /* Not ready to read */
rc = smtp_getc(GETC_BUFFER_UNLIMITED);
if (rc < 0) return FALSE;      /* End of file or error */

smtp_ungetc(rc);
return TRUE;
}


/******************************************************************************/
/*************************************************
*          Recheck synchronization               *
*************************************************/

/* Synchronization checks can never be perfect because a packet may be on its
way but not arrived when the check is done.  Normally, the checks happen when
commands are read: Exim ensures that there is no more input in the input buffer.
In normal cases, the response to the command will be fast, and there is no
further check.

However, for some commands an ACL is run, and that can include delays. In those
cases, it is useful to do another check on the input just before sending the
response. This also applies at the start of a connection. This function does
that check by means of the select() function, as long as the facility is not
disabled or inappropriate. A failure of select() is ignored.

When there is unwanted input, we read it so that it appears in the log of the
error.

Arguments: none
Returns:   TRUE if all is well; FALSE if there is input pending
*/

static BOOL
wouldblock_reading(void)
{
#ifndef DISABLE_TLS
if (tls_in.active.sock >= 0)
 return !tls_could_getc();
#endif

return !smtp_could_getc();
}

static BOOL
check_sync(void)
{
if (!smtp_enforce_sync || !sender_host_address || f.sender_host_notsocket)
  return TRUE;

return wouldblock_reading();
}


/******************************************************************************/
/* Variants of the smtp_* input handling functions for use in CHUNKING mode */

/* Forward declarations */
static inline void bdat_push_receive_functions(void);
static inline void bdat_pop_receive_functions(void);

  if (chunking_state == CHUNKING_LAST)
    {
#ifndef DISABLE_DKIM
    dkim_collect_input = dkim_save;
    dkim_exim_verify_feed(NULL, 0);	/* notify EOD */
    dkim_collect_input = 0;
#endif
    return EOD;
    }

  }
}

BOOL
bdat_hasc(void)
{
if (chunking_data_left > 0)
  return lwr_receive_hasc();
return TRUE;
}

uschar *
bdat_getbuf(unsigned * len)
{

  }

bdat_pop_receive_functions();
chunking_state = CHUNKING_OFFERED;
DEBUG(D_receive) debug_printf("chunking state %d\n", (int)chunking_state);
  {
  chunking_state = CHUNKING_OFFERED;
  DEBUG(D_receive) debug_printf("chunking state %d\n", (int)chunking_state);
  }
}



/* push the current receive_* function on the "stack", and
replace them by bdat_getc(), which in turn will use the lwr_receive_*
functions to do the dirty work. */
if (!lwr_receive_getc)
  {
  lwr_receive_getc = receive_getc;
  lwr_receive_getbuf = receive_getbuf;
  lwr_receive_hasc = receive_hasc;
  lwr_receive_ungetc = receive_ungetc;
  }
else


receive_getc = bdat_getc;
receive_getbuf = bdat_getbuf;
receive_hasc = bdat_hasc;
receive_ungetc = bdat_ungetc;
}

static inline void
bdat_pop_receive_functions(void)
{
if (!lwr_receive_getc)
  {
  DEBUG(D_receive) debug_printf("chunking double-pop receive functions\n");
  return;
  }
receive_getc = lwr_receive_getc;
receive_getbuf = lwr_receive_getbuf;
receive_hasc = lwr_receive_hasc;
receive_ungetc = lwr_receive_ungetc;

lwr_receive_getc = NULL;
lwr_receive_getbuf = NULL;
lwr_receive_hasc = NULL;
lwr_receive_ungetc = NULL;
}

/*************************************************
*          SMTP version of ungetc()              *
*************************************************/

/* Puts a character back in the input buffer. Only ever
called once.

Arguments:
  ch           the character

Returns:       the character
*/

int
smtp_ungetc(int ch)
{
if (smtp_inptr <= smtp_inbuffer)
  log_write(0, LOG_MAIN|LOG_PANIC_DIE, "buffer underflow in smtp_ungetc");

*--smtp_inptr = ch;
return ch;
}


int
bdat_ungetc(int ch)
{




/******************************************************************************/
*          SMTP version of feof()                *
*************************************************/

/* Tests for a previous EOF

Arguments:     none
Returns:       non-zero if the eof flag is set
*/

int
smtp_feof(void)
{
return smtp_had_eof;
}




/*************************************************
*          SMTP version of ferror()              *
*************************************************/

/* Tests for a previous read error, and returns with errno
restored to what it was when the error was detected.

Arguments:     none
Returns:       non-zero if the error flag is set
*/

int
smtp_ferror(void)
{
errno = smtp_had_error;
return smtp_had_error;
}



/*************************************************
*      Test for characters in the SMTP buffer    *
*************************************************/

/* Used at the end of a message

Arguments:     none
Returns:       TRUE/FALSE
*/

BOOL
smtp_buffered(void)
{
return smtp_inptr < smtp_inend;
}



/*************************************************
*     Write formatted string to SMTP channel     *

yield = !! string_vformat(&gs, SVFMT_TAINT_NOCHK, format, ap);
string_from_gstring(&gs);

DEBUG(D_receive) for (const uschar * t, * s = gs.s;
		      s && (t = Ustrchr(s, '\r'));
		      s = t + 2)				/* \r\n */
    debug_printf("%s %.*s\n",
		  s == gs.s ? "SMTP>>" : "      ",
		  (int)(t - s), s);
    memmove(cr, cr + 1, (end--) - cr);
  debug_printf("SMTP>> %s", msg_copy);
  }

if (!yield)
  {


if (fl.rcpt_in_progress)
  {
  if (!rcpt_smtp_response)
    rcpt_smtp_response = string_copy(big_buffer);
  else if (fl.rcpt_smtp_response_same &&
           Ustrcmp(rcpt_smtp_response, big_buffer) != 0)




/* If there's input waiting (and we're doing pipelineing) then we can pipeline
a reponse with the one following. */

static BOOL
pipeline_response(void)
{
if (  !smtp_enforce_sync || !sender_host_address
   || f.sender_host_notsocket || !f.smtp_in_pipelining_advertised)
  return FALSE;

if (wouldblock_reading()) return FALSE;
f.smtp_in_pipelining_used = TRUE;
return TRUE;
}


#ifndef DISABLE_PIPE_CONNECT
static BOOL
pipeline_connect_sends(void)
{
if (!sender_host_address || f.sender_host_notsocket || !fl.pipe_connect_acceptable)
  return FALSE;

if (wouldblock_reading()) return FALSE;
f.smtp_in_early_pipe_used = TRUE;
return TRUE;
}
#endif

/*************************************************
*          SMTP command read timeout             *
*************************************************/


#ifdef SUPPORT_PROXY
/*************************************************
*     Restore socket timeout to previous value   *
*************************************************/
/* If the previous value was successfully retrieved, restore
it before returning control to the non-proxy routines

Arguments: fd     - File descriptor for input
           get_ok - Successfully retrieved previous values
           tvtmp  - Time struct with previous values
           vslen  - Length of time struct
Returns:   none
*/
static void
restore_socket_timeout(int fd, int get_ok, struct timeval * tvtmp, socklen_t vslen)
{
if (get_ok == 0)
  (void) setsockopt(fd, SOL_SOCKET, SO_RCVTIMEO, CS tvtmp, vslen);
}

/*************************************************
*       Check if host is required proxy host     *
*************************************************/
/* The function determines if inbound host will be a regular smtp host


while (capacity > 0)
  {
  do { ret = read(fd, to, 1); } while (ret == -1 && errno == EINTR && !had_command_timeout);
  if (ret == -1)
    return -1;
  have++;

int fd = fileno(smtp_in);
const char v2sig[12] = "\x0D\x0A\x0D\x0A\x00\x0D\x0A\x51\x55\x49\x54\x0A";
uschar * iptype;  /* To display debug info */
struct timeval tv;
struct timeval tvtmp;
socklen_t vslen = sizeof(struct timeval);
BOOL yield = FALSE;

os_non_restarting_signal(SIGALRM, command_timeout_handler);
ALARM(proxy_protocol_timeout);

/* Proxy Protocol host must send header within a short time
(default 3 seconds) or it's considered invalid */
tv.tv_sec  = PROXY_NEGOTIATION_TIMEOUT_SEC;
tv.tv_usec = PROXY_NEGOTIATION_TIMEOUT_USEC;
if (setsockopt(fd, SOL_SOCKET, SO_RCVTIMEO, CS &tv, sizeof(tv)) < 0)
  goto bad;

do
  {

  don't do a PEEK into the data, actually slurp up enough to be
  "safe". Can't take it all because TLS-on-connect clients follow
  immediately with TLS handshake. */
  ret = read(fd, &hdr, PROXY_INITIAL_READ);
  }
  while (ret == -1 && errno == EINTR && !had_command_timeout);

if (ret == -1)
  goto proxyfail;

  /* First get the length fields. */
  do
    {
    retmore = read(fd, (uschar*)&hdr + ret, PROXY_V2_HEADER_SIZE - PROXY_INITIAL_READ);
    } while (retmore == -1 && errno == EINTR && !had_command_timeout);
  if (retmore == -1)
    goto proxyfail;
  ret += retmore;

    {
    do
      {
      retmore = read(fd, (uschar*)&hdr + ret, size-ret);
      } while (retmore == -1 && errno == EINTR && !had_command_timeout);
    if (retmore == -1)
      goto proxyfail;
    ret += retmore;

should cause a synchronization failure */

proxyfail:
  DEBUG(D_receive) if (had_command_timeout)
    debug_printf("Timeout while reading proxy header\n");

bad:
  if (yield)

      debug_printf("Failure to extract proxied host, only QUIT allowed\n");
    }

ALARM(0);
return;
}
#endif

	|| smtp_cmd_buffer[p->len] == ' '
     )  )
    {
    if (   smtp_inptr < smtp_inend		/* Outstanding input */
       &&  p->cmd < sync_cmd_limit		/* Command should sync */
       &&  check_sync				/* Local flag set */
       &&  smtp_enforce_sync			/* Global flag set */
       &&  sender_host_address != NULL		/* Not local input */
       &&  !f.sender_host_notsocket		/* Really is a socket */
       )
      return BADSYN_CMD;

    /* The variables $smtp_command and $smtp_command_argument point into the

   && check_sync			/* Local flag set */
   && smtp_enforce_sync			/* Global flag set */
   && sender_host_address		/* Not local input */
   && !f.sender_host_notsocket		/* Really is a socket */
   )
  return BADSYN_CMD;

return OTHER_CMD;

*/

void
smtp_closedown(uschar * message)
{
if (!smtp_in || smtp_batched_input) return;
receive_swallow_smtp();

    return;

  case QUIT_CMD:
    f.smtp_in_quit = TRUE;
    smtp_printf("221 %s closing connection\r\n", FALSE, smtp_active_hostname);
    mac_smtp_fflush();
    return;

if (LOGGING(tls_cipher) && tls_in.cipher)
  {
  g = string_append(g, 2, US" X=", tls_in.cipher);
#ifndef DISABLE_TLS_RESUME
  if (LOGGING(tls_resumption) && tls_in.resumption & RESUME_USED)
    g = string_catn(g, US"*", 1);
#endif

static gstring *
s_connhad_log(gstring * g)
{
const uschar * sep = smtp_connection_had[SMTP_HBUFF_SIZE-1] != SCH_NONE
  ? US" C=..." : US" C=";

for (int i = smtp_ch_index; i < SMTP_HBUFF_SIZE; i++)

    g = string_append(g, 2, sep, smtp_names[smtp_connection_had[i]]);
    sep = US",";
    }
for (int i = 0; i < smtp_ch_index; i++, sep = US",")
  {
  g = string_append(g, 2, sep, smtp_names[smtp_connection_had[i]]);
  sep = US",";
  }
return g;
}


  raw_recipients_count = recipients_count = recipients_list_max = 0;
message_linecount = 0;
message_size = -1;
message_body = message_body_end = NULL;
acl_added_headers = NULL;
acl_removed_headers = NULL;
f.queue_only_policy = FALSE;
rcpt_smtp_response = NULL;
fl.rcpt_smtp_response_same = TRUE;
fl.rcpt_in_progress = FALSE;
f.deliver_freeze = FALSE;				/* Can be set by ACL */
freeze_tell = freeze_tell_config;			/* Can be set by ACL */
fake_response = OK;					/* Can be set by ACL */
#ifdef WITH_CONTENT_SCAN
f.no_mbox_unspool = FALSE;				/* Can be set by ACL */
#endif
f.submission_mode = FALSE;				/* Can be set by ACL */
f.suppress_local_fixups = f.suppress_local_fixups_default; /* Can be set by ACL */
f.active_local_from_check = local_from_check;		/* Can be set by ACL */
f.active_local_sender_retain = local_sender_retain;	/* Can be set by ACL */
sending_ip_address = NULL;
return_path = sender_address = NULL;
deliver_localpart_data = deliver_domain_data =
recipient_data = sender_data = NULL;			/* Can be set by ACL */
recipient_verify_failure = NULL;
deliver_localpart_parent = deliver_localpart_orig = NULL;
deliver_domain_parent = deliver_domain_orig = NULL;
callout_address = NULL;
submission_name = NULL;					/* Can be set by ACL */
raw_sender = NULL;                  /* After SMTP rewrite, before qualifying */
sender_address_unrewritten = NULL;  /* Set only after verify rewrite */
sender_verified_list = NULL;        /* No senders verified */


acl_var_m = NULL;

/* Warning log messages are saved in malloc store. They are saved to avoid
not the first message in an SMTP session and the previous message caused them
to be referenced in an ACL. */

if (message_body)
  {
  store_free(message_body);
  message_body = NULL;
  }

if (message_body_end)
  {
  store_free(message_body_end);
  message_body_end = NULL;
  }

/* Warning log messages are also saved in malloc store. They are saved to avoid
repetition in the same message, but it seems right to repeat them for different
messages. */


  acl_warn_logged = acl_warn_logged->next;
  store_free(this);
  }

message_tidyup();
store_reset(reset_point);

message_start();
return store_mark();
}



    case MAIL_CMD:
      smtp_mailcmd_count++;              /* Count for no-mail log */
      if (sender_address)
	/* The function moan_smtp_batch() does not return. */
	moan_smtp_batch(smtp_cmd_buffer, "503 Sender already given");


      break;


    case EOF_CMD:
    case QUIT_CMD:
      f.smtp_in_quit = TRUE;
    case EOF_CMD:
      done = 2;
      break;



#ifndef DISABLE_TLS
static BOOL
smtp_log_tls_fail(const uschar * errstr)
{
const uschar * conn_info = smtp_get_connection_info();

if (Ustrncmp(conn_info, US"SMTP ", 5) == 0) conn_info += 5;
/* I'd like to get separated H= here, but too hard for now */


/* Allow for trailing 0 in the command and data buffers.  Tainted. */

smtp_cmd_buffer = store_get_perm(2*SMTP_CMD_BUFFER_SIZE + 2, GET_TAINTED);

smtp_cmd_buffer[0] = 0;
smtp_data_buffer = smtp_cmd_buffer + SMTP_CMD_BUFFER_SIZE + 1;

    (sender_host_address ? protocols : protocols_local) [pnormal];

/* Set up the buffer for inputting using direct read() calls, and arrange to
call the local functions instead of the standard C ones. */
end of the buffer to safety-stop C-string reads from it. */

smtp_buf_init();
  log_write(0, LOG_MAIN|LOG_PANIC_DIE, "malloc() failed for SMTP input buffer");
smtp_inbuffer[IN_BUFFER_SIZE-1] = '\0';

receive_getc = smtp_getc;
receive_getbuf = smtp_getbuf;
receive_get_cache = smtp_get_cache;
receive_hasc = smtp_hasc;
receive_ungetc = smtp_ungetc;
receive_feof = smtp_feof;
receive_ferror = smtp_ferror;
receive_smtp_buffered = smtp_buffered;
lwr_receive_getc = NULL;
lwr_receive_getbuf = NULL;
lwr_receive_hasc = NULL;
lwr_receive_ungetc = NULL;
smtp_inptr = smtp_inend = smtp_inbuffer;
smtp_had_eof = smtp_had_error = 0;

/* Set up the message size limit; this may be host-specific */


    {
    #if OPTSTYLE == 1
    EXIM_SOCKLEN_T optlen = sizeof(struct ip_options) + MAX_IPOPTLEN;
    struct ip_options *ipopt = store_get(optlen, GET_UNTAINTED);
    #elif OPTSTYLE == 2
    struct ip_opts ipoptblock;
    struct ip_opts *ipopt = &ipoptblock;

  /* Determine whether HELO/EHLO is required for this host. The requirement
  can be hard or soft. */

  fl.helo_verify_required = verify_check_host(&helo_verify_hosts) == OK;
  if (!fl.helo_verify_required)
    fl.helo_verify = verify_check_host(&helo_try_verify_hosts) == OK;

  /* Determine whether this hosts is permitted to send syntactic junk

if (smtp_batched_input) return TRUE;

/* If valid Proxy Protocol source is connecting, set up session.
Failure will not allow any SMTP function other than QUIT. */

#ifdef SUPPORT_PROXY
proxy_session = FALSE;

  setup_proxy_protocol_host();
#endif

/* Start up TLS if tls_on_connect is set. This is for supporting the legacy
smtps port for use with older style SSL MTAs. */

#ifndef DISABLE_TLS
if (tls_in.on_connect)
  {
  if (tls_server_start(&user_msg) != OK)
    return smtp_log_tls_fail(user_msg);
  cmd_list[CMD_LIST_TLS_AUTH].is_mail_cmd = TRUE;
  }
#endif

/* Run the connect ACL if it exists */


p = s + Ustrlen(s);
while (p > s && isspace(p[-1])) p--;
s = string_copyn(s, p-s);

/* It seems that CC:Mail is braindead, and assumes that the greeting message
is all contained in a single IP packet. The original code wrote out the


if (fl.rcpt_in_progress)
  {
  if (!rcpt_smtp_response)
    rcpt_smtp_response = string_copy(msg);
  else if (fl.rcpt_smtp_response_same &&
           Ustrcmp(rcpt_smtp_response, msg) != 0)

for (;;)
  {
  uschar *nl = Ustrchr(msg, '\n');
  if (!nl)
    {
    smtp_printf("%.3s%c%.*s%s\r\n", !final, code, final ? ' ':'-', esclen, esc, msg);
    return;

smtp_message_code(uschar **code, int *codelen, uschar **msg, uschar **log_msg,
  BOOL check_valid)
{
uschar * match;
int len;

if (!msg || !*msg || !regex_match(regex_smtp_code, *msg, -1, &match))
  return;
if ((n = pcre_exec(regex_smtp_code, NULL, CS *msg, Ustrlen(*msg), 0,
  PCRE_EOPT, ovector, sizeof(ovector)/sizeof(int))) < 0) return;

len = Ustrlen(match);
if (check_valid && (*msg)[0] != (*code)[0])
  {
  log_write(0, LOG_MAIN|LOG_PANIC, "configured error code starts with "
    "incorrect digit (expected %c) in \"%s\"", (*code)[0], *msg);
  if (log_msg && *log_msg == *msg)
    *log_msg = string_sprintf("%s %s", *code, *log_msg + len);
  }
else
  {
  *code = *msg;
  *codelen = len;    /* Includes final space */
  }
*msg += len;         /* Chop the code off the message */
return;
}


uschar *smtp_code;
uschar *lognl;
uschar *sender_info = US"";
uschar *what;
#ifdef WITH_CONTENT_SCAN
  where == ACL_WHERE_MIME ? US"during MIME ACL checks" :
#endif
  where == ACL_WHERE_PREDATA ? US"DATA" :
  where == ACL_WHERE_DATA ? US"after DATA" :
#ifndef DISABLE_PRDR
  where == ACL_WHERE_PRDR ? US"after DATA PRDR" :
#endif
  smtp_cmd_data ?
    string_sprintf("%s %s", acl_wherenames[where], smtp_cmd_data) :
    string_sprintf("%s in \"connect\" ACL", acl_wherenames[where]);

if (drop) rc = FAIL;


this is what should be logged, so I've changed to logging the unrewritten
address to retain backward compatibility. */

switch (where)
  {
#ifdef WITH_CONTENT_SCAN
  case ACL_WHERE_MIME:		what = US"during MIME ACL checks";	break;
#endif
  case ACL_WHERE_PREDATA:	what = US"DATA";			break;
  case ACL_WHERE_DATA:		what = US"after DATA";			break;
#ifndef DISABLE_PRDR
  case ACL_WHERE_PRDR:		what = US"after DATA PRDR";		break;
#endif
  default:
    {
    uschar * place = smtp_cmd_data ? smtp_cmd_data : US"in \"connect\" ACL";
    int lim = 100;

    if (where == ACL_WHERE_AUTH)	/* avoid logging auth creds */
      {
      uschar * s;
      for (s = smtp_cmd_data; *s && !isspace(*s); ) s++;
      lim = s - smtp_cmd_data;	/* atop after method */
      }
    what = string_sprintf("%s %.*s", acl_wherenames[where], lim, place);
    }
  }
switch (where)
  {
  case ACL_WHERE_RCPT:
  case ACL_WHERE_DATA:
#ifdef WITH_CONTENT_SCAN
  case ACL_WHERE_MIME:
#endif
    sender_info = string_sprintf("F=<%s>%s%s%s%s ",
      sender_address_unrewritten ? sender_address_unrewritten : sender_address,
      sender_host_authenticated ? US" A="                                    : US"",
      sender_host_authenticated ? sender_host_authenticated                  : US"",
      sender_host_authenticated && authenticated_id ? US":"                  : US"",
      sender_host_authenticated && authenticated_id ? authenticated_id       : US""
      );
  break;
  }

/* If there's been a sender verification failure with a specific message, and

const uschar *set_id = NULL;
int rc;

/* Set up globals for error messages */

authenticator_name = au->name;
driver_srcfile = au->srcfile;
driver_srcline = au->srcline;

/* Run the checking code, passing the remainder of the command line as
data. Initials the $auth<n> variables as empty. Initialize $0 empty and set
it as the only set numerical variable. The authenticator may set $auth<n>

if (au->set_id) set_id = expand_string(au->set_id);
expand_nmax = -1;        /* Reset numeric variables */
for (int i = 0; i < AUTH_VARS; i++) auth_vars[i] = NULL;   /* Reset $auth<n> */
driver_srcfile = authenticator_name = NULL; driver_srcline = 0;

/* The value of authenticated_id is stored in the spool file and printed in
log lines. It must not contain binary zeros or newline characters. In

smtp_quit_handler(uschar ** user_msgp, uschar ** log_msgp)
{
HAD(SCH_QUIT);
f.smtp_in_quit = TRUE;
incomplete_transaction_log(US"QUIT");
if (  acl_smtp_quit
   && acl_check(ACL_WHERE_QUIT, NULL, acl_smtp_quit, user_msgp, log_msgp)
	== ERROR)
  if (rc == ERROR)
    log_write(0, LOG_MAIN|LOG_PANIC, "ACL for QUIT returned ERROR: %s",
      *log_msgp);
  }

#ifdef EXIM_TCP_CORK
(void) setsockopt(fileno(smtp_out), IPPROTO_TCP, EXIM_TCP_CORK, US &on, sizeof(on));
#endif

if (*user_msgp)

else
  smtp_printf("221 %s closing connection\r\n", FALSE, smtp_active_hostname);

#ifdef SERVERSIDE_CLOSE_NOWAIT
# ifndef DISABLE_TLS
tls_close(NULL, TLS_SHUTDOWN_NOWAIT);
# endif

log_write(L_smtp_connection, LOG_MAIN, "%s closed by QUIT",
  smtp_get_connection_info());
#else

# ifndef DISABLE_TLS
tls_close(NULL, TLS_SHUTDOWN_WAIT);
# endif

log_write(L_smtp_connection, LOG_MAIN, "%s closed by QUIT",
  smtp_get_connection_info());

/* Pause, hoping client will FIN first so that they get the TIME_WAIT.
The socket should become readble (though with no data) */

(void) poll_one_fd(fileno(smtp_in), POLLIN, 200);
#endif	/*!SERVERSIDE_CLOSE_NOWAIT*/
}



incomplete_transaction_log(US"RSET");
smtp_printf("250 Reset OK\r\n", FALSE);
cmd_list[CMD_LIST_RSET].is_mail_cmd = FALSE;
if (chunking_state > CHUNKING_OFFERED)
  chunking_state = CHUNKING_OFFERED;
}


static int
expand_mailmax(const uschar * s)
{
if (!(s = expand_cstring(s)))
  log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand smtp_accept_max_per_connection");
return *s ? Uatoi(s) : 0;
}

/*************************************************
*       Initialize for SMTP incoming message     *


if (smtp_batched_input) return smtp_setup_batch_msg();

#ifdef TCP_QUICKACK
if (smtp_in)		/* Avoid pure-ACKs while in cmd pingpong phase */
  (void) setsockopt(fileno(smtp_in), IPPROTO_TCP, TCP_QUICKACK,
	  US &off, sizeof(off));
#endif

/* Deal with SMTP commands. This loop is exited by setting done to a POSITIVE
value. The values are 2 larger than the required yield of the function. */


    }
#endif

#ifdef TCP_QUICKACK
  if (smtp_in)		/* Avoid pure-ACKs while in cmd pingpong phase */
    (void) setsockopt(fileno(smtp_in), IPPROTO_TCP, TCP_QUICKACK,
	    US &off, sizeof(off));
#endif

  switch(smtp_read_command(
#ifndef DISABLE_PIPE_CONNECT
	  !fl.pipe_connect_acceptable,

      /* Find the name of the requested authentication mechanism. */

      s = smtp_cmd_data;
      for (; (c = *smtp_cmd_data) && !isspace(c); smtp_cmd_data++)
	{
	if (!isalnum(c) && c != '-' && c != '_')
	  {
	  done = synprot_error(L_smtp_syntax_error, 501, NULL,
	    US"invalid character in authentication mechanism name");
	  goto COMMAND_LOOP;
	  }
	smtp_cmd_data++;
	}

      /* If not at the end of the line, we must be at white space. Terminate the
      name and move the pointer on to any data that may be present. */

      if (*smtp_cmd_data)
	{
	*smtp_cmd_data++ = 0;
	while (isspace(*smtp_cmd_data)) smtp_cmd_data++;

      /* If sender_host_unknown is true, we have got here via the -bs interface,
      not called from inetd. Otherwise, we are running an IP connection and the
      host address will be set. If the helo name is the primary name of this
      host and we haven't done a reverse lookup, force one now. If helo_verify_required
      is set, ensure that the HELO name matches the actual host. If helo_verify
      is set, do the same check, but softly. */


	  tls_in.active.sock >= 0 ? " TLS" : "", host_and_ident(FALSE));

	/* Verify if configured. This doesn't give much security, but it does
	make some people happy to be able to do it. If helo_verify_required is set,
	(host matches helo_verify_hosts) failure forces rejection. If helo_verify
	is set (host matches helo_try_verify_hosts), it does not. This is perhaps
	now obsolescent, since the verification can now be requested selectively
	at ACL time. */

	f.helo_verified = f.helo_verify_failed = sender_helo_dnssec = FALSE;
	if (fl.helo_verify_required || fl.helo_verify)
	  {
	  BOOL tempfail = !smtp_verify_helo();
	  if (!f.helo_verified)
	    {
	    if (fl.helo_verify_required)
	      {
	      smtp_printf("%d %s argument does not match calling host\r\n", FALSE,
		tempfail? 451 : 550, hello);

      fl.smtputf8_advertised = FALSE;
#endif

      /* Expand the per-connection message count limit option */
      smtp_mailcmd_max = expand_mailmax(smtp_accept_max_per_connection);

      smtp_code = US"250 ";        /* Default response code plus space*/
      if (!user_msg)
	{
	/* sender_host_name below will be tainted, so save on copy when we hit it */
	g = string_get_tainted(24, GET_TAINTED);
	g = string_fmt_append(g, "%.3s %s Hello %s%s%s",
	  smtp_code,
	  smtp_active_hostname,

	  g = string_catn(g, US"-SIZE\r\n", 7);
	  }

#ifdef EXPERIMENTAL_ESMTP_LIMITS
	if (  (smtp_mailcmd_max > 0 || recipients_max)
	   && verify_check_host(&limits_advertise_hosts) == OK)
	  {
	  g = string_fmt_append(g, "%.3s-LIMITS", smtp_code);
	  if (smtp_mailcmd_max > 0)
	    g = string_fmt_append(g, " MAILMAX=%d", smtp_mailcmd_max);
	  if (recipients_max)
	    g = string_fmt_append(g, " RCPTMAX=%d", recipients_max);
	  g = string_catn(g, US"\r\n", 2);
	  }
#endif

	/* Exim does not do protocol conversion or data conversion. It is 8-bit
	clean; if it has an 8-bit character in its hand, it just sends it. It
	cannot therefore specify 8BITMIME and remain consistent with the RFCs.

# endif
      else
#endif
	(void) fwrite(g->s, 1, g->ptr, smtp_out);

      DEBUG(D_receive) for (const uschar * t, * s = string_from_gstring(g);
			    s && (t = Ustrchr(s, '\r'));
			    s = t + 2)				/* \r\n */
	  debug_printf("%s %.*s\n",
			s == g->s ? "SMTP>>" : "      ",
			(int)(t - s), s);

	(void) string_from_gstring(g);
	while ((cr = Ustrchr(g->s, '\r')) != NULL)   /* lose CRs */
	  memmove(cr, cr + 1, (g->ptr--) - (cr - g->s));
	debug_printf("SMTP>> %s", g->s);
	}
      fl.helo_seen = TRUE;

      /* Reset the protocol and the state, abandoning any previous message. */

    case MAIL_CMD:
      HAD(SCH_MAIL);
      smtp_mailcmd_count++;              /* Count for limit and ratelimit */
      message_start();
      was_rej_mail = TRUE;               /* Reset if accepted */
      env_mail_type_t * mail_args;       /* Sanity check & validate args */

      if (!fl.helo_seen)
	if (  fl.helo_verify_required
	   || verify_check_host(&hosts_require_helo) == OK)
	  {
	  smtp_printf("503 HELO or EHLO required\r\n", FALSE);
	  log_write(0, LOG_MAIN|LOG_REJECT, "rejected MAIL from %s: no "
	    "HELO/EHLO given", host_and_ident(FALSE));
	  break;
	  }
	else if (smtp_mailcmd_max < 0)
	  smtp_mailcmd_max = expand_mailmax(smtp_accept_max_per_connection);

      if (sender_address)
	{

      /* Check to see if the limit for messages per connection would be
      exceeded by accepting further messages. */

      if (smtp_mailcmd_max > 0 && smtp_mailcmd_count > smtp_mailcmd_max)
	  smtp_mailcmd_count > smtp_accept_max_per_connection)
	{
	smtp_printf("421 too many messages in this connection\r\n", FALSE);
	log_write(0, LOG_MAIN|LOG_REJECT, "rejected MAIL command %s: too many "

      count this as a protocol error. Reset was_rej_mail so that further RCPTs
      get the same treatment. */

      if (!sender_address)
	{
	if (f.smtp_in_pipelining_advertised && last_was_rej_mail)
	  {


      /* Check for an operand */

      if (!smtp_cmd_data[0])
	{
	done = synprot_error(L_smtp_syntax_error, 501, NULL,
	  US"RCPT must have an address operand");

#endif
      if (!discarded && recipients_count <= 0)
	{
	if (fl.rcpt_smtp_response_same && rcpt_smtp_response)
	  {
	  uschar *code = US"503";
	  int len = Ustrlen(rcpt_smtp_response);

	ACL may have delayed.  To handle cutthrough delivery enforce a dummy call
	to get the DATA command sent. */

	if (!acl_smtp_predata && cutthrough.cctx.sock < 0)
	  rc = OK;
	else
	  {

      Pipelining sync checks will normally have protected us too, unless disabled
      by configuration. */

      if (receive_hasc())
	{
	DEBUG(D_any)
	  debug_printf("Non-empty input buffer after STARTTLS; naive attack?\n");

      STARTTLS that don't add to the nonmail command count. */

      s = NULL;
      if ((rc = tls_server_start(&s)) == OK)
	{
	if (!tls_remember_esmtp)
	  fl.helo_seen = fl.esmtp = fl.auth_advertised = f.smtp_in_pipelining_advertised = FALSE;

	some sense is perhaps "right". */

	case QUIT_CMD:
	  f.smtp_in_quit = TRUE;
	  user_msg = NULL;
	  if (  acl_smtp_quit
	     && ((rc = acl_check(ACL_WHERE_QUIT, NULL, acl_smtp_quit, &user_msg,

	etrn_command = smtp_etrn_command;
	deliver_domain = smtp_cmd_data;
	rc = transport_set_up_command(&argv, smtp_etrn_command, TRUE, 0, NULL,
	  FALSE, US"ETRN processing", &error);
	deliver_domain = NULL;
	if (!rc)
	  {

	  {
	  DEBUG(D_exec) debug_print_argv(argv);
	  exim_nullstd();                   /* Ensure std{in,out,err} exist */
	  /* argv[0] should be untainted, from child_exec_exim() */
	  execv(CS argv[0], (char *const *)argv);
	  log_write(0, LOG_MAIN|LOG_PANIC_DIE, "exec of \"%s\" (ETRN) failed: %s",
	    etrn_command, strerror(errno));

  COMMAND_LOOP:
  last_was_rej_mail = was_rej_mail;     /* Remember some last commands for */
  last_was_rcpt = was_rcpt;             /* protocol error handling */
  continue;
  }

return done - 2;  /* Convert yield values */




*     Exim - an Internet mail transport agent    *
*************************************************/

/* Copyright (c) The Exim Maintainers 2020 - 2022 */
/* Copyright (c) University of Cambridge 1995 - 2018 */
/* Copyright (c) The Exim Maintainers 2020 */
/* See the file NOTICE for conditions of use and distribution. */

/* A number of functions for driving outgoing SMTP calls. */

               which case the function does nothing
  host_af    AF_INET or AF_INET6 for the outgoing IP address
  addr       the mail address being handled (for setting errors)
  interface  point this to the interface if there is one defined
  msg        to add to any error message

Returns:     TRUE on success, FALSE on failure, with error message

Uskip_whitespace(&expint);
if (!*expint) return TRUE;

while ((iface = string_nextinlist(&expint, &sep, NULL, 0)))
          big_buffer_size)))
  {
  int if_af = string_is_ip_address(iface, NULL);
  if (if_af == 0)
    {
    addr->transport_return = PANIC;
    addr->message = string_sprintf("\"%s\" is not a valid IP "

    return FALSE;
    }

  if ((if_af == 4 ? AF_INET : AF_INET6) == host_af)
    break;
  }

*interface = iface;
return TRUE;
}




#ifdef TCP_FASTOPEN
/* Try to record if TFO was attmepted and if it was successfully used.  */

static void
tfo_out_check(int sock)
{
static BOOL done_once = FALSE;

if (done_once) return;
done_once = TRUE;

# ifdef __FreeBSD__
struct tcp_info tinfo;
socklen_t len = sizeof(tinfo);

/* A getsockopt TCP_FASTOPEN unfortunately returns "was-used" for a TFO/R as
well as a TFO/C.  Use what we can of the Linux hack below; reliability issues ditto. */
switch (tcp_out_fastopen)
  {
  case TFO_ATTEMPTED_NODATA:
    if (  getsockopt(sock, IPPROTO_TCP, TCP_INFO, &tinfo, &len) == 0
       && tinfo.tcpi_state == TCPS_SYN_SENT
       && tinfo.__tcpi_unacked > 0
       )
      {
      DEBUG(D_transport|D_v)
       debug_printf("TCP_FASTOPEN tcpi_unacked %d\n", tinfo.__tcpi_unacked);
      tcp_out_fastopen = TFO_USED_NODATA;
      }
    break;
  /*
  case TFO_ATTEMPTED_DATA:
  case TFO_ATTEMPTED_DATA:
       if (tinfo.tcpi_options & TCPI_OPT_SYN_DATA)   XXX no equvalent as of 12.2
  */
  }

/* The observability as of 12.1 is not useful as a client, only telling us that
a TFO option was used on SYN.  It could have been a TFO-R, or ignored by the
server. */

/*
if (tcp_out_fastopen == TFO_ATTEMPTED_NODATA || tcp_out_fastopen == TFO_ATTEMPTED_DATA)
  if (getsockopt(sock, IPPROTO_TCP, TCP_FASTOPEN, &val, &len) == 0 && val != 0) {}
*/
switch (tcp_out_fastopen)
  {
  case TFO_ATTEMPTED_NODATA:	tcp_out_fastopen = TFO_USED_NODATA; break;
  case TFO_ATTEMPTED_DATA:	tcp_out_fastopen = TFO_USED_DATA; break;
  default: break; /* compiler quietening */
  }

#endif


/* Create and bind a socket, given the connect-args.
Update those with the state.  Return the fd, or -1 with errno set.
		preferably in the TCP SYN segment

Returns:      connected socket number, or -1 with errno set
*/

int
smtp_boundsock(smtp_connect_args * sc)
  transport_instance * tb, int timeout, const blob * early_data)
{
transport_instance * tb = sc->tblock;
smtp_transport_options_block * ob =
  (smtp_transport_options_block *)tb->options_block;
const uschar * dscp = ob->dscp;
int sock, dscp_value, dscp_level, dscp_option;
int dscp_level;
int dscp_option;
int sock;
int save_errno = 0;
const blob * fastopen_blob = NULL;

if ((sock = ip_socket(SOCK_STREAM, sc->host_af)) < 0)
  return -1;
deliver_host_address = host->address;
deliver_host_port = port;
if (event_raise(tb->event_action, US"tcp:connect", NULL)) return -1;
#endif

if ((sock = ip_socket(SOCK_STREAM, host_af)) < 0) return -1;

/* Set TCP_NODELAY; Exim does its own buffering. */


/* Set DSCP value, if we can. For now, if we fail to set the value, we don't
bomb out, just log it and continue in default traffic class. */

if (dscp && dscp_lookup(dscp, sc->host_af, &dscp_level, &dscp_option, &dscp_value))
  {
  HDEBUG(D_transport|D_acl|D_v)
    debug_printf_indent("DSCP \"%s\"=%x ", dscp, dscp_value);

      debug_printf_indent("failed to set DSCP: %s ", strerror(errno));
  /* If the kernel supports IPv4 and IPv6 on an IPv6 socket, we need to set the
  option for both; ignore failures here */
  if (sc->host_af == AF_INET6 &&
      dscp_lookup(dscp, AF_INET, &dscp_level, &dscp_option, &dscp_value))
    (void) setsockopt(sock, dscp_level, dscp_option, &dscp_value, sizeof(dscp_value));
  }

/* Bind to a specific interface if requested. Caller must ensure the interface
is the same type (IPv4 or IPv6) as the outgoing address. */

if (sc->interface)
  {
  union sockaddr_46 interface_sock;
  EXIM_SOCKLEN_T size = sizeof(interface_sock);

  if (  ip_bind(sock, sc->host_af, sc->interface, 0) < 0
     || getsockname(sock, (struct sockaddr *) &interface_sock, &size) < 0
     )
    {
    HDEBUG(D_transport|D_acl|D_v)
      debug_printf_indent("unable to bind outgoing SMTP call to %s: %s", sc->interface,
	strerror(errno));
    close(sock);
    return -1;
    }
  sending_ip_address = host_ntoa(-1, &interface_sock, NULL, &sending_port);
  }

sc->sock = sock;
return sock;
}


/* Arguments:
  host        host item containing name and address and port
  host_af     AF_INET or AF_INET6
  port	      TCP port number
  interface   outgoing interface address or NULL
  tb          transport
  timeout     timeout value or 0
  early_data	if non-NULL, idempotent data to be sent -
		preferably in the TCP SYN segment
	      Special case: non-NULL but with NULL blob.data - caller is
	      client-data-first (eg. TLS-on-connect) and a lazy-TCP-connect is
	      acceptable.

Returns:      connected socket number, or -1 with errno set
*/

int
smtp_sock_connect(smtp_connect_args * sc, int timeout, const blob * early_data)
{
smtp_transport_options_block * ob =
  (smtp_transport_options_block *)sc->tblock->options_block;
int sock;
int save_errno = 0;
const blob * fastopen_blob = NULL;


#ifndef DISABLE_EVENT
deliver_host_address = sc->host->address;
deliver_host_port = sc->host->port;
if (event_raise(sc->tblock->event_action, US"tcp:connect", NULL, &errno)) return -1;
#endif

if (  (sock = sc->sock) < 0
   && (sock = smtp_boundsock(sc)) < 0)
  save_errno = errno;
sc->sock = -1;

/* Connect to the remote host, and add keepalive to the socket before returning
it, if requested.  If the build supports TFO, request it - and if the caller
requested some early-data then include that in the TFO request.  If there is
early-data but no TFO support, send it after connecting. */

if (!save_errno)
  {
#ifdef TCP_FASTOPEN
  /* See if TCP Fast Open usable.  Default is a traditional 3WHS connect */
  if (verify_check_given_host(CUSS &ob->hosts_try_fastopen, sc->host) == OK)
    {
    if (!early_data)
      fastopen_blob = &tcp_fastopen_nodata;	/* TFO, with no data */
    else if (early_data->data)
      fastopen_blob = early_data;		/* TFO, with data */
# ifdef TCP_FASTOPEN_CONNECT
    else
      {						/* expecting client data */
      debug_printf(" set up lazy-connect\n");
      setsockopt(sock, IPPROTO_TCP, TCP_FASTOPEN_CONNECT, US &on, sizeof(on));
      /* fastopen_blob = NULL;		 lazy TFO, triggered by data write */
      }
# endif
    }
#endif

  if (ip_connect(sock, sc->host_af, sc->host->address, sc->host->port, timeout, fastopen_blob) < 0)
    save_errno = errno;
  else if (early_data && !fastopen_blob && early_data->data && early_data->len)
    {
    /* We had some early-data to send, but couldn't do TFO */
    HDEBUG(D_transport|D_acl|D_v)
      debug_printf("sending %ld nonTFO early-data\n", (long)early_data->len);

#ifdef TCP_QUICKACK_notdef
    (void) setsockopt(sock, IPPROTO_TCP, TCP_QUICKACK, US &off, sizeof(off));
#endif
    if (send(sock, early_data->data, early_data->len, 0) < 0)
      save_errno = errno;
    }
#ifdef TCP_QUICKACK_notdef
  /* Under TFO (with openssl & pipe-conn; testcase 4069, as of
  5.10.8-100.fc32.x86_64) this seems to be inop.
  Perhaps overwritten when we (client) go -> ESTABLISHED on seeing the 3rd-ACK?
  For that case, added at smtp_reap_banner(). */
  (void) setsockopt(sock, IPPROTO_TCP, TCP_QUICKACK, US &off, sizeof(off));
#endif
  }

if (!save_errno)

if (save_errno != 0)
  {
  HDEBUG(D_transport|D_acl|D_v)
    {
    debug_printf_indent(" failed: %s", CUstrerror(save_errno));
    if (save_errno == ETIMEDOUT)
      debug_printf(" (timeout=%s)", readconf_printtime(timeout));
    debug_printf("\n");
    }
  (void)close(sock);
  errno = save_errno;
  return -1;
  }

/* Both bind() and connect() succeeded, and any early-data */

else
  {
  union sockaddr_46 interface_sock;
  EXIM_SOCKLEN_T size = sizeof(interface_sock);

  /* Both bind() and connect() succeeded, and any early-data */

  HDEBUG(D_transport|D_acl|D_v) debug_printf_indent(" connected\n");
  if (getsockname(sock, (struct sockaddr *)(&interface_sock), &size) == 0)
    sending_ip_address = host_ntoa(-1, &interface_sock, NULL, &sending_port);

    return -1;
    }

  if (ob->keepalive) ip_keepalive(sock, sc->host->address, TRUE);
#ifdef TCP_FASTOPEN
  tfo_out_check(sock);
#endif
  return sock;
  }

/* Either bind() or connect() failed */

HDEBUG(D_transport|D_acl|D_v)
  {
  debug_printf_indent(" failed: %s", CUstrerror(save_errno));
  if (save_errno == ETIMEDOUT)
    debug_printf(" (timeout=%s)", readconf_printtime(timeout));
  debug_printf("\n");
  }
(void)close(sock);
errno = save_errno;
return -1;
}



Arguments:
  sc	      details for making connection: host, af, interface, transport
  early_data  if non-NULL, data to be sent - preferably in the TCP SYN segment
	      Special case: non-NULL but with NULL blob.data - caller is
	      client-data-first (eg. TLS-on-connect) and a lazy-TCP-connect is
	      acceptable.

Returns:      connected socket number, or -1 with errno set
*/

  }
#endif

return smtp_sock_connect(sc, ob->connect_timeout, early_data);
			  sc->tblock, ob->connect_timeout, early_data);
}



int rc;
int n = outblock->ptr - outblock->buffer;
BOOL more = mode == SCMD_MORE;
client_conn_ctx * cctx;

HDEBUG(D_transport|D_acl) debug_printf_indent("cmd buf flush %d bytes%s\n", n,
  more ? " (more expected)" : "");

if (!(cctx = outblock->cctx))
  {
  log_write(0, LOG_MAIN|LOG_PANIC, "null conn-context pointer");
  errno = 0;
  return FALSE;
  }

#ifndef DISABLE_TLS
if (cctx->tls_ctx)		/*XXX have seen a null cctx here, rvfy sending QUIT, hence check above */
  rc = tls_write(cctx->tls_ctx, outblock->buffer, n, more);
else
#endif


    requirement: TFO with data can, in rare cases, replay the data to the
    receiver. */

    if (  (cctx->sock = smtp_connect(outblock->conn_args, &early_data))
       < 0)
      return FALSE;
    outblock->conn_args = NULL;

    }
  else
    {
    rc = send(cctx->sock, outblock->buffer, n,
#ifdef MSG_MORE
	      more ? MSG_MORE : 0
#else

    https://bugzilla.redhat.com/show_bug.cgi?id=1803806 */

    if (!more)
      setsockopt(cctx->sock, IPPROTO_TCP, TCP_CORK, &off, sizeof(off));
#endif
    }
  }




/* This might be called both due to callout and then from delivery.
Use memory that will not be released between those phases.
*/
static void
smtp_debug_resp(const uschar * buf)
{
#ifndef DISABLE_CLIENT_CMD_LOG
int old_pool = store_pool;
store_pool = POOL_PERM;
client_cmd_log = string_append_listele_n(client_cmd_log, ':', buf,
  buf[3] == ' ' ? 3 : 4);
store_pool = old_pool;
#endif
}


/*************************************************
*             Write SMTP command                 *
*************************************************/

*/

int
smtp_write_command(void * sx, int mode, const char * format, ...)
{
smtp_outblock * outblock = &((smtp_context *)sx)->outblock;
int rc = 0;

      while (!isspace(*p)) p++;
      while (isspace(*p)) p++;
      }
    while (*p) *p++ = '*';
    }

  smtp_debug_cmd(big_buffer, mode);
  }

if (mode != SCMD_BUFFER)

uschar * ptr = buffer;
int count = 0;
time_t timelimit = time(NULL) + timeout;
BOOL yield = FALSE;

errno = 0;  /* Ensure errno starts out zero */
buffer[0] = '\0';

#ifndef DISABLE_PIPE_CONNECT
if (sx->pending_BANNER || sx->pending_EHLO)

  if ((rc = smtp_reap_early_pipe(sx, &count)) != OK)
    {
    DEBUG(D_transport) debug_printf("failed reaping pipelined cmd responsess\n");
    buffer[0] = '\0';
    if (rc == DEFER) errno = ERRNO_TLSFAILURE;
    goto out;
    }
  }
#endif

     (ptr[3] != '-' && ptr[3] != ' ' && ptr[3] != 0))
    {
    errno = ERRNO_SMTPFORMAT;    /* format error */
    goto out;
    }

  /* If the line we have just read is a terminal line, line, we are done.

  }

#ifdef TCP_FASTOPEN
tfo_out_check(sx->cctx.sock);
#endif

/* Return a value that depends on the SMTP return code. On some systems a

timeouts, lost connections, etc. */

errno = 0;
yield = buffer[0] == okdigit;

out:
  smtp_debug_resp(buffer);
  return yield;
}

/* End of smtp_out.c */

Lines 2-10 Link Here

(-)exim.orig/src/spam.c (-58 / +26 lines)
2	* Exim - an Internet mail transport agent *	2	* Exim - an Internet mail transport agent *
3	*************************************************/	3	*************************************************/
4		4
5	/* Copyright (c) Tom Kistner <tom@duncanthrax.net> 2003 - 2015	5	/*
		6	* Copyright (c) The Exim Maintainers 2016 - 2022
		7	* Copyright (c) Tom Kistner <tom@duncanthrax.net> 2003 - 2015
6	* License: GPL	8	* License: GPL
7	* Copyright (c) The Exim Maintainers 2016 - 2020
8	*/	9	*/
9		10
10	/* Code for calling spamassassin's spamd. Called from acl.c. */	11	/* Code for calling spamassassin's spamd. Called from acl.c. */
Lines 35-41 Link Here
35	spamd->weight = SPAMD_WEIGHT;	36	spamd->weight = SPAMD_WEIGHT;
36	spamd->timeout = SPAMD_TIMEOUT;	37	spamd->timeout = SPAMD_TIMEOUT;
37	spamd->retry = 0;	38	spamd->retry = 0;
38	spamd->priority = 1;	39	spamd->priority = SPAMD_PRIORITY;
39	return 0;	40	return 0;
40	}	41	}
41		42
Lines 139-159 Link Here
139	spamd_address_container * sd;	140	spamd_address_container * sd;
140	long weights;	141	long weights;
141	unsigned pri;	142	unsigned pri;
142	static BOOL srandomed = FALSE;
143		143
144	/* speedup, if we have only 1 server */	144	/* speedup, if we have only 1 server */
145	if (num_servers == 1)	145	if (num_servers == 1)
146	return (spamds[0]->is_failed ? -1 : 0);	146	return (spamds[0]->is_failed ? -1 : 0);
147		147
148	/* init ranmod */
149	if (!srandomed)
150	{
151	struct timeval tv;
152	gettimeofday(&tv, NULL);
153	srandom((unsigned int)(tv.tv_usec/1000));
154	srandomed = TRUE;
155	}
156
157	/* scan for highest pri */	148	/* scan for highest pri */
158	for (pri = 0, i = 0; i < num_servers; i++)	149	for (pri = 0, i = 0; i < num_servers; i++)
159	{	150	{
Lines 170-176 Link Here
170	if (weights == 0) /* all servers failed */	161	if (weights == 0) /* all servers failed */
171	return -1;	162	return -1;
172		163
173	for (long rnd = random() % weights, i = 0; i < num_servers; i++)	164	for (long rnd = random_number(weights), i = 0; i < num_servers; i++)
174	{	165	{
175	sd = spamds[i];	166	sd = spamds[i];
176	if (!sd->is_failed && sd->priority == pri)	167	if (!sd->is_failed && sd->priority == pri)
Lines 204-215 Link Here
204	int override = 0;	195	int override = 0;
205	time_t start;	196	time_t start;
206	size_t read, wrote;	197	size_t read, wrote;
207	#ifndef NO_POLL_H
208	struct pollfd pollfd;
209	#else /* Patch posted by Erik ? for OS X */
210	struct timeval select_tv; /* and applied by PH */
211	fd_set select_fd;
212	#endif
213	uschar *spamd_address_work;	198	uschar *spamd_address_work;
214	spamd_address_container * sd;	199	spamd_address_container * sd;
215		200
Lines 224-231 Link Here
224	}	209	}
225		210
226	/* if username is "0" or "false", do not scan */	211	/* if username is "0" or "false", do not scan */
227	if ( (Ustrcmp(user_name,"0") == 0) \|\|	212	if (Ustrcmp(user_name, "0") == 0 \|\| strcmpic(user_name, US"false") == 0)
228	(strcmpic(user_name,US"false") == 0) )
229	return FAIL;	213	return FAIL;
230		214
231	/* if there is an additional option, check if it is "true" */	215	/* if there is an additional option, check if it is "true" */
Lines 234-252 Link Here
234	override = 1;	218	override = 1;
235		219
236	/* expand spamd_address if needed */	220	/* expand spamd_address if needed */
237	if (*spamd_address == '$')	221	if (*spamd_address != '$')
		222	spamd_address_work = spamd_address;
		223	else if (!(spamd_address_work = expand_string(spamd_address)))
238	{	224	{
239	spamd_address_work = expand_string(spamd_address);	225	log_write(0, LOG_MAIN\|LOG_PANIC,
240	if (spamd_address_work == NULL)	226	"%s spamd_address starts with $, but expansion failed: %s",
241	{	227	loglabel, expand_string_message);
242	log_write(0, LOG_MAIN\|LOG_PANIC,	228	return DEFER;
243	"%s spamd_address starts with $, but expansion failed: %s",
244	loglabel, expand_string_message);
245	return DEFER;
246	}
247	}	229	}
248	else
249	spamd_address_work = spamd_address;
250		230
251	DEBUG(D_acl) debug_printf_indent("spamd: addrlist '%s'\n", spamd_address_work);	231	DEBUG(D_acl) debug_printf_indent("spamd: addrlist '%s'\n", spamd_address_work);
252		232
Lines 290-296 Link Here
290	uschar * s;	270	uschar * s;
291		271
292	DEBUG(D_acl) debug_printf_indent("spamd: addr entry '%s'\n", address);	272	DEBUG(D_acl) debug_printf_indent("spamd: addr entry '%s'\n", address);
293	sd = store_get(sizeof(spamd_address_container), FALSE);	273	sd = store_get(sizeof(spamd_address_container), GET_UNTAINTED);
294		274
295	for (sublist = address, args = 0, spamd_param_init(sd);	275	for (sublist = address, args = 0, spamd_param_init(sd);
296	(s = string_nextinlist(&sublist, &sublist_sep, NULL, 0));	276	(s = string_nextinlist(&sublist, &sublist_sep, NULL, 0));
Lines 410-428 Link Here
410	}	390	}
411		391
412	/* now send the file */	392	/* now send the file */
413	/* spamd sometimes accepts connections but doesn't read data off	393	/* spamd sometimes accepts connections but doesn't read data off the connection.
414	* the connection. We make the file descriptor non-blocking so	394	We make the file descriptor non-blocking so that the write will only write
415	* that the write will only write sufficient data without blocking	395	sufficient data without blocking and we poll the descriptor to make sure that we
416	* and we poll the descriptor to make sure that we can write without	396	can write without blocking. Short writes are gracefully handled and if the
417	* blocking. Short writes are gracefully handled and if the whole	397	whole transaction takes too long it is aborted.
418	* transaction takes too long it is aborted.	398
419	* Note: poll() is not supported in OSX 10.2 and is reported to be	399	Note: poll() is not supported in OSX 10.2 and is reported to be broken in more
420	* broken in more recent versions (up to 10.4).	400	recent versions (up to 10.4). Workaround using select() removed 2021/11 (jgh).
421	*/	401	*/
422	#ifndef NO_POLL_H	402	#ifdef NO_POLL_H
423	pollfd.fd = spamd_cctx.sock;	403	# error Need poll(2) support
424	pollfd.events = POLLOUT;
425	#endif	404	#endif
		405
426	(void)fcntl(spamd_cctx.sock, F_SETFL, O_NONBLOCK);	406	(void)fcntl(spamd_cctx.sock, F_SETFL, O_NONBLOCK);
427	do	407	do
428	{	408	{
Lines 431-449 Link Here
431	{	411	{
432	offset = 0;	412	offset = 0;
433	again:	413	again:
434	#ifndef NO_POLL_H	414	result = poll_one_fd(spamd_cctx.sock, POLLOUT, 1000);
435	result = poll(&pollfd, 1, 1000);
436
437	/* Patch posted by Erik ? for OS X and applied by PH */
438	#else
439	select_tv.tv_sec = 1;
440	select_tv.tv_usec = 0;
441	FD_ZERO(&select_fd);
442	FD_SET(spamd_cctx.sock, &select_fd);
443	result = select(spamd_cctx.sock+1, NULL, &select_fd, NULL, &select_tv);
444	#endif
445	/* End Erik's patch */
446
447	if (result == -1 && errno == EINTR)	415	if (result == -1 && errno == EINTR)
448	goto again;	416	goto again;
449	else if (result < 1)	417	else if (result < 1)




*************************************************/

/* Copyright (c) Tom Kistner <tom@duncanthrax.net> 2003 - 2015 */
/* Copyright (c) The Exim Maintainers 2021 */
/* License: GPL */

/* spam defines */

# define SHUT_WR 1
#endif

/* Defaults */
#define SPAMD_WEIGHT 1
#define SPAMD_PRIORITY 1

typedef struct spamd_address_container
{




*************************************************/

/* SPF support.
   Copyright (c) The Exim Maintainers 2015 - 2022
   Copyright (c) Tom Kistner <tom@duncanthrax.net> 2004 - 2014
   License: GPL
   Copyright (c) The Exim Maintainers 2015 - 2020
*/

/* Code for calling spf checks via libspf-alt. Called from acl.c. */

SPF_dns_rr_t  * spf_nxdomain = NULL;


gstring *
spf_lib_version_report(gstring * g)
{
int maj, min, patch;

SPF_get_lib_version(&maj, &min, &patch);
g = string_fmt_append(g, "Library version: spf2: Compile: %d.%d.%d\n",
	SPF_LIB_VERSION_MAJOR, SPF_LIB_VERSION_MINOR, SPF_LIB_VERSION_PATCH);
g = string_fmt_append(g,    "                       Runtime: %d.%d.%d\n",
	 maj, min, patch);
return g;
}



  HDEBUG(D_host_lookup) debug_printf("faking NO_DATA for SPF RR(99) lookup\n");
  srr.herrno = NO_DATA;
  SPF_dns_rr_dup(&spfrr, &srr);
  store_free_dns_answer(dnsa);
  return spfrr;
  }


if (found == 0)
  {
  SPF_dns_rr_dup(&spfrr, &srr);
  store_free_dns_answer(dnsa);
  return spfrr;
  }



/* spfrr->rr must have been malloc()d for this */
SPF_dns_rr_dup(&spfrr, &srr);
store_free_dns_answer(dnsa);
return spfrr;
}


if (!(s = expand_string(spf_smtp_comment_template)))
  log_write(0, LOG_MAIN|LOG_PANIC_DIE, "expansion of spf_smtp_comment_template failed");

SPF_server_set_explanation(spf_server, CCS s, &spf_response);
if (SPF_response_errcode(spf_response) != SPF_E_SUCCESS)
  log_write(0, LOG_MAIN|LOG_PANIC_DIE, "%s", SPF_strerror(SPF_response_errcode(spf_response)));


  g = string_cat(g, US" (best guess record for domain)");

s = expand_string(US"$sender_address_domain");
if (s && *s)
  return string_append(g, 2, US" smtp.mailfrom=", s);

s = sender_helo_name;
return s && *s
  ? string_append(g, 2, US" smtp.helo=", s)
  : string_cat(g, US" smtp.mailfrom=<>");
}





*************************************************/

/* Experimental SPF support.
   Copyright (c) The Exim Maintainers 2016 - 2022
   Copyright (c) Tom Kistner <tom@duncanthrax.net> 2004
   License: GPL
   Copyright (c) The Exim Maintainers 2016 - 2020
*/

#ifdef SUPPORT_SPF

} spf_result_id;

/* prototypes */
gstring * spf_lib_version_report(gstring *);
BOOL spf_init(void);
BOOL spf_conn_init(uschar *, uschar *);
int  spf_process(const uschar **, uschar *, int);

Lines 2-9 Link Here

(-)exim.orig/src/spool_in.c (-47 / +123 lines)
2	* Exim - an Internet mail transport agent *	2	* Exim - an Internet mail transport agent *
3	*************************************************/	3	*************************************************/
4		4
		5	/* Copyright (c) The Exim Maintainers 2020 - 2022 */
5	/* Copyright (c) University of Cambridge 1995 - 2018 */	6	/* Copyright (c) University of Cambridge 1995 - 2018 */
6	/* Copyright (c) The Exim Maintainers 2020 */
7	/* See the file NOTICE for conditions of use and distribution. */	7	/* See the file NOTICE for conditions of use and distribution. */
8		8
9	/* Functions for reading spool files. When compiling for a utility (eximon),	9	/* Functions for reading spool files. When compiling for a utility (eximon),
Lines 186-192 Link Here
186		186
187	if (n < 5) return FALSE; /* malformed line */	187	if (n < 5) return FALSE; /* malformed line */
188	buffer[n-1] = 0; /* Remove \n */	188	buffer[n-1] = 0; /* Remove \n */
189	node = store_get(sizeof(tree_node) + n - 3, TRUE); /* rcpt names tainted */	189	node = store_get(sizeof(tree_node) + n - 3, GET_TAINTED); /* rcpt names tainted */
190	*connect = node;	190	*connect = node;
191	Ustrcpy(node->name, buffer + 3);	191	Ustrcpy(node->name, buffer + 3);
192	node->data.ptr = NULL;	192	node->data.ptr = NULL;
Lines 300-305 Link Here
300	message_utf8_downconvert = 0;	300	message_utf8_downconvert = 0;
301	#endif	301	#endif
302		302
		303	#ifndef COMPILE_UTILITY
		304	debuglog_name[0] = '\0';
		305	#endif
303	dsn_ret = 0;	306	dsn_ret = 0;
304	dsn_envid = NULL;	307	dsn_envid = NULL;
305	}	308	}
Lines 442-448 Link Here
442	if (n < 3 \|\| big_buffer[0] != '<' \|\| big_buffer[n-2] != '>')	445	if (n < 3 \|\| big_buffer[0] != '<' \|\| big_buffer[n-2] != '>')
443	goto SPOOL_FORMAT_ERROR;	446	goto SPOOL_FORMAT_ERROR;
444		447
445	sender_address = store_get(n-2, TRUE); /* tainted */	448	sender_address = store_get(n-2, GET_TAINTED);
446	Ustrncpy(sender_address, big_buffer+1, n-3);	449	Ustrncpy(sender_address, big_buffer+1, n-3);
447	sender_address[n-3] = 0;	450	sender_address[n-3] = 0;
448		451
Lines 451-456 Link Here
451	if (sscanf(CS big_buffer, TIME_T_FMT " %d", &received_time.tv_sec, &warning_count) != 2)	454	if (sscanf(CS big_buffer, TIME_T_FMT " %d", &received_time.tv_sec, &warning_count) != 2)
452	goto SPOOL_FORMAT_ERROR;	455	goto SPOOL_FORMAT_ERROR;
453	received_time.tv_usec = 0;	456	received_time.tv_usec = 0;
		457	received_time_complete = received_time;
		458
454		459
455	message_age = time(NULL) - received_time.tv_sec;	460	message_age = time(NULL) - received_time.tv_sec;
456	#ifndef COMPILE_UTILITY	461	#ifndef COMPILE_UTILITY
Lines 477-487 Link Here
477	that we don't recognize. Otherwise it wouldn't be possible to back off a new	482	that we don't recognize. Otherwise it wouldn't be possible to back off a new
478	version that left new-style flags written on the spool.	483	version that left new-style flags written on the spool.
479		484
480	If the line starts with "--" the content of the variable is tainted. */	485	If the line starts with "--" the content of the variable is tainted.
		486	If the line start "--(<lookuptype>)" it is also quoted for the given <lookuptype>.
		487	*/
481		488
482	for (;;)	489	for (;;)
483	{	490	{
484	BOOL tainted;	491	const void * proto_mem;
485	uschar * var;	492	uschar * var;
486	const uschar * p;	493	const uschar * p;
487		494
Lines 489-496 Link Here
489	if (big_buffer[0] != '-') break;	496	if (big_buffer[0] != '-') break;
490	big_buffer[Ustrlen(big_buffer)-1] = 0;	497	big_buffer[Ustrlen(big_buffer)-1] = 0;
491		498
492	tainted = big_buffer[1] == '-';	499	proto_mem = big_buffer[1] == '-' ? GET_TAINTED : GET_UNTAINTED;
493	var = big_buffer + (tainted ? 2 : 1);	500	var = big_buffer + (proto_mem == GET_UNTAINTED ? 1 : 2);
		501	if (var == '(') / marker for quoted value */
		502	{
		503	uschar * s;
		504	int idx;
		505	for (s = ++var; *s != ')'; ) s++;
		506	#ifndef COMPILE_UTILITY
		507	if ((idx = search_findtype(var, s - var)) < 0)
		508	{
		509	DEBUG(D_any) debug_printf("Unrecognised quoter %.*s\n", (int)(s - var), var+1);
		510	goto SPOOL_FORMAT_ERROR;
		511	}
		512	proto_mem = store_get_quoted(1, GET_TAINTED, idx);
		513	#endif /* COMPILE_UTILITY */
		514	var = s + 1;
		515	}
494	p = var + 1;	516	p = var + 1;
495		517
496	switch(*var)	518	switch(*var)
Lines 514-520 Link Here
514	(int)(endptr - var - 5), var + 5);	536	(int)(endptr - var - 5), var + 5);
515	if (sscanf(CS endptr, " %d", &count) != 1) goto SPOOL_FORMAT_ERROR;	537	if (sscanf(CS endptr, " %d", &count) != 1) goto SPOOL_FORMAT_ERROR;
516	node = acl_var_create(name);	538	node = acl_var_create(name);
517	node->data.ptr = store_get(count + 1, tainted);	539	node->data.ptr = store_get(count + 1, proto_mem);
518	if (fread(node->data.ptr, 1, count+1, fp) < count) goto SPOOL_READ_ERROR;	540	if (fread(node->data.ptr, 1, count+1, fp) < count) goto SPOOL_READ_ERROR;
519	((uschar*)node->data.ptr)[count] = 0;	541	((uschar*)node->data.ptr)[count] = 0;
520	}	542	}
Lines 525-535 Link Here
525	f.allow_unqualified_sender = TRUE;	547	f.allow_unqualified_sender = TRUE;
526		548
527	else if (Ustrncmp(p, "uth_id", 6) == 0)	549	else if (Ustrncmp(p, "uth_id", 6) == 0)
528	authenticated_id = string_copy_taint(var + 8, tainted);	550	authenticated_id = string_copy_taint(var + 8, proto_mem);
529	else if (Ustrncmp(p, "uth_sender", 10) == 0)	551	else if (Ustrncmp(p, "uth_sender", 10) == 0)
530	authenticated_sender = string_copy_taint(var + 12, tainted);	552	authenticated_sender = string_copy_taint(var + 12, proto_mem);
531	else if (Ustrncmp(p, "ctive_hostname", 14) == 0)	553	else if (Ustrncmp(p, "ctive_hostname", 14) == 0)
532	smtp_active_hostname = string_copy_taint(var + 16, tainted);	554	smtp_active_hostname = string_copy_taint(var + 16, proto_mem);
533		555
534	/* For long-term backward compatibility, we recognize "-acl", which was	556	/* For long-term backward compatibility, we recognize "-acl", which was
535	used before the number of ACL variables changed from 10 to 20. This was	557	used before the number of ACL variables changed from 10 to 20. This was
Lines 553-559 Link Here
553	else	575	else
554	(void) string_format(name, sizeof(name), "%c%u", 'm', index - 10);	576	(void) string_format(name, sizeof(name), "%c%u", 'm', index - 10);
555	node = acl_var_create(name);	577	node = acl_var_create(name);
556	node->data.ptr = store_get(count + 1, tainted);	578	node->data.ptr = store_get(count + 1, proto_mem);
557	/* We sanity-checked the count, so disable the Coverity error */	579	/* We sanity-checked the count, so disable the Coverity error */
558	/* coverity[tainted_data] */	580	/* coverity[tainted_data] */
559	if (fread(node->data.ptr, 1, count+1, fp) < count) goto SPOOL_READ_ERROR;	581	if (fread(node->data.ptr, 1, count+1, fp) < count) goto SPOOL_READ_ERROR;
Lines 568-585 Link Here
568	body_zerocount = Uatoi(var + 14);	590	body_zerocount = Uatoi(var + 14);
569	#ifdef EXPERIMENTAL_BRIGHTMAIL	591	#ifdef EXPERIMENTAL_BRIGHTMAIL
570	else if (Ustrncmp(p, "mi_verdicts ", 12) == 0)	592	else if (Ustrncmp(p, "mi_verdicts ", 12) == 0)
571	bmi_verdicts = string_copy_taint(var + 13, tainted);	593	bmi_verdicts = string_copy_taint(var + 13, proto_mem);
572	#endif	594	#endif
573	break;	595	break;
574		596
575	case 'd':	597	case 'd':
576	if (Ustrcmp(p, "eliver_firsttime") == 0)	598	if (Ustrcmp(p, "eliver_firsttime") == 0)
577	f.deliver_firsttime = TRUE;	599	f.deliver_firsttime = TRUE;
578	/* Check if the dsn flags have been set in the header file */
579	else if (Ustrncmp(p, "sn_ret", 6) == 0)	600	else if (Ustrncmp(p, "sn_ret", 6) == 0)
580	dsn_ret= atoi(CS var + 7);	601	dsn_ret= atoi(CS var + 7);
581	else if (Ustrncmp(p, "sn_envid", 8) == 0)	602	else if (Ustrncmp(p, "sn_envid", 8) == 0)
582	dsn_envid = string_copy_taint(var + 10, tainted);	603	dsn_envid = string_copy_taint(var + 10, proto_mem);
		604	#ifndef COMPILE_UTILITY
		605	else if (Ustrncmp(p, "ebug_selector ", 14) == 0)
		606	debug_selector = strtol(CS var + 15, NULL, 0);
		607	else if (Ustrncmp(p, "ebuglog_name ", 13) == 0)
		608	debug_logging_from_spool(var + 14);
		609	#endif
583	break;	610	break;
584		611
585	case 'f':	612	case 'f':
Lines 597-609 Link Here
597	else if (Ustrcmp(p, "ost_lookup_failed") == 0)	624	else if (Ustrcmp(p, "ost_lookup_failed") == 0)
598	host_lookup_failed = TRUE;	625	host_lookup_failed = TRUE;
599	else if (Ustrncmp(p, "ost_auth_pubname", 16) == 0)	626	else if (Ustrncmp(p, "ost_auth_pubname", 16) == 0)
600	sender_host_auth_pubname = string_copy_taint(var + 18, tainted);	627	sender_host_auth_pubname = string_copy_taint(var + 18, proto_mem);
601	else if (Ustrncmp(p, "ost_auth", 8) == 0)	628	else if (Ustrncmp(p, "ost_auth", 8) == 0)
602	sender_host_authenticated = string_copy_taint(var + 10, tainted);	629	sender_host_authenticated = string_copy_taint(var + 10, proto_mem);
603	else if (Ustrncmp(p, "ost_name", 8) == 0)	630	else if (Ustrncmp(p, "ost_name", 8) == 0)
604	sender_host_name = string_copy_taint(var + 10, tainted);	631	sender_host_name = string_copy_taint(var + 10, proto_mem);
605	else if (Ustrncmp(p, "elo_name", 8) == 0)	632	else if (Ustrncmp(p, "elo_name", 8) == 0)
606	sender_helo_name = string_copy_taint(var + 10, tainted);	633	sender_helo_name = string_copy_taint(var + 10, proto_mem);
607		634
608	/* We now record the port number after the address, separated by a	635	/* We now record the port number after the address, separated by a
609	dot. For compatibility during upgrading, do nothing if there	636	dot. For compatibility during upgrading, do nothing if there
Lines 612-618 Link Here
612	else if (Ustrncmp(p, "ost_address", 11) == 0)	639	else if (Ustrncmp(p, "ost_address", 11) == 0)
613	{	640	{
614	sender_host_port = host_address_extract_port(var + 13);	641	sender_host_port = host_address_extract_port(var + 13);
615	sender_host_address = string_copy_taint(var + 13, tainted);	642	sender_host_address = string_copy_taint(var + 13, proto_mem);
616	}	643	}
617	break;	644	break;
618		645
Lines 620-629 Link Here
620	if (Ustrncmp(p, "nterface_address", 16) == 0)	647	if (Ustrncmp(p, "nterface_address", 16) == 0)
621	{	648	{
622	interface_port = host_address_extract_port(var + 18);	649	interface_port = host_address_extract_port(var + 18);
623	interface_address = string_copy_taint(var + 18, tainted);	650	interface_address = string_copy_taint(var + 18, proto_mem);
624	}	651	}
625	else if (Ustrncmp(p, "dent", 4) == 0)	652	else if (Ustrncmp(p, "dent", 4) == 0)
626	sender_ident = string_copy_taint(var + 6, tainted);	653	sender_ident = string_copy_taint(var + 6, proto_mem);
627	break;	654	break;
628		655
629	case 'l':	656	case 'l':
Lines 633-639 Link Here
633	f.local_error_message = TRUE;	660	f.local_error_message = TRUE;
634	#ifdef HAVE_LOCAL_SCAN	661	#ifdef HAVE_LOCAL_SCAN
635	else if (Ustrncmp(p, "ocal_scan ", 10) == 0)	662	else if (Ustrncmp(p, "ocal_scan ", 10) == 0)
636	local_scan_data = string_copy_taint(var + 11, tainted);	663	local_scan_data = string_copy_taint(var + 11, proto_mem);
637	#endif	664	#endif
638	break;	665	break;
639		666
Lines 650-661 Link Here
650		677
651	case 'r':	678	case 'r':
652	if (Ustrncmp(p, "eceived_protocol", 16) == 0)	679	if (Ustrncmp(p, "eceived_protocol", 16) == 0)
653	received_protocol = string_copy_taint(var + 18, tainted);	680	received_protocol = string_copy_taint(var + 18, proto_mem);
654	else if (Ustrncmp(p, "eceived_time_usec", 17) == 0)	681	else if (Ustrncmp(p, "eceived_time_usec", 17) == 0)
655	{	682	{
656	unsigned usec;	683	unsigned usec;
657	if (sscanf(CS var + 20, "%u", &usec) == 1)	684	if (sscanf(CS var + 20, "%u", &usec) == 1)
		685	{
658	received_time.tv_usec = usec;	686	received_time.tv_usec = usec;
		687	if (!received_time_complete.tv_sec) received_time_complete.tv_usec = usec;
		688	}
		689	}
		690	else if (Ustrncmp(p, "eceived_time_complete", 21) == 0)
		691	{
		692	unsigned sec, usec;
		693	if (sscanf(CS var + 23, "%u.%u", &sec, &usec) == 2)
		694	{
		695	received_time_complete.tv_sec = sec;
		696	received_time_complete.tv_usec = usec;
		697	}
659	}	698	}
660	break;	699	break;
661		700
Lines 664-674 Link Here
664	f.sender_set_untrusted = TRUE;	703	f.sender_set_untrusted = TRUE;
665	#ifdef WITH_CONTENT_SCAN	704	#ifdef WITH_CONTENT_SCAN
666	else if (Ustrncmp(p, "pam_bar ", 8) == 0)	705	else if (Ustrncmp(p, "pam_bar ", 8) == 0)
667	spam_bar = string_copy_taint(var + 9, tainted);	706	spam_bar = string_copy_taint(var + 9, proto_mem);
668	else if (Ustrncmp(p, "pam_score ", 10) == 0)	707	else if (Ustrncmp(p, "pam_score ", 10) == 0)
669	spam_score = string_copy_taint(var + 11, tainted);	708	spam_score = string_copy_taint(var + 11, proto_mem);
670	else if (Ustrncmp(p, "pam_score_int ", 14) == 0)	709	else if (Ustrncmp(p, "pam_score_int ", 14) == 0)
671	spam_score_int = string_copy_taint(var + 15, tainted);	710	spam_score_int = string_copy_taint(var + 15, proto_mem);
672	#endif	711	#endif
673	#ifndef COMPILE_UTILITY	712	#ifndef COMPILE_UTILITY
674	else if (Ustrncmp(p, "pool_file_wireformat", 20) == 0)	713	else if (Ustrncmp(p, "pool_file_wireformat", 20) == 0)
Lines 688-694 Link Here
688	if (Ustrncmp(q, "certificate_verified", 20) == 0)	727	if (Ustrncmp(q, "certificate_verified", 20) == 0)
689	tls_in.certificate_verified = TRUE;	728	tls_in.certificate_verified = TRUE;
690	else if (Ustrncmp(q, "cipher", 6) == 0)	729	else if (Ustrncmp(q, "cipher", 6) == 0)
691	tls_in.cipher = string_copy_taint(q+7, tainted);	730	tls_in.cipher = string_copy_taint(q+7, proto_mem);
692	# ifndef COMPILE_UTILITY /* tls support fns not built in */	731	# ifndef COMPILE_UTILITY /* tls support fns not built in */
693	else if (Ustrncmp(q, "ourcert", 7) == 0)	732	else if (Ustrncmp(q, "ourcert", 7) == 0)
694	(void) tls_import_cert(q+8, &tls_in.ourcert);	733	(void) tls_import_cert(q+8, &tls_in.ourcert);
Lines 696-712 Link Here
696	(void) tls_import_cert(q+9, &tls_in.peercert);	735	(void) tls_import_cert(q+9, &tls_in.peercert);
697	# endif	736	# endif
698	else if (Ustrncmp(q, "peerdn", 6) == 0)	737	else if (Ustrncmp(q, "peerdn", 6) == 0)
699	tls_in.peerdn = string_unprinting(string_copy_taint(q+7, tainted));	738	tls_in.peerdn = string_unprinting(string_copy_taint(q+7, proto_mem));
700	else if (Ustrncmp(q, "sni", 3) == 0)	739	else if (Ustrncmp(q, "sni", 3) == 0)
701	tls_in.sni = string_unprinting(string_copy_taint(q+4, tainted));	740	tls_in.sni = string_unprinting(string_copy_taint(q+4, proto_mem));
702	else if (Ustrncmp(q, "ocsp", 4) == 0)	741	else if (Ustrncmp(q, "ocsp", 4) == 0)
703	tls_in.ocsp = q[5] - '0';	742	tls_in.ocsp = q[5] - '0';
704	# ifdef EXPERIMENTAL_TLS_RESUME	743	# ifndef DISABLE_TLS_RESUME
705	else if (Ustrncmp(q, "resumption", 10) == 0)	744	else if (Ustrncmp(q, "resumption", 10) == 0)
706	tls_in.resumption = q[11] - 'A';	745	tls_in.resumption = q[11] - 'A';
707	# endif	746	# endif
708	else if (Ustrncmp(q, "ver", 3) == 0)	747	else if (Ustrncmp(q, "ver", 3) == 0)
709	tls_in.ver = string_copy_taint(q+4, tainted);	748	tls_in.ver = string_copy_taint(q+4, proto_mem);
710	}	749	}
711	break;	750	break;
712	#endif	751	#endif
Lines 745-755 Link Here
745	goto SPOOL_FORMAT_ERROR;	784	goto SPOOL_FORMAT_ERROR;
746		785
747	#ifndef COMPILE_UTILITY	786	#ifndef COMPILE_UTILITY
748	DEBUG(D_deliver)	787	DEBUG(D_deliver) debug_print_tree("Non-recipients", tree_nonrecipients);
749	{
750	debug_printf("Non-recipients:\n");
751	debug_print_tree(tree_nonrecipients);
752	}
753	#endif /* COMPILE_UTILITY */	788	#endif /* COMPILE_UTILITY */
754		789
755	/* After reading the tree, the next line has not yet been read into the	790	/* After reading the tree, the next line has not yet been read into the
Lines 765-771 Link Here
765	#endif /* COMPILE_UTILITY */	800	#endif /* COMPILE_UTILITY */
766		801
767	recipients_list_max = rcount;	802	recipients_list_max = rcount;
768	recipients_list = store_get(rcount * sizeof(recipient_item), FALSE);	803	recipients_list = store_get(rcount * sizeof(recipient_item), GET_UNTAINTED);
769		804
770	/* We sanitised the count and know we have enough memory, so disable	805	/* We sanitised the count and know we have enough memory, so disable
771	the Coverity error on recipients_count */	806	the Coverity error on recipients_count */
Lines 865-871 Link Here
865		900
866	(void)sscanf(CS p+1, "%d", &flags);	901	(void)sscanf(CS p+1, "%d", &flags);
867		902
868	if ((flags & 0x01) != 0) /* one_time data exists */	903	if (flags & 0x01) /* one_time data exists */
869	{	904	{
870	int len;	905	int len;
871	while (isdigit((--p)) \|\| p == ',' \|\| *p == '-');	906	while (isdigit((--p)) \|\| p == ',' \|\| *p == '-');
Lines 874-885 Link Here
874	if (len > 0)	909	if (len > 0)
875	{	910	{
876	p -= len;	911	p -= len;
877	errors_to = string_copy_taint(p, TRUE);	912	errors_to = string_copy_taint(p, GET_TAINTED);
878	}	913	}
879	}	914	}
880		915
881	(--p) = 0; / Terminate address */	916	--p = 0; / Terminate address */
882	if ((flags & 0x02) != 0) /* one_time data exists */	917	if (flags & 0x02) /* one_time data exists */
883	{	918	{
884	int len;	919	int len;
885	while (isdigit((--p)) \|\| p == ',' \|\| *p == '-');	920	while (isdigit((--p)) \|\| p == ',' \|\| *p == '-');
Lines 888-898 Link Here
888	if (len > 0)	923	if (len > 0)
889	{	924	{
890	p -= len;	925	p -= len;
891	orcpt = string_copy_taint(p, TRUE);	926	orcpt = string_copy_taint(p, GET_TAINTED);
892	}	927	}
893	}	928	}
894		929
895	(--p) = 0; / Terminate address */	930	--p = 0; / Terminate address */
896	}	931	}
897	#if !defined(COMPILE_UTILITY)	932	#if !defined(COMPILE_UTILITY)
898	else	933	else
Lines 906-912 Link Here
906	big_buffer, errors_to);	941	big_buffer, errors_to);
907	#endif	942	#endif
908		943
909	recipients_list[recipients_count].address = string_copy_taint(big_buffer, TRUE);	944	recipients_list[recipients_count].address = string_copy_taint(big_buffer, GET_TAINTED);
910	recipients_list[recipients_count].pno = pno;	945	recipients_list[recipients_count].pno = pno;
911	recipients_list[recipients_count].errors_to = errors_to;	946	recipients_list[recipients_count].errors_to = errors_to;
912	recipients_list[recipients_count].orcpt = orcpt;	947	recipients_list[recipients_count].orcpt = orcpt;
Lines 938-948 Link Here
938		973
939	if (read_headers)	974	if (read_headers)
940	{	975	{
941	h = store_get(sizeof(header_line), FALSE);	976	h = store_get(sizeof(header_line), GET_UNTAINTED);
942	h->next = NULL;	977	h->next = NULL;
943	h->type = flag[0];	978	h->type = flag[0];
944	h->slen = n;	979	h->slen = n;
945	h->text = store_get(n+1, TRUE); /* tainted */	980	h->text = store_get(n+1, GET_TAINTED);
946		981
947	if (h->type == htype_received) received_count++;	982	if (h->type == htype_received) received_count++;
948		983
Lines 1013-1018 Link Here
1013	return inheader? spool_read_hdrerror : spool_read_enverror;	1048	return inheader? spool_read_hdrerror : spool_read_enverror;
1014	}	1049	}
1015		1050
		1051
		1052	#ifndef COMPILE_UTILITY
		1053	/* Read out just the (envelope) sender string from the spool -H file.
		1054	Remove the <> wrap and return it in allocated store. Return NULL on error.
		1055
		1056	We assume that message_subdir is already set.
		1057	*/
		1058
		1059	uschar *
		1060	spool_sender_from_msgid(const uschar * id)
		1061	{
		1062	uschar * name = string_sprintf("%s-H", id);
		1063	FILE * fp;
		1064	int n;
		1065	uschar * yield = NULL;
		1066
		1067	if (!(fp = Ufopen(spool_fname(US"input", message_subdir, name, US""), "rb")))
		1068	return NULL;
		1069
		1070	DEBUG(D_deliver) debug_printf_indent("reading spool file %s\n", name);
		1071
		1072	/* Skip the line with the copy of the filename, then the line with login/uid/gid.
		1073	Read the next line, which should be the envelope sender.
		1074	Do basic validation on that. */
		1075
		1076	if ( Ufgets(big_buffer, big_buffer_size, fp) != NULL
		1077	&& Ufgets(big_buffer, big_buffer_size, fp) != NULL
		1078	&& Ufgets(big_buffer, big_buffer_size, fp) != NULL
		1079	&& (n = Ustrlen(big_buffer)) >= 3
		1080	&& big_buffer[0] == '<' && big_buffer[n-2] == '>'
		1081	)
		1082	{
		1083	yield = store_get(n-2, GET_TAINTED);
		1084	Ustrncpy(yield, big_buffer+1, n-3);
		1085	yield[n-3] = 0;
		1086	}
		1087	fclose(fp);
		1088	return yield;
		1089	}
		1090	#endif /* COMPILE_UTILITY */
		1091
1016	/* vi: aw ai sw=2	1092	/* vi: aw ai sw=2
1017	*/	1093	*/
1018	/* End of spool_in.c */	1094	/* End of spool_in.c */





/* Copyright (c) Tom Kistner <tom@duncanthrax.net> 2003 - 2015
 * License: GPL
 * Copyright (c) The Exim Maintainers 2016 - 2021
 */

/* Code for setting up a MBOX style spool file inside a /scan/<msgid>

  temp_string = string_sprintf("scan/%s", message_id);
  if (!directory_make(spool_directory, temp_string, 0750, FALSE))
    {
    log_write(0, LOG_MAIN|LOG_PANIC, "%s",
      string_open_failed("scan directory %s/scan/%s", spool_directory, temp_string));
    goto OUT;
    }



  if (!(mbox_file = modefopen(mbox_path, "wb", SPOOL_MODE)))
    {
    log_write(0, LOG_MAIN|LOG_PANIC, "%s",
      string_open_failed("scan file %s", mbox_path));
    goto OUT;
    }


if (  !(yield = Ufopen(mbox_path,"rb"))
   || fstat(fileno(yield), &statbuf) != 0
   )
  log_write(0, LOG_MAIN|LOG_PANIC, "%s",
    string_open_failed( "scan file %s", mbox_path));
else
  *mbox_file_size = statbuf.st_size;


    {
    debug_printf("Unable to opendir(%s): %s\n", mbox_path, strerror(errno));
    /* Just in case we still can: */
    (void) rmdir(CS mbox_path);
    return;
    }
  /* loop thru dir & delete entries */
  for (struct dirent *entry; entry = readdir(tempdir); )
    {
    uschar *name = US entry->d_name;
    int dummy;
    if (Ustrcmp(name, US".") == 0 || Ustrcmp(name, US"..") == 0) continue;

    file_path = string_sprintf("%s/%s", mbox_path, name);
    debug_printf("unspool_mbox(): unlinking '%s'\n", file_path);
    if (unlink(CS file_path) != 0)
      log_write(0, LOG_MAIN|LOG_PANIC, "unlink(%s): %s", file_path, strerror(errno));
    }

  closedir(tempdir);

  /* remove directory */
  if (rmdir(CS mbox_path) != 0)
    log_write(0, LOG_MAIN|LOG_PANIC, "rmdir(%s): %s", mbox_path, strerror(errno));
  store_reset(reset_point);
  }
spool_mbox_ok = 0;

Lines 2-9 Link Here

(-)exim.orig/src/spool_out.c (-6 / +23 lines)
2	* Exim - an Internet mail transport agent *	2	* Exim - an Internet mail transport agent *
3	*************************************************/	3	*************************************************/
4		4
		5	/* Copyright (c) The Exim Maintainers 2020 - 2022 */
5	/* Copyright (c) University of Cambridge 1995 - 2018 */	6	/* Copyright (c) University of Cambridge 1995 - 2018 */
6	/* Copyright (c) The Exim Maintainers 2020 */
7	/* See the file NOTICE for conditions of use and distribution. */	7	/* See the file NOTICE for conditions of use and distribution. */
8		8
9	/* Functions for writing spool files, and moving them about. */	9	/* Functions for writing spool files, and moving them about. */
Lines 120-127 Link Here
120	static void	120	static void
121	spool_var_write(FILE * fp, const uschar * name, const uschar * val)	121	spool_var_write(FILE * fp, const uschar * name, const uschar * val)
122	{	122	{
123	if (is_tainted(val)) putc('-', fp);	123	putc('-', fp);
124	fprintf(fp, "-%s %s\n", name, val);	124	if (is_tainted(val))
		125	{
		126	int q = quoter_for_address(val);
		127	putc('-', fp);
		128	if (is_real_quoter(q)) fprintf(fp, "(%s)", lookup_list[q]->name);
		129	}
		130	fprintf(fp, "%s %s\n", name, val);
125	}	131	}
126		132
127	/*************************************************	133	/*************************************************
Lines 174-179 Link Here
174	fprintf(fp, "%d %d\n", (int)received_time.tv_sec, warning_count);	180	fprintf(fp, "%d %d\n", (int)received_time.tv_sec, warning_count);
175		181
176	fprintf(fp, "-received_time_usec .%06d\n", (int)received_time.tv_usec);	182	fprintf(fp, "-received_time_usec .%06d\n", (int)received_time.tv_usec);
		183	fprintf(fp, "-received_time_complete %d.%06d\n",
		184	(int)received_time_complete.tv_sec, (int)received_time_complete.tv_usec);
177		185
178	/* If there is information about a sending host, remember it. The HELO	186	/* If there is information about a sending host, remember it. The HELO
179	data can be set for local SMTP as well as remote. */	187	data can be set for local SMTP as well as remote. */
Lines 183-189 Link Here
183	if (sender_host_address)	191	if (sender_host_address)
184	{	192	{
185	if (is_tainted(sender_host_address)) putc('-', fp);	193	if (is_tainted(sender_host_address)) putc('-', fp);
186	fprintf(fp, "-host_address %s.%d\n", sender_host_address, sender_host_port);	194	fprintf(fp, "-host_address [%s]:%d\n", sender_host_address, sender_host_port);
187	if (sender_host_name)	195	if (sender_host_name)
188	spool_var_write(fp, US"host_name", sender_host_name);	196	spool_var_write(fp, US"host_name", sender_host_name);
189	}	197	}
Lines 197-203 Link Here
197	if (interface_address)	205	if (interface_address)
198	{	206	{
199	if (is_tainted(interface_address)) putc('-', fp);	207	if (is_tainted(interface_address)) putc('-', fp);
200	fprintf(fp, "-interface_address %s.%d\n", interface_address, interface_port);	208	fprintf(fp, "-interface_address [%s]:%d\n", interface_address, interface_port);
201	}	209	}
202		210
203	if (smtp_active_hostname != primary_hostname)	211	if (smtp_active_hostname != primary_hostname)
Lines 222-227 Link Here
222		230
223	/* Now any other data that needs to be remembered. */	231	/* Now any other data that needs to be remembered. */
224		232
		233	if (*debuglog_name)
		234	{
		235	fprintf(fp, "-debug_selector 0x%x\n", debug_selector);
		236	fprintf(fp, "-debuglog_name %s\n", debuglog_name);
		237	}
		238
225	if (f.spool_file_wireformat)	239	if (f.spool_file_wireformat)
226	fprintf(fp, "-spool_file_wireformat\n");	240	fprintf(fp, "-spool_file_wireformat\n");
227	else	241	else
Lines 275-281 Link Here
275	fprintf(fp, "-tls_ourcert %s\n", CS big_buffer);	289	fprintf(fp, "-tls_ourcert %s\n", CS big_buffer);
276	}	290	}
277	if (tls_in.ocsp) fprintf(fp, "-tls_ocsp %d\n", tls_in.ocsp);	291	if (tls_in.ocsp) fprintf(fp, "-tls_ocsp %d\n", tls_in.ocsp);
278	# ifdef EXPERIMENTAL_TLS_RESUME	292	# ifndef DISABLE_TLS_RESUME
279	fprintf(fp, "-tls_resumption %c\n", 'A' + tls_in.resumption);	293	fprintf(fp, "-tls_resumption %c\n", 'A' + tls_in.resumption);
280	# endif	294	# endif
281	if (tls_in.ver) spool_var_write(fp, US"tls_ver", tls_in.ver);	295	if (tls_in.ver) spool_var_write(fp, US"tls_ver", tls_in.ver);
Lines 520-525 Link Here
520	{	534	{
521	uschar * dest_qname = queue_name_dest ? queue_name_dest : queue_name;	535	uschar * dest_qname = queue_name_dest ? queue_name_dest : queue_name;
522		536
		537	/* Since we are working within the spool, de-taint the dest queue name */
		538	dest_qname = string_copy_taint(dest_qname, GET_UNTAINTED);
		539
523	/* Create any output directories that do not exist. */	540	/* Create any output directories that do not exist. */
524		541
525	(void) directory_make(spool_directory,	542	(void) directory_make(spool_directory,




*************************************************/

/* Copyright (c) Phil Pennock 2012, 2016
 * Copyright (c) The Exim Maintainers 2017 - 2021
 * But almost everything here is fixed published constants from RFCs, so also:
 * Copyright (C) The Internet Society (2003)
 * Copyright (C) The IETF Trust (2008)


/* ========================================================================= */

/* Generated by Phil as a non-standard option.
openssl dhparam -2 2048
No provenance to prove non-tampering available, beyond trusting that this
developer generated this as stated above. */

 */

/* MacOSX 10.10.5 invoking system OpenSSL 0.9.8zg */
static const char dh_exim_20160529_1[] =

/* ========================================================================= */

struct dh_constant {
  const char *	label;
  const char *	pem;
  int		logging;
};

#define EXIM_DH_PRIME_DEFAULT dh_exim_20160529_3

/* KEEP SORTED ALPHABETICALLY;
duplicate PEM are okay, if we want aliases, but names must be alphabetical */

static struct dh_constant dh_constants[] = {
    /*  label			pem */
    { "default",		EXIM_DH_PRIME_DEFAULT,	0 },
    { "exim.dev.20160529.1",	dh_exim_20160529_1,	0 },
    { "exim.dev.20160529.2",	dh_exim_20160529_2,	0 },
    { "exim.dev.20160529.3",	dh_exim_20160529_3,	0 },
    { "ffdhe2048",		dh_ffdhe2048_pem,	0 },
    { "ffdhe3072",		dh_ffdhe3072_pem,	0 },
    { "ffdhe4096",		dh_ffdhe4096_pem,	0 },
    { "ffdhe6144",		dh_ffdhe6144_pem,	0 },
    { "ffdhe8192",		dh_ffdhe8192_pem,	0 },
    { "ike1",			dh_ike_1_pem,		LOG_MAIN | LOG_PANIC },
    { "ike14",			dh_ike_14_pem,		0 },
    { "ike15",			dh_ike_15_pem,		0 },
    { "ike16",			dh_ike_16_pem,		0 },
    { "ike17",			dh_ike_17_pem,		0 },
    { "ike18",			dh_ike_18_pem,		0 },
    { "ike2",			dh_ike_2_pem,		LOG_MAIN },
    { "ike22",			dh_ike_22_pem,		LOG_MAIN | LOG_PANIC },
    { "ike23",			dh_ike_23_pem,		LOG_MAIN },
    { "ike24",			dh_ike_24_pem,		LOG_MAIN },
    { "ike5",			dh_ike_5_pem,		0 },
};
static const int dh_constants_count = nelem(dh_constants);
  sizeof(dh_constants) / sizeof(struct dh_constant);


/* A policy decision; in absence of any other data, use a 2048 bit prime,
pick the first one from the latest RFC providing such. */

const char *
std_dh_prime_default(void)
{
return EXIM_DH_PRIME_DEFAULT;
}


/* Return PEM string for given name */

const char *
std_dh_prime_named(const uschar * name)
{
for (int first = 0, last = dh_constants_count; last > first; )
  {
  int middle = (first + last)/2;
  struct dh_constant * dp = &dh_constants[middle];
  int c = Ustrcmp(name, dp->label);
  if (c == 0)
    {
    if (dp->logging)
      log_write(0, dp->logging,
	"WARNING: deprecated Diffie-Hellman parameter '%s' used", dp->label);
    return dp->pem;
    }
  else if (c > 0)
    first = middle + 1;
  else
    last = middle;
  }
return NULL;
}

#endif /*DISABLE_TLS*/




*     Exim - an Internet mail transport agent    *
*************************************************/

/* Copyright (c) The Exim maintainers 2019 - 2022 */
/* Copyright (c) University of Cambridge 1995 - 2018 */
/* Copyright (c) The Exim maintainers 2019 - 2020 */
/* See the file NOTICE for conditions of use and distribution. */

/* Exim gets and frees all its store through these functions. In the original

  This means it can be freed when search_tidyup() is called to close down all
  the lookup caching.

- There is another pool (POOL_MESSAGE) used for medium-lifetime objects; within
  a single message transaction but needed for longer than the use of the main
  pool permits.  Currently this means only receive-time DKIM information.

- There is a dedicated pool for configuration data read from the config file(s).
  Once complete, it is made readonly.

- There are pools for each active combination of lookup-quoting, dynamically created.

. Orthogonal to the four main pool types, there are two classes of memory: untainted
  and tainted.  The latter is used for values derived from untrusted input, and
  the string-expansion mechanism refuses to operate on such values (obviously,
  it can expand an untainted value to return a tainted result).  The classes
  are implemented by duplicating the four pool types.  Pool resets are requested
  against the nontainted sibling and apply to both siblings.

  Only memory blocks requested for tainted use are regarded as tainted; anything

  size_t length;
} storeblock;

/* Pool descriptor struct */

typedef struct pooldesc {
  storeblock *	chainbase;		/* list of blocks in pool */
  storeblock *	current_block;		/* top block, still with free space */
  void *	next_yield;		/* next allocation point */
  int		yield_length;		/* remaining space in current block */
  unsigned	store_block_order;	/* log2(size) block allocation size */

  /* This variable is set by store_get() to its yield, and by store_reset() to
  NULL. This enables string_cat() to optimize its store handling for very long
  strings. That's why the variable is global. */

  void *	store_last_get;

  /* These are purely for stats-gathering */

  int		nbytes;
  int		maxbytes;
  int		nblocks;
  int		maxblocks;
  unsigned	maxorder;
} pooldesc;

/* Enhanced pool descriptor for quoted pools */

typedef struct quoted_pooldesc {
  pooldesc			pool;
  unsigned			quoter;
  struct quoted_pooldesc *	next;
} quoted_pooldesc;

/* Just in case we find ourselves on a system where the structure above has a
length that is not a multiple of the alignment, set up a macro for the padded
length. */

  (((sizeof(storeblock) + alignment - 1) / alignment) * alignment)

/* Size of block to get from malloc to carve up into smaller ones. This
must be a multiple of the alignment. We assume that 4096 is going to be
suitably aligned.  Double the size per-pool for every malloc, to mitigate
certain denial-of-service attacks.  Don't bother to decrease on block frees.
We waste average half the current alloc size per pool.  This could be several
hundred kB now, vs. 4kB with a constant-size block size.  But the search time
for is_tainted(), linear in the number of blocks for the pool, is O(n log n)
rather than O(n^2).
A test of 2000 RCPTs and just accept ACL had 370kB in 21 blocks before,
504kB in 6 blocks now, for the untainted-main (largest) pool.
Builds for restricted-memory system can disable the expansion by
defining RESTRICTED_MEMORY */
/*XXX should we allow any for malloc's own overhead?  But how much? */

/* #define RESTRICTED_MEMORY */
#define STORE_BLOCK_SIZE(order) ((1U << (order)) - ALIGNED_SIZEOF_STOREBLOCK)

/* Variables holding data for the local pools of store. The current pool number
is held in store_pool, which is global so that it can be changed from outside.


int store_pool = POOL_MAIN;

pooldesc paired_pools[N_PAIRED_POOLS];
quoted_pooldesc * quoted_pools = NULL;

static int n_nonpool_blocks;	/* current number of direct store_malloc() blocks */
static int max_nonpool_blocks;
static int max_pool_malloc;	/* max value for pool_malloc */
static int max_nonpool_malloc;	/* max value for nonpool_malloc */

/* pool_malloc holds the amount of memory used by the store pools; this goes up
and down as store is reset or released. nonpool_malloc is the total got by

static int pool_malloc;
static int nonpool_malloc;

/* This variable is set by store_get() to its yield, and by store_reset() to
NULL. This enables string_cat() to optimize its store handling for very long
strings. That's why the variable is global. */

void *store_last_get[NPOOLS];

/* These are purely for stats-gathering */

static int nbytes[NPOOLS];	/* current bytes allocated */
static int maxbytes[NPOOLS];	/* max number reached */
static int nblocks[NPOOLS];	/* current number of blocks allocated */
static int maxblocks[NPOOLS];
static int n_nonpool_blocks;	/* current number of direct store_malloc() blocks */
static int max_nonpool_blocks;
static int max_pool_malloc;	/* max value for pool_malloc */
static int max_nonpool_malloc;	/* max value for nonpool_malloc */


#ifndef COMPILE_UTILITY
static const uschar * pooluse[N_PAIRED_POOLS] = {
[POOL_MAIN] =		US"main",
[POOL_PERM] =		US"perm",
[POOL_CONFIG] =		US"config",
[POOL_SEARCH] =		US"search",
[POOL_MESSAGE] =	US"message",
[POOL_TAINT_MAIN] =	US"main",
[POOL_TAINT_PERM] =	US"perm",
[POOL_TAINT_CONFIG] =	US"config",
[POOL_TAINT_SEARCH] =	US"search",
[POOL_TAINT_MESSAGE] =	US"message",
};
static const uschar * poolclass[N_PAIRED_POOLS] = {
[POOL_MAIN] =		US"untainted",
[POOL_PERM] =		US"untainted",
[POOL_CONFIG] =		US"untainted",
[POOL_SEARCH] =		US"untainted",
[POOL_MESSAGE] =	US"untainted",
[POOL_TAINT_MAIN] =	US"tainted",
[POOL_TAINT_PERM] =	US"tainted",
[POOL_TAINT_CONFIG] =	US"tainted",
[POOL_TAINT_SEARCH] =	US"tainted",
[POOL_TAINT_MESSAGE] =	US"tainted",
};
#endif


static void * internal_store_malloc(size_t, const char *, int);
static void   internal_store_free(void *, const char *, int linenumber);

/******************************************************************************/

static void
pool_init(pooldesc * pp)
{
memset(pp, 0, sizeof(*pp));
pp->yield_length = -1;
pp->store_block_order = 12; /* log2(allocation_size) ie. 4kB */
}

/* Initialisation, for things fragile with parameter channges when using
static initialisers. */

void
store_init(void)
{
for (pooldesc * pp = paired_pools; pp < paired_pools + N_PAIRED_POOLS; pp++)
  pool_init(pp);
}

/******************************************************************************/
/* Locating elements given memory pointer */

static BOOL
is_pointer_in_block(const storeblock * b, const void * p)
{
uschar * bc = US b + ALIGNED_SIZEOF_STOREBLOCK;
return US p >= bc && US p < bc + b->length;
}

static pooldesc *
pool_current_for_pointer(const void * p)
{
storeblock * b;

for (quoted_pooldesc * qp = quoted_pools; qp; qp = qp->next)
  if ((b = qp->pool.current_block) && is_pointer_in_block(b, p))
    return &qp->pool;

for (pooldesc * pp = paired_pools; pp < paired_pools + N_PAIRED_POOLS; pp++)
  if ((b = pp->current_block) && is_pointer_in_block(b, p))
    return pp;
return NULL;
}

static pooldesc *
pool_for_pointer(const void * p, const char * func, int linenumber)
{
pooldesc * pp;
storeblock * b;

if ((pp = pool_current_for_pointer(p))) return pp;

for (quoted_pooldesc * qp = quoted_pools; qp; qp = qp->next)
  for (b = qp->pool.chainbase; b; b = b->next)
    if (is_pointer_in_block(b, p)) return &qp->pool;

for (pp = paired_pools; pp < paired_pools + N_PAIRED_POOLS; pp++)
  for (b = pp->chainbase; b; b = b->next)
    if (is_pointer_in_block(b, p)) return pp;

log_write(0, LOG_MAIN|LOG_PANIC_DIE,
  "bad memory reference; pool not found, at %s %d", func, linenumber);
return NULL;
}

/******************************************************************************/
/* Test if a pointer refers to tainted memory.

Slower version check, for use when platform intermixes malloc and mmap area

{
storeblock * b;

if (p == GET_UNTAINTED) return FALSE;
if (p == GET_TAINTED) return TRUE;

for (pooldesc * pp = paired_pools + POOL_TAINT_BASE;
     pp < paired_pools + N_PAIRED_POOLS; pp++)
  if ((b = pp->current_block))
    if (is_pointer_in_block(b, p)) return TRUE;

for (quoted_pooldesc * qp = quoted_pools; qp; qp = qp->next)
  if (b = qp->pool.current_block)
    if (is_pointer_in_block(b, p)) return TRUE;

for (pooldesc * pp = paired_pools + POOL_TAINT_BASE;
     pp < paired_pools + N_PAIRED_POOLS; pp++)
  for (b = pp->chainbase; b; b = b->next)
    if (is_pointer_in_block(b, p)) return TRUE;

for (quoted_pooldesc * qp = quoted_pools; qp; qp = qp->next)
  for (b = qp->pool.chainbase; b; b = b->next)
    if (is_pointer_in_block(b, p)) return TRUE;

for (int pool = POOL_TAINT_BASE; pool < nelem(chainbase); pool++)
  for (b = chainbase[pool]; b; b = b->next)
    {
    uschar * bc = US b + ALIGNED_SIZEOF_STOREBLOCK;
    if (US p >= bc && US p < bc + b->length) return TRUE;
    }
return FALSE;
}


}


#ifndef COMPILE_UTILITY
/* Return the pool for the given quoter, or null */

static pooldesc *
pool_for_quoter(unsigned quoter)
{
for (quoted_pooldesc * qp = quoted_pools; qp; qp = qp->next)
  if (qp->quoter == quoter)
    return &qp->pool;
return NULL;
}

/* Allocate/init a new quoted-pool and return the pool */
macro store_get(). It passes back a block of store within the current big
block, getting a new one if necessary. The address is saved in
store_last_was_get.

static pooldesc *
quoted_pool_new(unsigned quoter)
{
// debug_printf("allocating quoted-pool\n");
quoted_pooldesc * qp = store_get_perm(sizeof(quoted_pooldesc), GET_UNTAINTED);

pool_init(&qp->pool);
qp->quoter = quoter;
qp->next = quoted_pools;
quoted_pools = qp;
return &qp->pool;
}
#endif


/******************************************************************************/
void
store_writeprotect(int pool)
{
#if !defined(COMPILE_UTILITY) && !defined(MISSING_POSIX_MEMALIGN)
for (storeblock * b =  paired_pools[pool].chainbase; b; b = b->next)
  if (mprotect(b, ALIGNED_SIZEOF_STOREBLOCK + b->length, PROT_READ) != 0)
    DEBUG(D_any) debug_printf("config block mprotect: (%d) %s\n", errno, strerror(errno));
#endif
}

/******************************************************************************/

static void *
pool_get(pooldesc * pp, int size, BOOL align_mem, const char * func, int linenumber)
{
/* Ensure we've been asked to allocate memory.
A negative size is a sign of a security problem.
A zero size might be also suspect, but our internal usage deliberately


if (size < 0 || size >= INT_MAX/2)
  log_write(0, LOG_MAIN|LOG_PANIC_DIE,
            "bad memory allocation requested (%d bytes) from %s %d",
            size, func, linenumber);

/* Round up the size to a multiple of the alignment. Although this looks a

size is STORE_BLOCK_SIZE, and we would expect this to be the norm, since
these functions are mostly called for small amounts of store. */

if (size > pp->yield_length)
  {
  int length = MAX(
	  STORE_BLOCK_SIZE(pp->store_block_order) - ALIGNED_SIZEOF_STOREBLOCK,
	  size);
  int mlength = length + ALIGNED_SIZEOF_STOREBLOCK;
  storeblock * newblock;

  /* Sometimes store_reset() may leave a block for us; check if we can use it */

  if (  (newblock = pp->current_block)
     && (newblock = newblock->next)
     && newblock->length < length
     )
    {
    /* Give up on this block, because it's too small */
    pp->nblocks--;
    internal_store_free(newblock, func, linenumber);
    newblock = NULL;
    }


  if (!newblock)
    {
    if ((pp->nbytes += mlength) > pp->maxbytes)
      pp->maxbytes = pp->nbytes;
    if ((pool_malloc += mlength) > max_pool_malloc)	/* Used in pools */
      max_pool_malloc = pool_malloc;
    nonpool_malloc -= mlength;			/* Exclude from overall total */
    if (++pp->nblocks > pp->maxblocks)
      pp->maxblocks = pp->nblocks;

#ifndef MISSING_POSIX_MEMALIGN
    if (align_mem)
      {
      long pgsize = sysconf(_SC_PAGESIZE);
      int err = posix_memalign((void **)&newblock,
				pgsize, (mlength + pgsize - 1) & ~(pgsize - 1));
      if (err)
	log_write(0, LOG_MAIN|LOG_PANIC_DIE,
	  "failed to alloc (using posix_memalign) %d bytes of memory: '%s'"
	  "called from line %d in %s",
	  size, strerror(err), linenumber, func);
      }
    else
#endif
      newblock = internal_store_malloc(mlength, func, linenumber);
    newblock->next = NULL;
    newblock->length = length;
#ifndef RESTRICTED_MEMORY
    if (pp->store_block_order++ > pp->maxorder)
      pp->maxorder = pp->store_block_order;
#endif

    if (! pp->chainbase)
       pp->chainbase = newblock;
    else
      pp->current_block->next = newblock;
    }

  pp->current_block = newblock;
  pp->yield_length = newblock->length;
  pp->next_yield =
    (void *)(CS pp->current_block + ALIGNED_SIZEOF_STOREBLOCK);
  (void) VALGRIND_MAKE_MEM_NOACCESS(pp->next_yield, pp->yield_length);
  }

/* There's (now) enough room in the current block; the yield is the next
pointer. */

pp->store_last_get = pp->next_yield;

(void) VALGRIND_MAKE_MEM_UNDEFINED(pp->store_last_get, size);
/* Update next pointer and number of bytes left in the current block. */

pp->next_yield = (void *)(CS pp->next_yield + size);
pp->yield_length -= size;
return pp->store_last_get;
}
DEBUG(D_memory)
  debug_printf("---%d Get %6p %5d %-14s %4d\n", pool,
    store_last_get[pool], size, func, linenumber);
#endif  /* COMPILE_UTILITY */

/*************************************************
*       Get a block from the current pool        *
*************************************************/

/* Running out of store is a total disaster. This function is called via the
macro store_get(). The current store_pool is used, adjusting for taint.
If the protoype is quoted, use a quoted-pool.
Return a block of store within the current big block of the pool, getting a new
one if necessary. The address is saved in store_last_get for the pool.

Arguments:
  size        amount wanted, bytes
  proto_mem   class: get store conformant to this
		Special values: 0 forces untainted, 1 forces tainted
  func        function from which called
  linenumber  line number in source file

Returns:      pointer to store (panic on malloc failure)
*/

void *
store_get_3(int size, const void * proto_mem, const char * func, int linenumber)
{
#ifndef COMPILE_UTILITY
int quoter = quoter_for_address(proto_mem);
#endif
pooldesc * pp;
void * yield;

#ifndef COMPILE_UTILITY
if (!is_real_quoter(quoter))
#endif
  {
  BOOL tainted = is_tainted(proto_mem);
  int pool = tainted ? store_pool + POOL_TAINT_BASE : store_pool;
  pp = paired_pools + pool;
  yield = pool_get(pp, size, (pool == POOL_CONFIG), func, linenumber);

  /* Cut out the debugging stuff for utilities, but stop picky compilers from
  giving warnings. */

#ifndef COMPILE_UTILITY
  DEBUG(D_memory)
    debug_printf("---%d Get %6p %5d %-14s %4d\n", pool,
      pp->store_last_get, size, func, linenumber);
#endif
  }
#ifndef COMPILE_UTILITY
else
  {
  DEBUG(D_memory)
    debug_printf("allocating quoted-block for quoter %u (from %s %d)\n",
      quoter, func, linenumber);
  if (!(pp = pool_for_quoter(quoter))) pp = quoted_pool_new(quoter);
  yield = pool_get(pp, size, FALSE, func, linenumber);
  DEBUG(D_memory)
    debug_printf("---QQ Get %6p %5d %-14s %4d\n",
      pp->store_last_get, size, func, linenumber);
  }
#endif
return yield;
}




Arguments:
  size        amount wanted
  proto_mem   class: get store conformant to this
  func        function from which called
  linenumber  line number in source file


*/

void *
store_get_perm_3(int size, const void * proto_mem, const char * func, int linenumber)
{
void * yield;
int old_pool = store_pool;
store_pool = POOL_PERM;
yield = store_get_3(size, proto_mem, func, linenumber);
store_pool = old_pool;
return yield;
}


#ifndef COMPILE_UTILITY
/*************************************************
*  Get a block annotated as being lookup-quoted  *
*************************************************/

/* Allocate from pool a pool consistent with the proto_mem augmented by the
requested quoter type.

XXX currently not handling mark/release

Args:	size		number of bytes to allocate
	quoter		id for the quoting type
	func		caller, for debug
	linenumber	caller, for debug

Return:	allocated memory block
*/

static void *
store_force_get_quoted(int size, unsigned quoter,
  const char * func, int linenumber)
{
pooldesc * pp = pool_for_quoter(quoter);
void * yield;

DEBUG(D_memory)
  debug_printf("allocating quoted-block for quoter %u (from %s %d)\n", quoter, func, linenumber);

if (!pp) pp = quoted_pool_new(quoter);
yield = pool_get(pp, size, FALSE, func, linenumber);

DEBUG(D_memory)
  debug_printf("---QQ Get %6p %5d %-14s %4d\n",
    pp->store_last_get, size, func, linenumber);

return yield;
}

/* Maybe get memory for the specified quoter, but only if the
prototype memory is tainted. Otherwise, get plain memory.
*/
void *
store_get_quoted_3(int size, const void * proto_mem, unsigned quoter,
  const char * func, int linenumber)
{
// debug_printf("store_get_quoted_3: quoter %u\n", quoter);
return is_tainted(proto_mem)
  ? store_force_get_quoted(size, quoter, func, linenumber)
  : store_get_3(size, proto_mem, func, linenumber);
}

/* Return quoter for given address, or -1 if not in a quoted-pool. */
int
quoter_for_address(const void * p)
{
for (quoted_pooldesc * qp = quoted_pools; qp; qp = qp->next)
  {
  pooldesc * pp = &qp->pool;
  storeblock * b;

  if (b = pp->current_block)
    if (is_pointer_in_block(b, p))
      return qp->quoter;

  for (b = pp->chainbase; b; b = b->next)
    if (is_pointer_in_block(b, p))
      return qp->quoter;
  }
return -1;
}

/* Return TRUE iff the given address is quoted for the given type.
There is extra complexity to handle lookup providers with multiple
find variants but shared quote functions. */
BOOL
is_quoted_like(const void * p, unsigned quoter)
{
int pq = quoter_for_address(p);
BOOL y =
  is_real_quoter(pq) && lookup_list[pq]->quote == lookup_list[quoter]->quote;
/* debug_printf("is_quoted(%p, %u): %c\n", p, quoter, y?'T':'F'); */
return y;
}

/* Return TRUE if the quoter value indicates an actual quoter */
BOOL
is_real_quoter(int quoter)
{
return quoter >= 0;
}

/* Return TRUE if the "new" data requires that the "old" data
be recopied to new-class memory.  We order the classes as

  2: tainted, not quoted
  1: quoted (which is also tainted)
  0: untainted

If the "new" is higher-order than the "old", they are not compatible
and a copy is needed.  If both are quoted, but the quoters differ,
not compatible.  Otherwise they are compatible.
*/
BOOL
is_incompatible_fn(const void * old, const void * new)
{
int oq, nq;
unsigned oi, ni;

ni = is_real_quoter(nq = quoter_for_address(new)) ? 1 : is_tainted(new) ? 2 : 0;
oi = is_real_quoter(oq = quoter_for_address(old)) ? 1 : is_tainted(old) ? 2 : 0;
return ni > oi || ni == oi && nq != oq;
}

#endif	/*!COMPILE_UTILITY*/

/*************************************************
*      Extend a block if it is at the top        *

Returns:     TRUE if the block is at the top of the stack and has been
             extended; FALSE if it isn't at the top of the stack, or cannot
             be extended

XXX needs extension for quoted-tracking.  This assumes that the global store_pool
is the one to alloc from, which breaks with separated pools.
*/

BOOL
store_extend_3(void * ptr, int oldsize, int newsize,
   const char * func, int linenumber)
{
pooldesc * pp = pool_for_pointer(ptr, func, linenumber);
int inc = newsize - oldsize;
int rounded_oldsize = oldsize;


            "bad memory extension requested (%d -> %d bytes) at %s %d",
            oldsize, newsize, func, linenumber);

/* Check that the block being extended was already of the required taint status;
refuse to extend if not. */

if (is_tainted(ptr) != tainted)
  return FALSE;

if (rounded_oldsize % alignment != 0)
  rounded_oldsize += alignment - (rounded_oldsize % alignment);

if (CS ptr + rounded_oldsize != CS (pp->next_yield) ||
    inc > pp->yield_length + rounded_oldsize - oldsize)
  return FALSE;

/* Cut out the debugging stuff for utilities, but stop picky compilers from
giving warnings. */

#ifndef COMPILE_UTILITY
func = func;
linenumber = linenumber;
#else
DEBUG(D_memory)
  {
  quoted_pooldesc * qp;
  for (qp = quoted_pools; qp; qp = qp->next)
    if (pp == &qp->pool)
      {
      debug_printf("---Q%d Ext %6p %5d %-14s %4d\n",
	(int)(qp - quoted_pools),
	ptr, newsize, func, linenumber);
      break;
      }
  if (!qp)
    debug_printf("---%d Ext %6p %5d %-14s %4d\n",
      (int)(pp - paired_pools),
      ptr, newsize, func, linenumber);
  }
#endif  /* COMPILE_UTILITY */

if (newsize % alignment != 0) newsize += alignment - (newsize % alignment);
pp->next_yield = CS ptr + newsize;
pp->yield_length -= newsize - rounded_oldsize;
(void) VALGRIND_MAKE_MEM_UNDEFINED(ptr + oldsize, inc);
return TRUE;
}




static BOOL
is_pwr2_size(int len)
{
unsigned x = len;
return (x & (x - 1)) == 0;
}


/*************************************************
*    Back up to a previous point on the stack    *
*************************************************/

not call with a pointer returned by store_get().  Both the untainted and tainted
pools corresposding to store_pool are reset.

Quoted pools are not handled.

Arguments:
  ptr         place to back up to
  pool	      pool holding the pointer
  func        function from which called
  linenumber  line number in source file


internal_store_reset(void * ptr, int pool, const char *func, int linenumber)
{
storeblock * bb;
pooldesc * pp = paired_pools + pool;
storeblock * b = pp->current_block;
char * bc = CS b + ALIGNED_SIZEOF_STOREBLOCK;
int newlength, count;
#ifndef COMPILE_UTILITY
int oldmalloc = pool_malloc;
#endif

if (!b) return;	/* exim_dumpdb gets this, becuse it has never used tainted mem */

/* Last store operation was not a get */

pp->store_last_get = NULL;

/* See if the place is in the current block - as it often will be. Otherwise,
search for the block in which it lies. */

if (CS ptr < bc || CS ptr > bc + b->length)
  {
  for (b =  pp->chainbase; b; b = b->next)
    {
    bc = CS b + ALIGNED_SIZEOF_STOREBLOCK;
    if (CS ptr >= bc && CS ptr <= bc + b->length) break;

  }
#endif
(void) VALGRIND_MAKE_MEM_NOACCESS(ptr, newlength);
pp->next_yield = CS ptr + (newlength % alignment);
count = pp->yield_length;
count = (pp->yield_length = newlength - (newlength % alignment)) - count;
pp->current_block = b;

/* Free any subsequent block. Do NOT free the first
successor, if our current block has less than 256 bytes left. This should
prevent us from flapping memory. However, keep this block only when it has
a power-of-two size so probably is not a custom inflated one. */

if (  pp->yield_length < STOREPOOL_MIN_SIZE
   && b->next
   && is_pwr2_size(b->next->length + ALIGNED_SIZEOF_STOREBLOCK))
  {
  b = b->next;
#ifndef COMPILE_UTILITY

  }

bb = b->next;
if (pool != POOL_CONFIG)
  b->next = NULL;

while ((b = bb))
  {
  int siz = b->length + ALIGNED_SIZEOF_STOREBLOCK;

#ifndef COMPILE_UTILITY
  if (debug_store)
    assert_no_variables(b, b->length + ALIGNED_SIZEOF_STOREBLOCK,
			func, linenumber);
#endif
  bb = bb->next;
  pp->nbytes -= siz;
  pool_malloc -= siz;
  pp->nblocks--;
  if (pool != POOL_CONFIG)
    internal_store_free(b, func, linenumber);

#ifndef RESTRICTED_MEMORY
  if (pp->store_block_order > 13) pp->store_block_order--;
#endif
  }

/* Cut out the debugging stuff for utilities, but stop picky compilers from
giving warnings. */

#ifndef COMPILE_UTILITY
func = func;
linenumber = linenumber;
#else
DEBUG(D_memory)
  debug_printf("---%d Rst %6p %5d %-14s %4d\tpool %d\n", pool, ptr,
    count + oldmalloc - pool_malloc,
    func, linenumber, pool_malloc);
#endif  /* COMPILE_UTILITY */
}


/* Back up the pool pair, untainted and tainted, of the store_pool setting.
Quoted pools are not handled.
*/

rmark
store_reset_3(rmark r, const char * func, int linenumber)
{
void ** ptr = r;

if (store_pool >= POOL_TAINT_BASE)
  log_write(0, LOG_MAIN|LOG_PANIC_DIE,
    "store_reset called for pool %d: %s %d\n", store_pool, func, linenumber);
if (!r)
  log_write(0, LOG_MAIN|LOG_PANIC_DIE,
    "store_reset called with bad mark: %s %d\n", func, linenumber);

internal_store_reset(*ptr, store_pool + POOL_TAINT_BASE, func, linenumber);
internal_store_reset(ptr,  store_pool,		   func, linenumber);
return NULL;
}


/**************/

/* Free tail-end unused allocation.  This lets us allocate a big chunk
early, for cases when we only discover later how much was really needed.

*/

void
store_release_above_3(void * ptr, const char * func, int linenumber)
{
pooldesc * pp;

/* Search all pools' "current" blocks.  If it isn't one of those,
ignore it (it usually will be). */

if ((pp = pool_current_for_pointer(ptr)))
  {
  storeblock * b = pp->current_block;
  char * bc;
  int count, newlength;

  if (!b)
    continue;

  bc = CS b + ALIGNED_SIZEOF_STOREBLOCK;
  if (CS ptr < bc || CS ptr > bc + b->length)
    continue;

  /* Last store operation was not a get */

  pp->store_last_get = NULL;

  /* Back up, rounding to the alignment if necessary. When testing, flatten
  the released memory. */

  newlength = (CS b + ALIGNED_SIZEOF_STOREBLOCK) + b->length - CS ptr;
#ifndef COMPILE_UTILITY
  if (debug_store)
    {

    }
#endif
  (void) VALGRIND_MAKE_MEM_NOACCESS(ptr, newlength);
  pp->next_yield = CS ptr + (newlength % alignment);
  count = pp->yield_length;
  count = (pp->yield_length = newlength - (newlength % alignment)) - count;

  /* Cut out the debugging stuff for utilities, but stop picky compilers from
  giving warnings. */

#ifndef COMPILE_UTILITY
  func = func;
  linenumber = linenumber;
#else
  DEBUG(D_memory)
    {
    quoted_pooldesc * qp;
    for (qp = quoted_pools; qp; qp = qp->next)
      if (pp == &qp->pool)
	debug_printf("---Q%d Rel %6p %5d %-14s %4d\tpool %d\n",
	  (int)(qp - quoted_pools),
	  ptr, count, func, linenumber, pool_malloc);
    if (!qp)
      debug_printf("---%d Rel %6p %5d %-14s %4d\tpool %d\n",
	(int)(pp - paired_pools), ptr, count,
	func, linenumber, pool_malloc);
    }
#endif
  return;
  }



rmark
store_mark_3(const char * func, int linenumber)
{
void ** p;

#ifndef COMPILE_UTILITY
DEBUG(D_memory)
  debug_printf("---%d Mrk                    %-14s %4d\tpool %d\n",
    store_pool, func, linenumber, pool_malloc);
#endif  /* COMPILE_UTILITY */

if (store_pool >= POOL_TAINT_BASE)
  log_write(0, LOG_MAIN|LOG_PANIC_DIE,
    "store_mark called for pool %d: %s %d\n", store_pool, func, linenumber);

Reset uses the cookie to recover the t-mark, winds back the tainted pool with it
and winds back the untainted pool with the cookie. */

p = store_get_3(sizeof(void *), GET_UNTAINTED, func, linenumber);
*p = store_get_3(0, GET_TAINTED, func, linenumber);
return p;
}



Arguments:
  block       block of store to consider
  pp	      pool containing the block
  func        function from which called
  linenumber  line number in source file


*/

static void
store_release_3(void * block, pooldesc * pp, const char * func, int linenumber)
{
/* It will never be the first block, so no need to check that. */

for (storeblock * b =  pp->chainbase; b; b = b->next)
  {
  storeblock * bb = b->next;
  if (bb && CS block == CS bb + ALIGNED_SIZEOF_STOREBLOCK)
    {
    int siz = bb->length + ALIGNED_SIZEOF_STOREBLOCK;
    b->next = bb->next;
    pp->nbytes -= siz;
    pool_malloc -= siz;
    pp->nblocks--;

    /* Cut out the debugging stuff for utilities, but stop picky compilers
    from giving warnings. */

#ifndef COMPILE_UTILITY
    func = func;
    linenumber = linenumber;
#else
    DEBUG(D_memory)
      debug_printf("-Release %6p %-20s %4d %d\n", (void *)bb, func,
	linenumber, pool_malloc);

      memset(bb, 0xF0, bb->length+ALIGNED_SIZEOF_STOREBLOCK);
#endif  /* COMPILE_UTILITY */

    internal_store_free(bb, func, linenumber);
    return;
    }
  }

has been allocated since. If so, releases that block.

Arguments:
  oldblock
  newsize	requested size
  len		current size

Returns:	new location of data
*/

void *
store_newblock_3(void * oldblock, int newsize, int len,
  const char * func, int linenumber)
{
pooldesc * pp = pool_for_pointer(oldblock, func, linenumber);
BOOL release_ok = !is_tainted(oldblock) && pp->store_last_get == oldblock;		/*XXX why tainted not handled? */
uschar * newblock;

#if !defined(MACRO_PREDEF) && !defined(COMPILE_UTILITY)
if (is_tainted(block) != tainted)
  die_tainted(US"store_newblock", CUS func, linenumber);
#endif

if (len < 0 || len > newsize)
  log_write(0, LOG_MAIN|LOG_PANIC_DIE,
            "bad memory extension requested (%d -> %d bytes) at %s %d",
            len, newsize, func, linenumber);

newblock = store_get(newsize, oldblock);
memcpy(newblock, oldblock, len);
if (release_ok) store_release_3(oldblock, pp, func, linenumber);
return (void *)newblock;
}



*/

static void *
internal_store_malloc(size_t size, const char *func, int line)
{
void * yield;

/* Check specifically for a possibly result of conversion from
a negative int, to the (unsigned, wider) size_t */

if (size >= INT_MAX/2)
  log_write(0, LOG_MAIN|LOG_PANIC_DIE,
    "bad internal_store_malloc request (" SIZE_T_FMT " bytes) from %s %d",
    size, func, line);

size += sizeof(size_t);	/* space to store the size, used under debug */
if (size < 16) size = 16;

if (!(yield = malloc(size)))
  log_write(0, LOG_MAIN|LOG_PANIC_DIE, "failed to malloc " SIZE_T_FMT " bytes of memory: "
    "called from line %d in %s", size, line, func);

#ifndef COMPILE_UTILITY
DEBUG(D_any) *(size_t *)yield = size;
#endif
yield = US yield + sizeof(size_t);

if ((nonpool_malloc += size) > max_nonpool_malloc)
  max_nonpool_malloc = nonpool_malloc;

/* Cut out the debugging stuff for utilities, but stop picky compilers from
giving warnings. */

#ifndef COMPILE_UTILITY
func = func; line = line;
#else

/* If running in test harness, spend time making sure all the new store
is not filled with zeros so as to catch problems. */

if (f.running_in_test_harness)
  memset(yield, 0xF0, size - sizeof(size_t));
DEBUG(D_memory) debug_printf("--Malloc %6p %5lu bytes\t%-20s %4d\tpool %5d  nonpool %5d\n",
  yield, size, func, line, pool_malloc, nonpool_malloc);
#endif  /* COMPILE_UTILITY */


}

void *
store_malloc_3(size_t size, const char *func, int linenumber)
{
if (n_nonpool_blocks++ > max_nonpool_blocks)
  max_nonpool_blocks = n_nonpool_blocks;

static void
internal_store_free(void * block, const char * func, int linenumber)
{
uschar * p = US block - sizeof(size_t);
#ifndef COMPILE_UTILITY
DEBUG(D_any) nonpool_malloc -= *(size_t *)p;
DEBUG(D_memory) debug_printf("----Free %6p %5ld bytes\t%-20s %4d\n",
		    block, *(size_t *)p, func, linenumber);
#endif
free(p);
free(block);
}

void

#ifndef COMPILE_UTILITY
DEBUG(D_memory)
 {
 int i;
 debug_printf("----Exit nonpool max: %3d kB in %d blocks\n",
  (max_nonpool_malloc+1023)/1024, max_nonpool_blocks);
 debug_printf("----Exit npools  max: %3d kB\n", max_pool_malloc/1024);

 for (i = 0; i < N_PAIRED_POOLS; i++)
   {
   pooldesc * pp = paired_pools + i;
   debug_printf("----Exit  pool %2d max: %3d kB in %d blocks at order %u\t%s %s\n",
    i, (pp->maxbytes+1023)/1024, pp->maxblocks, pp->maxorder,
    poolclass[i], pooluse[i]);
   }
 i = 0;
 for (quoted_pooldesc * qp = quoted_pools; qp; i++, qp = qp->next)
   {
   pooldesc * pp = &qp->pool;
   debug_printf("----Exit  pool Q%d max: %3d kB in %d blocks at order %u\ttainted quoted:%s\n",
    i, (pp->maxbytes+1023)/1024, pp->maxblocks, pp->maxorder, lookup_list[qp->quoter]->name);
   }
 }
#endif
}


/******************************************************************************/
/* Per-message pool management */

static rmark   message_reset_point    = NULL;

void
message_start(void)
{
int oldpool = store_pool;
store_pool = POOL_MESSAGE;
if (!message_reset_point) message_reset_point = store_mark();
store_pool = oldpool;
}

void
message_tidyup(void)
{
int oldpool;
if (!message_reset_point) return;
oldpool = store_pool;
store_pool = POOL_MESSAGE;
message_reset_point = store_reset(message_reset_point);
store_pool = oldpool;
}

/******************************************************************************/
/* Debug analysis of address */

#ifndef COMPILE_UTILITY
void
debug_print_taint(const void * p)
{
int q = quoter_for_address(p);
if (!is_tainted(p)) return;
debug_printf("(tainted");
if (is_real_quoter(q)) debug_printf(", quoted:%s", lookup_list[q]->name);
debug_printf(")\n");
}
#endif

/* End of store.c */

Lines 2-9 Link Here

(-)exim.orig/src/store.h (-13 / +37 lines)
2	* Exim - an Internet mail transport agent *	2	* Exim - an Internet mail transport agent *
3	*************************************************/	3	*************************************************/
4		4
		5	/* Copyright (c) The Exim Maintainers 2020 - 2022 */
5	/* Copyright (c) University of Cambridge 1995 - 2009 */	6	/* Copyright (c) University of Cambridge 1995 - 2009 */
6	/* Copyright (c) The Exim Maintainers 2020 */
7	/* See the file NOTICE for conditions of use and distribution. */	7	/* See the file NOTICE for conditions of use and distribution. */
8		8
9	/* Header for Exim's memory allocation functions */	9	/* Header for Exim's memory allocation functions */
Lines 13-27 Link Here
13		13
14	/* Define symbols for identifying the store pools. */	14	/* Define symbols for identifying the store pools. */
15		15
16	enum { POOL_MAIN, POOL_PERM, POOL_SEARCH,	16	enum { POOL_MAIN,
		17	POOL_PERM,
		18	POOL_CONFIG,
		19	POOL_SEARCH,
		20	POOL_MESSAGE,
		21
17	POOL_TAINT_BASE,	22	POOL_TAINT_BASE,
18	POOL_TAINT_MAIN = POOL_TAINT_BASE, POOL_TAINT_PERM, POOL_TAINT_SEARCH };	23
		24	POOL_TAINT_MAIN = POOL_TAINT_BASE,
		25	POOL_TAINT_PERM,
		26	POOL_TAINT_CONFIG,
		27	POOL_TAINT_SEARCH,
		28	POOL_TAINT_MESSAGE,
		29
		30	N_PAIRED_POOLS
		31	};
19		32
20	/* This variable (the one for the current pool) is set by store_get() to its	33	/* This variable (the one for the current pool) is set by store_get() to its
21	yield, and by store_reset() to NULL. This allows string_cat() to optimize its	34	yield, and by store_reset() to NULL. This allows string_cat() to optimize its
22	store handling. */	35	store handling. */
23		36
24	extern void *store_last_get[6];	37	extern void * store_last_get[];
25		38
26	/* This variable contains the current store pool number. */	39	/* This variable contains the current store pool number. */
27		40
Lines 30-64 Link Here
30	/* Macros for calling the memory allocation routines with	43	/* Macros for calling the memory allocation routines with
31	tracing information for debugging. */	44	tracing information for debugging. */
32		45
33	#define store_extend(addr, tainted, old, new) \	46	#define store_extend(addr, old, new) \
34	store_extend_3(addr, tainted, old, new, __FUNCTION__, __LINE__)	47	store_extend_3(addr, old, new, __FUNCTION__, __LINE__)
35		48
36	#define store_free(addr) \	49	#define store_free(addr) \
37	store_free_3(addr, __FUNCTION__, __LINE__)	50	store_free_3(addr, __FUNCTION__, __LINE__)
38	/* store_get & store_get_perm are in local_scan.h */	51	/* store_get & store_get_perm are in local_scan.h */
		52	#define store_get_quoted(size, proto_mem, quoter) \
		53	store_get_quoted_3((size), (proto_mem), (quoter), __FUNCTION__, __LINE__)
39	#define store_malloc(size) \	54	#define store_malloc(size) \
40	store_malloc_3(size, __FUNCTION__, __LINE__)	55	store_malloc_3(size, __FUNCTION__, __LINE__)
41	#define store_mark(void) \	56	#define store_mark(void) \
42	store_mark_3(__FUNCTION__, __LINE__)	57	store_mark_3(__FUNCTION__, __LINE__)
43	#define store_newblock(addr, tainted, newsize, datalen) \	58	#define store_newblock(oldblock, newsize, datalen) \
44	store_newblock_3(addr, tainted, newsize, datalen, __FUNCTION__, __LINE__)	59	store_newblock_3(oldblock, newsize, datalen, __FUNCTION__, __LINE__)
45	#define store_release_above(addr) \	60	#define store_release_above(addr) \
46	store_release_above_3(addr, __FUNCTION__, __LINE__)	61	store_release_above_3(addr, __FUNCTION__, __LINE__)
47	#define store_reset(mark) \	62	#define store_reset(mark) \
48	store_reset_3(mark, store_pool, __FUNCTION__, __LINE__)	63	store_reset_3(mark, __FUNCTION__, __LINE__)
49		64
50		65
51	/* The real functions */	66	/* The real functions */
52	typedef void ** rmark;	67	typedef void ** rmark;
53		68
54	extern BOOL store_extend_3(void , BOOL, int, int, const char , int);	69	extern BOOL store_extend_3(void , int, int, const char , int);
55	extern void store_free_3(void , const char , int);	70	extern void store_free_3(void , const char , int);
56	/* store_get_3 & store_get_perm_3 are in local_scan.h */	71	/* store_get_3 & store_get_perm_3 are in local_scan.h */
57	extern void store_malloc_3(int, const char , int) ALLOC ALLOC_SIZE(1) WARN_UNUSED_RESULT;	72	extern void * store_get_quoted_3(int, const void , unsigned, const char , int);
		73	extern void * store_malloc_3(size_t, const char *, int) ALLOC ALLOC_SIZE(1) WARN_UNUSED_RESULT;
58	extern rmark store_mark_3(const char *, int);	74	extern rmark store_mark_3(const char *, int);
59	extern void store_newblock_3(void , BOOL, int, int, const char *, int);	75	extern void * store_newblock_3(void , int, int, const char , int);
60	extern void store_release_above_3(void , const char , int);	76	extern void store_release_above_3(void , const char , int);
61	extern rmark store_reset_3(rmark, int, const char *, int);	77	extern rmark store_reset_3(rmark, const char *, int);
		78
		79	#define GET_UNTAINTED (const void *)0
		80	#define GET_TAINTED (const void *)1
		81
		82	extern int quoter_for_address(const void *);
		83	extern BOOL is_quoted_like(const void *, unsigned);
		84	extern BOOL is_real_quoter(int);
		85	extern void debug_print_taint(const void * p);
62		86
63	#endif /* STORE_H */	87	#endif /* STORE_H */
64		88




*     Exim - an Internet mail transport agent    *
*************************************************/

/* Copyright (c) The Exim Maintainers 2020 - 2022 */
/* Copyright (c) University of Cambridge 1995 - 2018 */
/* Copyright (c) The Exim Maintainers 2020 */
/* See the file NOTICE for conditions of use and distribution. */

/* Miscellaneous string-handling functions. Some are not required for

const uschar *t = s;
uschar *ss, *tt;

while (*t)
  {
  int c = *t++;
  if (  !mac_isprint(c)

/* Get a new block of store guaranteed big enough to hold the
expanded string. */

tt = ss = store_get(length + nonprintcount * 3 + 1, s);

/* Copy everything, escaping non printers. */


if (!p) return s;

len = Ustrlen(s) + 1;
ss = store_get(len, s);

q = ss;
off = p - s;

*/

uschar *
string_copy_function(const uschar * s)
{
return string_copy_taint(s, s);
}

/* As above, but explicitly specifying the result taint status
As above, but explicitly specifying the result taint status
*/

uschar *
string_copy_taint_function(const uschar * s, const void * proto_mem)
{
return string_copy_taint(s, proto_mem);
uschar *ss = store_get(len, tainted);
memcpy(ss, s, len);
return ss;
}



*/

uschar *
string_copyn_function(const uschar * s, int n)
{
return string_copyn(s, n);
Ustrncpy(ss, s, n);
ss[n] = 0;
return ss;
}
#endif


*/

uschar *
string_copy_malloc(const uschar * s)
{
int len = Ustrlen(s) + 1;
uschar * ss = store_malloc(len);
memcpy(ss, s, len);
return ss;
}

*/

uschar *
string_split_message(uschar * msg)
{
uschar *s, *ss;

if (!msg || Ustrlen(msg) <= 75) return msg;
s = ss = msg = string_copy(msg);

for (;;)
  {
  int i = 0;
  while (i < 75 && *ss && *ss != '\n') ss++, i++;
  if (!*ss) break;
  if (*ss == '\n')
    s = ++ss;
  else
    {
    uschar * t = ss + 1;
    uschar * tt = NULL;
    while (--t > s + 35)
      {
      if (*t == ' ')
        {
        if (t[-1] == ':') { tt = t; break; }
        if (!tt) tt = t;
        }
      }

    if (!tt)          /* Can't split behind - try ahead */
      {
      t = ss + 1;
      while (*t)
        {
        if (*t == ' ' || *t == '\n')
          { tt = t; break; }

        }
      }

    if (!tt) break;   /* Can't find anywhere to split */
    *tt = '\n';
    s = ss = tt+1;
    }

*/

uschar *
string_copy_dnsdomain(uschar * s)
{
uschar * yield;
uschar * ss = yield = store_get(Ustrlen(s) + 1, GET_TAINTED);	/* always treat as tainted */

while (*s)
  {
  if (*s != '\\')
    *ss++ = *s++;

    *ss++ = (s[1] - '0')*100 + (s[2] - '0')*10 + s[3] - '0';
    s += 4;
    }
  else if (*++s)
    *ss++ = *s++;
  }


*/

uschar *
string_dequote(const uschar ** sptr)
{
const uschar * s = * sptr;
uschar * t, * yield;

/* First find the end of the string */

if (*s != '\"')
  while (*s && !isspace(*s)) s++;
else
  {
  s++;


/* Get enough store to copy into */

t = yield = store_get(s - *sptr + 1, *sptr);
s = *sptr;

/* Do the copy */

if (*s != '\"')
  while (*s && !isspace(*s)) *t++ = *s++;
else
  {
  s++;
  while (*s && *s != '\"')
    {
    *t++ = *s == '\\' ? string_interpret_escape(&s) : *s;
    s++;

Arguments:
  format    a printf() format - deliberately char * rather than uschar *
              because it will most usually be a literal string
  func	    caller, for debug
  line	    caller, for debug
  ...       arguments for format

Returns:    pointer to fresh piece of store containing sprintf'ed string
*/

uschar *
string_sprintf_trc(const char * format, const uschar * func, unsigned line, ...)
{
#ifdef COMPILE_UTILITY
uschar buffer[STRING_SPRINTF_BUFFER_SIZE];

*/

int
strncmpic(const uschar * s, const uschar * t, int n)
{
while (n--)
  {

*/

int
strcmpic(const uschar * s, const uschar * t)
{
while (*s)
  {
  int c = tolower(*s++) - tolower(*t++);
  if (c != 0) return c;

Returns:         pointer to substring in string, or NULL if not found
*/

const uschar *
strstric_c(const uschar * s, const uschar * t, BOOL space_follows)
{
const uschar * p = t;
const uschar * yield = NULL;
int cl = tolower(*p);
int cu = toupper(*p);


  {
  if (*s == cl || *s == cu)
    {
    if (!yield) yield = s;
    if (!*++p)
      {
      if (!space_follows || s[1] == ' ' || s[1] == '\n' ) return yield;
      yield = NULL;

    cu = toupper(*p);
    s++;
    }
  else if (yield)
    {
    yield = NULL;
    p = t;

return NULL;
}

uschar *
strstric(uschar * s, uschar * t, BOOL space_follows)
{
return US strstric_c(s, t, space_follows);
}


#ifdef COMPILE_UTILITY

  separator  a pointer to the separator character in an int (see above)
  buffer     where to put a copy of the next string in the list; or
               NULL if the next string is returned in new memory
	     Note that if the list is tainted then a provided buffer must be
	     also (else we trap, with a message referencing the callsite).
	     If we do the allocation, taint is handled there.
  buflen     when buffer is not NULL, the size of buffer; otherwise ignored

  func	     caller, for debug
  line	     caller, for debug

Returns:     pointer to buffer, containing the next substring,
             or NULL if no more substrings
*/

uschar *
string_nextinlist_trc(const uschar ** listptr, int * separator, uschar * buffer,
  int buflen, const uschar * func, int line)
{
int sep = *separator;
const uschar * s = *listptr;
BOOL sep_is_special;

if (!s) return NULL;

sep_is_special = iscntrl(sep);

/* Handle the case when a buffer is provided. */
/*XXX need to also deal with qouted-requirements mismatch */

if (buffer)
  {

  start of a string. Avoid getting working memory for an empty item. */

  if (*s == sep)
    if (*++s != sep || sep_is_special)
    s++;
    if (*s != sep || sep_is_special)
      {
      *listptr = s;
      return string_copy(US"");
      }
    }

  /* Not an empty string; the first character is guaranteed to be a data
  character. */

    s = ss;
    if (!*s || *++s != sep || sep_is_special) break;
    }

  /* Trim trailing spaces from the returned string */

  /* while (g->ptr > 0 && isspace(g->s[g->ptr-1])) g->ptr--; */
  while (  g->ptr > 0 && isspace(g->s[g->ptr-1])
	&& (g->ptr == 1 || g->s[g->ptr-2] != '\\') )
    g->ptr--;
  buffer = string_from_gstring(g);
  gstring_release_unused_trc(g, CCS func, line);
  }

/* Update the current pointer and return the new string */

{
int p = g->ptr;
int oldsize = g->size;
BOOL tainted = is_tainted(g->s);

/* Mostly, string_cat() is used to build small strings of a few hundred
characters at most. There are times, however, when the strings are very much

was the last item on the dynamic memory stack. This is the case if it matches
store_last_get. */

if (!store_extend(g->s, oldsize, g->size))
  g->s = store_newblock(g->s, g->size, p);
}



sometimes called to extract parts of other strings.

Arguments:
  g	   growable-string that is being built, or NULL if not assigned yet
             if this is a new string that has no contents yet
  s        points to characters to add
  count    count of characters to add; must not exceed the length of s, if s
             is a C string.

Returns:   growable string, changed if copied for expansion.
           Note that a NUL is not added, though space is left for one. This is
           because string_cat() is often called multiple times to build up a
           string - there's no point adding the NUL till the end.
	   NULL is a possible return.

*/
/* coverity[+alloc] */

gstring *
string_catn(gstring * g, const uschar * s, int count)
{
int p;
BOOL srctaint = is_tainted(s);

if (count < 0)
  log_write(0, LOG_MAIN|LOG_PANIC_DIE,
    "internal error in string_catn (count %d)", count);
if (count == 0) return g;

/*debug_printf("string_catn '%.*s'\n", count, s);*/
if (!g)
  {
  unsigned inc = count < 4096 ? 127 : 1023;
  unsigned size = ((count + inc) &  ~inc) + 1;	/* round up requested count */
  g = string_get_tainted(size, s);
  }
else if (!g->s)			/* should not happen */
  {
  g->s = string_copyn(s, count);
  g->ptr = count;
  g->size = count;	/*XXX suboptimal*/
  return g;
  }
else if (is_incompatible(g->s, s))
  {
/* debug_printf("rebuf A\n"); */
  gstring_rebuffer(g, s);
  }
else if (srctaint && !is_tainted(g->s))
  gstring_rebuffer(g);

if (g->ptr < 0 || g->ptr > g->size)
  log_write(0, LOG_MAIN|LOG_PANIC_DIE,



gstring *
string_cat(gstring * g, const uschar * s)
{
return string_catn(g, s, Ustrlen(s));
}



It calls string_cat() to do the dirty work.

Arguments:
  g	   growable-string that is being built, or NULL if not yet assigned
             if this is a new string that has no contents yet
  count    the number of strings to append
  ...      "count" uschar* arguments, which must be valid zero-terminated
             C strings

Returns:   growable string, changed if copied for expansion.
           The string is not zero-terminated - see string_cat() above.
*/

__inline__ gstring *
string_append(gstring * g, int count, ...)
{
va_list ap;

va_start(ap, count);
while (count-- > 0)
  {
  uschar * t = va_arg(ap, uschar *);
  g = string_cat(g, t);
  }
va_end(ap);

return g;
}
#endif


string_format_trc(uschar * buffer, int buflen,
  const uschar * func, unsigned line, const char * format, ...)
{
gstring g = { .size = buflen, .ptr = 0, .s = buffer }, * gp;
va_list ap;
va_start(ap, format);
gp = string_vformat_trc(&g, func, line, STRING_SPRINTF_BUFFER_SIZE,


gstring *
string_vformat_trc(gstring * g, const uschar * func, unsigned line,
  unsigned size_limit, unsigned flags, const char * format, va_list ap)
{
enum ltypes { L_NORMAL=1, L_SHORT=2, L_LONG=3, L_LONGLONG=4, L_LONGDOUBLE=5, L_SIZE=6 };

int width, precision, off, lim, need;
const char * fp = format;	/* Deliberately not unsigned */
BOOL dest_tainted = FALSE;

string_datestamp_offset = -1;	/* Datestamp not inserted */
string_datestamp_length = 0;	/* Datestamp not inserted */


/* Ensure we have a string, to save on checking later */
if (!g) g = string_get(16);
else if (!(flags & SVFMT_TAINT_NOCHK)) dest_tainted = is_tainted(g->s);

if (!(flags & SVFMT_TAINT_NOCHK) && is_incompatible(g->s, format))
  {
#ifndef MACRO_PREDEF
  if (!(flags & SVFMT_REBUFFER))
    die_tainted(US"string_vformat", func, line);
#endif
/* debug_printf("rebuf B\n"); */
  gstring_rebuffer(g, format);
  }
#endif	/*!COMPILE_UTILITY*/


while (*fp)
  {
  int length = L_NORMAL;
  int * nptr;
  int slen;
  const char *null = "NULL";		/* ) These variables */
  const char *item_start, *s;		/* ) are deliberately */

      if (!s) s = null;
      slen = Ustrlen(s);

      if (!(flags & SVFMT_TAINT_NOCHK) && is_incompatible(g->s, s))
	if (flags & SVFMT_REBUFFER)
	  {
/* debug_printf("%s %d: untainted workarea, tainted %%s :- rebuffer\n", __FUNCTION__, __LINE__); */
	  gstring_rebuffer(g, s);
	  gp = CS g->s + g->ptr;
	  dest_tainted = TRUE;
	  }
#ifndef MACRO_PREDEF
	else

"Permission denied", reads and includes the euid and egid.

Arguments:
  eno           the value of errno after the failure
  format        a text format string - deliberately not uschar *
  func		caller, for debug
  line		caller, for debug
  ...           arguments for the format string

Returns:        a message, in dynamic store
*/

uschar *
string_open_failed_trc(const uschar * func, unsigned line,
  const char * format, ...)
{
va_list ap;
gstring * g = string_get(1024);

va_start(ap, format);
(void) string_vformat_trc(g, func, line, STRING_SPRINTF_BUFFER_SIZE,
	SVFMT_REBUFFER, format, ap);
string_from_gstring(g);
gstring_release_unused(g);
va_end(ap);

g = string_catn(g, US": ", 2);
g = string_cat(g, US strerror(errno));

if (errno == EACCES)
  {
  int save_errno = errno;
  g = string_fmt_append(g, " (euid=%ld egid=%ld)",
    (long int)geteuid(), (long int)getegid());
  errno = save_errno;
  }
gstring_release_unused(g);
return string_from_gstring(g);
}
#endif  /* COMPILE_UTILITY */





#ifndef COMPILE_UTILITY
/* qsort(3), currently used to sort the environment variables
for -bP environment output, needs a function to compare two pointers to string
pointers. Here it is. */

uschar buffer[256];

printf("Testing is_ip_address\n");
store_init();

while (fgets(CS buffer, sizeof(buffer), stdin) != NULL)
  {

Lines 2-9 Link Here

(-)exim.orig/src/structs.h (-7 / +23 lines)
2	* Exim - an Internet mail transport agent *	2	* Exim - an Internet mail transport agent *
3	*************************************************/	3	*************************************************/
4		4
		5	/* Copyright (c) The Exim Maintainers 2020 - 2022 */
5	/* Copyright (c) University of Cambridge 1995 - 2018 */	6	/* Copyright (c) University of Cambridge 1995 - 2018 */
6	/* Copyright (c) The Exim Maintainers 2020 */
7	/* See the file NOTICE for conditions of use and distribution. */	7	/* See the file NOTICE for conditions of use and distribution. */
8		8
9		9
Lines 133-143 Link Here
133	uschar name; / Instance name */	133	uschar name; / Instance name */
134	struct driver_info info; / Points to info for this driver */	134	struct driver_info info; / Points to info for this driver */
135	void options_block; / Pointer to private options */	135	void options_block; / Pointer to private options */
		136
136	uschar driver_name; / All start with this generic option */	137	uschar driver_name; / All start with this generic option */
		138	const uschar srcfile; / and config source info for errors */
		139	int srcline;
137	} driver_instance;	140	} driver_instance;
138		141
139	typedef struct driver_info {	142	typedef struct driver_info {
140	uschar driver_name; / Name of driver */	143	uschar driver_name; / Name of driver */
		144
141	optionlist options; / Table of private options names */	145	optionlist options; / Table of private options names */
142	int options_count; / -> Number of entries in table */	146	int options_count; / -> Number of entries in table */
143	void options_block; / Points to default private block */	147	void options_block; / Points to default private block */
Lines 159-164 Link Here
159	struct transport_info info; / Info for this driver */	163	struct transport_info info; / Info for this driver */
160	void options_block; / Pointer to private options */	164	void options_block; / Pointer to private options */
161	uschar driver_name; / Must be first */	165	uschar driver_name; / Must be first */
		166	const uschar *srcfile;
		167	int srcline;
		168
162	int (setup)( / Setup entry point */	169	int (setup)( / Setup entry point */
163	struct transport_instance *,	170	struct transport_instance *,
164	struct address_item *,	171	struct address_item *,
Lines 283-288 Link Here
283	struct router_info *info;	290	struct router_info *info;
284	void options_block; / Pointer to private options */	291	void options_block; / Pointer to private options */
285	uschar driver_name; / Must be first */	292	uschar driver_name; / Must be first */
		293	const uschar *srcfile;
		294	int srcline;
286		295
287	uschar address_data; / Arbitrary data */	296	uschar address_data; / Arbitrary data */
288	#ifdef EXPERIMENTAL_BRIGHTMAIL	297	#ifdef EXPERIMENTAL_BRIGHTMAIL
Lines 400-405 Link Here
400	struct auth_info info; / Pointer to driver info block */	409	struct auth_info info; / Pointer to driver info block */
401	void options_block; / Pointer to private options */	410	void options_block; / Pointer to private options */
402	uschar driver_name; / Must be first */	411	uschar driver_name; / Must be first */
		412	const uschar *srcfile;
		413	int srcline;
		414
403	uschar advertise_condition; / Are we going to advertise this?*/	415	uschar advertise_condition; / Are we going to advertise this?*/
404	uschar client_condition; / Should the client try this? */	416	uschar client_condition; / Should the client try this? */
405	uschar public_name; / Advertised name */	417	uschar public_name; / Advertised name */
Lines 435-442 Link Here
435	int, /* command timeout */	447	int, /* command timeout */
436	uschar , / buffer for reading response */	448	uschar , / buffer for reading response */
437	int); /* sizeof buffer */	449	int); /* sizeof buffer */
438	void (version_report)( / diagnostic version reporting */	450	gstring * (version_report)( / diagnostic version reporting */
439	FILE ); / I/O stream to print to */	451	gstring ); / string to append to */
440	void (macros_create)(void); / feature-macro creation */	452	void (macros_create)(void); / feature-macro creation */
441	} auth_info;	453	} auth_info;
442		454
Lines 518-526 Link Here
518	uschar remove_headers; / list of those to remove */	530	uschar remove_headers; / list of those to remove */
519	void variables; / router-vasriables */	531	void variables; / router-vasriables */
520		532
521	#ifdef EXPERIMENTAL_SRS
522	uschar srs_sender; / Change return path when delivering */
523	#endif
524	BOOL ignore_error:1; /* ignore delivery error */	533	BOOL ignore_error:1; /* ignore delivery error */
525	#ifdef SUPPORT_I18N	534	#ifdef SUPPORT_I18N
526	BOOL utf8_msg:1; /* requires SMTPUTF8 processing */	535	BOOL utf8_msg:1; /* requires SMTPUTF8 processing */
Lines 626-631 Link Here
626	BOOL af_verify_routed:1; /* for cached sender verify: routed OK */	635	BOOL af_verify_routed:1; /* for cached sender verify: routed OK */
627	BOOL af_verify_callout:1; /* for cached sender verify: callout was specified */	636	BOOL af_verify_callout:1; /* for cached sender verify: callout was specified */
628	BOOL af_include_affixes:1; /* delivered with affixes in RCPT */	637	BOOL af_include_affixes:1; /* delivered with affixes in RCPT */
		638	BOOL af_new_conn:1; /* delivered on an fresh TCP conn */
		639	BOOL af_cont_conn:1; /* delivered (with new MAIL cmd) on an existing TCP conn */
629	BOOL af_cert_verified:1; /* delivered with verified TLS cert */	640	BOOL af_cert_verified:1; /* delivered with verified TLS cert */
630	BOOL af_pass_message:1; /* pass message in bounces */	641	BOOL af_pass_message:1; /* pass message in bounces */
631	BOOL af_bad_reply:1; /* filter could not generate autoreply */	642	BOOL af_bad_reply:1; /* filter could not generate autoreply */
Lines 647-653 Link Here
647	#ifdef SUPPORT_I18N	658	#ifdef SUPPORT_I18N
648	BOOL af_utf8_downcvt:1; /* downconvert was done for delivery */	659	BOOL af_utf8_downcvt:1; /* downconvert was done for delivery */
649	#endif	660	#endif
650	#ifdef EXPERIMENTAL_TLS_RESUME	661	#ifndef DISABLE_TLS_RESUME
651	BOOL af_tls_resume:1; /* TLS used a resumed session */	662	BOOL af_tls_resume:1; /* TLS used a resumed session */
652	#endif	663	#endif
653	} flags;	664	} flags;
Lines 820-825 Link Here
820	int host_af;	831	int host_af;
821	uschar * interface;	832	uschar * interface;
822		833
		834	int sock; /* used for a bound but not connected socket */
		835	uschar * sending_ip_address; /* used for TLS resumption */
		836	const uschar * host_lbserver; /* ditto, for server-behind LB */
		837	BOOL have_lbserver:1; /* host_lbserver is valid */
		838
823	#ifdef SUPPORT_DANE	839	#ifdef SUPPORT_DANE
824	BOOL dane:1; /* connection must do dane */	840	BOOL dane:1; /* connection must do dane */
825	dns_answer tlsa_dnsa; /* strictly, this should use tainted mem */	841	dns_answer tlsa_dnsa; /* strictly, this should use tainted mem */

Lines 2-9 Link Here

(-)exim.orig/src/tls.c (-3 / +360 lines)
2	* Exim - an Internet mail transport agent *	2	* Exim - an Internet mail transport agent *
3	*************************************************/	3	*************************************************/
4		4
		5	/* Copyright (c) The Exim Maintainers 2020 - 2022 */
5	/* Copyright (c) University of Cambridge 1995 - 2018 */	6	/* Copyright (c) University of Cambridge 1995 - 2018 */
6	/* Copyright (c) The Exim Maintainers 2020 */
7	/* See the file NOTICE for conditions of use and distribution. */	7	/* See the file NOTICE for conditions of use and distribution. */
8		8
9	/* This module provides TLS (aka SSL) support for Exim. The code for OpenSSL is	9	/* This module provides TLS (aka SSL) support for Exim. The code for OpenSSL is
Lines 25-30 Link Here
25	#endif	25	#endif
26		26
27		27
		28	/* Forward decl. */
		29	static void tls_client_resmption_key(tls_support , smtp_connect_args ,
		30	smtp_transport_options_block *);
		31
		32
28	#if defined(MACRO_PREDEF) && !defined(DISABLE_TLS)	33	#if defined(MACRO_PREDEF) && !defined(DISABLE_TLS)
29	# include "macro_predef.h"	34	# include "macro_predef.h"
30	# ifdef USE_GNUTLS	35	# ifdef USE_GNUTLS
Lines 36-41 Link Here
36		41
37	#ifndef MACRO_PREDEF	42	#ifndef MACRO_PREDEF
38		43
		44	static void tls_per_lib_daemon_init(void);
		45	static void tls_per_lib_daemon_tick(void);
		46	static unsigned tls_server_creds_init(void);
		47	static void tls_server_creds_invalidate(void);
		48	static void tls_client_creds_init(transport_instance *, BOOL);
		49	static void tls_client_creds_invalidate(transport_instance *);
		50	static void tls_daemon_creds_reload(void);
		51	static BOOL opt_set_and_noexpand(const uschar *);
		52	static BOOL opt_unset_or_noexpand(const uschar *);
		53
		54
		55
39	/* This module is compiled only when it is specifically requested in the	56	/* This module is compiled only when it is specifically requested in the
40	build-time configuration. However, some compilers don't like compiling empty	57	build-time configuration. However, some compilers don't like compiling empty
41	modules, so keep them happy with a dummy when skipping the rest. Make it	58	modules, so keep them happy with a dummy when skipping the rest. Make it
Lines 45-51 Link Here
45		62
46	#ifdef DISABLE_TLS	63	#ifdef DISABLE_TLS
47	static void dummy(int x) { dummy(x-1); }	64	static void dummy(int x) { dummy(x-1); }
48	#else	65	#else /* most of the rest of the file */
		66
		67	const exim_tlslib_state null_tls_preload = {0};
49		68
50	/* Static variables that are used for buffering data by both sets of	69	/* Static variables that are used for buffering data by both sets of
51	functions and the common functions below.	70	functions and the common functions below.
Lines 62-67 Link Here
62	static BOOL ssl_xfer_error = FALSE;	81	static BOOL ssl_xfer_error = FALSE;
63	#endif	82	#endif
64		83
		84	#ifdef EXIM_HAVE_KEVENT
		85	# define KEV_SIZE 16 /* Eight file,dir pairs */
		86	static struct kevent kev[KEV_SIZE];
		87	static int kev_used = 0;
		88	#endif
		89
		90	static unsigned tls_creds_expire = 0;
65		91
66	/*************************************************	92	/*************************************************
67	* Expand string; give error on failure *	93	* Expand string; give error on failure *
Lines 96-101 Link Here
96	}	122	}
97		123
98		124
		125	#if defined(EXIM_HAVE_INOTIFY) \|\| defined(EXIM_HAVE_KEVENT)
		126	/* Add the directory for a filename to the inotify handle, creating that if
		127	needed. This is enough to see changes to files in that dir.
		128	Return boolean success.
		129
		130	The word "system" fails, which is on the safe side as we don't know what
		131	directory it implies nor if the TLS library handles a watch for us.
		132
		133	The string "system,cache" is recognised and explicitly accepted without
		134	setting a watch. This permits the system CA bundle to be cached even though
		135	we have no way to tell when it gets modified by an update.
		136	The call chain for OpenSSL uses a (undocumented) call into the library
		137	to discover the actual file. We don't know what GnuTLS uses.
		138
		139	A full set of caching including the CAs takes 35ms output off of the
		140	server tls_init() (GnuTLS, Fedora 32, 2018-class x86_64 laptop hardware).
		141	*/
		142	static BOOL
		143	tls_set_one_watch(const uschar * filename)
		144	# ifdef EXIM_HAVE_INOTIFY
		145	{
		146	uschar * s;
		147
		148	if (Ustrcmp(filename, "system,cache") == 0) return TRUE;
		149
		150	if (!(s = Ustrrchr(filename, '/'))) return FALSE;
		151	s = string_copyn(filename, s - filename); /* mem released by tls_set_watch */
		152	DEBUG(D_tls) debug_printf("watch dir '%s'\n", s);
		153
		154	/XXX unclear what effect symlinked files will have for inotify /
		155
		156	if (inotify_add_watch(tls_watch_fd, CCS s,
		157	IN_ONESHOT \| IN_CLOSE_WRITE \| IN_DELETE \| IN_DELETE_SELF
		158	\| IN_MOVED_FROM \| IN_MOVED_TO \| IN_MOVE_SELF) >= 0)
		159	return TRUE;
		160	DEBUG(D_tls) debug_printf("notify_add_watch: %s\n", strerror(errno));
		161	return FALSE;
		162	}
		163	# endif
		164	# ifdef EXIM_HAVE_KEVENT
		165	{
		166	uschar * s, * t;
		167	int fd1, fd2, i, j, cnt = 0;
		168	struct stat sb;
		169	#ifdef OpenBSD
		170	struct kevent k_dummy;
		171	struct timespec ts = {0};
		172	#endif
		173
		174	errno = 0;
		175	if (Ustrcmp(filename, "system,cache") == 0) return TRUE;
		176
		177	for (;;)
		178	{
		179	if (kev_used > KEV_SIZE-2) { s = US"out of kev space"; goto bad; }
		180	if (!(s = Ustrrchr(filename, '/'))) return FALSE;
		181	s = string_copyn(filename, s - filename); /* mem released by tls_set_watch */
		182
		183	/* The dir open will fail if there is a symlink on the path. Fine; it's too
		184	much effort to handle all possible cases; just refuse the preload. */
		185
		186	if ((fd2 = open(CCS s, O_RDONLY \| O_NOFOLLOW)) < 0) { s = US"open dir"; goto bad; }
		187
		188	if ((lstat(CCS filename, &sb)) < 0) { s = US"lstat"; goto bad; }
189	if (!S_ISLNK(sb.st_mode))
190	{
191	if ((fd1 = open(CCS filename, O_RDONLY \| O_NOFOLLOW)) < 0)
192	{ s = US"open file"; goto bad; }
193	DEBUG(D_tls) debug_printf("watch file '%s':\t%d\n", filename, fd1);
194	EV_SET(&kev[kev_used++],
195	(uintptr_t)fd1,
196	EVFILT_VNODE,
197	EV_ADD \| EV_ENABLE \| EV_ONESHOT,
198	NOTE_DELETE \| NOTE_WRITE \| NOTE_EXTEND
199	\| NOTE_ATTRIB \| NOTE_RENAME \| NOTE_REVOKE,
200	0,
201	NULL);
202	cnt++;
203	}
204	DEBUG(D_tls) debug_printf("watch dir '%s':\t%d\n", s, fd2);
205	EV_SET(&kev[kev_used++],
206	(uintptr_t)fd2,
207	EVFILT_VNODE,
208	EV_ADD \| EV_ENABLE \| EV_ONESHOT,
209	NOTE_DELETE \| NOTE_WRITE \| NOTE_EXTEND
210	\| NOTE_ATTRIB \| NOTE_RENAME \| NOTE_REVOKE,
211	0,
212	NULL);
213	cnt++;
214
215	if (!(S_ISLNK(sb.st_mode))) break;
216
217	t = store_get(1024, GET_UNTAINTED);
218	Ustrncpy(t, s, 1022);
219	j = Ustrlen(s);
220	t[j++] = '/';
221	if ((i = readlink(CCS filename, (void *)(t+j), 1023-j)) < 0) { s = US"readlink"; goto bad; }
222	filename = t;
223	*(t += i+j) = '\0';
224	store_release_above(t+1);
225	}
226
227	#ifdef OpenBSD
228	if (kevent(tls_watch_fd, &kev[kev_used-cnt], cnt, &k_dummy, 1, &ts) >= 0)
229	return TRUE;
230	#else
231	if (kevent(tls_watch_fd, &kev[kev_used-cnt], cnt, NULL, 0, NULL) >= 0)
232	return TRUE;
233	#endif
234	s = US"kevent";
235
236	bad:
237	DEBUG(D_tls)
238	if (errno)
239	debug_printf("%s: %s: %s\n", __FUNCTION__, s, strerror(errno));
240	else
241	debug_printf("%s: %s\n", __FUNCTION__, s);
242	return FALSE;
243	}
244	# endif /EXIM_HAVE_KEVENT/
245
246
247	/* Create an inotify facility if needed.
248	Then set watches on the dir containing the given file or (optionally)
249	list of files. Return boolean success. */
250
251	static BOOL
252	tls_set_watch(const uschar * filename, BOOL list)
253	{
254	rmark r;
255	BOOL rc = FALSE;
256
257	if (!filename \|\| !*filename) return TRUE;
258	if (Ustrncmp(filename, "system", 6) == 0) return TRUE;
259
260	DEBUG(D_tls) debug_printf("tls_set_watch: '%s'\n", filename);
261
262	if ( tls_watch_fd < 0
263	# ifdef EXIM_HAVE_INOTIFY
264	&& (tls_watch_fd = inotify_init1(O_CLOEXEC)) < 0
265	# endif
266	# ifdef EXIM_HAVE_KEVENT
267	&& (tls_watch_fd = kqueue()) < 0
268	# endif
269	)
270	{
271	DEBUG(D_tls) debug_printf("inotify_init: %s\n", strerror(errno));
272	return FALSE;
273	}
274
275	r = store_mark();
276
277	if (list)
278	{
279	int sep = 0;
280	for (uschar * s; s = string_nextinlist(&filename, &sep, NULL, 0); )
281	if (!(rc = tls_set_one_watch(s))) break;
282	}
283	else
284	rc = tls_set_one_watch(filename);
285
286	store_reset(r);
287	if (!rc) DEBUG(D_tls) debug_printf("tls_set_watch() fail on '%s': %s\n", filename, strerror(errno));
288	return rc;
289	}
290
291
292	void
293	tls_watch_discard_event(int fd)
294	{
295	#ifdef EXIM_HAVE_INOTIFY
296	(void) read(fd, big_buffer, big_buffer_size);
297	#endif
298	#ifdef EXIM_HAVE_KEVENT
299	struct kevent kev;
300	struct timespec t = {0};
301	(void) kevent(fd, NULL, 0, &kev, 1, &t);
302	#endif
303	}
304	#endif /EXIM_HAVE_INOTIFY/
305
306
307	void
308	tls_client_creds_reload(BOOL watch)
309	{
310	for(transport_instance * t = transports; t; t = t->next)
311	if (Ustrcmp(t->driver_name, "smtp") == 0)
312	{
313	tls_client_creds_invalidate(t);
314	tls_client_creds_init(t, watch);
315	}
316	}
317
318
319	void
320	tls_watch_invalidate(void)
321	{
322	if (tls_watch_fd < 0) return;
323
324	#ifdef EXIM_HAVE_KEVENT
325	/* Close the files we had open for kevent */
326	for (int i = 0; i < kev_used; i++)
327	{
328	DEBUG(D_tls) debug_printf("closing watch fd: %d\n", (int) kev[i].ident);
329	(void) close((int) kev[i].ident);
330	kev[i].ident = (uintptr_t)-1;
331	}
332	kev_used = 0;
333	#endif
334
335	close(tls_watch_fd);
336	tls_watch_fd = -1;
337	}
338
339
340	static void
341	tls_daemon_creds_reload(void)
342	{
343	unsigned lifetime;
344
345	#ifdef EXIM_HAVE_KEVENT
346	tls_watch_invalidate();
347	#endif
348
349	tls_server_creds_invalidate();
350	tls_creds_expire = (lifetime = tls_server_creds_init())
351	? time(NULL) + lifetime : 0;
352
353	tls_client_creds_reload(TRUE);
354	}
355
356
357	/* Utility predicates for use by the per-library code */
358	static BOOL
359	opt_set_and_noexpand(const uschar * opt)
360	{ return opt && *opt && Ustrchr(opt, '$') == NULL; }
361
362	static BOOL
363	opt_unset_or_noexpand(const uschar * opt)
364	{ return !opt \|\| Ustrchr(opt, '$') == NULL; }
365
366
367
368	/* Called every time round the daemon loop.
369
370	If we reloaded fd-watcher, return the old watch fd
371	having modified the global for the new one. Otherwise
372	return -1.
373	*/
374
375	int
376	tls_daemon_tick(void)
377	{
378	int old_watch_fd = tls_watch_fd;
379
380	tls_per_lib_daemon_tick();
381	#if defined(EXIM_HAVE_INOTIFY) \|\| defined(EXIM_HAVE_KEVENT)
382	if (tls_creds_expire && time(NULL) >= tls_creds_expire)
383	{
384	/* The server cert is a selfsign, with limited lifetime. Dump it and
385	generate a new one. Reload the rest of the creds also as the machinery
386	is all there. */
387
388	DEBUG(D_tls) debug_printf("selfsign cert rotate\n");
389	tls_creds_expire = 0;
390	tls_daemon_creds_reload();
391	return old_watch_fd;
392	}
393	else if (tls_watch_trigger_time && time(NULL) >= tls_watch_trigger_time + 5)
394	{
395	/* Called, after a delay for multiple file ops to get done, from
396	the daemon when any of the watches added (above) fire.
397	Dump the set of watches and arrange to reload cached creds (which
398	will set up new watches). */
399
400	DEBUG(D_tls) debug_printf("watch triggered\n");
401	tls_watch_trigger_time = tls_creds_expire = 0;
402	tls_daemon_creds_reload();
403	return old_watch_fd;
404	}
405	#endif
406	return -1;
407	}
408
409	/* Called once at daemon startup */
410
411	void
412	tls_daemon_init(void)
413	{
414	tls_per_lib_daemon_init();
415	}
416
417
99	/*************************************************	418	/*************************************************
100	* Timezone environment flipping *	419	* Timezone environment flipping *
101	*************************************************/	420	*************************************************/
Lines 372-378 Link Here
372	return FALSE;	691	return FALSE;
373	}	692	}
374		693
375
376	/* Environment cleanup: The GnuTLS library uses SSLKEYLOGFILE in the environment	694	/* Environment cleanup: The GnuTLS library uses SSLKEYLOGFILE in the environment
377	and writes a file by that name. Our OpenSSL code does the same, using keying	695	and writes a file by that name. Our OpenSSL code does the same, using keying
378	info from the library API.	696	info from the library API.
Lines 478-483 Link Here
478		796
479		797
480		798
		799	static void
		800	tls_client_resmption_key(tls_support * tlsp, smtp_connect_args * conn_args,
		801	smtp_transport_options_block * ob)
		802	{
		803	#ifndef DISABLE_TLS_RESUME
		804	hctx * h = &tlsp->resume_hctx;
		805	blob b;
		806	gstring * g;
		807
		808	DEBUG(D_tls) if (conn_args->host_lbserver)
		809	debug_printf("TLS: lbserver '%s'\n", conn_args->host_lbserver);
		810
		811	# ifdef EXIM_HAVE_SHA2
		812	exim_sha_init(h, HASH_SHA2_256);
		813	# else
		814	exim_sha_init(h, HASH_SHA1);
		815	# endif
		816	exim_sha_update_string(h, conn_args->host_lbserver);
		817	# ifdef SUPPORT_DANE
		818	if (conn_args->dane)
		819	exim_sha_update(h, CUS &conn_args->tlsa_dnsa, sizeof(dns_answer));
		820	# endif
		821	exim_sha_update_string(h, conn_args->host->address);
		822	exim_sha_update(h, CUS &conn_args->host->port, sizeof(conn_args->host->port));
		823	exim_sha_update_string(h, conn_args->sending_ip_address);
		824	exim_sha_update_string(h, openssl_options);
		825	exim_sha_update_string(h, ob->tls_require_ciphers);
		826	exim_sha_update_string(h, tlsp->sni);
		827	# ifdef EXIM_HAVE_ALPN
		828	exim_sha_update_string(h, ob->tls_alpn);
		829	# endif
		830	exim_sha_finish(h, &b);
		831	for (g = string_get(b.len*2+1); b.len-- > 0; )
		832	g = string_fmt_append(g, "%02x", *b.data++);
		833	tlsp->resume_index = string_from_gstring(g);
		834	DEBUG(D_tls) debug_printf("TLS: resume session index %s\n", tlsp->resume_index);
		835	#endif
		836	}
		837
481	#endif /!DISABLE_TLS/	838	#endif /!DISABLE_TLS/
482	#endif /!MACRO_PREDEF/	839	#endif /!MACRO_PREDEF/
483		840




*     Exim - an Internet mail transport agent    *
*************************************************/

/* Copyright (c) The Exim Maintainers 2021 - 2022 */
/* Copyright (c) Jeremy Harris 2014 - 2018 */

/* This file provides TLS/SSL support for Exim using the GnuTLS library,

if (mod && Ustrcmp(mod, "int") == 0)
  return string_sprintf("%u", (unsigned)t);

cp = store_get(len, GET_UNTAINTED);
if (f.timestamps_utc)
  {
  uschar * tz = to_tz(US"GMT0");

    != GNUTLS_E_SHORT_MEMORY_BUFFER)
  return g_err("gi0", __FUNCTION__, ret);

cp = store_get(siz, GET_TAINTED);
if ((ret = gnutls_x509_crt_get_issuer_dn(cert, CS cp, &siz)) < 0)
  return g_err("gi1", __FUNCTION__, ret);


    != GNUTLS_E_SHORT_MEMORY_BUFFER)
  return g_err("gs0", __FUNCTION__, ret);

cp1 = store_get(len*4+1, GET_TAINTED);
if (gnutls_x509_crt_get_signature((gnutls_x509_crt_t)cert, CS cp1, &len) != 0)
  return g_err("gs1", __FUNCTION__, ret);


    != GNUTLS_E_SHORT_MEMORY_BUFFER)
  return g_err("gs0", __FUNCTION__, ret);

cp = store_get(siz, GET_TAINTED);
if ((ret = gnutls_x509_crt_get_dn(cert, CS cp, &siz)) < 0)
  return g_err("gs1", __FUNCTION__, ret);


if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER)
  return g_err("ge0", __FUNCTION__, ret);

cp1 = store_get(siz*4 + 1, GET_TAINTED);

ret = gnutls_x509_crt_get_extension_by_oid ((gnutls_x509_crt_t)cert,
  CS oid, idx, CS cp1, &siz, &crit);

uschar * ele;
int match = -1;

if (mod) while (*mod)
  {
  if (*mod == '>' && *++mod) sep = *mod++;
  else if (Ustrncmp(mod, "dns", 3)==0) { match = GNUTLS_SAN_DNSNAME; mod += 3; }
  else if (Ustrncmp(mod, "uri", 3)==0) { match = GNUTLS_SAN_URI; mod += 3; }
  else if (Ustrncmp(mod, "mail", 4)==0) { match = GNUTLS_SAN_RFC822NAME; mod += 4; }
  else break;

  if (*mod++ != ',')
    break;

      return g_err("gs0", __FUNCTION__, ret);
    }

  ele = store_get(siz+1, GET_TAINTED);
  if ((ret = gnutls_x509_crt_get_subject_alt_name(
    (gnutls_x509_crt_t)cert, index, ele, &siz, NULL)) < 0)
    return g_err("gs1", __FUNCTION__, ret);

      return g_err("gc0", __FUNCTION__, ret);
    }

  ele = store_get(siz, GET_TAINTED);
  if ((ret = gnutls_x509_crt_get_crl_dist_points(
      (gnutls_x509_crt_t)cert, index, ele, &siz, NULL, NULL)) < 0)
    return g_err("gc1", __FUNCTION__, ret);


if (  (fail = gnutls_x509_crt_export((gnutls_x509_crt_t)cert,
	GNUTLS_X509_FMT_DER, cp, &len)) != GNUTLS_E_SHORT_MEMORY_BUFFER
   || !(cp = store_get((int)len, GET_TAINTED), TRUE)	/* tainted */
   || (fail = gnutls_x509_crt_export((gnutls_x509_crt_t)cert,
        GNUTLS_X509_FMT_DER, cp, &len))
   )

    != GNUTLS_E_SHORT_MEMORY_BUFFER)
  return g_err("gf0", __FUNCTION__, ret);

cp = store_get(siz*3+1, GET_TAINTED);
if ((ret = gnutls_x509_crt_get_fingerprint(cert, algo, cp, &siz)) < 0)
  return g_err("gf1", __FUNCTION__, ret);





*     Exim - an Internet mail transport agent    *
*************************************************/

/* Copyright (c) The Exim Maintainers 2022 */
/* Copyright (c) Jeremy Harris 2014 - 2019 */

/* This module provides TLS (aka SSL) support for Exim using the OpenSSL


      /* convert to string in our format */
      len = 32;
      s = store_get(len, GET_UNTAINTED);
      strftime(CS s, (size_t)len, "%b %e %T %Y %z", tm_p);
      }
    }

/* binary data, DER encoded */
/* just dump for now */
len = BIO_get_mem_data(bp, &cp1);
cp3 = cp2 = store_get(len*3+1, GET_TAINTED);

while(len)
  {

  expand_string_message = US"tls_cert_fprt: out of mem\n";
  return NULL;
  }
cp = store_get(n*2+1, GET_TAINTED);
for (int j = 0; j < (int)n; j++) sprintf(CS cp+2*j, "%02X", md[j]);
return(cp);
}




*     Exim - an Internet mail transport agent    *
*************************************************/

/* Copyright (c) The Exim Maintainers 2020 - 2022 */
/* Copyright (c) University of Cambridge 1995 - 2018 */
/* Copyright (c) The Exim Maintainers 2020 */
/* See the file NOTICE for conditions of use and distribution. */

/* Copyright (c) Phil Pennock 2012 */
/* See the file NOTICE for conditions of use and distribution. */

/* This file provides TLS/SSL support for Exim using the GnuTLS library,
one of the available supported implementations.  This file is #included into

#if GNUTLS_VERSION_NUMBER >= 0x030506 && !defined(DISABLE_OCSP)
# define SUPPORT_SRV_OCSP_STACK
#endif
#if GNUTLS_VERSION_NUMBER >= 0x030600
# define GNUTLS_AUTO_DHPARAMS
#endif
#if GNUTLS_VERSION_NUMBER >= 0x030603
# define EXIM_HAVE_TLS1_3
# define SUPPORT_GNUTLS_EXT_RAW_PARSE

# endif
#endif

#ifndef DISABLE_TLS_RESUME
# if GNUTLS_VERSION_NUMBER >= 0x030603
#  define EXIM_HAVE_TLS_RESUME
# else
#  warning "GnuTLS library version too old; resumption unsupported"
# endif
#endif

#if GNUTLS_VERSION_NUMBER >= 0x030200
# ifdef SUPPORT_GNUTLS_EXT_RAW_PARSE
#  define EXIM_HAVE_ALPN
# endif
#endif


void
options_tls(void)
{
# ifndef DISABLE_TLS_RESUME
builtin_macro_create_var(US"_RESUME_DECODE", RESUME_DECODE_STRING );
# endif
# ifdef EXIM_HAVE_TLS1_3

# ifdef SUPPORT_SRV_OCSP_STACK
builtin_macro_create(US"_HAVE_TLS_OCSP_LIST");
# endif
#if defined(EXIM_HAVE_INOTIFY) || defined(EXIM_HAVE_KEVENT)
builtin_macro_create(US"_HAVE_TLS_CA_CACHE");
# endif
# ifdef EXIM_HAVE_ALPN
builtin_macro_create(US"_HAVE_TLS_ALPN");
# endif
}
#else



typedef struct exim_gnutls_state {
  gnutls_session_t	session;

  exim_tlslib_state	lib_state;
#define x509_cred		libdata0
#define pri_cache		libdata1

  enum peer_verify_requirement verify_requirement;
  int			fd_in;
  int			fd_out;

XXX But see gnutls_session_get_ptr()
*/

static exim_gnutls_state_st state_server = {
  /* all elements not explicitly intialised here get 0/NULL/FALSE */
  .fd_in =		-1,
  .fd_out =		-1,
};

#ifndef GNUTLS_AUTO_DHPARAMS
/* dh_params are initialised once within the lifetime of a process using TLS;
if we used TLS in a long-lived daemon, we'd have to reconsider this.  But we
don't want to repeat this. */

static gnutls_dh_params_t dh_server_params = NULL;
#endif

static int ssl_session_timeout = 7200;	/* Two hours */


static BOOL exim_testharness_disable_ocsp_validity_check = FALSE;
#endif

#ifdef EXIM_HAVE_ALPN
static int server_seen_alpn = -1;	/* count of names */
#endif
#ifdef EXIM_HAVE_TLS_RESUME
static gnutls_datum_t server_sessticket_key;
#endif


/* ------------------------------------------------------------------------ */
/* macros */


# define EXIM_SERVER_DH_BITS_PRE2_12 1024
#endif

#define Expand_check_tlsvar(Varname, errstr) \
  expand_check(state->Varname, US #Varname, &state->exp_##Varname, errstr)

#if GNUTLS_VERSION_NUMBER >= 0x020c00

# endif /* AVOID_GNUTLS_PKCS11 */
#endif

#if GNUTLS_VERSION_NUMBER >= 0x030404
# define HAVE_GNUTLS_PRF_RFC5705
#endif





static int exim_sni_handling_cb(gnutls_session_t session);

#ifdef EXIM_HAVE_TLS_RESUME
static int
tls_server_ticket_cb(gnutls_session_t sess, u_int htype, unsigned when,
  unsigned incoming, const gnutls_datum_t * msg);
#endif


/* Daemon one-time initialisation */
void
tls_daemon_init(void)
{
#ifdef EXPERIMENTAL_TLS_RESUME
/* We are dependent on the GnuTLS implementation of the Session Ticket
encryption; both the strength and the key rotation period.  We hope that
the strength at least matches that of the ciphersuite (but GnuTLS does not
document this). */

static BOOL once = FALSE;
if (once) return;
once = TRUE;
gnutls_session_ticket_key_generate(&server_sessticket_key);	/* >= 2.10.0 */
if (f.running_in_test_harness) ssl_session_timeout = 6;
#endif
}

/* ------------------------------------------------------------------------ */
/* Static functions */

/*************************************************
*               Handle TLS error                 *
*************************************************/



static int
tls_error_gnu(exim_gnutls_state_st * state, const uschar *prefix, int err,
  uschar ** errstr)
{
return tls_error(prefix,
  state && err == GNUTLS_E_FATAL_ALERT_RECEIVED
  ? US gnutls_alert_get_name(gnutls_alert_get(state->session))
  : US gnutls_strerror(err),
  state ? state->host : NULL,
  errstr);
}

static int

}


/* ------------------------------------------------------------------------ */
/* Initialisation */

#ifndef DISABLE_OCSP

static BOOL
tls_is_buggy_ocsp(void)
{
const uschar * s;
uschar maj, mid, mic;

s = CUS gnutls_check_version(NULL);
maj = atoi(CCS s);
if (maj == 3)
  {
  while (*s && *s != '.') s++;
  mid = atoi(CCS ++s);
  if (mid <= 2)
    return TRUE;
  else if (mid >= 5)
    return FALSE;
  else
    {
    while (*s && *s != '.') s++;
    mic = atoi(CCS ++s);
    return mic <= (mid == 3 ? 16 : 3);
    }
  }
return FALSE;
}

#endif


static int
tls_g_init(uschar ** errstr)
{
int rc;
DEBUG(D_tls) debug_printf("GnuTLS global init required\n");

#if defined(HAVE_GNUTLS_PKCS11) && !defined(GNUTLS_AUTO_PKCS11_MANUAL)
/* By default, gnutls_global_init will init PKCS11 support in auto mode,
which loads modules from a config file, which sounds good and may be wanted
by some sysadmin, but also means in common configurations that GNOME keyring
environment variables are used and so breaks for users calling mailq.
To prevent this, we init PKCS11 first, which is the documented approach. */

if (!gnutls_allow_auto_pkcs11)
  if ((rc = gnutls_pkcs11_init(GNUTLS_PKCS11_FLAG_MANUAL, NULL)))
    return tls_error_gnu(NULL, US"gnutls_pkcs11_init", rc, errstr);
#endif

#ifndef GNUTLS_AUTO_GLOBAL_INIT
if ((rc = gnutls_global_init()))
  return tls_error_gnu(NULL, US"gnutls_global_init", rc, errstr);
#endif

#if EXIM_GNUTLS_LIBRARY_LOG_LEVEL >= 0
DEBUG(D_tls)
  {
  gnutls_global_set_log_function(exim_gnutls_logger_cb);
  /* arbitrarily chosen level; bump up to 9 for more */
  gnutls_global_set_log_level(EXIM_GNUTLS_LIBRARY_LOG_LEVEL);
  }
#endif

#ifndef DISABLE_OCSP
if (tls_ocsp_file && (gnutls_buggy_ocsp = tls_is_buggy_ocsp()))
  log_write(0, LOG_MAIN, "OCSP unusable with this GnuTLS library version");
#endif

exim_gnutls_base_init_done = TRUE;
return OK;
}



/* Daemon-call before each connection.  Nothing to do for GnuTLS. */

static void
tls_per_lib_daemon_tick(void)
{
}

/* Daemon one-time initialisation */

static void
tls_per_lib_daemon_init(void)
{
uschar * dummy_errstr;
static BOOL once = FALSE;

if (!exim_gnutls_base_init_done)
  tls_g_init(&dummy_errstr);

if (!once)
  {
  once = TRUE;

#ifdef EXIM_HAVE_TLS_RESUME
  /* We are dependent on the GnuTLS implementation of the Session Ticket
  encryption; both the strength and the key rotation period.  We hope that
  the strength at least matches that of the ciphersuite (but GnuTLS does not
  document this). */

  gnutls_session_ticket_key_generate(&server_sessticket_key);	/* >= 2.10.0 */
  if (f.running_in_test_harness) ssl_session_timeout = 6;
#endif

  tls_daemon_creds_reload();
  }
}

/* ------------------------------------------------------------------------ */

/*************************************************
*    Deal with logging errors during I/O         *
*************************************************/

const uschar * msg;
uschar * errstr;

msg = rc == GNUTLS_E_FATAL_ALERT_RECEIVED
  ? string_sprintf("A TLS fatal alert has been received: %s",
      US gnutls_alert_get_name(gnutls_alert_get(state->session)))
#ifdef GNUTLS_E_PREMATURE_TERMINATION
  : rc == GNUTLS_E_PREMATURE_TERMINATION && errno
  ? string_sprintf("%s: syscall: %s", US gnutls_strerror(rc), strerror(errno))
#endif
  : US gnutls_strerror(rc);

(void) tls_error(when, msg, state->host, &errstr);


static void
extract_exim_vars_from_tls_state(exim_gnutls_state_st * state)
{
#ifdef HAVE_GNUTLS_SESSION_CHANNEL_BINDING
int old_pool;
int rc;
gnutls_datum_t channel;
#endif
tls_support * tlsp = state->tlsp;

tlsp->active.sock = state->fd_out;


tlsp->channelbinding = NULL;
#ifdef HAVE_GNUTLS_SESSION_CHANNEL_BINDING
channel.data = NULL;
channel.size = 0;
if ((rc = gnutls_session_channel_binding(state->session, GNUTLS_CB_TLS_UNIQUE, &channel)))
  { DEBUG(D_tls) debug_printf("Channel binding error: %s\n", gnutls_strerror(rc)); }
else
  {
  gnutls_datum_t channel = {.data = NULL, .size = 0};
  uschar * buf;
  int rc;

# ifdef HAVE_GNUTLS_PRF_RFC5705
  /* Older libraries may not have GNUTLS_TLS1_3 defined! */
  if (gnutls_protocol_get_version(state->session) > GNUTLS_TLS1_2)
    {
    buf = store_get(32, state->host ? GET_TAINTED : GET_UNTAINTED);
    rc = gnutls_prf_rfc5705(state->session,
				(size_t)24,  "EXPORTER-Channel-Binding", (size_t)0, "",
				32, CS buf);
    channel.data = buf;
    channel.size = 32;
    }
  else
# endif
    rc = gnutls_session_channel_binding(state->session, GNUTLS_CB_TLS_UNIQUE, &channel);

  if (rc)
    { DEBUG(D_tls) debug_printf("extracting channel binding: %s\n", gnutls_strerror(rc)); }
  else
    {
    int old_pool = store_pool;
    /* Declare the taintedness of the binding info.  On server, untainted; on
    client, tainted - being the Finish msg from the server. */

    store_pool = POOL_PERM;
    tlsp->channelbinding = b64encode_taint(CUS channel.data, (int)channel.size,
					    state->host ? GET_TAINTED : GET_UNTAINTED);
    store_pool = old_pool;
    DEBUG(D_tls) debug_printf("Have channel bindings cached for possible auth usage\n");
    }
  }
#endif





#ifndef GNUTLS_AUTO_DHPARAMS
/*************************************************
*            Setup up DH parameters              *
*************************************************/

{
int fd, rc;
unsigned int dh_bits;
gnutls_datum_t m;
uschar filename_buf[PATH_MAX];
uschar *filename = NULL;
size_t sz;

BOOL use_file_in_spool = FALSE;
host_item *host = NULL; /* dummy for macros */

DEBUG(D_tls) debug_printf("Initialising GnuTLS server params\n");

if ((rc = gnutls_dh_params_init(&dh_server_params)))
  return tls_error_gnu(NULL, US"gnutls_dh_params_init", rc, errstr);

m.data = NULL;
m.size = 0;

if (!expand_check(tls_dhparam, US"tls_dhparam", &exp_tls_dhparam, errstr))
  return DEFER;

  use_file_in_spool = TRUE;
else if (Ustrcmp(exp_tls_dhparam, "none") == 0)
  {
  DEBUG(D_tls) debug_printf("Requested no DH parameters\n");
  return OK;
  }
else if (exp_tls_dhparam[0] != '/')

if (m.data)
  {
  if ((rc = gnutls_dh_params_import_pkcs3(dh_server_params, &m, GNUTLS_X509_FMT_PEM)))
    return tls_error_gnu(NULL, US"gnutls_dh_params_import_pkcs3", rc, errstr);
  DEBUG(D_tls) debug_printf("Loaded fixed standard D-H parameters\n");
  return OK;
  }

if (!(dh_bits = gnutls_sec_param_to_pk_bits(GNUTLS_PK_DH, GNUTLS_SEC_PARAM_NORMAL)))
  return tls_error(US"gnutls_sec_param_to_pk_bits() failed", NULL, NULL, errstr);
DEBUG(D_tls)
  debug_printf("GnuTLS tells us that for D-H PK, NORMAL is %d bits\n",
      dh_bits);
#else
dh_bits = EXIM_SERVER_DH_BITS_PRE2_12;
DEBUG(D_tls)
  debug_printf("GnuTLS lacks gnutls_sec_param_to_pk_bits(), using %d bits\n",
      dh_bits);
#endif


if (dh_bits > tls_dh_max_bits)
  {
  DEBUG(D_tls)
    debug_printf("tls_dh_max_bits clamping override, using %d bits instead\n",
        tls_dh_max_bits);
  dh_bits = tls_dh_max_bits;
  }

  rc = gnutls_dh_params_import_pkcs3(dh_server_params, &m, GNUTLS_X509_FMT_PEM);
  store_free(m.data);
  if (rc)
    return tls_error_gnu(NULL, US"gnutls_dh_params_import_pkcs3", rc, errstr);
  DEBUG(D_tls) debug_printf("read D-H parameters from file \"%s\"\n", filename);
  }


    debug_printf("D-H parameter cache file \"%s\" does not exist\n", filename);
  }
else
  return tls_error(string_open_failed("\"%s\" for reading", filename),
      NULL, NULL, errstr);

/* If ret < 0, either the cache file does not exist, or the data it contains

    return tls_error(US"Filename too long to generate replacement",
        filename, NULL, errstr);

  temp_fn = string_copy(US"exim-dh.XXXXXXX");
  if ((fd = mkstemp(CS temp_fn)) < 0)	/* modifies temp_fn */
    return tls_error_sys(US"Unable to open temp file", errno, NULL, errstr);
  (void)exim_chown(temp_fn, exim_uid, exim_gid);   /* Probably not necessary */

  /* GnuTLS overshoots!
   * If we ask for 2236, we might get 2237 or more.
   * But there's no way to ask GnuTLS how many bits there really are.
   * We can ask how many bits were used in a TLS session, but that's it!
   * The prime itself is hidden behind too much abstraction.
   * So we ask for less, and proceed on a wing and a prayer.
   * First attempt, subtracted 3 for 2233 and got 2240.
   */
  if (dh_bits >= EXIM_CLIENT_DH_MIN_BITS + 10)
    {
    dh_bits_gen = dh_bits - 10;

    debug_printf("requesting generation of %d bit Diffie-Hellman prime ...\n",
        dh_bits_gen);
  if ((rc = gnutls_dh_params_generate2(dh_server_params, dh_bits_gen)))
    return tls_error_gnu(NULL, US"gnutls_dh_params_generate2", rc, errstr);

  /* gnutls_dh_params_export_pkcs3() will tell us the exact size, every time,
  and I confirmed that a NULL call to get the size first is how the GnuTLS

  if (  (rc = gnutls_dh_params_export_pkcs3(dh_server_params,
		GNUTLS_X509_FMT_PEM, m.data, &sz))
     && rc != GNUTLS_E_SHORT_MEMORY_BUFFER)
    return tls_error_gnu(NULL, US"gnutls_dh_params_export_pkcs3(NULL) sizing",
	      rc, errstr);
  m.size = sz;
  if (!(m.data = store_malloc(m.size)))
    return tls_error_sys(US"memory allocation failed", errno, NULL, errstr);

      m.data, &sz)))
    {
    store_free(m.data);
    return tls_error_gnu(NULL, US"gnutls_dh_params_export_pkcs3() real", rc, errstr);
    }
  m.size = sz; /* shrink by 1, probably */


DEBUG(D_tls) debug_printf("initialized server D-H parameters\n");
return OK;
}
#endif




/* Create and install a selfsigned certificate, for use in server mode. */

static int
tls_install_selfsign(exim_gnutls_state_st * state, uschar ** errstr)

if (TRUE) goto err;
#endif

DEBUG(D_tls) debug_printf("TLS: generating selfsigned server cert\n");
where = US"initialising pkey";
if ((rc = gnutls_x509_privkey_init(&pkey))) goto err;


if (  (rc = gnutls_x509_crt_set_version(cert, 3))
   || (rc = gnutls_x509_crt_set_serial(cert, &now, sizeof(now)))
   || (rc = gnutls_x509_crt_set_activation_time(cert, now = time(NULL)))
   || (rc = gnutls_x509_crt_set_expiration_time(cert, (long)2 * 60 * 60))	/* 2 hour */
   || (rc = gnutls_x509_crt_set_key(cert, pkey))

   || (rc = gnutls_x509_crt_set_dn_by_oid(cert,


where = US"installing selfsign cert";
					/* Since: 2.4.0 */
if ((rc = gnutls_certificate_set_x509_key(state->lib_state.x509_cred,
    &cert, 1, pkey)))
  goto err;

rc = OK;

  return rc;

err:
  rc = tls_error_gnu(state, where, rc, errstr);
  goto out;
}



static int
tls_add_certfile(exim_gnutls_state_st * state, const host_item * host,
  const uschar * certfile, const uschar * keyfile, uschar ** errstr)
{
int rc = gnutls_certificate_set_x509_key_file(state->lib_state.x509_cred,
    CCS certfile, CCS keyfile, GNUTLS_X509_FMT_PEM);
if (rc < 0)
  return tls_error_gnu(state,
    string_sprintf("cert/key setup: cert=%s key=%s", certfile, keyfile),
    rc, errstr);
return -rc;
}


/* Make a note that we saw a status-request */
static int
tls_server_clienthello_ext(void * ctx, unsigned tls_id,
  const uschar * data, unsigned size)
{
/* The values for tls_id are documented here:
https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml */
switch (tls_id)
  {
  case 5:	/* Status Request */
    DEBUG(D_tls) debug_printf("Seen status_request extension from client\n");
    tls_in.ocsp = OCSP_NOT_RESP;
    break;
#ifdef EXIM_HAVE_ALPN
  case 16:	/* Application Layer Protocol Notification */
    /* The format of "data" here doesn't seem to be documented, but appears
    to be a 2-byte field with a (redundant, given the "size" arg) total length
    then a sequence of one-byte size then string (not nul-term) names.  The
    latter is as described in OpenSSL documentation. */

    DEBUG(D_tls) debug_printf("Seen ALPN extension from client (s=%u):", size);
    for (const uschar * s = data+2; s-data < size-1; s += *s + 1)
      {
      server_seen_alpn++;
      DEBUG(D_tls) debug_printf(" '%.*s'", (int)*s, s+1);
      }
    DEBUG(D_tls) debug_printf("\n");
    if (server_seen_alpn > 1)
      {
      DEBUG(D_tls) debug_printf("TLS: too many ALPNs presented in handshake\n");
      return GNUTLS_E_NO_APPLICATION_PROTOCOL;
      }
    break;
#endif
  }
return 0;
}

}


# ifdef notdef_crashes
/* Make a note that we saw a status-response */
static int
tls_server_servercerts_ext(void * ctx, unsigned tls_id,

  }
return 0;
}
# endif

/* Callback for certificates packet, on server, if we think we might serve stapled-OCSP */
static int

  unsigned when, unsigned int incoming, const gnutls_datum_t * msg)
{
/* Call fn for each extension seen.  3.6.3 onwards */
# ifdef notdef_crashes
				/*XXX crashes */
return gnutls_ext_raw_parse(NULL, tls_server_servercerts_ext, msg, 0);
# endif
}
#endif /*SUPPORT_GNUTLS_EXT_RAW_PARSE*/

/*XXX in tls1.3 the cert-status travel as an extension next to the cert, in the
 "Handshake Protocol: Certificate" record.
So we need to spot the Certificate handshake message, parse it and spot any status_request extension(s)

This is different to tls1.2 - where it is a separate record (wireshark term) / handshake message (gnutls term).
*/

#if defined(EXIM_HAVE_TLS_RESUME) || defined(SUPPORT_GNUTLS_EXT_RAW_PARSE)
/* Callback for certificate-status, on server. We sent stapled OCSP. */
static int
tls_server_certstatus_cb(gnutls_session_t session, unsigned int htype,
  unsigned when, unsigned int incoming, const gnutls_datum_t * msg)
{
DEBUG(D_tls) debug_printf("Sending certificate-status\n");		/*XXX we get this for tls1.2 but not for 1.3 */
# ifdef SUPPORT_SRV_OCSP_STACK
tls_in.ocsp = exim_testharness_disable_ocsp_validity_check
  ? OCSP_VFY_NOT_TRIED : OCSP_VFIED;	/* We know that GnuTLS verifies responses */
# else
tls_in.ocsp = OCSP_VFY_NOT_TRIED;
# endif
return 0;
}


# endif
  case GNUTLS_HANDSHAKE_CERTIFICATE_STATUS:
    return tls_server_certstatus_cb(sess, htype, when, incoming, msg);
# ifdef EXIM_HAVE_TLS_RESUME
  case GNUTLS_HANDSHAKE_NEW_SESSION_TICKET:
    return tls_server_ticket_cb(sess, htype, when, incoming, msg);
# endif

}
#endif

/**************************************************
* One-time init credentials for server and client *
**************************************************/

static void
creds_basic_init(gnutls_certificate_credentials_t x509_cred, BOOL server)
{
#ifdef SUPPORT_SRV_OCSP_STACK
gnutls_certificate_set_flags(x509_cred, GNUTLS_CERTIFICATE_API_V2);

# if !defined(DISABLE_OCSP) && defined(SUPPORT_GNUTLS_EXT_RAW_PARSE)
if (server && tls_ocsp_file)
  {
  if (f.running_in_test_harness)
    tls_server_testharness_ocsp_fiddle();

  if (exim_testharness_disable_ocsp_validity_check)
    gnutls_certificate_set_flags(x509_cred,
      GNUTLS_CERTIFICATE_API_V2 | GNUTLS_CERTIFICATE_SKIP_OCSP_RESPONSE_CHECK);
  }
# endif
#endif
DEBUG(D_tls)
  debug_printf("TLS: basic cred init, %s\n", server ? "server" : "client");
}

static int
creds_load_server_certs(exim_gnutls_state_st * state, const uschar * cert,
  const uschar * pkey, const uschar * ocsp, uschar ** errstr)
{
const uschar * clist = cert;
const uschar * klist = pkey;
const uschar * olist;
int csep = 0, ksep = 0, osep = 0, cnt = 0, rc;
uschar * cfile, * kfile, * ofile;
#ifndef DISABLE_OCSP
# ifdef SUPPORT_GNUTLS_EXT_RAW_PARSE
gnutls_x509_crt_fmt_t ocsp_fmt = GNUTLS_X509_FMT_DER;
# endif

if (!expand_check(ocsp, US"tls_ocsp_file", &ofile, errstr))
  return DEFER;
olist = ofile;
#endif

while (cfile = string_nextinlist(&clist, &csep, NULL, 0))

  if (!(kfile = string_nextinlist(&klist, &ksep, NULL, 0)))
    return tls_error(US"cert/key setup: out of keys", NULL, NULL, errstr);
  else if ((rc = tls_add_certfile(state, NULL, cfile, kfile, errstr)) > 0)
    return rc;
  else
    {
    int gnutls_cert_index = -rc;
    DEBUG(D_tls) debug_printf("TLS: cert/key %d %s registered\n",
			      gnutls_cert_index, cfile);

#ifndef DISABLE_OCSP
    if (ocsp)
      {
      /* Set the OCSP stapling server info */
      if (gnutls_buggy_ocsp)
	{
	DEBUG(D_tls)
	  debug_printf("GnuTLS library is buggy for OCSP; avoiding\n");
	}
      else if ((ofile = string_nextinlist(&olist, &osep, NULL, 0)))
	{
	DEBUG(D_tls) debug_printf("OCSP response file %d  = %s\n",
				  gnutls_cert_index, ofile);
# ifdef SUPPORT_GNUTLS_EXT_RAW_PARSE
	if (Ustrncmp(ofile, US"PEM ", 4) == 0)
	  {
	  ocsp_fmt = GNUTLS_X509_FMT_PEM;
	  ofile += 4;
	  }
	else if (Ustrncmp(ofile, US"DER ", 4) == 0)
	  {
	  ocsp_fmt = GNUTLS_X509_FMT_DER;
	  ofile += 4;
	  }

	if  ((rc = gnutls_certificate_set_ocsp_status_request_file2(
		  state->lib_state.x509_cred, CCS ofile, gnutls_cert_index,
		  ocsp_fmt)) < 0)
	  return tls_error_gnu(state,
		  US"gnutls_certificate_set_ocsp_status_request_file2",
		  rc, errstr);
	DEBUG(D_tls)
	  debug_printf(" %d response%s loaded\n", rc, rc>1 ? "s":"");

	/* Arrange callbacks for OCSP request observability */

	if (state->session)
	  gnutls_handshake_set_hook_function(state->session,
	    GNUTLS_HANDSHAKE_ANY, GNUTLS_HOOK_POST, tls_server_hook_cb);
	else
	  state->lib_state.ocsp_hook = TRUE;


# else
#  if defined(SUPPORT_SRV_OCSP_STACK)
	if ((rc = gnutls_certificate_set_ocsp_status_request_function2(
		     state->lib_state.x509_cred, gnutls_cert_index,
		     server_ocsp_stapling_cb, ofile)))
	    return tls_error_gnu(state,
		  US"gnutls_certificate_set_ocsp_status_request_function2",
		  rc, errstr);
	else
#  endif
	  {
	  if (cnt++ > 0)
	    {
	    DEBUG(D_tls)
	      debug_printf("oops; multiple OCSP files not supported\n");
	    break;
	    }
	  gnutls_certificate_set_ocsp_status_request_function(
	    state->lib_state.x509_cred, server_ocsp_stapling_cb, ofile);
	  }
# endif	/* SUPPORT_GNUTLS_EXT_RAW_PARSE */
	}
      else
	DEBUG(D_tls) debug_printf("ran out of OCSP response files in list\n");
      }
#endif /* DISABLE_OCSP */
    }
return 0;
}

static int
creds_load_client_certs(exim_gnutls_state_st * state, const host_item * host,
  const uschar * cert, const uschar * pkey, uschar ** errstr)
{
int rc = tls_add_certfile(state, host, cert, pkey, errstr);
if (rc > 0) return rc;
DEBUG(D_tls) debug_printf("TLS: cert/key registered\n");
return 0;
}

static int
creds_load_cabundle(exim_gnutls_state_st * state, const uschar * bundle,
  const host_item * host, uschar ** errstr)
{
int cert_count;
struct stat statbuf;

#ifdef SUPPORT_SYSDEFAULT_CABUNDLE
if (Ustrcmp(bundle, "system") == 0 || Ustrncmp(bundle, "system,", 7) == 0)
  cert_count = gnutls_certificate_set_x509_system_trust(state->lib_state.x509_cred);
else
#endif
  {
  if (Ustat(bundle, &statbuf) < 0)
    {
    log_write(0, LOG_MAIN|LOG_PANIC, "could not stat '%s' "
	"(tls_verify_certificates): %s", bundle, strerror(errno));
    return DEFER;
    }

#ifndef SUPPORT_CA_DIR
  /* The test suite passes in /dev/null; we could check for that path explicitly,
  but who knows if someone has some weird FIFO which always dumps some certs, or
  other weirdness.  The thing we really want to check is that it's not a
  directory, since while OpenSSL supports that, GnuTLS does not.
  So s/!S_ISREG/S_ISDIR/ and change some messaging ... */
  if (S_ISDIR(statbuf.st_mode))
    {
    log_write(0, LOG_MAIN|LOG_PANIC,
	"tls_verify_certificates \"%s\" is a directory", bundle);
    return DEFER;
    }
#endif

  DEBUG(D_tls) debug_printf("verify certificates = %s size=" OFF_T_FMT "\n",
	  bundle, statbuf.st_size);

  if (statbuf.st_size == 0)
    {
    DEBUG(D_tls)
      debug_printf("cert file empty, no certs, no verification, ignoring any CRL\n");
    return OK;
    }

  cert_count =

#ifdef SUPPORT_CA_DIR
    (statbuf.st_mode & S_IFMT) == S_IFDIR
    ?
    gnutls_certificate_set_x509_trust_dir(state->lib_state.x509_cred,
      CS bundle, GNUTLS_X509_FMT_PEM)
    :
#endif
    gnutls_certificate_set_x509_trust_file(state->lib_state.x509_cred,
      CS bundle, GNUTLS_X509_FMT_PEM);

#ifdef SUPPORT_CA_DIR
  /* Mimic the behaviour with OpenSSL of not advertising a usable-cert list
  when using the directory-of-certs config model. */

  if ((statbuf.st_mode & S_IFMT) == S_IFDIR)
    if (state->session)
      gnutls_certificate_send_x509_rdn_sequence(state->session, 1);
    else
      state->lib_state.ca_rdn_emulate = TRUE;
#endif
  }

if (cert_count < 0)
  return tls_error_gnu(state, US"setting certificate trust", cert_count, errstr);
DEBUG(D_tls)
  debug_printf("Added %d certificate authorities\n", cert_count);

return OK;
}


static int
creds_load_crl(exim_gnutls_state_st * state, const uschar * crl, uschar ** errstr)
{
int cert_count;
DEBUG(D_tls) debug_printf("loading CRL file = %s\n", crl);
if ((cert_count = gnutls_certificate_set_x509_crl_file(state->lib_state.x509_cred,
    CS crl, GNUTLS_X509_FMT_PEM)) < 0)
  return tls_error_gnu(state, US"gnutls_certificate_set_x509_crl_file",
	    cert_count, errstr);

DEBUG(D_tls) debug_printf("Processed %d CRLs\n", cert_count);
return OK;
}


static int
creds_load_pristring(exim_gnutls_state_st * state, const uschar * p,
  const char ** errpos)
{
if (!p)
  {
  p = exim_default_gnutls_priority;
  DEBUG(D_tls)
    debug_printf("GnuTLS using default session cipher/priority \"%s\"\n", p);
  }
return gnutls_priority_init( (gnutls_priority_t *) &state->lib_state.pri_cache,
  CCS p, errpos);
}

static unsigned
tls_server_creds_init(void)
{
uschar * dummy_errstr;
unsigned lifetime = 0;

state_server.lib_state = null_tls_preload;
if (gnutls_certificate_allocate_credentials(
      (gnutls_certificate_credentials_t *) &state_server.lib_state.x509_cred))
  {
  state_server.lib_state.x509_cred = NULL;
  return lifetime;
  }
creds_basic_init(state_server.lib_state.x509_cred, TRUE);

#if defined(EXIM_HAVE_INOTIFY) || defined(EXIM_HAVE_KEVENT)
/* If tls_certificate has any $ indicating expansions, it is not good.
If tls_privatekey is set but has $, not good.  Likewise for tls_ocsp_file.
If all good (and tls_certificate set), load the cert(s). */

if (  opt_set_and_noexpand(tls_certificate)
# ifndef DISABLE_OCSP
   && opt_unset_or_noexpand(tls_ocsp_file)
# endif
   && opt_unset_or_noexpand(tls_privatekey))
  {
  /* Set watches on the filenames.  The implementation does de-duplication
  so we can just blindly do them all.
  */

  if (  tls_set_watch(tls_certificate, TRUE)
# ifndef DISABLE_OCSP
     && tls_set_watch(tls_ocsp_file, TRUE)
# endif
     && tls_set_watch(tls_privatekey, TRUE))
    {
    DEBUG(D_tls) debug_printf("TLS: preloading server certs\n");
    if (creds_load_server_certs(&state_server, tls_certificate,
	  tls_privatekey && *tls_privatekey ? tls_privatekey : tls_certificate,
# ifdef DISABLE_OCSP
	  NULL,
# else
	  tls_ocsp_file,
# endif
	  &dummy_errstr) == 0)
      state_server.lib_state.conn_certs = TRUE;
    }
  }
else if (  !tls_certificate && !tls_privatekey
# ifndef DISABLE_OCSP
	&& !tls_ocsp_file
# endif
	)
  {		/* Generate & preload a selfsigned cert. No files to watch. */
  if ((tls_install_selfsign(&state_server, &dummy_errstr)) == OK)
    {
    state_server.lib_state.conn_certs = TRUE;
    lifetime = f.running_in_test_harness ? 2 : 60 * 60;		/* 1 hour */
    }
  }
else
  DEBUG(D_tls) debug_printf("TLS: not preloading server certs\n");

/* If tls_verify_certificates is non-empty and has no $, load CAs.
If none was configured and we can't handle "system", treat as empty. */

if (  opt_set_and_noexpand(tls_verify_certificates)
#ifndef SUPPORT_SYSDEFAULT_CABUNDLE
   && Ustrcmp(tls_verify_certificates, "system") != 0
#endif
   )
  {
  if (tls_set_watch(tls_verify_certificates, FALSE))
    {
    DEBUG(D_tls) debug_printf("TLS: preloading CA bundle for server\n");
    if (creds_load_cabundle(&state_server, tls_verify_certificates,
			    NULL, &dummy_errstr) != OK)
      return lifetime;
    state_server.lib_state.cabundle = TRUE;

    /* If CAs loaded and tls_crl is non-empty and has no $, load it */

    if (opt_set_and_noexpand(tls_crl))
      {
      if (tls_set_watch(tls_crl, FALSE))
	{
	DEBUG(D_tls) debug_printf("TLS: preloading CRL for server\n");
	if (creds_load_crl(&state_server, tls_crl, &dummy_errstr) != OK)
	  return lifetime;
	state_server.lib_state.crl = TRUE;
	}
      }
    else
      DEBUG(D_tls) debug_printf("TLS: not preloading CRL for server\n");
    }
  }
else
  DEBUG(D_tls) debug_printf("TLS: not preloading CA bundle for server\n");
#endif	/* EXIM_HAVE_INOTIFY */

/* If tls_require_ciphers is non-empty and has no $, load the
ciphers priority cache.  If unset, load with the default.
(server-only as the client one depends on non/DANE) */

if (!tls_require_ciphers || opt_set_and_noexpand(tls_require_ciphers))
  {
  const char * dummy_errpos;
  DEBUG(D_tls) debug_printf("TLS: preloading cipher list for server: %s\n",
		  tls_require_ciphers);
  if (  creds_load_pristring(&state_server, tls_require_ciphers, &dummy_errpos)
     == OK)
    state_server.lib_state.pri_string = TRUE;
  }
else
  DEBUG(D_tls) debug_printf("TLS: not preloading cipher list for server\n");
return lifetime;
}


/* Preload whatever creds are static, onto a transport.  The client can then
just copy the pointer as it starts up. */

/*XXX this is not called for a cmdline send. But one needing to use >1 conn would benefit,
and there seems little downside. */

static void
tls_client_creds_init(transport_instance * t, BOOL watch)
{
smtp_transport_options_block * ob = t->options_block;
exim_gnutls_state_st tpt_dummy_state;
host_item * dummy_host = (host_item *)1;
uschar * dummy_errstr;

if (  !exim_gnutls_base_init_done
   && tls_g_init(&dummy_errstr) != OK)
  return;

ob->tls_preload = null_tls_preload;
if (gnutls_certificate_allocate_credentials(
  (struct gnutls_certificate_credentials_st **)&ob->tls_preload.x509_cred))
  {
  ob->tls_preload.x509_cred = NULL;
  return;
  }
creds_basic_init(ob->tls_preload.x509_cred, FALSE);

tpt_dummy_state.session = NULL;
tpt_dummy_state.lib_state = ob->tls_preload;

#if defined(EXIM_HAVE_INOTIFY) || defined(EXIM_HAVE_KEVENT)
if (  opt_set_and_noexpand(ob->tls_certificate)
   && opt_unset_or_noexpand(ob->tls_privatekey))
  {
  if (  !watch
     || (  tls_set_watch(ob->tls_certificate, FALSE)
	&& tls_set_watch(ob->tls_privatekey, FALSE)
     )  )
    {
    const uschar * pkey = ob->tls_privatekey;

    DEBUG(D_tls)
      debug_printf("TLS: preloading client certs for transport '%s'\n", t->name);

    /* The state->lib_state.x509_cred is used for the certs load, and is the sole
    structure element used.  So we can set up a dummy.  The hoat arg only
    selects a retcode in case of fail, so any value */

    if (creds_load_client_certs(&tpt_dummy_state, dummy_host,
	  ob->tls_certificate, pkey ? pkey : ob->tls_certificate,
	  &dummy_errstr) == OK)
      ob->tls_preload.conn_certs = TRUE;
    }
  }
else
  DEBUG(D_tls)
    debug_printf("TLS: not preloading client certs, for transport '%s'\n", t->name);

/* If tls_verify_certificates is non-empty and has no $, load CAs.
If none was configured and we can't handle "system", treat as empty. */

if (  opt_set_and_noexpand(ob->tls_verify_certificates)
#ifndef SUPPORT_SYSDEFAULT_CABUNDLE
   && Ustrcmp(ob->tls_verify_certificates, "system") != 0
#endif
   )
  {
  if (!watch || tls_set_watch(ob->tls_verify_certificates, FALSE))
    {
    DEBUG(D_tls)
      debug_printf("TLS: preloading CA bundle for transport '%s'\n", t->name);
    if (creds_load_cabundle(&tpt_dummy_state, ob->tls_verify_certificates,
			    dummy_host, &dummy_errstr) != OK)
      return;
    ob->tls_preload.cabundle = TRUE;

    if (opt_set_and_noexpand(ob->tls_crl))
      {
      if (!watch || tls_set_watch(ob->tls_crl, FALSE))
	{
	DEBUG(D_tls) debug_printf("TLS: preloading CRL for transport '%s'\n", t->name);
	if (creds_load_crl(&tpt_dummy_state, ob->tls_crl, &dummy_errstr) != OK)
	  return;
	ob->tls_preload.crl = TRUE;
	}
      }
    else
      DEBUG(D_tls) debug_printf("TLS: not preloading CRL, for transport '%s'\n", t->name);
    }
  }
else
  DEBUG(D_tls)
      debug_printf("TLS: not preloading CA bundle, for transport '%s'\n", t->name);

/* We do not preload tls_require_ciphers to to the transport as it implicitly
depends on DANE or plain usage. */

#endif
}


#if defined(EXIM_HAVE_INOTIFY) || defined(EXIM_HAVE_KEVENT)
/* Invalidate the creds cached, by dropping the current ones.
Call when we notice one of the source files has changed. */
 
static void
tls_server_creds_invalidate(void)
{
if (state_server.lib_state.pri_cache)
  gnutls_priority_deinit(state_server.lib_state.pri_cache);
state_server.lib_state.pri_cache = NULL;

if (state_server.lib_state.x509_cred)
  gnutls_certificate_free_credentials(state_server.lib_state.x509_cred);
state_server.lib_state = null_tls_preload;
}


static void
tls_client_creds_invalidate(transport_instance * t)
{
smtp_transport_options_block * ob = t->options_block;
if (ob->tls_preload.x509_cred)
  gnutls_certificate_free_credentials(ob->tls_preload.x509_cred);
ob->tls_preload = null_tls_preload;
}
#endif


/*************************************************
*       Variables re-expanded post-SNI           *
*************************************************/

static int
tls_expand_session_files(exim_gnutls_state_st * state, uschar ** errstr)
{
struct stat statbuf;
int rc;
const host_item *host = state->host;  /* macro should be reconsidered? */
const uschar *saved_tls_certificate = NULL;
const uschar *saved_tls_privatekey = NULL;
const uschar *saved_tls_verify_certificates = NULL;
const uschar *saved_tls_crl = NULL;
int cert_count;

/* We check for tls_sni *before* expansion. */

	  || Ustrstr(state->tls_certificate, US"tls_out_sni")
       )  )
      {
      DEBUG(D_tls) debug_printf("We will re-expand TLS session files if we receive SNI\n");
      state->trigger_sni_changes = TRUE;
      }
    }
  else	/* SNI callback case */
    {
    /* useful for debugging */
    saved_tls_certificate = state->exp_tls_certificate;

    saved_tls_crl = state->exp_tls_crl;
    }

if (!state->lib_state.x509_cred)
  return tls_error_gnu(US"gnutls_certificate_allocate_credentials",
	    rc, host, errstr);

#ifdef SUPPORT_SRV_OCSP_STACK
gnutls_certificate_set_flags(state->x509_cred, GNUTLS_CERTIFICATE_API_V2);

# if !defined(DISABLE_OCSP) && defined(SUPPORT_GNUTLS_EXT_RAW_PARSE)
if (!host && tls_ocsp_file)
  {
  if ((rc = gnutls_certificate_allocate_credentials(
	(gnutls_certificate_credentials_t *) &state->lib_state.x509_cred)))
    return tls_error_gnu(state, US"gnutls_certificate_allocate_credentials",
	    rc, errstr);
  creds_basic_init(state->lib_state.x509_cred, !host);
      GNUTLS_CERTIFICATE_API_V2 | GNUTLS_CERTIFICATE_SKIP_OCSP_RESPONSE_CHECK);
  }
# endif
#endif


/* remember: Expand_check_tlsvar() is expand_check() but fiddling with
state members, assuming consistent naming; and expand_check() returns
false if expansion failed, unless expansion was forced to fail. */

/* check if we at least have a certificate, before doing expensive
D-H generation. */

if (!state->lib_state.conn_certs)
  return DEFER;

/* certificate is mandatory in server, optional in client */

if (  !state->exp_tls_certificate
   || !*state->exp_tls_certificate
   )
  if (!host)
    return tls_install_selfsign(state, errstr);
  else
    DEBUG(D_tls) debug_printf("TLS: no client certificate specified; okay\n");

if (state->tls_privatekey && !expand_check_tlsvar(tls_privatekey, errstr))
  return DEFER;

/* tls_privatekey is optional, defaulting to same file as certificate */

if (!state->tls_privatekey || !*state->tls_privatekey)
  {
  if (!Expand_check_tlsvar(tls_certificate, errstr))
    return DEFER;
  }


  /* certificate is mandatory in server, optional in client */
  {
  DEBUG(D_tls) debug_printf("certificate file = %s\nkey file = %s\n",
      state->exp_tls_certificate, state->exp_tls_privatekey);

  if (  !state->exp_tls_certificate
     || !*state->exp_tls_certificate
     )
    if (!host)
      return tls_install_selfsign(state, errstr);
      DEBUG(D_tls) debug_printf("TLS SNI: cert and key unchanged\n");
      }
    else
      DEBUG(D_tls) debug_printf("TLS: no client certificate specified; okay\n");
      DEBUG(D_tls) debug_printf("TLS SNI: have a changed cert/key pair.\n");
      }

  if (!host)	/* server */
    {
    const uschar * clist = state->exp_tls_certificate;
    const uschar * klist = state->exp_tls_privatekey;
    const uschar * olist;
    int csep = 0, ksep = 0, osep = 0, cnt = 0;
    uschar * cfile, * kfile, * ofile;
#ifndef DISABLE_OCSP
# ifdef SUPPORT_GNUTLS_EXT_RAW_PARSE
    gnutls_x509_crt_fmt_t ocsp_fmt = GNUTLS_X509_FMT_DER;
# endif

  if (state->tls_privatekey && !Expand_check_tlsvar(tls_privatekey, errstr))
    return DEFER;
    olist = ofile;
#endif

    while (cfile = string_nextinlist(&clist, &csep, NULL, 0))

  /* tls_privatekey is optional, defaulting to same file as certificate */
	return tls_error(US"cert/key setup: out of keys", NULL, host, errstr);
      else if (0 < (rc = tls_add_certfile(state, host, cfile, kfile, errstr)))
	return rc;
      else
	{
	int gnutls_cert_index = -rc;
	DEBUG(D_tls) debug_printf("TLS: cert/key %d %s registered\n",
				  gnutls_cert_index, cfile);

  if (!state->tls_privatekey || !*state->tls_privatekey)
    {
    state->tls_privatekey = state->tls_certificate;
    state->exp_tls_privatekey = state->exp_tls_certificate;
    }
	    {
	    DEBUG(D_tls)
	      debug_printf("GnuTLS library is buggy for OCSP; avoiding\n");
	    }
	  else if ((ofile = string_nextinlist(&olist, &osep, NULL, 0)))
	    {
	    DEBUG(D_tls) debug_printf("OCSP response file %d  = %s\n",
				      gnutls_cert_index, ofile);
# ifdef SUPPORT_GNUTLS_EXT_RAW_PARSE
	    if (Ustrncmp(ofile, US"PEM ", 4) == 0)
	      {
	      ocsp_fmt = GNUTLS_X509_FMT_PEM;
	      ofile += 4;
	      }
	    else if (Ustrncmp(ofile, US"DER ", 4) == 0)
	      {
	      ocsp_fmt = GNUTLS_X509_FMT_DER;
	      ofile += 4;
	      }

	    if  ((rc = gnutls_certificate_set_ocsp_status_request_file2(
		      state->x509_cred, CCS ofile, gnutls_cert_index,
		      ocsp_fmt)) < 0)
	      return tls_error_gnu(
		      US"gnutls_certificate_set_ocsp_status_request_file2",
		      rc, host, errstr);
	    DEBUG(D_tls)
	      debug_printf(" %d response%s loaded\n", rc, rc>1 ? "s":"");

	    /* Arrange callbacks for OCSP request observability */

  if (state->exp_tls_certificate && *state->exp_tls_certificate)
    {
    BOOL load = TRUE;
    DEBUG(D_tls) debug_printf("certificate file = %s\nkey file = %s\n",
	state->exp_tls_certificate, state->exp_tls_privatekey);

    if (state->received_sni)
      if (  Ustrcmp(state->exp_tls_certificate, saved_tls_certificate) == 0
	 && Ustrcmp(state->exp_tls_privatekey,  saved_tls_privatekey)  == 0
	 )
	{
	DEBUG(D_tls) debug_printf("TLS SNI: cert and key unchanged\n");
	load = FALSE;	/* avoid re-loading the same certs */
		      rc, host, errstr);
	    else
#  endif
	      {
	      if (cnt++ > 0)
		{
		DEBUG(D_tls)
		  debug_printf("oops; multiple OCSP files not supported\n");
		break;
		}
	      gnutls_certificate_set_ocsp_status_request_function(
		state->x509_cred, server_ocsp_stapling_cb, ofile);
	      }
# endif	/* SUPPORT_GNUTLS_EXT_RAW_PARSE */
	    }
	  else
	    DEBUG(D_tls) debug_printf("ran out of OCSP response files in list\n");
	  }
#endif /* DISABLE_OCSP */
	}
      else		/* unload the pre-SNI certs before loading new ones */
	{
	DEBUG(D_tls) debug_printf("TLS SNI: have a changed cert/key pair\n");
	gnutls_certificate_free_keys(state->lib_state.x509_cred);
	}

    if (  load
       && (rc = host
	  ? creds_load_client_certs(state, host, state->exp_tls_certificate,
			      state->exp_tls_privatekey, errstr)
	  : creds_load_server_certs(state, state->exp_tls_certificate,
			      state->exp_tls_privatekey,
#ifdef DISABLE_OCSP
			      NULL,
#else
			      tls_ocsp_file,
#endif
			      errstr)
       )  ) return rc;
    }
  }
else
  {
  DEBUG(D_tls)
    debug_printf("%s certs were preloaded\n", host ? "client" : "server");

  if (!state->tls_privatekey) state->tls_privatekey = state->tls_certificate;
  state->exp_tls_certificate = US state->tls_certificate;
  state->exp_tls_privatekey = US state->tls_privatekey;

#ifdef SUPPORT_GNUTLS_EXT_RAW_PARSE
  if (state->lib_state.ocsp_hook)
     gnutls_handshake_set_hook_function(state->session,
       GNUTLS_HANDSHAKE_ANY, GNUTLS_HOOK_POST, tls_server_hook_cb);
#endif
  }


/* Set the trusted CAs file if one is provided, and then add the CRL if one is
provided. Experiment shows that, if the certificate file is empty, an unhelpful
error message is provided. However, if we just refrain from setting anything up
in that case, certificate verification fails, which seems to be the correct
behaviour.
If none was configured and we can't handle "system", treat as empty. */

if (!state->lib_state.cabundle)
  {
  if (state->tls_verify_certificates && *state->tls_verify_certificates)
    {
    if (!Expand_check_tlsvar(tls_verify_certificates, errstr))
      return DEFER;
#ifndef SUPPORT_SYSDEFAULT_CABUNDLE
    if (Ustrcmp(state->exp_tls_verify_certificates, "system") == 0)
      state->exp_tls_verify_certificates = NULL;
#endif
    if (state->tls_crl && *state->tls_crl)
      if (!Expand_check_tlsvar(tls_crl, errstr))
	return DEFER;

    if (!(state->exp_tls_verify_certificates &&
	  *state->exp_tls_verify_certificates))
      {
      DEBUG(D_tls)
	debug_printf("TLS: tls_verify_certificates expanded empty, ignoring\n");
      /* With no tls_verify_certificates, we ignore tls_crl too */
      return OK;
      }
    }
  else
    {
    DEBUG(D_tls)
      debug_printf("TLS: tls_verify_certificates not set or empty, ignoring\n");
    /* With no tls_verify_certificates, we ignore tls_crl too */
    return OK;
    }
  rc = creds_load_cabundle(state, state->exp_tls_verify_certificates, host, errstr);
  if (rc != OK) return rc;
  }
else
  {
  DEBUG(D_tls)
    debug_printf("%s CA bundle was preloaded\n", host ? "client" : "server");
  state->exp_tls_verify_certificates = US state->tls_verify_certificates;
  }

#ifdef SUPPORT_SYSDEFAULT_CABUNDLE
if (Ustrcmp(state->exp_tls_verify_certificates, "system") == 0)
  cert_count = gnutls_certificate_set_x509_system_trust(state->x509_cred);
else
#endif
  {
  if (Ustat(state->exp_tls_verify_certificates, &statbuf) < 0)
    {
    log_write(0, LOG_MAIN|LOG_PANIC, "could not stat '%s' "
	"(tls_verify_certificates): %s", state->exp_tls_verify_certificates,
	strerror(errno));
    return DEFER;
    }

#ifndef SUPPORT_CA_DIR
  /* The test suite passes in /dev/null; we could check for that path explicitly,
  but who knows if someone has some weird FIFO which always dumps some certs, or
  other weirdness.  The thing we really want to check is that it's not a
  directory, since while OpenSSL supports that, GnuTLS does not.
  So s/!S_ISREG/S_ISDIR/ and change some messaging ... */
  if (S_ISDIR(statbuf.st_mode))
    {
    DEBUG(D_tls)
      debug_printf("verify certificates path is a dir: \"%s\"\n",
	  state->exp_tls_verify_certificates);
    log_write(0, LOG_MAIN|LOG_PANIC,
	"tls_verify_certificates \"%s\" is a directory",
	state->exp_tls_verify_certificates);
    return DEFER;
    }
#endif

  DEBUG(D_tls) debug_printf("verify certificates = %s size=" OFF_T_FMT "\n",
	  state->exp_tls_verify_certificates, statbuf.st_size);

  if (statbuf.st_size == 0)
    {
    DEBUG(D_tls)
      debug_printf("cert file empty, no certs, no verification, ignoring any CRL\n");
    return OK;
    }

  cert_count =

#ifdef SUPPORT_CA_DIR
    (statbuf.st_mode & S_IFMT) == S_IFDIR
    ?
    gnutls_certificate_set_x509_trust_dir(state->x509_cred,
      CS state->exp_tls_verify_certificates, GNUTLS_X509_FMT_PEM)
    :
#endif
    gnutls_certificate_set_x509_trust_file(state->x509_cred,
      CS state->exp_tls_verify_certificates, GNUTLS_X509_FMT_PEM);

#ifdef SUPPORT_CA_DIR
/* Mimic the behaviour with OpenSSL of not advertising a usable-cert list
when using the directory-of-certs config model. */
    if (state->lib_state.ca_rdn_emulate)
      gnutls_certificate_send_x509_rdn_sequence(state->session, 1);
    gnutls_certificate_send_x509_rdn_sequence(state->session, 1);
#endif
  }

if (cert_count < 0)
  return tls_error_gnu(US"setting certificate trust", cert_count, host, errstr);
DEBUG(D_tls)
  debug_printf("Added %d certificate authorities.\n", cert_count);

if (!state->lib_state.crl)
    state->exp_tls_crl && *state->exp_tls_crl)
  {
  if (  state->tls_crl && *state->tls_crl
     && state->exp_tls_crl && *state->exp_tls_crl)
    return creds_load_crl(state, state->exp_tls_crl, errstr);
  }
else
  {
  DEBUG(D_tls)
      debug_printf("%s CRL was preloaded\n", host ? "client" : "server");
  state->exp_tls_crl = US state->tls_crl;
  }

return OK;

int rc;
const host_item *host = state->host;  /* macro should be reconsidered? */

#ifndef GNUTLS_AUTO_DHPARAMS
/* Create D-H parameters, or read them from the cache file. This function does
its own SMTP error messaging. This only happens for the server, TLS D-H ignores
client-side params. */

  if (!dh_server_params)
    if ((rc = init_server_dh(errstr)) != OK) return rc;

  /* Unnecessary & discouraged with 3.6.0 or later, according to docs.  But without it,
  no DHE- ciphers are advertised. */
  gnutls_certificate_set_dh_params(state->lib_state.x509_cred, dh_server_params);
  }
#endif

/* Link the credentials to the session. */

if ((rc = gnutls_credentials_set(state->session,
	    GNUTLS_CRD_CERTIFICATE, state->lib_state.x509_cred)))
  return tls_error_gnu(state, US"gnutls_credentials_set", rc, errstr);

return OK;
}

*************************************************/


#ifndef DISABLE_OCSP

static BOOL
tls_is_buggy_ocsp(void)
{
const uschar * s;
uschar maj, mid, mic;

s = CUS gnutls_check_version(NULL);
maj = atoi(CCS s);
if (maj == 3)
  {
  while (*s && *s != '.') s++;
  mid = atoi(CCS ++s);
  if (mid <= 2)
    return TRUE;
  else if (mid >= 5)
    return FALSE;
  else
    {
    while (*s && *s != '.') s++;
    mic = atoi(CCS ++s);
    return mic <= (mid == 3 ? 16 : 3);
    }
  }
return FALSE;
}

#endif


/* Called from both server and client code. In the case of a server, errors
before actual TLS negotiation return DEFER.

Arguments:
  host            connected host, if client; NULL if server
  ob		  tranport options block, if client; NULL if server
  privatekey      private key file
  sni             TLS SNI to send, sometimes when client; else NULL
  cas             CA certs file
  crl             CRL file
  require_ciphers tls_require_ciphers setting
  caller_state    returned state-info structure
  errstr	  error string pointer

static int
tls_init(
    const host_item *host,
    smtp_transport_options_block * ob,
    const uschar * require_ciphers,
    const uschar *sni,
    const uschar *cas,
    const uschar *crl,
    const uschar *require_ciphers,
    exim_gnutls_state_st **caller_state,
    tls_support * tlsp,
    uschar ** errstr)

exim_gnutls_state_st * state;
int rc;
size_t sz;
const char * errpos;
const uschar * p;

if (  !exim_gnutls_base_init_done
   && (rc = tls_g_init(errstr)) != OK)
  return rc;

#if defined(HAVE_GNUTLS_PKCS11) && !defined(GNUTLS_AUTO_PKCS11_MANUAL)
  /* By default, gnutls_global_init will init PKCS11 support in auto mode,
  which loads modules from a config file, which sounds good and may be wanted
  by some sysadmin, but also means in common configurations that GNOME keyring
  environment variables are used and so breaks for users calling mailq.
  To prevent this, we init PKCS11 first, which is the documented approach. */
  if (!gnutls_allow_auto_pkcs11)
    if ((rc = gnutls_pkcs11_init(GNUTLS_PKCS11_FLAG_MANUAL, NULL)))
      return tls_error_gnu(US"gnutls_pkcs11_init", rc, host, errstr);
#endif

#ifndef GNUTLS_AUTO_GLOBAL_INIT
  if ((rc = gnutls_global_init()))
    return tls_error_gnu(US"gnutls_global_init", rc, host, errstr);
#endif

#if EXIM_GNUTLS_LIBRARY_LOG_LEVEL >= 0
  DEBUG(D_tls)
    {
    gnutls_global_set_log_function(exim_gnutls_logger_cb);
    /* arbitrarily chosen level; bump up to 9 for more */
    gnutls_global_set_log_level(EXIM_GNUTLS_LIBRARY_LOG_LEVEL);
    }
#endif

#ifndef DISABLE_OCSP
  if (tls_ocsp_file && (gnutls_buggy_ocsp = tls_is_buggy_ocsp()))
    log_write(0, LOG_MAIN, "OCSP unusable with this GnuTLS library version");
#endif

  exim_gnutls_base_init_done = TRUE;
  }

if (host)
  {
  /* For client-side sessions we allocate a context. This lets us run
  several in parallel. */

  int old_pool = store_pool;
  store_pool = POOL_PERM;
  state = store_get(sizeof(exim_gnutls_state_st), GET_UNTAINTED);
  store_pool = old_pool;

  memcpy(state, &exim_gnutls_state_init, sizeof(exim_gnutls_state_init));
  state->lib_state = ob->tls_preload;
  state->tlsp = tlsp;
  DEBUG(D_tls) debug_printf("initialising GnuTLS client session\n");
  rc = gnutls_init(&state->session, GNUTLS_CLIENT);

  state->tls_certificate =	ob->tls_certificate;
  state->tls_privatekey =	ob->tls_privatekey;
  state->tls_sni =		ob->tls_sni;
  state->tls_verify_certificates = ob->tls_verify_certificates;
  state->tls_crl =		ob->tls_crl;
  }
else
  {
  /* Server operations always use the one state_server context.  It is not
  shared because we have forked a fresh process for every receive.  However it
  can get re-used for successive TLS sessions on a single TCP connection. */

  state = &state_server;
  memcpy(state, &exim_gnutls_state_init, sizeof(exim_gnutls_state_init));
  state->tlsp = tlsp;
  DEBUG(D_tls) debug_printf("initialising GnuTLS server session\n");
  rc = gnutls_init(&state->session, GNUTLS_SERVER);

  state->tls_certificate =	tls_certificate;
  state->tls_privatekey =	tls_privatekey;
  state->tls_sni =		NULL;
  state->tls_verify_certificates = tls_verify_certificates;
  state->tls_crl =		tls_crl;
  }
if (rc)
  return tls_error_gnu(state, US"gnutls_init", rc, errstr);

state->tls_require_ciphers =	require_ciphers;
state->host = host;

state->tls_certificate = certificate;
state->tls_privatekey = privatekey;
state->tls_require_ciphers = require_ciphers;
state->tls_sni = sni;
state->tls_verify_certificates = cas;
state->tls_crl = crl;

/* This handles the variables that might get re-expanded after TLS SNI;
tls_certificate, tls_privatekey, tls_verify_certificates, tls_crl */

DEBUG(D_tls)
  debug_printf("Expanding various TLS configuration options for session credentials\n");
if ((rc = tls_expand_session_files(state, errstr)) != OK) return rc;

/* These are all other parts of the x509_cred handling, since SNI in GnuTLS

/* set SNI in client, only */
if (host)
  {
  if (!expand_check(state->tls_sni, US"tls_out_sni", &state->tlsp->sni, errstr))
    return DEFER;
  if (state->tlsp->sni && *state->tlsp->sni)
    {

    sz = Ustrlen(state->tlsp->sni);
    if ((rc = gnutls_server_name_set(state->session,
	  GNUTLS_NAME_DNS, state->tlsp->sni, sz)))
      return tls_error_gnu(state, US"gnutls_server_name_set", rc, errstr);
    }
  }
else if (state->tls_sni)
  DEBUG(D_tls) debug_printf("*** PROBABLY A BUG *** " \
      "have an SNI set for a server [%s]\n", state->tls_sni);

if (!state->lib_state.pri_string)
http://www.gnutls.org/manual/html_node/Priority-Strings.html
and replaces gnutls_require_kx, gnutls_require_mac & gnutls_require_protocols.
This was backwards incompatible, but means Exim no longer needs to track
all algorithms and provide string forms for them. */

p = NULL;
if (state->tls_require_ciphers && *state->tls_require_ciphers)
  {
  const uschar * p = NULL;
  const char * errpos;

  /* This is the priority string support,
  http://www.gnutls.org/manual/html_node/Priority-Strings.html
  and replaces gnutls_require_kx, gnutls_require_mac & gnutls_require_protocols.
  This was backwards incompatible, but means Exim no longer needs to track
  all algorithms and provide string forms for them. */

  if (state->tls_require_ciphers && *state->tls_require_ciphers)
    {
    if (!Expand_check_tlsvar(tls_require_ciphers, errstr))
      return DEFER;
    if (state->exp_tls_require_ciphers && *state->exp_tls_require_ciphers)
      {
      p = state->exp_tls_require_ciphers;
      DEBUG(D_tls) debug_printf("GnuTLS session cipher/priority \"%s\"\n", p);
      }
    }

  if ((rc = creds_load_pristring(state, p, &errpos)))
    return tls_error_gnu(state, string_sprintf(
			"gnutls_priority_init(%s) failed at offset %ld, \"%.6s..\"",
			p, (long)(errpos - CS p), errpos),
		    rc, errstr);
  }
else
  {
  DEBUG(D_tls) debug_printf("cipher list preloaded\n");
  state->exp_tls_require_ciphers = US state->tls_require_ciphers;
    debug_printf("GnuTLS using default session cipher/priority \"%s\"\n", p);
  }

if ((rc = gnutls_priority_init(&state->priority_cache, CCS p, &errpos)))
  return tls_error_gnu(string_sprintf(
		      "gnutls_priority_init(%s) failed at offset %ld, \"%.6s..\"",
		      p, errpos - CS p, errpos),
		  rc, host, errstr);

if ((rc = gnutls_priority_set(state->session, state->lib_state.pri_cache)))
  return tls_error_gnu(state, US"gnutls_priority_set", rc, errstr);

/* This also sets the server ticket expiration time to the same, and
the STEK rotation time to 3x. */

      DEBUG(D_tls) debug_printf("TLS: peer cert problem: %s: %s\n", \
	(Label), gnutls_strerror(rc)); \
      if (state->verify_requirement >= VERIFY_REQUIRED) \
	return tls_error_gnu(state, (Label), rc, errstr); \
      return OK; \
      } \
    } while (0)

  exim_gnutls_peer_err(US"getting size for cert DN failed");
  return FAIL; /* should not happen */
  }
dn_buf = store_get_perm(sz, GET_TAINTED);
rc = gnutls_x509_crt_get_dn(crt, CS dn_buf, &sz);
exim_gnutls_peer_err(US"failed to extract certificate DN [gnutls_x509_crt_get_dn(cert 0)]");


      for (nrec = 0; state->dane_data_len[nrec]; ) nrec++;
      nrec++;

      dd = store_get(nrec * sizeof(uschar *), GET_UNTAINTED);
      ddl = store_get(nrec * sizeof(int), GET_UNTAINTED);
      nrec--;

      if ((rc = dane_state_init(&s, 0)))

  {
  DEBUG(D_tls)
    if (rc == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
      debug_printf("TLS: no SNI presented in handshake\n");
    else
      debug_printf("TLS failure: gnutls_server_name_get(): %s [%d]\n",
        gnutls_strerror(rc), rc);

/* We now have a UTF-8 string in sni_name */
old_pool = store_pool;
store_pool = POOL_PERM;
state->received_sni = string_copy_taint(US sni_name, GET_TAINTED);
store_pool = old_pool;

/* We set this one now so that variable expansions below will work */


  state->tlsp->peercert = crt;
  if ((yield = event_raise(state->event_action,
	      US"tls:cert", string_sprintf("%d", cert_list_size), &errno)))
    {
    log_write(0, LOG_MAIN,
	      "SSL verify denied by event-action: depth=%d: %s",

}


#ifdef EXIM_HAVE_TLS_RESUME
static int
tls_server_ticket_cb(gnutls_session_t sess, u_int htype, unsigned when,
  unsigned incoming, const gnutls_datum_t * msg)

  DEBUG(D_tls) debug_printf("Session resumed\n");
  }
}
#endif	/* EXIM_HAVE_TLS_RESUME */


#ifdef EXIM_HAVE_ALPN
/* Expand and convert an Exim list to a gnutls_datum list.  False return for fail.
NULL plist return for silent no-ALPN.
*/

static BOOL
tls_alpn_plist(uschar ** tls_alpn, const gnutls_datum_t ** plist, unsigned * plen,
  uschar ** errstr)
{
uschar * exp_alpn;

if (!expand_check(*tls_alpn, US"tls_alpn", &exp_alpn, errstr))
  return FALSE;

if (!exp_alpn)
  {
  DEBUG(D_tls) debug_printf("Setting TLS ALPN forced to fail, not sending\n");
  *plist = NULL;
  }
else
  {
  const uschar * list = exp_alpn;
  int sep = 0;
  unsigned cnt = 0;
  gnutls_datum_t * p;
  uschar * s;

  while (string_nextinlist(&list, &sep, NULL, 0)) cnt++;

  p = store_get(sizeof(gnutls_datum_t) * cnt, exp_alpn);
  list = exp_alpn;
  for (int i = 0; s = string_nextinlist(&list, &sep, NULL, 0); i++)
    { p[i].data = s; p[i].size = Ustrlen(s); }
  *plist = (*plen = cnt) ? p : NULL;
  }
return TRUE;
}

static void
tls_server_set_acceptable_alpns(exim_gnutls_state_st * state, uschar ** errstr)
{
uschar * local_alpn = string_copy(tls_alpn);
int rc;
const gnutls_datum_t * plist;
unsigned plen;

if (tls_alpn_plist(&local_alpn, &plist, &plen, errstr) && plist)
  {
  /* This seems to be only mandatory if the client sends an ALPN extension;
  not trying ALPN is ok. Need to decide how to support server-side must-alpn. */

  server_seen_alpn = 0;
  if (!(rc = gnutls_alpn_set_protocols(state->session, plist, plen,
					GNUTLS_ALPN_MANDATORY)))
    gnutls_handshake_set_hook_function(state->session,
      GNUTLS_HANDSHAKE_ANY, GNUTLS_HOOK_POST, tls_server_hook_cb);
  else
    DEBUG(D_tls)
      debug_printf("setting alpn protocols: %s\n", US gnutls_strerror(rc));
  }
}
#endif	/* EXIM_HAVE_ALPN */

/* ------------------------------------------------------------------------ */
/* Exported functions */


a TLS session.

Arguments:
  require_ciphers  list of allowed ciphers or NULL
  errstr	   pointer to error string

Returns:           OK on success

*/

int
tls_server_start(uschar ** errstr)
{
int rc;
exim_gnutls_state_st * state = NULL;

  gettimeofday(&t0, NULL);
#endif

  if ((rc = tls_init(NULL, NULL,
      tls_require_ciphers, &state, &tls_in, errstr)) != OK) return rc;
      require_ciphers, &state, &tls_in, errstr)) != OK) return rc;

#ifdef MEASURE_TIMING
  report_time_since(&t0, US"server tls_init (delta)");
#endif
  }

#ifdef EXIM_HAVE_ALPN
tls_server_set_acceptable_alpns(state, errstr);
#endif

#ifdef EXIM_HAVE_TLS_RESUME
tls_server_resume_prehandshake(state);
#endif


if (verify_check_host(&tls_verify_hosts) == OK)
  {
  DEBUG(D_tls)
    debug_printf("TLS: a client certificate will be required\n");
  state->verify_requirement = VERIFY_REQUIRED;
  gnutls_certificate_server_set_request(state->session, GNUTLS_CERT_REQUIRE);
  }
else if (verify_check_host(&tls_try_verify_hosts) == OK)
  {
  DEBUG(D_tls)
    debug_printf("TLS: a client certificate will be requested but not required\n");
  state->verify_requirement = VERIFY_OPTIONAL;
  gnutls_certificate_server_set_request(state->session, GNUTLS_CERT_REQUEST);
  }
else
  {
  DEBUG(D_tls)
    debug_printf("TLS: a client certificate will not be requested\n");
  state->verify_requirement = VERIFY_NONE;
  gnutls_certificate_server_set_request(state->session, GNUTLS_CERT_IGNORE);
  }

  {
  state->event_action = event_action;
  gnutls_session_set_ptr(state->session, state);
  gnutls_certificate_set_verify_function(state->lib_state.x509_cred, verify_cb);
  }
#endif



if (rc != GNUTLS_E_SUCCESS)
  {
  DEBUG(D_tls) debug_printf(" error %d from gnutls_handshake: %s\n",
    rc, gnutls_strerror(rc));

  /* It seems that, except in the case of a timeout, we have to close the
  connection right here; otherwise if the other end is running OpenSSL it hangs
  until the server times out. */

  if (sigalrm_seen)
    {
    tls_error(US"gnutls_handshake", US"timed out", NULL, errstr);
#ifndef DISABLE_EVENT
    (void) event_raise(event_action, US"tls:fail:connect", *errstr, NULL);
#endif
    gnutls_db_remove_session(state->session);
    }
  else
    {
    tls_error_gnu(state, US"gnutls_handshake", rc, errstr);
#ifndef DISABLE_EVENT
    (void) event_raise(event_action, US"tls:fail:connect", *errstr, NULL);
#endif
    (void) gnutls_alert_send_appropriate(state->session, rc);
    gnutls_deinit(state->session);
    gnutls_certificate_free_credentials(state->x509_cred);
    millisleep(500);
    shutdown(state->fd_out, SHUT_WR);
    for (int i = 1024; fgetc(smtp_in) != EOF && i > 0; ) i--;	/* drain skt */

  tls_in.ext_master_secret = TRUE;
#endif

#ifdef EXIM_HAVE_TLS_RESUME
tls_server_resume_posthandshake(state);
#endif

DEBUG(D_tls) post_handshake_debug(state);

#ifdef EXIM_HAVE_ALPN
if (server_seen_alpn > 0)
  {
  DEBUG(D_tls)
    {		/* The client offered ALPN.  See what was negotiated. */
    gnutls_datum_t p = {.size = 0};
    int rc = gnutls_alpn_get_selected_protocol(state->session, &p);
    if (!rc)
	debug_printf("ALPN negotiated: %.*s\n", (int)p.size, p.data);
    else
	debug_printf("getting alpn protocol: %s\n", US gnutls_strerror(rc));

    }
  }
else if (server_seen_alpn == 0)
  if (verify_check_host(&hosts_require_alpn) == OK)
    {
    gnutls_alert_send(state->session, GNUTLS_AL_FATAL, GNUTLS_A_NO_APPLICATION_PROTOCOL);
    tls_error(US"handshake", US"ALPN required but not negotiated", NULL, errstr);
    return FAIL;
    }
  else
    DEBUG(D_tls) debug_printf("TLS: no ALPN presented in handshake\n");
else
  DEBUG(D_tls) debug_printf("TLS: was not watching for ALPN\n");
#endif

/* Verify after the fact */

if (!verify_certificate(state, errstr))

receive_getc = tls_getc;
receive_getbuf = tls_getbuf;
receive_get_cache = tls_get_cache;
receive_hasc = tls_hasc;
receive_ungetc = tls_ungetc;
receive_feof = tls_feof;
receive_ferror = tls_ferror;
receive_smtp_buffered = tls_smtp_buffered;

return OK;
}

    host->certname;
#endif
  DEBUG(D_tls)
    debug_printf("TLS: server cert verification includes hostname: \"%s\"\n",
		    state->exp_tls_verify_cert_hostnames);
  }
}

     rr = dns_next_rr(dnsa, &dnss, RESET_NEXT)
    ) if (rr->type == T_TLSA) i++;

dane_data = store_get(i * sizeof(uschar *), GET_UNTAINTED);
dane_data_len = store_get(i * sizeof(int), GET_UNTAINTED);

i = 0;
for (dns_record * rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS); rr;




#ifdef EXIM_HAVE_TLS_RESUME
/* On the client, get any stashed session for the given IP from hints db
and apply it to the ssl-connection for attempted resumption.  Although
there is a gnutls_session_ticket_enable_client() interface it is


static void
tls_retrieve_session(tls_support * tlsp, gnutls_session_t session,
  smtp_connect_args * conn_args, smtp_transport_options_block * ob)
{
tlsp->resumption = RESUME_SUPPORTED;

if (!conn_args->have_lbserver)
  { DEBUG(D_tls) debug_printf("resumption not supported on continued-connection\n"); }
else if (verify_check_given_host(CUSS &ob->tls_resumption_hosts, conn_args->host) == OK)
  {
  dbdata_tls_session * dt;
  int len, rc;
  open_db dbblock, * dbm_file;

  DEBUG(D_tls)
    debug_printf("check for resumable session for %s\n", host->address);
  tlsp->host_resumable = TRUE;
  tls_client_resmption_key(tlsp, conn_args, ob);

  tlsp->resumption |= RESUME_CLIENT_REQUESTED;
  if ((dbm_file = dbfn_open(US"tls", O_RDONLY, &dbblock, FALSE, FALSE)))
    {
    /* We'd like to filter the retrieved session for ticket advisory expiry,
    but 3.6.1 seems to give no access to that */

    if ((dt = dbfn_read_with_length(dbm_file, tlsp->resume_index, &len)))
      if (!(rc = gnutls_session_set_data(session,
		    CUS dt->session, (size_t)len - sizeof(dbdata_tls_session))))
	{

      {
      open_db dbblock, * dbm_file;
      int dlen = sizeof(dbdata_tls_session) + tkt.size;
      dbdata_tls_session * dt = store_get(dlen, GET_TAINTED);

      DEBUG(D_tls) debug_printf("session data size %u\n", (unsigned)tkt.size);
      memcpy(dt->session, tkt.data, tkt.size);

      if ((dbm_file = dbfn_open(US"tls", O_RDWR, &dbblock, FALSE, FALSE)))
	{
	/* key for the db is the IP */
	dbfn_write(dbm_file, tlsp->resume_index, dt, dlen);
	dbfn_write(dbm_file, host->address, dt, dlen);
	dbfn_close(dbm_file);

	DEBUG(D_tls)


static void
tls_client_resume_prehandshake(exim_gnutls_state_st * state,
  tls_support * tlsp, smtp_connect_args * conn_args,
  smtp_transport_options_block * ob)
{
gnutls_session_set_ptr(state->session, state);
gnutls_handshake_set_hook_function(state->session,
  GNUTLS_HANDSHAKE_NEW_SESSION_TICKET, GNUTLS_HOOK_POST, tls_client_ticket_cb);

tls_retrieve_session(tlsp, state->session, conn_args, ob);
}

static void


tls_save_session(tlsp, state->session, host);
}
#endif	/* !DISABLE_TLS_RESUME */


/*************************************************


if (conn_args->dane && ob->dane_require_tls_ciphers)
  {
  /* not using Expand_check_tlsvar because not yet in state */
  if (!expand_check(ob->dane_require_tls_ciphers, US"dane_require_tls_ciphers",
      &cipher_list, errstr))
    return FALSE;

  gettimeofday(&t0, NULL);
#endif

  if (tls_init(host, ob, cipher_list, &state, tlsp, errstr) != OK)
      ob->tls_sni, ob->tls_verify_certificates, ob->tls_crl,
      cipher_list, &state, tlsp, errstr) != OK)
    return FALSE;


#ifdef MEASURE_TIMING
  report_time_since(&t0, US"client tls_init (delta)");
#endif
  }

if (ob->tls_alpn)
#ifdef EXIM_HAVE_ALPN
  {
  const gnutls_datum_t * plist;
  unsigned plen;

  if (!tls_alpn_plist(&ob->tls_alpn, &plist, &plen, errstr))
    return FALSE;
  if (plist)
    if (gnutls_alpn_set_protocols(state->session, plist, plen, 0) != 0)
      {
      tls_error(US"alpn init", NULL, state->host, errstr);
      return FALSE;
      }
    else
      DEBUG(D_tls) debug_printf("Setting TLS ALPN '%s'\n", ob->tls_alpn);
  }
#else
  log_write(0, LOG_MAIN, "ALPN unusable with this GnuTLS library version; ignoring \"%s\"\n",
          ob->tls_alpn);
#endif

  {
  int dh_min_bits = ob->tls_dh_min_bits;
  if (dh_min_bits < EXIM_CLIENT_DH_MIN_MIN_BITS)

if (conn_args->dane && dane_tlsa_load(state, &conn_args->tlsa_dnsa))
  {
  DEBUG(D_tls)
    debug_printf("TLS: server certificate DANE required\n");
  state->verify_requirement = VERIFY_DANE;
  gnutls_certificate_server_set_request(state->session, GNUTLS_CERT_REQUIRE);
  }

  {
  tls_client_setup_hostname_checks(host, state, ob);
  DEBUG(D_tls)
    debug_printf("TLS: server certificate verification required\n");
  state->verify_requirement = VERIFY_REQUIRED;
  gnutls_certificate_server_set_request(state->session, GNUTLS_CERT_REQUIRE);
  }

  {
  tls_client_setup_hostname_checks(host, state, ob);
  DEBUG(D_tls)
    debug_printf("TLS: server certificate verification optional\n");
  state->verify_requirement = VERIFY_OPTIONAL;
  gnutls_certificate_server_set_request(state->session, GNUTLS_CERT_REQUEST);
  }
else
  {
  DEBUG(D_tls)
    debug_printf("TLS: server certificate verification not required\n");
  state->verify_requirement = VERIFY_NONE;
  gnutls_certificate_server_set_request(state->session, GNUTLS_CERT_IGNORE);
  }

  if ((rc = gnutls_ocsp_status_request_enable_client(state->session,
		    NULL, 0, NULL)) != OK)
    {
    tls_error_gnu(state, US"cert-status-req", rc, errstr);
    return FALSE;
    }
  tlsp->ocsp = OCSP_NOT_RESP;
  }
#endif

#ifdef EXIM_HAVE_TLS_RESUME
tls_client_resume_prehandshake(state, tlsp, conn_args, ob);
#endif

#ifndef DISABLE_EVENT

  {
  state->event_action = tb->event_action;
  gnutls_session_set_ptr(state->session, state);
  gnutls_certificate_set_verify_function(state->lib_state.x509_cred, verify_cb);
  }
#endif


    tls_error(US"gnutls_handshake", US"timed out", state->host, errstr);
    }
  else
    tls_error_gnu(state, US"gnutls_handshake", rc, errstr);
  return FALSE;
  }


	gnutls_free(printed.data);
	}
      else
	(void) tls_error_gnu(state, US"ocsp decode", rc, errstr);
    if (idx == 0 && rc)
      (void) tls_error_gnu(state, US"ocsp decode", rc, errstr);
    }

  if (gnutls_ocsp_status_request_is_checked(state->session, 0) == 0)

  }
#endif

#ifdef EXIM_HAVE_TLS_RESUME
tls_client_resume_posthandshake(state, tlsp, host);
#endif

#ifdef EXIM_HAVE_ALPN
if (ob->tls_alpn)	/* We requested. See what was negotiated. */
  {
  gnutls_datum_t p = {.size = 0};

  if (gnutls_alpn_get_selected_protocol(state->session, &p) == 0)
    { DEBUG(D_tls) debug_printf("ALPN negotiated: '%.*s'\n", (int)p.size, p.data); }
  else if (verify_check_given_host(CUSS &ob->hosts_require_alpn, host) == OK)
    {
    gnutls_alert_send(state->session, GNUTLS_AL_FATAL, GNUTLS_A_NO_APPLICATION_PROTOCOL);
    tls_error(US"handshake", US"ALPN required but not negotiated", state->host, errstr);
    return FALSE;
    }
  else
    DEBUG(D_tls) debug_printf("No ALPN negotiated");
  }
#endif

/* Sets various Exim expansion variables; may need to adjust for ACL callouts */

extract_exim_vars_from_tls_state(state);




/*
Arguments:
  ct_ctx	client TLS context pointer, or NULL for the one global server context
*/

void
tls_shutdown_wr(void * ct_ctx)
{
exim_gnutls_state_st * state = ct_ctx ? ct_ctx : &state_server;
tls_support * tlsp = state->tlsp;

if (!tlsp || tlsp->active.sock < 0) return;  /* TLS was not active */

tls_write(ct_ctx, NULL, 0, FALSE);	/* flush write buffer */

HDEBUG(D_transport|D_tls|D_acl|D_v) debug_printf_indent("  SMTP(TLS shutdown)>>\n");
gnutls_bye(state->session, GNUTLS_SHUT_WR);
}

/*************************************************
*         Close down a TLS session               *
*************************************************/


Arguments:
  ct_ctx	client context pointer, or NULL for the one global server context
  do_shutdown	0 no data-flush or TLS close-alert
		1 if TLS close-alert is to be sent,
		2 if also response to be waited for (2s timeout)

Returns:     nothing
*/

void
tls_close(void * ct_ctx, int do_shutdown)
{
exim_gnutls_state_st * state = ct_ctx ? ct_ctx : &state_server;
tls_support * tlsp = state->tlsp;

if (!tlsp || tlsp->active.sock < 0) return;  /* TLS was not active */

if (do_shutdown)
  {
  DEBUG(D_tls) debug_printf("tls_close(): shutting down TLS%s\n",
    do_shutdown > TLS_SHUTDOWN_NOWAIT ? " (with response-wait)" : "");

  tls_write(ct_ctx, NULL, 0, FALSE);	/* flush write buffer */

#ifdef EXIM_TCP_CORK
  if (do_shutdown == TLS_SHUTDOWN_WAIT)
    (void) setsockopt(tlsp->active.sock, IPPROTO_TCP, EXIM_TCP_CORK, US &off, sizeof(off));
#endif

  /* The library seems to have no way to only wait for a peer's
  shutdown, so handle the same as TLS_SHUTDOWN_WAIT */

  ALARM(2);
  gnutls_bye(state->session,
      do_shutdown > TLS_SHUTDOWN_NOWAIT ? GNUTLS_SHUT_RDWR : GNUTLS_SHUT_WR);
  ALARM_CLR(0);
  }


  receive_getc =	smtp_getc;
  receive_getbuf =	smtp_getbuf;
  receive_get_cache =	smtp_get_cache;
  receive_hasc =	smtp_hasc;
  receive_ungetc =	smtp_ungetc;
  receive_feof =	smtp_feof;
  receive_ferror =	smtp_ferror;
  receive_smtp_buffered = smtp_buffered;
  }

gnutls_deinit(state->session);
gnutls_certificate_free_credentials(state->x509_cred);

tlsp->active.sock = -1;
tlsp->active.tls_ctx = NULL;
/* Leave bits, peercert, cipher, peerdn, certificate_verified set, for logging */



if (state->xfer_buffer) store_free(state->xfer_buffer);
memcpy(state, &exim_gnutls_state_init, sizeof(exim_gnutls_state_init));
}



return state->xfer_buffer[state->xfer_buffer_lwm++];
}

BOOL
tls_hasc(void)
{
exim_gnutls_state_st * state = &state_server;
return state->xfer_buffer_lwm < state->xfer_buffer_hwm;
}

uschar *
tls_getbuf(unsigned * len)
{

}


/* Get up to the given number of bytes from any cached data, and feed to dkim. */
void
tls_get_cache(unsigned lim)
{
#ifndef DISABLE_DKIM
exim_gnutls_state_st * state = &state_server;
int n = state->xfer_buffer_hwm - state->xfer_buffer_lwm;
if (n > lim)
  n = lim;
if (n > 0)
  dkim_exim_verify_feed(state->xfer_buffer+state->xfer_buffer_lwm, n);
#endif



BOOL
tls_could_getc(void)
{
return state_server.xfer_buffer_lwm < state_server.xfer_buffer_hwm
 || gnutls_record_check_pending(state_server.session) > 0;
}




/*************************************************
*          Read bytes from TLS channel           *
*************************************************/


  if (outbytes < 0)
    {
#ifdef GNUTLS_E_PREMATURE_TERMINATION
    if (  outbytes == GNUTLS_E_PREMATURE_TERMINATION && errno == ECONNRESET
       && !ct_ctx && f.smtp_in_quit
       )
      {					/* Outlook, dammit */
      if (LOGGING(protocol_detail))
	log_write(0, LOG_MAIN, "[%s] after QUIT, client reset TCP before"
	  " SMTP response and TLS close\n", sender_host_address);
      else
	DEBUG(D_tls) debug_printf("[%s] SSL_write: after QUIT,"
	  " client reset TCP before TLS close\n", sender_host_address);
      }
    else
#endif
      {
      DEBUG(D_tls) debug_printf("%s: gnutls_record_send err\n", __FUNCTION__);
      record_io_error(state, outbytes, US"send", NULL);
      }
    return -1;
    }
  if (outbytes == 0)

i = gnutls_rnd(GNUTLS_RND_NONCE, smallbuf, needed_len);
if (i < 0)
  {
  DEBUG(D_all) debug_printf("gnutls_rnd() failed, using fallback\n");
  return vaguely_random_number_fallback(max);
  }
r = 0;

rc = gnutls_priority_init(&priority_cache, CS expciphers, &errpos);
validate_check_rc(string_sprintf(
      "gnutls_priority_init(%s) failed at offset %ld, \"%.8s..\"",
      expciphers, (long)(errpos - CS expciphers), errpos));

#undef return_deinit
#undef validate_check_rc


/* See a description in tls-openssl.c for an explanation of why this exists.

Arguments:   string to append to
Returns:     string
*/

gstring *
tls_version_report(gstring * g)
{
return string_fmt_append(g,
    "Library version: GnuTLS: Compile: %s\n"
    "                         Runtime: %s\n",
	     LIBGNUTLS_VERSION,
	     gnutls_check_version(NULL));
}

#endif	/*!MACRO_PREDEF*/

Lines 2-9 Link Here

(-)exim.orig/src/tls-openssl.c (-982 / +1751 lines)
2	* Exim - an Internet mail transport agent *	2	* Exim - an Internet mail transport agent *
3	*************************************************/	3	*************************************************/
4		4
		5	/* Copyright (c) The Exim Maintainers 2020 - 2022 */
5	/* Copyright (c) University of Cambridge 1995 - 2019 */	6	/* Copyright (c) University of Cambridge 1995 - 2019 */
6	/* Copyright (c) The Exim Maintainers 2020 */
7	/* See the file NOTICE for conditions of use and distribution. */	7	/* See the file NOTICE for conditions of use and distribution. */
8		8
9	/* Portions Copyright (c) The OpenSSL Project 1999 */	9	/* Portions Copyright (c) The OpenSSL Project 1999 */
Lines 80-85 Link Here
80	# ifndef DISABLE_OCSP	80	# ifndef DISABLE_OCSP
81	# define EXIM_HAVE_OCSP	81	# define EXIM_HAVE_OCSP
82	# endif	82	# endif
		83	# define EXIM_HAVE_ALPN /* fail ret from hshake-cb is ignored by LibreSSL */
83	# else	84	# else
84	# define EXIM_NEED_OPENSSL_INIT	85	# define EXIM_NEED_OPENSSL_INIT
85	# endif	86	# endif
Lines 89-94 Link Here
89	# endif	90	# endif
90	#endif	91	#endif
91		92
		93	#if LIBRESSL_VERSION_NUMBER >= 0x3040000fL
		94	# define EXIM_HAVE_OPENSSL_CIPHER_GET_ID
		95	#endif
		96
92	#if !defined(LIBRESSL_VERSION_NUMBER) \	97	#if !defined(LIBRESSL_VERSION_NUMBER) \
93	\|\| LIBRESSL_VERSION_NUMBER >= 0x20010000L	98	\|\| LIBRESSL_VERSION_NUMBER >= 0x20010000L
94	# if !defined(OPENSSL_NO_ECDH)	99	# if !defined(OPENSSL_NO_ECDH)
Lines 116-122 Link Here
116	# define DISABLE_OCSP	121	# define DISABLE_OCSP
117	#endif	122	#endif
118		123
119	#ifdef EXPERIMENTAL_TLS_RESUME	124	#ifndef DISABLE_TLS_RESUME
120	# if OPENSSL_VERSION_NUMBER < 0x0101010L	125	# if OPENSSL_VERSION_NUMBER < 0x0101010L
121	# error OpenSSL version too old for session-resumption	126	# error OpenSSL version too old for session-resumption
122	# endif	127	# endif
Lines 227-238 Link Here
227	{ US"no_tlsv1", SSL_OP_NO_TLSv1 },	232	{ US"no_tlsv1", SSL_OP_NO_TLSv1 },
228	#endif	233	#endif
229	#ifdef SSL_OP_NO_TLSv1_1	234	#ifdef SSL_OP_NO_TLSv1_1
230	#if SSL_OP_NO_TLSv1_1 == 0x00000400L	235	# if OPENSSL_VERSION_NUMBER < 0x30000000L
		236	# if SSL_OP_NO_TLSv1_1 == 0x00000400L
231	/* Error in chosen value in 1.0.1a; see first item in CHANGES for 1.0.1b */	237	/* Error in chosen value in 1.0.1a; see first item in CHANGES for 1.0.1b */
232	#warning OpenSSL 1.0.1a uses a bad value for SSL_OP_NO_TLSv1_1, ignoring	238	# warning OpenSSL 1.0.1a uses a bad value for SSL_OP_NO_TLSv1_1, ignoring
233	#else	239	# define NO_SSL_OP_NO_TLSv1_1
		240	# endif
		241	# endif
		242	# ifndef NO_SSL_OP_NO_TLSv1_1
234	{ US"no_tlsv1_1", SSL_OP_NO_TLSv1_1 },	243	{ US"no_tlsv1_1", SSL_OP_NO_TLSv1_1 },
235	#endif	244	# endif
236	#endif	245	#endif
237	#ifdef SSL_OP_NO_TLSv1_2	246	#ifdef SSL_OP_NO_TLSv1_2
238	{ US"no_tlsv1_2", SSL_OP_NO_TLSv1_2 },	247	{ US"no_tlsv1_2", SSL_OP_NO_TLSv1_2 },
Lines 274-279 Link Here
274		283
275	#ifndef MACRO_PREDEF	284	#ifndef MACRO_PREDEF
276	static int exim_openssl_options_size = nelem(exim_openssl_options);	285	static int exim_openssl_options_size = nelem(exim_openssl_options);
		286	static long init_options = 0;
277	#endif	287	#endif
278		288
279	#ifdef MACRO_PREDEF	289	#ifdef MACRO_PREDEF
Lines 292-298 Link Here
292	builtin_macro_create(buf);	302	builtin_macro_create(buf);
293	}	303	}
294		304
295	# ifdef EXPERIMENTAL_TLS_RESUME	305	# ifndef DISABLE_TLS_RESUME
296	builtin_macro_create_var(US"_RESUME_DECODE", RESUME_DECODE_STRING );	306	builtin_macro_create_var(US"_RESUME_DECODE", RESUME_DECODE_STRING );
297	# endif	307	# endif
298	# ifdef SSL_OP_NO_TLSv1_3	308	# ifdef SSL_OP_NO_TLSv1_3
Lines 305-310 Link Here
305	builtin_macro_create(US"_HAVE_TLS_OCSP");	315	builtin_macro_create(US"_HAVE_TLS_OCSP");
306	builtin_macro_create(US"_HAVE_TLS_OCSP_LIST");	316	builtin_macro_create(US"_HAVE_TLS_OCSP_LIST");
307	# endif	317	# endif
		318	# ifdef EXIM_HAVE_ALPN
		319	builtin_macro_create(US"_HAVE_TLS_ALPN");
		320	# endif
308	}	321	}
309	#else	322	#else
310		323
Lines 350-361 Link Here
350	gstring * corked;	363	gstring * corked;
351	} exim_openssl_client_tls_ctx;	364	} exim_openssl_client_tls_ctx;
352		365
353	static SSL_CTX *server_ctx = NULL;	366
354	static SSL *server_ssl = NULL;	367	/* static SSL_CTX server_ctx = NULL; /
		368	/* static SSL server_ssl = NULL; /
355		369
356	#ifdef EXIM_HAVE_OPENSSL_TLSEXT	370	#ifdef EXIM_HAVE_OPENSSL_TLSEXT
357	static SSL_CTX *server_sni = NULL;	371	static SSL_CTX *server_sni = NULL;
358	#endif	372	#endif
		373	#ifdef EXIM_HAVE_ALPN
		374	static BOOL server_seen_alpn = FALSE;
		375	#endif
359		376
360	static char ssl_errstring[256];	377	static char ssl_errstring[256];
361		378
Lines 371-377 Link Here
371	OCSP_RESPONSE * resp;	388	OCSP_RESPONSE * resp;
372	} ocsp_resplist;	389	} ocsp_resplist;
373		390
374	typedef struct tls_ext_ctx_cb {	391	typedef struct exim_openssl_state {
		392	exim_tlslib_state lib_state;
		393	#define lib_ctx libdata0
		394	#define lib_ssl libdata1
		395
375	tls_support * tlsp;	396	tls_support * tlsp;
376	uschar * certificate;	397	uschar * certificate;
377	uschar * privatekey;	398	uschar * privatekey;
Lines 399-420 Link Here
399	#ifndef DISABLE_EVENT	420	#ifndef DISABLE_EVENT
400	uschar * event_action;	421	uschar * event_action;
401	#endif	422	#endif
402	} tls_ext_ctx_cb;	423	} exim_openssl_state_st;
403		424
404	/* should figure out a cleanup of API to handle state preserved per	425	/* should figure out a cleanup of API to handle state preserved per
405	implementation, for various reasons, which can be void * in the APIs.	426	implementation, for various reasons, which can be void * in the APIs.
406	For now, we hack around it. */	427	For now, we hack around it. */
407	tls_ext_ctx_cb client_static_cbinfo = NULL; /XXX should not use static; multiple concurrent clients! */	428	exim_openssl_state_st client_static_state = NULL; /XXX should not use static; multiple concurrent clients! */
408	tls_ext_ctx_cb *server_static_cbinfo = NULL;	429	exim_openssl_state_st state_server = {.is_server = TRUE};
409		430
410	static int	431	static int
411	setup_certs(SSL_CTX sctx, uschar certs, uschar crl, host_item host, BOOL optional,	432	setup_certs(SSL_CTX sctx, uschar certs, uschar crl, host_item host,
412	int (cert_vfy_cb)(int, X509_STORE_CTX ), uschar ** errstr );	433	uschar ** errstr );
413		434
414	/* Callbacks */	435	/* Callbacks */
415	#ifdef EXIM_HAVE_OPENSSL_TLSEXT
416	static int tls_servername_cb(SSL s, int ad ARG_UNUSED, void *arg);
417	#endif
418	#ifndef DISABLE_OCSP	436	#ifndef DISABLE_OCSP
419	static int tls_server_stapling_cb(SSL s, void arg);	437	static int tls_server_stapling_cb(SSL s, void arg);
420	#endif	438	#endif
Lines 422-439 Link Here
422		440
423		441
424	/* Daemon-called, before every connection, key create/rotate */	442	/* Daemon-called, before every connection, key create/rotate */
425	#ifdef EXPERIMENTAL_TLS_RESUME	443	#ifndef DISABLE_TLS_RESUME
426	static void tk_init(void);	444	static void tk_init(void);
427	static int tls_exdata_idx = -1;	445	static int tls_exdata_idx = -1;
428	#endif	446	#endif
429		447
430	void	448	static void
431	tls_daemon_init(void)	449	tls_per_lib_daemon_tick(void)
432	{	450	{
433	#ifdef EXPERIMENTAL_TLS_RESUME	451	#ifndef DISABLE_TLS_RESUME
434	tk_init();	452	tk_init();
435	#endif	453	#endif
436	return;	454	}
		455
		456	/* Called once at daemon startup */
		457
		458	static void
		459	tls_per_lib_daemon_init(void)
		460	{
		461	tls_daemon_creds_reload();
437	}	462	}
438		463
439		464
Lines 475-484 Link Here
475		500
476		501
477		502
		503	/**************************************************
		504	* General library initalisation *
		505	**************************************************/
		506
		507	static BOOL
		508	lib_rand_init(void * addr)
		509	{
		510	randstuff r;
		511	if (!RAND_status()) return TRUE;
		512
		513	gettimeofday(&r.tv, NULL);
		514	r.p = getpid();
		515	RAND_seed(US (&r), sizeof(r));
		516	RAND_seed(US big_buffer, big_buffer_size);
		517	if (addr) RAND_seed(US addr, sizeof(addr));
		518
		519	return RAND_status();
		520	}
		521
		522
		523	static void
		524	tls_openssl_init(void)
		525	{
		526	static BOOL once = FALSE;
		527	if (once) return;
		528	once = TRUE;
		529
		530	#ifdef EXIM_NEED_OPENSSL_INIT
		531	SSL_load_error_strings(); /* basic set up */
		532	OpenSSL_add_ssl_algorithms();
		533	#endif
		534
		535	#if defined(EXIM_HAVE_SHA256) && !defined(OPENSSL_AUTO_SHA256)
		536	/* SHA256 is becoming ever more popular. This makes sure it gets added to the
		537	list of available digests. */
		538	EVP_add_digest(EVP_sha256());
		539	#endif
		540
		541	(void) lib_rand_init(NULL);
		542	(void) tls_openssl_options_parse(openssl_options, &init_options);
		543	}
		544
		545
		546
		547	/*************************************************
		548	* Initialize for DH *
		549	*************************************************/
		550
		551	/* If dhparam is set, expand it, and load up the parameters for DH encryption.
		552	Server only.
		553
		554	Arguments:
		555	sctx The current SSL CTX (inbound or outbound)
		556	dhparam DH parameter file or fixed parameter identity string
		557	errstr error string pointer
		558
		559	Returns: TRUE if OK (nothing to set up, or setup worked)
		560	*/
		561
		562	static BOOL
		563	init_dh(SSL_CTX * sctx, uschar * dhparam, uschar ** errstr)
		564	{
		565	BIO * bio;
		566	#if OPENSSL_VERSION_NUMBER < 0x30000000L
567	DH * dh;
568	#else
569	EVP_PKEY * pkey;
570	#endif
571	uschar * dhexpanded;
572	const char * pem;
573	int dh_bitsize;
574
575	if (!expand_check(dhparam, US"tls_dhparam", &dhexpanded, errstr))
576	return FALSE;
577
578	if (!dhexpanded \|\| !*dhexpanded)
579	bio = BIO_new_mem_buf(CS std_dh_prime_default(), -1);
580	else if (dhexpanded[0] == '/')
581	{
582	if (!(bio = BIO_new_file(CS dhexpanded, "r")))
583	{
584	tls_error(string_sprintf("could not read dhparams file %s", dhexpanded),
585	NULL, US strerror(errno), errstr);
586	return FALSE;
587	}
588	}
589	else
590	{
591	if (Ustrcmp(dhexpanded, "none") == 0)
592	{
593	DEBUG(D_tls) debug_printf("Requested no DH parameters.\n");
594	return TRUE;
595	}
596
597	if (!(pem = std_dh_prime_named(dhexpanded)))
598	{
599	tls_error(string_sprintf("Unknown standard DH prime \"%s\"", dhexpanded),
600	NULL, US strerror(errno), errstr);
601	return FALSE;
602	}
603	bio = BIO_new_mem_buf(CS pem, -1);
604	}
605
606	if (!(
607	#if OPENSSL_VERSION_NUMBER < 0x30000000L
608	dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL)
609	#else
610	pkey = PEM_read_bio_Parameters_ex(bio, NULL, NULL, NULL)
611	#endif
612	) )
613	{
614	BIO_free(bio);
615	tls_error(string_sprintf("Could not read tls_dhparams \"%s\"", dhexpanded),
616	NULL, NULL, errstr);
617	return FALSE;
618	}
619
620	/* note: our default limit of 2236 is not a multiple of 8; the limit comes from
621	an NSS limit, and the GnuTLS APIs handle bit-sizes fine, so we went with 2236.
622	But older OpenSSL can only report in bytes (octets), not bits. If someone wants
623	to dance at the edge, then they can raise the limit or use current libraries. */
624
625	#if OPENSSL_VERSION_NUMBER < 0x30000000L
626	# ifdef EXIM_HAVE_OPENSSL_DH_BITS
627	/* Added in commit 26c79d5641d; `git describe --contains` says OpenSSL_1_1_0-pre1~1022
628	This predates OpenSSL_1_1_0 (before a, b, ...) so is in all 1.1.0 */
629	dh_bitsize = DH_bits(dh);
630	# else
631	dh_bitsize = 8 * DH_size(dh);
632	# endif
633	#else /* 3.0.0 + */
634	dh_bitsize = EVP_PKEY_get_bits(pkey);
635	#endif
636
637	/* Even if it is larger, we silently return success rather than cause things to
638	fail out, so that a too-large DH will not knock out all TLS; it's a debatable
639	choice. Likewise for a failing attempt to set one. */
640
641	if (dh_bitsize <= tls_dh_max_bits)
642	{
643	if (
644	#if OPENSSL_VERSION_NUMBER < 0x30000000L
645	SSL_CTX_set_tmp_dh(sctx, dh)
646	#else
647	SSL_CTX_set0_tmp_dh_pkey(sctx, pkey)
648	#endif
649	== 0)
650	{
651	ERR_error_string_n(ERR_get_error(), ssl_errstring, sizeof(ssl_errstring));
652	log_write(0, LOG_MAIN\|LOG_PANIC, "TLS error (D-H param setting '%s'): %s",
653	dhexpanded ? dhexpanded : US"default", ssl_errstring);
654	#if OPENSSL_VERSION_NUMBER >= 0x30000000L
655	/* EVP_PKEY_free(pkey); crashes */
656	#endif
657	}
658	else
659	DEBUG(D_tls)
660	debug_printf("Diffie-Hellman initialized from %s with %d-bit prime\n",
661	dhexpanded ? dhexpanded : US"default", dh_bitsize);
662	}
663	else
664	DEBUG(D_tls)
665	debug_printf("dhparams '%s' %d bits, is > tls_dh_max_bits limit of %d\n",
666	dhexpanded ? dhexpanded : US"default", dh_bitsize, tls_dh_max_bits);
667
668	#if OPENSSL_VERSION_NUMBER < 0x30000000L
669	DH_free(dh);
670	#endif
671	/* The EVP_PKEY ownership stays with the ctx; do not free it */
672
673	BIO_free(bio);
674	return TRUE;
675	}
676
677
678
679
680	/*************************************************
681	* Initialize for ECDH *
682	*************************************************/
683
684	/* Load parameters for ECDH encryption. Server only.
685
686	For now, we stick to NIST P-256 because: it's simple and easy to configure;
687	it avoids any patent issues that might bite redistributors; despite events in
688	the news and concerns over curve choices, we're not cryptographers, we're not
689	pretending to be, and this is "good enough" to be better than no support,
690	protecting against most adversaries. Given another year or two, there might
691	be sufficient clarity about a "right" way forward to let us make an informed
692	decision, instead of a knee-jerk reaction.
693
694	Longer-term, we should look at supporting both various named curves and
695	external files generated with "openssl ecparam", much as we do for init_dh().
696	We should also support "none" as a value, to explicitly avoid initialisation.
697
698	Patches welcome.
699
700	Arguments:
701	sctx The current SSL CTX (inbound or outbound)
702	errstr error string pointer
703
704	Returns: TRUE if OK (nothing to set up, or setup worked)
705	*/
706
707	static BOOL
708	init_ecdh(SSL_CTX * sctx, uschar ** errstr)
709	{
710	#ifdef OPENSSL_NO_ECDH
711	return TRUE;
712	#else
713
714	uschar * exp_curve;
715	int nid;
716	BOOL rv;
717
718	# ifndef EXIM_HAVE_ECDH
719	DEBUG(D_tls)
720	debug_printf("No OpenSSL API to define ECDH parameters, skipping\n");
721	return TRUE;
722	# else
723
724	if (!expand_check(tls_eccurve, US"tls_eccurve", &exp_curve, errstr))
725	return FALSE;
726	if (!exp_curve \|\| !*exp_curve)
727	return TRUE;
728
729	/* "auto" needs to be handled carefully.
730	* OpenSSL < 1.0.2: we do not select anything, but fallback to prime256v1
731	* OpenSSL < 1.1.0: we have to call SSL_CTX_set_ecdh_auto
732	* (openssl/ssl.h defines SSL_CTRL_SET_ECDH_AUTO)
733	* OpenSSL >= 1.1.0: we do not set anything, the libray does autoselection
734	* https://github.com/openssl/openssl/commit/fe6ef2472db933f01b59cad82aa925736935984b
735	*/
736	if (Ustrcmp(exp_curve, "auto") == 0)
737	{
738	#if OPENSSL_VERSION_NUMBER < 0x10002000L
739	DEBUG(D_tls) debug_printf(
740	"ECDH OpenSSL < 1.0.2: temp key parameter settings: overriding \"auto\" with \"prime256v1\"\n");
741	exp_curve = US"prime256v1";
742	#else
743	# if defined SSL_CTRL_SET_ECDH_AUTO
744	DEBUG(D_tls) debug_printf(
745	"ECDH OpenSSL 1.0.2+: temp key parameter settings: autoselection\n");
746	SSL_CTX_set_ecdh_auto(sctx, 1);
747	return TRUE;
748	# else
749	DEBUG(D_tls) debug_printf(
750	"ECDH OpenSSL 1.1.0+: temp key parameter settings: default selection\n");
751	return TRUE;
752	# endif
753	#endif
754	}
755
756	DEBUG(D_tls) debug_printf("ECDH: curve '%s'\n", exp_curve);
757	if ( (nid = OBJ_sn2nid (CCS exp_curve)) == NID_undef
758	# ifdef EXIM_HAVE_OPENSSL_EC_NIST2NID
759	&& (nid = EC_curve_nist2nid(CCS exp_curve)) == NID_undef
760	# endif
761	)
762	{
763	tls_error(string_sprintf("Unknown curve name tls_eccurve '%s'", exp_curve),
764	NULL, NULL, errstr);
765	return FALSE;
766	}
767
768	# if OPENSSL_VERSION_NUMBER < 0x30000000L
769	{
770	EC_KEY * ecdh;
771	if (!(ecdh = EC_KEY_new_by_curve_name(nid)))
772	{
773	tls_error(US"Unable to create ec curve", NULL, NULL, errstr);
774	return FALSE;
775	}
776
777	/* The "tmp" in the name here refers to setting a temporary key
778	not to the stability of the interface. */
779
780	if ((rv = SSL_CTX_set_tmp_ecdh(sctx, ecdh) == 0))
781	tls_error(string_sprintf("Error enabling '%s' curve", exp_curve), NULL, NULL, errstr);
782	else
783	DEBUG(D_tls) debug_printf("ECDH: enabled '%s' curve\n", exp_curve);
784	EC_KEY_free(ecdh);
785	}
786
787	#else /* v 3.0.0 + */
788
789	if ((rv = SSL_CTX_set1_groups(sctx, &nid, 1)) == 0)
790	tls_error(string_sprintf("Error enabling '%s' group", exp_curve), NULL, NULL, errstr);
791	else
792	DEBUG(D_tls) debug_printf("ECDH: enabled '%s' group\n", exp_curve);
793
794	#endif
795
796	return !rv;
797
798	# endif /EXIM_HAVE_ECDH/
799	#endif /OPENSSL_NO_ECDH/
800	}
801
802
803
478	/*************************************************	804	/*************************************************
479	* Callback to generate RSA key *	805	* Expand key and cert file specs *
480	*************************************************/	806	*************************************************/
481		807
		808	#if OPENSSL_VERSION_NUMBER < 0x30000000L
482	/*	809	/*
483	Arguments:	810	Arguments:
484	s SSL connection (not used)	811	s SSL connection (not used)
Lines 496-512 Link Here
496	BIGNUM *bn = BN_new();	823	BIGNUM *bn = BN_new();
497	#endif	824	#endif
498		825
499	export = export; /* Shut picky compilers up */
500	DEBUG(D_tls) debug_printf("Generating %d bit RSA key...\n", keylength);	826	DEBUG(D_tls) debug_printf("Generating %d bit RSA key...\n", keylength);
501		827
502	#ifdef EXIM_HAVE_RSA_GENKEY_EX	828	# ifdef EXIM_HAVE_RSA_GENKEY_EX
503	if ( !BN_set_word(bn, (unsigned long)RSA_F4)	829	if ( !BN_set_word(bn, (unsigned long)RSA_F4)
504	\|\| !(rsa_key = RSA_new())	830	\|\| !(rsa_key = RSA_new())
505	\|\| !RSA_generate_key_ex(rsa_key, keylength, bn, NULL)	831	\|\| !RSA_generate_key_ex(rsa_key, keylength, bn, NULL)
506	)	832	)
507	#else	833	# else
508	if (!(rsa_key = RSA_generate_key(keylength, RSA_F4, NULL, NULL)))	834	if (!(rsa_key = RSA_generate_key(keylength, RSA_F4, NULL, NULL)))
509	#endif	835	# endif
510		836
511	{	837	{
512	ERR_error_string_n(ERR_get_error(), ssl_errstring, sizeof(ssl_errstring));	838	ERR_error_string_n(ERR_get_error(), ssl_errstring, sizeof(ssl_errstring));
Lines 516-548 Link Here
516	}	842	}
517	return rsa_key;	843	return rsa_key;
518	}	844	}
		845	#endif /* pre-3.0.0 */
519		846
520		847
521		848
522	/* Extreme debug	849	/* Create and install a selfsigned certificate, for use in server mode */
523	#ifndef DISABLE_OCSP	850	/*XXX we could arrange to call this during prelo for a null tls_certificate option.
524	void	851	The normal cache inval + relo will suffice.
525	x509_store_dump_cert_s_names(X509_STORE * store)	852	Just need a timer for inval. */
		853
		854	static int
		855	tls_install_selfsign(SSL_CTX * sctx, uschar ** errstr)
526	{	856	{
527	STACK_OF(X509_OBJECT) * roots= store->objs;	857	X509 * x509 = NULL;
528	static uschar name[256];	858	EVP_PKEY * pkey;
		859	X509_NAME * name;
		860	uschar * where;
529		861
530	for (int i= 0; i < sk_X509_OBJECT_num(roots); i++)	862	DEBUG(D_tls) debug_printf("TLS: generating selfsigned server cert\n");
		863	where = US"allocating pkey";
		864	if (!(pkey = EVP_PKEY_new()))
		865	goto err;
		866
		867	where = US"allocating cert";
		868	if (!(x509 = X509_new()))
		869	goto err;
		870
		871	where = US"generating pkey";
		872	#if OPENSSL_VERSION_NUMBER < 0x30000000L
		873	{
		874	RSA * rsa;
		875	if (!(rsa = rsa_callback(NULL, 0, 2048)))
		876	goto err;
		877
		878	where = US"assigning pkey";
		879	if (!EVP_PKEY_assign_RSA(pkey, rsa))
		880	goto err;
		881	}
		882	#else
		883	pkey = EVP_RSA_gen(2048);
		884	#endif
		885
		886	X509_set_version(x509, 2); /* N+1 - version 3 */
		887	ASN1_INTEGER_set(X509_get_serialNumber(x509), 1);
		888	X509_gmtime_adj(X509_get_notBefore(x509), 0);
		889	X509_gmtime_adj(X509_get_notAfter(x509), (long)2 * 60 * 60); /* 2 hour */
		890	X509_set_pubkey(x509, pkey);
		891
		892	name = X509_get_subject_name(x509);
		893	X509_NAME_add_entry_by_txt(name, "C",
		894	MBSTRING_ASC, CUS "UK", -1, -1, 0);
		895	X509_NAME_add_entry_by_txt(name, "O",
		896	MBSTRING_ASC, CUS "Exim Developers", -1, -1, 0);
		897	X509_NAME_add_entry_by_txt(name, "CN",
		898	MBSTRING_ASC, CUS smtp_active_hostname, -1, -1, 0);
		899	X509_set_issuer_name(x509, name);
		900
		901	where = US"signing cert";
		902	if (!X509_sign(x509, pkey, EVP_md5()))
		903	goto err;
		904
		905	where = US"installing selfsign cert";
		906	if (!SSL_CTX_use_certificate(sctx, x509))
		907	goto err;
		908
		909	where = US"installing selfsign key";
		910	if (!SSL_CTX_use_PrivateKey(sctx, pkey))
		911	goto err;
		912
		913	return OK;
		914
		915	err:
		916	(void) tls_error(where, NULL, NULL, errstr);
		917	if (x509) X509_free(x509);
		918	if (pkey) EVP_PKEY_free(pkey);
		919	return DEFER;
		920	}
		921
		922
		923
		924
		925
		926
927
928	/*************************************************
929	* Information callback *
930	*************************************************/
931
932	/* The SSL library functions call this from time to time to indicate what they
933	are doing. We copy the string to the debugging output when TLS debugging has
934	been requested.
935
936	Arguments:
937	s the SSL connection
938	where
939	ret
940
941	Returns: nothing
942	*/
943
944	static void
945	info_callback(SSL *s, int where, int ret)
946	{
947	DEBUG(D_tls)
531	{	948	{
532	X509_OBJECT * tmp_obj= sk_X509_OBJECT_value(roots, i);	949	const uschar * str;
533	if(tmp_obj->type == X509_LU_X509)	950
		951	if (where & SSL_ST_CONNECT)
		952	str = US"SSL_connect";
		953	else if (where & SSL_ST_ACCEPT)
		954	str = US"SSL_accept";
		955	else
		956	str = US"SSL info (undefined)";
		957
		958	if (where & SSL_CB_LOOP)
		959	debug_printf("%s: %s\n", str, SSL_state_string_long(s));
		960	else if (where & SSL_CB_ALERT)
		961	debug_printf("SSL3 alert %s:%s:%s\n",
		962	str = where & SSL_CB_READ ? US"read" : US"write",
		963	SSL_alert_type_string_long(ret), SSL_alert_desc_string_long(ret));
		964	else if (where & SSL_CB_EXIT)
534	{	965	{
535	X509_NAME * sn = X509_get_subject_name(tmp_obj->data.x509);	966	if (ret == 0)
536	if (X509_NAME_oneline(sn, CS name, sizeof(name)))	967	debug_printf("%s: failed in %s\n", str, SSL_state_string_long(s));
537	{	968	else if (ret < 0)
538	name[sizeof(name)-1] = '\0';	969	debug_printf("%s: error in %s\n", str, SSL_state_string_long(s));
539	debug_printf(" %s\n", name);
540	}
541	}	970	}
		971	else if (where & SSL_CB_HANDSHAKE_START)
		972	debug_printf("%s: hshake start: %s\n", str, SSL_state_string_long(s));
		973	else if (where & SSL_CB_HANDSHAKE_DONE)
		974	debug_printf("%s: hshake done: %s\n", str, SSL_state_string_long(s));
542	}	975	}
543	}	976	}
		977
		978	#ifdef OPENSSL_HAVE_KEYLOG_CB
		979	static void
		980	keylog_callback(const SSL ssl, const char line)
		981	{
		982	char * filename;
		983	FILE * fp;
		984	DEBUG(D_tls) debug_printf("%.200s\n", line);
		985	if (!(filename = getenv("SSLKEYLOGFILE"))) return;
		986	if (!(fp = fopen(filename, "a"))) return;
		987	fprintf(fp, "%s\n", line);
		988	fclose(fp);
		989	}
544	#endif	990	#endif
545	*/	991
		992
		993
546		994
547		995
548	#ifndef DISABLE_EVENT	996	#ifndef DISABLE_EVENT
Lines 554-567 Link Here
554	uschar * yield;	1002	uschar * yield;
555	X509 * old_cert;	1003	X509 * old_cert;
556		1004
557	ev = tlsp == &tls_out ? client_static_cbinfo->event_action : event_action;	1005	ev = tlsp == &tls_out ? client_static_state->event_action : event_action;
558	if (ev)	1006	if (ev)
559	{	1007	{
560	DEBUG(D_tls) debug_printf("verify_event: %s %d\n", what, depth);	1008	DEBUG(D_tls) debug_printf("verify_event: %s %d\n", what, depth);
561	old_cert = tlsp->peercert;	1009	old_cert = tlsp->peercert;
562	tlsp->peercert = X509_dup(cert);	1010	tlsp->peercert = X509_dup(cert);
563	/* NB we do not bother setting peerdn */	1011	/* NB we do not bother setting peerdn */
564	if ((yield = event_raise(ev, US"tls:cert", string_sprintf("%d", depth))))	1012	if ((yield = event_raise(ev, US"tls:cert", string_sprintf("%d", depth), &errno)))
565	{	1013	{
566	log_write(0, LOG_MAIN, "[%s] %s verify denied by event-action: "	1014	log_write(0, LOG_MAIN, "[%s] %s verify denied by event-action: "
567	"depth=%d cert=%s: %s",	1015	"depth=%d cert=%s: %s",
Lines 661-675 Link Here
661	{	1109	{
662	DEBUG(D_tls) debug_printf("SSL verify ok: depth=%d SN=%s\n", depth, dn);	1110	DEBUG(D_tls) debug_printf("SSL verify ok: depth=%d SN=%s\n", depth, dn);
663	#ifndef DISABLE_OCSP	1111	#ifndef DISABLE_OCSP
664	if (tlsp == &tls_out && client_static_cbinfo->u_ocsp.client.verify_store)	1112	if (tlsp == &tls_out && client_static_state->u_ocsp.client.verify_store)
665	{ /* client, wanting stapling */	1113	{ /* client, wanting stapling */
666	/* Add the server cert's signing chain as the one	1114	/* Add the server cert's signing chain as the one
667	for the verification of the OCSP stapled information. */	1115	for the verification of the OCSP stapled information. */
668		1116
669	if (!X509_STORE_add_cert(client_static_cbinfo->u_ocsp.client.verify_store,	1117	if (!X509_STORE_add_cert(client_static_state->u_ocsp.client.verify_store,
670	cert))	1118	cert))
671	ERR_clear_error();	1119	ERR_clear_error();
672	sk_X509_push(client_static_cbinfo->verify_stack, cert);	1120	sk_X509_push(client_static_state->verify_stack, cert);
673	}	1121	}
674	#endif	1122	#endif
675	#ifndef DISABLE_EVENT	1123	#ifndef DISABLE_EVENT
Lines 682-688 Link Here
682	const uschar * verify_cert_hostnames;	1130	const uschar * verify_cert_hostnames;
683		1131
684	if ( tlsp == &tls_out	1132	if ( tlsp == &tls_out
685	&& ((verify_cert_hostnames = client_static_cbinfo->verify_cert_hostnames)))	1133	&& ((verify_cert_hostnames = client_static_state->verify_cert_hostnames)))
686	/* client, wanting hostname check */	1134	/* client, wanting hostname check */
687	{	1135	{
688		1136
Lines 802-816 Link Here
802	{	1250	{
803	tls_out.dane_verified = TRUE;	1251	tls_out.dane_verified = TRUE;
804	#ifndef DISABLE_OCSP	1252	#ifndef DISABLE_OCSP
805	if (client_static_cbinfo->u_ocsp.client.verify_store)	1253	if (client_static_state->u_ocsp.client.verify_store)
806	{ /* client, wanting stapling */	1254	{ /* client, wanting stapling */
807	/* Add the server cert's signing chain as the one	1255	/* Add the server cert's signing chain as the one
808	for the verification of the OCSP stapled information. */	1256	for the verification of the OCSP stapled information. */
809		1257
810	if (!X509_STORE_add_cert(client_static_cbinfo->u_ocsp.client.verify_store,	1258	if (!X509_STORE_add_cert(client_static_state->u_ocsp.client.verify_store,
811	cert))	1259	cert))
812	ERR_clear_error();	1260	ERR_clear_error();
813	sk_X509_push(client_static_cbinfo->verify_stack, cert);	1261	sk_X509_push(client_static_state->verify_stack, cert);
814	}	1262	}
815	#endif	1263	#endif
816	}	1264	}
Lines 828-1236 Link Here
828	#endif /SUPPORT_DANE/	1276	#endif /SUPPORT_DANE/
829		1277
830		1278
831	/*************************************************
832	* Information callback *
833	*************************************************/
834
835	/* The SSL library functions call this from time to time to indicate what they
836	are doing. We copy the string to the debugging output when TLS debugging has
837	been requested.
838
839	Arguments:
840	s the SSL connection
841	where
842	ret
843
844	Returns: nothing
845	*/
846
847	static void
848	info_callback(SSL *s, int where, int ret)
849	{
850	DEBUG(D_tls)
851	{
852	const uschar * str;
853
854	if (where & SSL_ST_CONNECT)
855	str = US"SSL_connect";
856	else if (where & SSL_ST_ACCEPT)
857	str = US"SSL_accept";
858	else
859	str = US"SSL info (undefined)";
860
861	if (where & SSL_CB_LOOP)
862	debug_printf("%s: %s\n", str, SSL_state_string_long(s));
863	else if (where & SSL_CB_ALERT)
864	debug_printf("SSL3 alert %s:%s:%s\n",
865	str = where & SSL_CB_READ ? US"read" : US"write",
866	SSL_alert_type_string_long(ret), SSL_alert_desc_string_long(ret));
867	else if (where & SSL_CB_EXIT)
868	if (ret == 0)
869	debug_printf("%s: failed in %s\n", str, SSL_state_string_long(s));
870	else if (ret < 0)
871	debug_printf("%s: error in %s\n", str, SSL_state_string_long(s));
872	else if (where & SSL_CB_HANDSHAKE_START)
873	debug_printf("%s: hshake start: %s\n", str, SSL_state_string_long(s));
874	else if (where & SSL_CB_HANDSHAKE_DONE)
875	debug_printf("%s: hshake done: %s\n", str, SSL_state_string_long(s));
876	}
877	}
878
879	#ifdef OPENSSL_HAVE_KEYLOG_CB
880	static void
881	keylog_callback(const SSL ssl, const char line)
882	{
883	char * filename;
884	FILE * fp;
885	DEBUG(D_tls) debug_printf("%.200s\n", line);
886	if (!(filename = getenv("SSLKEYLOGFILE"))) return;
887	if (!(fp = fopen(filename, "a"))) return;
888	fprintf(fp, "%s\n", line);
889	fclose(fp);
890	}
891	#endif
892
893
894	#ifdef EXPERIMENTAL_TLS_RESUME
895	/* Manage the keysets used for encrypting the session tickets, on the server. */
896
897	typedef struct { /* Session ticket encryption key */
898	uschar name[16];
899
900	const EVP_CIPHER * aes_cipher;
901	uschar aes_key[32]; /* size needed depends on cipher. aes_128 implies 128/8 = 16? */
902	const EVP_MD * hmac_hash;
903	uschar hmac_key[16];
904	time_t renew;
905	time_t expire;
906	} exim_stek;
907
908	static exim_stek exim_tk; /* current key */
909	static exim_stek exim_tk_old; /* previous key */
910
911	static void
912	tk_init(void)
913	{
914	time_t t = time(NULL);
915
916	if (exim_tk.name[0])
917	{
918	if (exim_tk.renew >= t) return;
919	exim_tk_old = exim_tk;
920	}
921
922	if (f.running_in_test_harness) ssl_session_timeout = 6;
923
924	DEBUG(D_tls) debug_printf("OpenSSL: %s STEK\n", exim_tk.name[0] ? "rotating" : "creating");
925	if (RAND_bytes(exim_tk.aes_key, sizeof(exim_tk.aes_key)) <= 0) return;
926	if (RAND_bytes(exim_tk.hmac_key, sizeof(exim_tk.hmac_key)) <= 0) return;
927	if (RAND_bytes(exim_tk.name+1, sizeof(exim_tk.name)-1) <= 0) return;
928
929	exim_tk.name[0] = 'E';
930	exim_tk.aes_cipher = EVP_aes_256_cbc();
931	exim_tk.hmac_hash = EVP_sha256();
932	exim_tk.expire = t + ssl_session_timeout;
933	exim_tk.renew = t + ssl_session_timeout/2;
934	}
935
936	static exim_stek *
937	tk_current(void)
938	{
939	if (!exim_tk.name[0]) return NULL;
940	return &exim_tk;
941	}
942
943	static exim_stek *
944	tk_find(const uschar * name)
945	{
946	return memcmp(name, exim_tk.name, sizeof(exim_tk.name)) == 0 ? &exim_tk
947	: memcmp(name, exim_tk_old.name, sizeof(exim_tk_old.name)) == 0 ? &exim_tk_old
948	: NULL;
949	}
950
951	/* Callback for session tickets, on server */
952	static int
953	ticket_key_callback(SSL * ssl, uschar key_name[16],
954	uschar * iv, EVP_CIPHER_CTX * ctx, HMAC_CTX * hctx, int enc)
955	{
956	tls_support * tlsp = server_static_cbinfo->tlsp;
957	exim_stek * key;
958
959	if (enc)
960	{
961	DEBUG(D_tls) debug_printf("ticket_key_callback: create new session\n");
962	tlsp->resumption \|= RESUME_CLIENT_REQUESTED;
963
964	if (RAND_bytes(iv, EVP_MAX_IV_LENGTH) <= 0)
965	return -1; /* insufficient random */
966
967	if (!(key = tk_current())) /* current key doesn't exist or isn't valid */
968	return 0; /* key couldn't be created */
969	memcpy(key_name, key->name, 16);
970	DEBUG(D_tls) debug_printf("STEK expire " TIME_T_FMT "\n", key->expire - time(NULL));
971
972	/XXX will want these dependent on the ssl session strength /
973	HMAC_Init_ex(hctx, key->hmac_key, sizeof(key->hmac_key),
974	key->hmac_hash, NULL);
975	EVP_EncryptInit_ex(ctx, key->aes_cipher, NULL, key->aes_key, iv);
976
977	DEBUG(D_tls) debug_printf("ticket created\n");
978	return 1;
979	}
980	else
981	{
982	time_t now = time(NULL);
983
984	DEBUG(D_tls) debug_printf("ticket_key_callback: retrieve session\n");
985	tlsp->resumption \|= RESUME_CLIENT_SUGGESTED;
986
987	if (!(key = tk_find(key_name)) \|\| key->expire < now)
988	{
989	DEBUG(D_tls)
990	{
991	debug_printf("ticket not usable (%s)\n", key ? "expired" : "not found");
992	if (key) debug_printf("STEK expire " TIME_T_FMT "\n", key->expire - now);
993	}
994	return 0;
995	}
996
997	HMAC_Init_ex(hctx, key->hmac_key, sizeof(key->hmac_key),
998	key->hmac_hash, NULL);
999	EVP_DecryptInit_ex(ctx, key->aes_cipher, NULL, key->aes_key, iv);
1000
1001	DEBUG(D_tls) debug_printf("ticket usable, STEK expire " TIME_T_FMT "\n", key->expire - now);
1002
1003	/* The ticket lifetime and renewal are the same as the STEK lifetime and
1004	renewal, which is overenthusiastic. A factor of, say, 3x longer STEK would
1005	be better. To do that we'd have to encode ticket lifetime in the name as
1006	we don't yet see the restored session. Could check posthandshake for TLS1.3
1007	and trigger a new ticket then, but cannot do that for TLS1.2 */
1008	return key->renew < now ? 2 : 1;
1009	}
1010	}
1011	#endif
1012
1013
1014
1015	/*************************************************
1016	* Initialize for DH *
1017	*************************************************/
1018
1019	/* If dhparam is set, expand it, and load up the parameters for DH encryption.
1020
1021	Arguments:
1022	sctx The current SSL CTX (inbound or outbound)
1023	dhparam DH parameter file or fixed parameter identity string
1024	host connected host, if client; NULL if server
1025	errstr error string pointer
1026
1027	Returns: TRUE if OK (nothing to set up, or setup worked)
1028	*/
1029
1030	static BOOL
1031	init_dh(SSL_CTX sctx, uschar dhparam, const host_item host, uschar * errstr)
1032	{
1033	BIO *bio;
1034	DH *dh;
1035	uschar *dhexpanded;
1036	const char *pem;
1037	int dh_bitsize;
1038
1039	if (!expand_check(dhparam, US"tls_dhparam", &dhexpanded, errstr))
1040	return FALSE;
1041
1042	if (!dhexpanded \|\| !*dhexpanded)
1043	bio = BIO_new_mem_buf(CS std_dh_prime_default(), -1);
1044	else if (dhexpanded[0] == '/')
1045	{
1046	if (!(bio = BIO_new_file(CS dhexpanded, "r")))
1047	{
1048	tls_error(string_sprintf("could not read dhparams file %s", dhexpanded),
1049	host, US strerror(errno), errstr);
1050	return FALSE;
1051	}
1052	}
1053	else
1054	{
1055	if (Ustrcmp(dhexpanded, "none") == 0)
1056	{
1057	DEBUG(D_tls) debug_printf("Requested no DH parameters.\n");
1058	return TRUE;
1059	}
1060
1061	if (!(pem = std_dh_prime_named(dhexpanded)))
1062	{
1063	tls_error(string_sprintf("Unknown standard DH prime \"%s\"", dhexpanded),
1064	host, US strerror(errno), errstr);
1065	return FALSE;
1066	}
1067	bio = BIO_new_mem_buf(CS pem, -1);
1068	}
1069
1070	if (!(dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL)))
1071	{
1072	BIO_free(bio);
1073	tls_error(string_sprintf("Could not read tls_dhparams \"%s\"", dhexpanded),
1074	host, NULL, errstr);
1075	return FALSE;
1076	}
1077
1078	/* note: our default limit of 2236 is not a multiple of 8; the limit comes from
1079	* an NSS limit, and the GnuTLS APIs handle bit-sizes fine, so we went with
1080	* 2236. But older OpenSSL can only report in bytes (octets), not bits.
1081	* If someone wants to dance at the edge, then they can raise the limit or use
1082	* current libraries. */
1083	#ifdef EXIM_HAVE_OPENSSL_DH_BITS
1084	/* Added in commit 26c79d5641d; `git describe --contains` says OpenSSL_1_1_0-pre1~1022
1085	* This predates OpenSSL_1_1_0 (before a, b, ...) so is in all 1.1.0 */
1086	dh_bitsize = DH_bits(dh);
1087	#else
1088	dh_bitsize = 8 * DH_size(dh);
1089	#endif
1090
1091	/* Even if it is larger, we silently return success rather than cause things
1092	* to fail out, so that a too-large DH will not knock out all TLS; it's a
1093	* debatable choice. */
1094	if (dh_bitsize > tls_dh_max_bits)
1095	{
1096	DEBUG(D_tls)
1097	debug_printf("dhparams file %d bits, is > tls_dh_max_bits limit of %d\n",
1098	dh_bitsize, tls_dh_max_bits);
1099	}
1100	else
1101	{
1102	SSL_CTX_set_tmp_dh(sctx, dh);
1103	DEBUG(D_tls)
1104	debug_printf("Diffie-Hellman initialized from %s with %d-bit prime\n",
1105	dhexpanded ? dhexpanded : US"default", dh_bitsize);
1106	}
1107
1108	DH_free(dh);
1109	BIO_free(bio);
1110
1111	return TRUE;
1112	}
1113
1114
1115
1116
1117	/*************************************************
1118	* Initialize for ECDH *
1119	*************************************************/
1120
1121	/* Load parameters for ECDH encryption.
1122
1123	For now, we stick to NIST P-256 because: it's simple and easy to configure;
1124	it avoids any patent issues that might bite redistributors; despite events in
1125	the news and concerns over curve choices, we're not cryptographers, we're not
1126	pretending to be, and this is "good enough" to be better than no support,
1127	protecting against most adversaries. Given another year or two, there might
1128	be sufficient clarity about a "right" way forward to let us make an informed
1129	decision, instead of a knee-jerk reaction.
1130
1131	Longer-term, we should look at supporting both various named curves and
1132	external files generated with "openssl ecparam", much as we do for init_dh().
1133	We should also support "none" as a value, to explicitly avoid initialisation.
1134
1135	Patches welcome.
1136
1137	Arguments:
1138	sctx The current SSL CTX (inbound or outbound)
1139	host connected host, if client; NULL if server
1140	errstr error string pointer
1141
1142	Returns: TRUE if OK (nothing to set up, or setup worked)
1143	*/
1144
1145	static BOOL
1146	init_ecdh(SSL_CTX * sctx, host_item * host, uschar ** errstr)
1147	{
1148	#ifdef OPENSSL_NO_ECDH
1149	return TRUE;
1150	#else
1151
1152	EC_KEY * ecdh;
1153	uschar * exp_curve;
1154	int nid;
1155	BOOL rv;
1156
1157	if (host) /* No ECDH setup for clients, only for servers */
1158	return TRUE;
1159
1160	# ifndef EXIM_HAVE_ECDH
1161	DEBUG(D_tls)
1162	debug_printf("No OpenSSL API to define ECDH parameters, skipping\n");
1163	return TRUE;
1164	# else
1165
1166	if (!expand_check(tls_eccurve, US"tls_eccurve", &exp_curve, errstr))
1167	return FALSE;
1168	if (!exp_curve \|\| !*exp_curve)
1169	return TRUE;
1170
1171	/* "auto" needs to be handled carefully.
1172	* OpenSSL < 1.0.2: we do not select anything, but fallback to prime256v1
1173	* OpenSSL < 1.1.0: we have to call SSL_CTX_set_ecdh_auto
1174	* (openssl/ssl.h defines SSL_CTRL_SET_ECDH_AUTO)
1175	* OpenSSL >= 1.1.0: we do not set anything, the libray does autoselection
1176	* https://github.com/openssl/openssl/commit/fe6ef2472db933f01b59cad82aa925736935984b
1177	*/
1178	if (Ustrcmp(exp_curve, "auto") == 0)
1179	{
1180	#if OPENSSL_VERSION_NUMBER < 0x10002000L
1181	DEBUG(D_tls) debug_printf(
1182	"ECDH OpenSSL < 1.0.2: temp key parameter settings: overriding \"auto\" with \"prime256v1\"\n");
1183	exp_curve = US"prime256v1";
1184	#else
1185	# if defined SSL_CTRL_SET_ECDH_AUTO
1186	DEBUG(D_tls) debug_printf(
1187	"ECDH OpenSSL 1.0.2+ temp key parameter settings: autoselection\n");
1188	SSL_CTX_set_ecdh_auto(sctx, 1);
1189	return TRUE;
1190	# else
1191	DEBUG(D_tls) debug_printf(
1192	"ECDH OpenSSL 1.1.0+ temp key parameter settings: default selection\n");
1193	return TRUE;
1194	# endif
1195	#endif
1196	}
1197
1198	DEBUG(D_tls) debug_printf("ECDH: curve '%s'\n", exp_curve);
1199	if ( (nid = OBJ_sn2nid (CCS exp_curve)) == NID_undef
1200	# ifdef EXIM_HAVE_OPENSSL_EC_NIST2NID
1201	&& (nid = EC_curve_nist2nid(CCS exp_curve)) == NID_undef
1202	# endif
1203	)
1204	{
1205	tls_error(string_sprintf("Unknown curve name tls_eccurve '%s'", exp_curve),
1206	host, NULL, errstr);
1207	return FALSE;
1208	}
1209
1210	if (!(ecdh = EC_KEY_new_by_curve_name(nid)))
1211	{
1212	tls_error(US"Unable to create ec curve", host, NULL, errstr);
1213	return FALSE;
1214	}
1215
1216	/* The "tmp" in the name here refers to setting a temporary key
1217	not to the stability of the interface. */
1218
1219	if ((rv = SSL_CTX_set_tmp_ecdh(sctx, ecdh) == 0))
1220	tls_error(string_sprintf("Error enabling '%s' curve", exp_curve), host, NULL, errstr);
1221	else
1222	DEBUG(D_tls) debug_printf("ECDH: enabled '%s' curve\n", exp_curve);
1223
1224	EC_KEY_free(ecdh);
1225	return !rv;
1226
1227	# endif /EXIM_HAVE_ECDH/
1228	#endif /OPENSSL_NO_ECDH/
1229	}
1230
1231
1232
1233
1234	#ifndef DISABLE_OCSP	1279	#ifndef DISABLE_OCSP
1235	/*************************************************	1280	/*************************************************
1236	* Load OCSP information into state *	1281	* Load OCSP information into state *
Lines 1242-1257 Link Here
1242	ASSUMES: single response, for single cert.	1287	ASSUMES: single response, for single cert.
1243		1288
1244	Arguments:	1289	Arguments:
1245	sctx the SSL_CTX* to update	1290	state various parts of session state
1246	cbinfo various parts of session state
1247	filename the filename putatively holding an OCSP response	1291	filename the filename putatively holding an OCSP response
1248	is_pem file is PEM format; otherwise is DER	1292	is_pem file is PEM format; otherwise is DER
1249
1250	*/	1293	*/
1251		1294
1252	static void	1295	static void
1253	ocsp_load_response(SSL_CTX * sctx, tls_ext_ctx_cb * cbinfo,	1296	ocsp_load_response(exim_openssl_state_st * state, const uschar * filename,
1254	const uschar * filename, BOOL is_pem)	1297	BOOL is_pem)
1255	{	1298	{
1256	BIO * bio;	1299	BIO * bio;
1257	OCSP_RESPONSE * resp;	1300	OCSP_RESPONSE * resp;
Lines 1265-1274 Link Here
1265	DEBUG(D_tls)	1308	DEBUG(D_tls)
1266	debug_printf("tls_ocsp_file (%s) '%s'\n", is_pem ? "PEM" : "DER", filename);	1309	debug_printf("tls_ocsp_file (%s) '%s'\n", is_pem ? "PEM" : "DER", filename);
1267		1310
		1311	if (!filename \|\| !*filename) return;
		1312
		1313	ERR_clear_error();
1268	if (!(bio = BIO_new_file(CS filename, "rb")))	1314	if (!(bio = BIO_new_file(CS filename, "rb")))
1269	{	1315	{
1270	DEBUG(D_tls) debug_printf("Failed to open OCSP response file \"%s\"\n",	1316	log_write(0, LOG_MAIN\|LOG_PANIC,
1271	filename);	1317	"Failed to open OCSP response file \"%s\": %.100s",
		1318	filename, ERR_reason_error_string(ERR_get_error()));
1272	return;	1319	return;
1273	}	1320	}
1274		1321
Lines 1279-1289 Link Here
1279	long len;	1326	long len;
1280	if (!PEM_read_bio(bio, &dummy, &dummy, &data, &len))	1327	if (!PEM_read_bio(bio, &dummy, &dummy, &data, &len))
1281	{	1328	{
1282	DEBUG(D_tls) debug_printf("Failed to read PEM file \"%s\"\n",	1329	log_write(0, LOG_MAIN\|LOG_PANIC, "Failed to read PEM file \"%s\": %.100s",
1283	filename);	1330	filename, ERR_reason_error_string(ERR_get_error()));
1284	return;	1331	return;
1285	}	1332	}
1286	debug_printf("read pem file\n");
1287	freep = data;	1333	freep = data;
1288	resp = d2i_OCSP_RESPONSE(NULL, CUSS &data, len);	1334	resp = d2i_OCSP_RESPONSE(NULL, CUSS &data, len);
1289	OPENSSL_free(freep);	1335	OPENSSL_free(freep);
Lines 1294-1300 Link Here
1294		1340
1295	if (!resp)	1341	if (!resp)
1296	{	1342	{
1297	DEBUG(D_tls) debug_printf("Error reading OCSP response.\n");	1343	log_write(0, LOG_MAIN\|LOG_PANIC, "Error reading OCSP response from \"%s\": %s",
		1344	filename, ERR_reason_error_string(ERR_get_error()));
1298	return;	1345	return;
1299	}	1346	}
1300		1347
Lines 1320-1326 Link Here
1320	goto bad;	1367	goto bad;
1321	}	1368	}
1322		1369
1323	sk = cbinfo->verify_stack;	1370	sk = state->verify_stack;
1324	verify_flags = OCSP_NOVERIFY; /* check sigs, but not purpose */	1371	verify_flags = OCSP_NOVERIFY; /* check sigs, but not purpose */
1325		1372
1326	/* May need to expose ability to adjust those flags?	1373	/* May need to expose ability to adjust those flags?
Lines 1396-1405 Link Here
1396	supply_response:	1443	supply_response:
1397	/* Add the resp to the list used by tls_server_stapling_cb() */	1444	/* Add the resp to the list used by tls_server_stapling_cb() */
1398	{	1445	{
1399	ocsp_resplist ** op = &cbinfo->u_ocsp.server.olist, * oentry;	1446	ocsp_resplist ** op = &state->u_ocsp.server.olist, * oentry;
1400	while (oentry = *op)	1447	while (oentry = *op)
1401	op = &oentry->next;	1448	op = &oentry->next;
1402	*op = oentry = store_get(sizeof(ocsp_resplist), FALSE);	1449	*op = oentry = store_get(sizeof(ocsp_resplist), GET_UNTAINTED);
1403	oentry->next = NULL;	1450	oentry->next = NULL;
1404	oentry->resp = resp;	1451	oentry->resp = resp;
1405	}	1452	}
Lines 1421-1427 Link Here
1421		1468
1422		1469
1423	static void	1470	static void
1424	ocsp_free_response_list(tls_ext_ctx_cb * cbinfo)	1471	ocsp_free_response_list(exim_openssl_state_st * cbinfo)
1425	{	1472	{
1426	for (ocsp_resplist * olist = cbinfo->u_ocsp.server.olist; olist;	1473	for (ocsp_resplist * olist = cbinfo->u_ocsp.server.olist; olist;
1427	olist = olist->next)	1474	olist = olist->next)
Lines 1433-1506 Link Here
1433		1480
1434		1481
1435		1482
1436	/* Create and install a selfsigned certificate, for use in server mode */
1437
1438	static int
1439	tls_install_selfsign(SSL_CTX * sctx, uschar ** errstr)
1440	{
1441	X509 * x509 = NULL;
1442	EVP_PKEY * pkey;
1443	RSA * rsa;
1444	X509_NAME * name;
1445	uschar * where;
1446
1447	where = US"allocating pkey";
1448	if (!(pkey = EVP_PKEY_new()))
1449	goto err;
1450
1451	where = US"allocating cert";
1452	if (!(x509 = X509_new()))
1453	goto err;
1454
1455	where = US"generating pkey";
1456	if (!(rsa = rsa_callback(NULL, 0, 2048)))
1457	goto err;
1458
1459	where = US"assigning pkey";
1460	if (!EVP_PKEY_assign_RSA(pkey, rsa))
1461	goto err;
1462
1463	X509_set_version(x509, 2); /* N+1 - version 3 */
1464	ASN1_INTEGER_set(X509_get_serialNumber(x509), 1);
1465	X509_gmtime_adj(X509_get_notBefore(x509), 0);
1466	X509_gmtime_adj(X509_get_notAfter(x509), (long)60 * 60); /* 1 hour */
1467	X509_set_pubkey(x509, pkey);
1468
1469	name = X509_get_subject_name(x509);
1470	X509_NAME_add_entry_by_txt(name, "C",
1471	MBSTRING_ASC, CUS "UK", -1, -1, 0);
1472	X509_NAME_add_entry_by_txt(name, "O",
1473	MBSTRING_ASC, CUS "Exim Developers", -1, -1, 0);
1474	X509_NAME_add_entry_by_txt(name, "CN",
1475	MBSTRING_ASC, CUS smtp_active_hostname, -1, -1, 0);
1476	X509_set_issuer_name(x509, name);
1477
1478	where = US"signing cert";
1479	if (!X509_sign(x509, pkey, EVP_md5()))
1480	goto err;
1481
1482	where = US"installing selfsign cert";
1483	if (!SSL_CTX_use_certificate(sctx, x509))
1484	goto err;
1485
1486	where = US"installing selfsign key";
1487	if (!SSL_CTX_use_PrivateKey(sctx, pkey))
1488	goto err;
1489
1490	return OK;
1491
1492	err:
1493	(void) tls_error(where, NULL, NULL, errstr);
1494	if (x509) X509_free(x509);
1495	if (pkey) EVP_PKEY_free(pkey);
1496	return DEFER;
1497	}
1498
1499
1500
1501		1483
1502	static int	1484	static int
1503	tls_add_certfile(SSL_CTX * sctx, tls_ext_ctx_cb * cbinfo, uschar * file,	1485	tls_add_certfile(SSL_CTX * sctx, exim_openssl_state_st * cbinfo, uschar * file,
1504	uschar ** errstr)	1486	uschar ** errstr)
1505	{	1487	{
1506	DEBUG(D_tls) debug_printf("tls_certificate file '%s'\n", file);	1488	DEBUG(D_tls) debug_printf("tls_certificate file '%s'\n", file);
Lines 1512-1518 Link Here
1512	}	1494	}
1513		1495
1514	static int	1496	static int
1515	tls_add_pkeyfile(SSL_CTX * sctx, tls_ext_ctx_cb * cbinfo, uschar * file,	1497	tls_add_pkeyfile(SSL_CTX * sctx, exim_openssl_state_st * cbinfo, uschar * file,
1516	uschar ** errstr)	1498	uschar ** errstr)
1517	{	1499	{
1518	DEBUG(D_tls) debug_printf("tls_privatekey file '%s'\n", file);	1500	DEBUG(D_tls) debug_printf("tls_privatekey file '%s'\n", file);
Lines 1523-1531 Link Here
1523	}	1505	}
1524		1506
1525		1507
1526	/*************************************************	1508
1527	* Expand key and cert file specs *
1528	*************************************************/
1529		1509
1530	/* Called once during tls_init and possibly again during TLS setup, for a	1510	/* Called once during tls_init and possibly again during TLS setup, for a
1531	new context, if Server Name Indication was used and tls_sni was seen in	1511	new context, if Server Name Indication was used and tls_sni was seen in
Lines 1533-1553 Link Here
1533		1513
1534	Arguments:	1514	Arguments:
1535	sctx the SSL_CTX* to update	1515	sctx the SSL_CTX* to update
1536	cbinfo various parts of session state	1516	state various parts of session state
1537	errstr error string pointer	1517	errstr error string pointer
1538		1518
1539	Returns: OK/DEFER/FAIL	1519	Returns: OK/DEFER/FAIL
1540	*/	1520	*/
1541		1521
1542	static int	1522	static int
1543	tls_expand_session_files(SSL_CTX * sctx, tls_ext_ctx_cb * cbinfo,	1523	tls_expand_session_files(SSL_CTX * sctx, exim_openssl_state_st * state,
1544	uschar ** errstr)	1524	uschar ** errstr)
1545	{	1525	{
1546	uschar * expanded;	1526	uschar * expanded;
1547		1527
1548	if (!cbinfo->certificate)	1528	if (!state->certificate)
1549	{	1529	{
1550	if (!cbinfo->is_server) /* client */	1530	if (!state->is_server) /* client */
1551	return OK;	1531	return OK;
1552	/* server */	1532	/* server */
1553	if (tls_install_selfsign(sctx, errstr) != OK)	1533	if (tls_install_selfsign(sctx, errstr) != OK)
Lines 1558-1580 Link Here
1558	int err;	1538	int err;
1559		1539
1560	if ( !reexpand_tls_files_for_sni	1540	if ( !reexpand_tls_files_for_sni
1561	&& ( Ustrstr(cbinfo->certificate, US"tls_sni")	1541	&& ( Ustrstr(state->certificate, US"tls_sni")
1562	\|\| Ustrstr(cbinfo->certificate, US"tls_in_sni")	1542	\|\| Ustrstr(state->certificate, US"tls_in_sni")
1563	\|\| Ustrstr(cbinfo->certificate, US"tls_out_sni")	1543	\|\| Ustrstr(state->certificate, US"tls_out_sni")
1564	) )	1544	) )
1565	reexpand_tls_files_for_sni = TRUE;	1545	reexpand_tls_files_for_sni = TRUE;
1566		1546
1567	if (!expand_check(cbinfo->certificate, US"tls_certificate", &expanded, errstr))	1547	if (!expand_check(state->certificate, US"tls_certificate", &expanded, errstr))
1568	return DEFER;	1548	return DEFER;
1569		1549
1570	if (expanded)	1550	if (expanded)
1571	if (cbinfo->is_server)	1551	if (state->is_server)
1572	{	1552	{
1573	const uschar * file_list = expanded;	1553	const uschar * file_list = expanded;
1574	int sep = 0;	1554	int sep = 0;
1575	uschar * file;	1555	uschar * file;
1576	#ifndef DISABLE_OCSP	1556	#ifndef DISABLE_OCSP
1577	const uschar * olist = cbinfo->u_ocsp.server.file;	1557	const uschar * olist = state->u_ocsp.server.file;
1578	int osep = 0;	1558	int osep = 0;
1579	uschar * ofile;	1559	uschar * ofile;
1580	BOOL fmt_pem = FALSE;	1560	BOOL fmt_pem = FALSE;
Lines 1585-1606 Link Here
1585	if (olist && !*olist)	1565	if (olist && !*olist)
1586	olist = NULL;	1566	olist = NULL;
1587		1567
1588	if ( cbinfo->u_ocsp.server.file_expanded && olist	1568	if ( state->u_ocsp.server.file_expanded && olist
1589	&& (Ustrcmp(olist, cbinfo->u_ocsp.server.file_expanded) == 0))	1569	&& (Ustrcmp(olist, state->u_ocsp.server.file_expanded) == 0))
1590	{	1570	{
1591	DEBUG(D_tls) debug_printf(" - value unchanged, using existing values\n");	1571	DEBUG(D_tls) debug_printf(" - value unchanged, using existing values\n");
1592	olist = NULL;	1572	olist = NULL;
1593	}	1573	}
1594	else	1574	else
1595	{	1575	{
1596	ocsp_free_response_list(cbinfo);	1576	ocsp_free_response_list(state);
1597	cbinfo->u_ocsp.server.file_expanded = olist;	1577	state->u_ocsp.server.file_expanded = olist;
1598	}	1578	}
1599	#endif	1579	#endif
1600		1580
1601	while (file = string_nextinlist(&file_list, &sep, NULL, 0))	1581	while (file = string_nextinlist(&file_list, &sep, NULL, 0))
1602	{	1582	{
1603	if ((err = tls_add_certfile(sctx, cbinfo, file, errstr)))	1583	if ((err = tls_add_certfile(sctx, state, file, errstr)))
1604	return err;	1584	return err;
1605		1585
1606	#ifndef DISABLE_OCSP	1586	#ifndef DISABLE_OCSP
Lines 1617-1623 Link Here
1617	fmt_pem = FALSE;	1597	fmt_pem = FALSE;
1618	ofile += 4;	1598	ofile += 4;
1619	}	1599	}
1620	ocsp_load_response(sctx, cbinfo, ofile, fmt_pem);	1600	ocsp_load_response(state, ofile, fmt_pem);
1621	}	1601	}
1622	else	1602	else
1623	DEBUG(D_tls) debug_printf("ran out of ocsp file list\n");	1603	DEBUG(D_tls) debug_printf("ran out of ocsp file list\n");
Lines 1625-1635 Link Here
1625	}	1605	}
1626	}	1606	}
1627	else /* would there ever be a need for multiple client certs? */	1607	else /* would there ever be a need for multiple client certs? */
1628	if ((err = tls_add_certfile(sctx, cbinfo, expanded, errstr)))	1608	if ((err = tls_add_certfile(sctx, state, expanded, errstr)))
1629	return err;	1609	return err;
1630		1610
1631	if ( cbinfo->privatekey	1611	if ( state->privatekey
1632	&& !expand_check(cbinfo->privatekey, US"tls_privatekey", &expanded, errstr))	1612	&& !expand_check(state->privatekey, US"tls_privatekey", &expanded, errstr))
1633	return DEFER;	1613	return DEFER;
1634		1614
1635	/* If expansion was forced to fail, key_expanded will be NULL. If the result	1615	/* If expansion was forced to fail, key_expanded will be NULL. If the result
Lines 1637-1654 Link Here
1637	key is in the same file as the certificate. */	1617	key is in the same file as the certificate. */
1638		1618
1639	if (expanded && *expanded)	1619	if (expanded && *expanded)
1640	if (cbinfo->is_server)	1620	if (state->is_server)
1641	{	1621	{
1642	const uschar * file_list = expanded;	1622	const uschar * file_list = expanded;
1643	int sep = 0;	1623	int sep = 0;
1644	uschar * file;	1624	uschar * file;
1645		1625
1646	while (file = string_nextinlist(&file_list, &sep, NULL, 0))	1626	while (file = string_nextinlist(&file_list, &sep, NULL, 0))
1647	if ((err = tls_add_pkeyfile(sctx, cbinfo, file, errstr)))	1627	if ((err = tls_add_pkeyfile(sctx, state, file, errstr)))
1648	return err;	1628	return err;
1649	}	1629	}
1650	else /* would there ever be a need for multiple client certs? */	1630	else /* would there ever be a need for multiple client certs? */
1651	if ((err = tls_add_pkeyfile(sctx, cbinfo, expanded, errstr)))	1631	if ((err = tls_add_pkeyfile(sctx, state, expanded, errstr)))
1652	return err;	1632	return err;
1653	}	1633	}
1654		1634
Lines 1658-1663 Link Here
1658		1638
1659		1639
1660		1640
		1641	/**************************************************
		1642	* One-time init credentials for server and client *
		1643	**************************************************/
		1644
		1645	static void
		1646	normalise_ciphers(uschar ** ciphers, const uschar * pre_expansion_ciphers)
		1647	{
		1648	uschar * s = *ciphers;
		1649
		1650	if (!s \|\| !Ustrchr(s, '_')) return; /* no change needed */
		1651
		1652	if (s == pre_expansion_ciphers)
		1653	s = string_copy(s); /* get writable copy */
		1654
		1655	for (uschar * t = s; t; t++) if (t == '_') *t = '-';
		1656	*ciphers = s;
		1657	}
		1658
		1659	static int
		1660	server_load_ciphers(SSL_CTX * ctx, exim_openssl_state_st * state,
		1661	uschar * ciphers, uschar ** errstr)
		1662	{
		1663	DEBUG(D_tls) debug_printf("required ciphers: %s\n", ciphers);
		1664	if (!SSL_CTX_set_cipher_list(ctx, CS ciphers))
		1665	return tls_error(US"SSL_CTX_set_cipher_list", NULL, NULL, errstr);
		1666	state->server_cipher_list = ciphers;
		1667	return OK;
		1668	}
		1669
		1670
		1671
		1672	static int
		1673	lib_ctx_new(SSL_CTX ** ctxp, host_item * host, uschar ** errstr)
		1674	{
		1675	SSL_CTX * ctx;
		1676	#ifdef EXIM_HAVE_OPENSSL_TLS_METHOD
		1677	if (!(ctx = SSL_CTX_new(host ? TLS_client_method() : TLS_server_method())))
		1678	#else
		1679	if (!(ctx = SSL_CTX_new(host ? SSLv23_client_method() : SSLv23_server_method())))
		1680	#endif
		1681	return tls_error(US"SSL_CTX_new", host, NULL, errstr);
		1682
		1683	/* Set up the information callback, which outputs if debugging is at a suitable
		1684	level. */
		1685
		1686	DEBUG(D_tls)
		1687	{
		1688	SSL_CTX_set_info_callback(ctx, (void (*)())info_callback);
		1689	#if defined(EXIM_HAVE_OPESSL_TRACE) && !defined(OPENSSL_NO_SSL_TRACE)
		1690	/* this needs a debug build of OpenSSL */
		1691	SSL_CTX_set_msg_callback(ctx, (void (*)())SSL_trace);
		1692	#endif
		1693	#ifdef OPENSSL_HAVE_KEYLOG_CB
		1694	SSL_CTX_set_keylog_callback(ctx, (void (*)())keylog_callback);
		1695	#endif
		1696	}
		1697
		1698	/* Automatically re-try reads/writes after renegotiation. */
		1699	(void) SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY);
		1700	*ctxp = ctx;
		1701	return OK;
		1702	}
		1703
		1704
1705	static unsigned
1706	tls_server_creds_init(void)
1707	{
1708	SSL_CTX * ctx;
1709	uschar * dummy_errstr;
1710	unsigned lifetime = 0;
1711
1712	tls_openssl_init();
1713
1714	state_server.lib_state = null_tls_preload;
1715
1716	if (lib_ctx_new(&ctx, NULL, &dummy_errstr) != OK)
1717	return 0;
1718	state_server.lib_state.lib_ctx = ctx;
1719
1720	/* Preload DH params and EC curve */
1721
1722	if (opt_unset_or_noexpand(tls_dhparam))
1723	{
1724	DEBUG(D_tls) debug_printf("TLS: preloading DH params for server\n");
1725	if (init_dh(ctx, tls_dhparam, &dummy_errstr))
1726	state_server.lib_state.dh = TRUE;
1727	}
1728	else
1729	DEBUG(D_tls) debug_printf("TLS: not preloading DH params for server\n");
1730	if (opt_unset_or_noexpand(tls_eccurve))
1731	{
1732	DEBUG(D_tls) debug_printf("TLS: preloading ECDH curve for server\n");
1733	if (init_ecdh(ctx, &dummy_errstr))
1734	state_server.lib_state.ecdh = TRUE;
1735	}
1736	else
1737	DEBUG(D_tls) debug_printf("TLS: not preloading ECDH curve for server\n");
1738
1739	#if defined(EXIM_HAVE_INOTIFY) \|\| defined(EXIM_HAVE_KEVENT)
1740	/* If we can, preload the server-side cert, key and ocsp */
1741
1742	if ( opt_set_and_noexpand(tls_certificate)
1743	# ifndef DISABLE_OCSP
1744	&& opt_unset_or_noexpand(tls_ocsp_file)
1745	#endif
1746	&& opt_unset_or_noexpand(tls_privatekey))
1747	{
1748	/* Set watches on the filenames. The implementation does de-duplication
1749	so we can just blindly do them all. */
1750
1751	if ( tls_set_watch(tls_certificate, TRUE)
1752	# ifndef DISABLE_OCSP
1753	&& tls_set_watch(tls_ocsp_file, TRUE)
1754	#endif
1755	&& tls_set_watch(tls_privatekey, TRUE))
1756	{
1757	state_server.certificate = tls_certificate;
1758	state_server.privatekey = tls_privatekey;
1759	#ifndef DISABLE_OCSP
1760	state_server.u_ocsp.server.file = tls_ocsp_file;
1761	#endif
1762
1763	DEBUG(D_tls) debug_printf("TLS: preloading server certs\n");
1764	if (tls_expand_session_files(ctx, &state_server, &dummy_errstr) == OK)
1765	state_server.lib_state.conn_certs = TRUE;
1766	}
1767	}
1768	else if ( !tls_certificate && !tls_privatekey
1769	# ifndef DISABLE_OCSP
1770	&& !tls_ocsp_file
1771	#endif
1772	)
1773	{ /* Generate & preload a selfsigned cert. No files to watch. */
1774	if (tls_expand_session_files(ctx, &state_server, &dummy_errstr) == OK)
1775	{
1776	state_server.lib_state.conn_certs = TRUE;
1777	lifetime = f.running_in_test_harness ? 2 : 60 * 60; /* 1 hour */
1778	}
1779	}
1780	else
1781	DEBUG(D_tls) debug_printf("TLS: not preloading server certs\n");
1782
1783
1784	/* If we can, preload the Authorities for checking client certs against.
1785	Actual choice to do verify is made (tls_{,try_}verify_hosts)
1786	at TLS conn startup */
1787
1788	if ( opt_set_and_noexpand(tls_verify_certificates)
1789	&& opt_unset_or_noexpand(tls_crl))
1790	{
1791	/* Watch the default dir also as they are always included */
1792
1793	if ( tls_set_watch(CUS X509_get_default_cert_file(), FALSE)
1794	&& tls_set_watch(tls_verify_certificates, FALSE)
1795	&& tls_set_watch(tls_crl, FALSE))
1796	{
1797	DEBUG(D_tls) debug_printf("TLS: preloading CA bundle for server\n");
1798
1799	if (setup_certs(ctx, tls_verify_certificates, tls_crl, NULL, &dummy_errstr)
1800	== OK)
1801	state_server.lib_state.cabundle = TRUE;
1802	}
1803	}
1804	else
1805	DEBUG(D_tls) debug_printf("TLS: not preloading CA bundle for server\n");
1806	#endif /* EXIM_HAVE_INOTIFY */
1807
1808
1809	/* If we can, preload the ciphers control string */
1810
1811	if (opt_set_and_noexpand(tls_require_ciphers))
1812	{
1813	DEBUG(D_tls) debug_printf("TLS: preloading cipher list for server\n");
1814	normalise_ciphers(&tls_require_ciphers, tls_require_ciphers);
1815	if (server_load_ciphers(ctx, &state_server, tls_require_ciphers,
1816	&dummy_errstr) == OK)
1817	state_server.lib_state.pri_string = TRUE;
1818	}
1819	else
1820	DEBUG(D_tls) debug_printf("TLS: not preloading cipher list for server\n");
1821	return lifetime;
1822	}
1823
1824
1825
1826
1827	/* Preload whatever creds are static, onto a transport. The client can then
1828	just copy the pointer as it starts up.
1829	Called from the daemon after a cache-invalidate with watch set; called from
1830	a queue-run startup with watch clear. */
1831
1832	static void
1833	tls_client_creds_init(transport_instance * t, BOOL watch)
1834	{
1835	smtp_transport_options_block * ob = t->options_block;
1836	exim_openssl_state_st tpt_dummy_state;
1837	host_item * dummy_host = (host_item *)1;
1838	uschar * dummy_errstr;
1839	SSL_CTX * ctx;
1840
1841	tls_openssl_init();
1842
1843	ob->tls_preload = null_tls_preload;
1844	if (lib_ctx_new(&ctx, dummy_host, &dummy_errstr) != OK)
1845	return;
1846	ob->tls_preload.lib_ctx = ctx;
1847
1848	tpt_dummy_state.lib_state = ob->tls_preload;
1849
1850	#if defined(EXIM_HAVE_INOTIFY) \|\| defined(EXIM_HAVE_KEVENT)
1851	if ( opt_set_and_noexpand(ob->tls_certificate)
1852	&& opt_unset_or_noexpand(ob->tls_privatekey))
1853	{
1854	if ( !watch
1855	\|\| ( tls_set_watch(ob->tls_certificate, FALSE)
1856	&& tls_set_watch(ob->tls_privatekey, FALSE)
1857	) )
1858	{
1859	uschar * pkey = ob->tls_privatekey;
1860
1861	DEBUG(D_tls)
1862	debug_printf("TLS: preloading client certs for transport '%s'\n",t->name);
1863
1864	if ( tls_add_certfile(ctx, &tpt_dummy_state, ob->tls_certificate,
1865	&dummy_errstr) == 0
1866	&& tls_add_pkeyfile(ctx, &tpt_dummy_state,
1867	pkey ? pkey : ob->tls_certificate,
1868	&dummy_errstr) == 0
1869	)
1870	ob->tls_preload.conn_certs = TRUE;
1871	}
1872	}
1873	else
1874	DEBUG(D_tls)
1875	debug_printf("TLS: not preloading client certs, for transport '%s'\n", t->name);
1876
1877
1878	if ( opt_set_and_noexpand(ob->tls_verify_certificates)
1879	&& opt_unset_or_noexpand(ob->tls_crl))
1880	{
1881	if ( !watch
1882	\|\| tls_set_watch(CUS X509_get_default_cert_file(), FALSE)
1883	&& tls_set_watch(ob->tls_verify_certificates, FALSE)
1884	&& tls_set_watch(ob->tls_crl, FALSE)
1885	)
1886	{
1887	DEBUG(D_tls)
1888	debug_printf("TLS: preloading CA bundle for transport '%s'\n", t->name);
1889
1890	if (setup_certs(ctx, ob->tls_verify_certificates,
1891	ob->tls_crl, dummy_host, &dummy_errstr) == OK)
1892	ob->tls_preload.cabundle = TRUE;
1893	}
1894	}
1895	else
1896	DEBUG(D_tls)
1897	debug_printf("TLS: not preloading CA bundle, for transport '%s'\n", t->name);
1898
1899	#endif /EXIM_HAVE_INOTIFY/
1900	}
1901
1902
1903	#if defined(EXIM_HAVE_INOTIFY) \|\| defined(EXIM_HAVE_KEVENT)
1904	/* Invalidate the creds cached, by dropping the current ones.
1905	Call when we notice one of the source files has changed. */
1906
1907	static void
1908	tls_server_creds_invalidate(void)
1909	{
1910	SSL_CTX_free(state_server.lib_state.lib_ctx);
1911	state_server.lib_state = null_tls_preload;
1912	}
1913
1914
1915	static void
1916	tls_client_creds_invalidate(transport_instance * t)
1917	{
1918	smtp_transport_options_block * ob = t->options_block;
1919	SSL_CTX_free(ob->tls_preload.lib_ctx);
1920	ob->tls_preload = null_tls_preload;
1921	}
1922
1923	#else
1924
1925	static void
1926	tls_server_creds_invalidate(void)
1927	{ return; }
1928
1929	static void
1930	tls_client_creds_invalidate(transport_instance * t)
1931	{ return; }
1932
1933	#endif /EXIM_HAVE_INOTIFY/
1934
1935
1936	/* Extreme debug
1937	#ifndef DISABLE_OCSP
1938	void
1939	x509_store_dump_cert_s_names(X509_STORE * store)
1940	{
1941	STACK_OF(X509_OBJECT) * roots= store->objs;
1942	static uschar name[256];
1943
1944	for (int i= 0; i < sk_X509_OBJECT_num(roots); i++)
1945	{
1946	X509_OBJECT * tmp_obj= sk_X509_OBJECT_value(roots, i);
1947	if(tmp_obj->type == X509_LU_X509)
1948	{
1949	X509_NAME * sn = X509_get_subject_name(tmp_obj->data.x509);
1950	if (X509_NAME_oneline(sn, CS name, sizeof(name)))
1951	{
1952	name[sizeof(name)-1] = '\0';
1953	debug_printf(" %s\n", name);
1954	}
1955	}
1956	}
1957	}
1958	#endif
1959	*/
1960
1961
1962	#ifndef DISABLE_TLS_RESUME
1963	/* Manage the keysets used for encrypting the session tickets, on the server. */
1964
1965	typedef struct { /* Session ticket encryption key */
1966	uschar name[16];
1967
1968	const EVP_CIPHER * aes_cipher;
1969	uschar aes_key[32]; /* size needed depends on cipher. aes_128 implies 128/8 = 16? */
1970	# if OPENSSL_VERSION_NUMBER < 0x30000000L
1971	const EVP_MD * hmac_hash;
1972	# else
1973	const uschar * hmac_hashname;
1974	# endif
1975	uschar hmac_key[16];
1976	time_t renew;
1977	time_t expire;
1978	} exim_stek;
1979
1980	static exim_stek exim_tk; /* current key */
1981	static exim_stek exim_tk_old; /* previous key */
1982
1983	static void
1984	tk_init(void)
1985	{
1986	time_t t = time(NULL);
1987
1988	if (exim_tk.name[0])
1989	{
1990	if (exim_tk.renew >= t) return;
1991	exim_tk_old = exim_tk;
1992	}
1993
1994	if (f.running_in_test_harness) ssl_session_timeout = 6;
1995
1996	DEBUG(D_tls) debug_printf("OpenSSL: %s STEK\n", exim_tk.name[0] ? "rotating" : "creating");
1997	if (RAND_bytes(exim_tk.aes_key, sizeof(exim_tk.aes_key)) <= 0) return;
1998	if (RAND_bytes(exim_tk.hmac_key, sizeof(exim_tk.hmac_key)) <= 0) return;
1999	if (RAND_bytes(exim_tk.name+1, sizeof(exim_tk.name)-1) <= 0) return;
2000
2001	exim_tk.name[0] = 'E';
2002	exim_tk.aes_cipher = EVP_aes_256_cbc();
2003	# if OPENSSL_VERSION_NUMBER < 0x30000000L
2004	exim_tk.hmac_hash = EVP_sha256();
2005	# else
2006	exim_tk.hmac_hashname = US "sha256";
2007	# endif
2008	exim_tk.expire = t + ssl_session_timeout;
2009	exim_tk.renew = t + ssl_session_timeout/2;
2010	}
2011
2012	static exim_stek *
2013	tk_current(void)
2014	{
2015	if (!exim_tk.name[0]) return NULL;
2016	return &exim_tk;
2017	}
2018
2019	static exim_stek *
2020	tk_find(const uschar * name)
2021	{
2022	return memcmp(name, exim_tk.name, sizeof(exim_tk.name)) == 0 ? &exim_tk
2023	: memcmp(name, exim_tk_old.name, sizeof(exim_tk_old.name)) == 0 ? &exim_tk_old
2024	: NULL;
2025	}
2026
2027
2028	static int
2029	tk_hmac_init(
2030	# if OPENSSL_VERSION_NUMBER < 0x30000000L
2031	HMAC_CTX * hctx,
2032	#else
2033	EVP_MAC_CTX * hctx,
2034	#endif
2035	exim_stek * key
2036	)
2037	{
2038	/XXX will want these dependent on the ssl session strength /
2039	# if OPENSSL_VERSION_NUMBER < 0x30000000L
2040	HMAC_Init_ex(hctx, key->hmac_key, sizeof(key->hmac_key),
2041	key->hmac_hash, NULL);
2042	#else
2043	{
2044	OSSL_PARAM params[3];
2045	uschar * hk = string_copy(key->hmac_hashname); /* need nonconst */
2046	params[0] = OSSL_PARAM_construct_octet_string("key", key->hmac_key, sizeof(key->hmac_key));
2047	params[1] = OSSL_PARAM_construct_utf8_string("digest", CS hk, 0);
2048	params[2] = OSSL_PARAM_construct_end();
2049	if (EVP_MAC_CTX_set_params(hctx, params) == 0)
2050	{
2051	DEBUG(D_tls) debug_printf("EVP_MAC_CTX_set_params: %s\n",
2052	ERR_reason_error_string(ERR_get_error()));
2053	return 0; /* error in mac initialisation */
2054	}
2055	}
2056	#endif
2057	return 1;
2058	}
2059
2060	/* Callback for session tickets, on server */
2061	static int
2062	ticket_key_callback(SSL * ssl, uschar key_name[16],
2063	uschar * iv, EVP_CIPHER_CTX * c_ctx,
2064	# if OPENSSL_VERSION_NUMBER < 0x30000000L
2065	HMAC_CTX * hctx,
2066	#else
2067	EVP_MAC_CTX * hctx,
2068	#endif
2069	int enc)
2070	{
2071	tls_support * tlsp = state_server.tlsp;
2072	exim_stek * key;
2073
2074	if (enc)
2075	{
2076	DEBUG(D_tls) debug_printf("ticket_key_callback: create new session\n");
2077	tlsp->resumption \|= RESUME_CLIENT_REQUESTED;
2078
2079	if (RAND_bytes(iv, EVP_MAX_IV_LENGTH) <= 0)
2080	return -1; /* insufficient random */
2081
2082	if (!(key = tk_current())) /* current key doesn't exist or isn't valid */
2083	return 0; /* key couldn't be created */
2084	memcpy(key_name, key->name, 16);
2085	DEBUG(D_tls) debug_printf("STEK expire " TIME_T_FMT "\n", key->expire - time(NULL));
2086
2087	if (tk_hmac_init(hctx, key) == 0) return 0;
2088	EVP_EncryptInit_ex(c_ctx, key->aes_cipher, NULL, key->aes_key, iv);
2089
2090	DEBUG(D_tls) debug_printf("ticket created\n");
2091	return 1;
2092	}
2093	else
2094	{
2095	time_t now = time(NULL);
2096
2097	DEBUG(D_tls) debug_printf("ticket_key_callback: retrieve session\n");
2098	tlsp->resumption \|= RESUME_CLIENT_SUGGESTED;
2099
2100	if (!(key = tk_find(key_name)) \|\| key->expire < now)
2101	{
2102	DEBUG(D_tls)
2103	{
2104	debug_printf("ticket not usable (%s)\n", key ? "expired" : "not found");
2105	if (key) debug_printf("STEK expire " TIME_T_FMT "\n", key->expire - now);
2106	}
2107	return 0;
2108	}
2109
2110	if (tk_hmac_init(hctx, key) == 0) return 0;
2111	EVP_DecryptInit_ex(c_ctx, key->aes_cipher, NULL, key->aes_key, iv);
2112
2113	DEBUG(D_tls) debug_printf("ticket usable, STEK expire " TIME_T_FMT "\n", key->expire - now);
2114
2115	/* The ticket lifetime and renewal are the same as the STEK lifetime and
2116	renewal, which is overenthusiastic. A factor of, say, 3x longer STEK would
2117	be better. To do that we'd have to encode ticket lifetime in the name as
2118	we don't yet see the restored session. Could check posthandshake for TLS1.3
2119	and trigger a new ticket then, but cannot do that for TLS1.2 */
2120	return key->renew < now ? 2 : 1;
2121	}
2122	}
2123	#endif /* !DISABLE_TLS_RESUME */
2124
2125
2126
2127	static void
2128	setup_cert_verify(SSL_CTX * ctx, BOOL optional,
2129	int (cert_vfy_cb)(int, X509_STORE_CTX ))
2130	{
2131	/* If verification is optional, don't fail if no certificate */
2132
2133	SSL_CTX_set_verify(ctx,
2134	SSL_VERIFY_PEER \| (optional ? 0 : SSL_VERIFY_FAIL_IF_NO_PEER_CERT),
2135	cert_vfy_cb);
2136	}
2137
2138
1661	/*************************************************	2139	/*************************************************
1662	* Callback to handle SNI *	2140	* Callback to handle SNI *
1663	*************************************************/	2141	*************************************************/
Lines 1683-1689 Link Here
1683	tls_servername_cb(SSL s, int ad ARG_UNUSED, void *arg)	2161	tls_servername_cb(SSL s, int ad ARG_UNUSED, void *arg)
1684	{	2162	{
1685	const char *servername = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name);	2163	const char *servername = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name);
1686	tls_ext_ctx_cb cbinfo = (tls_ext_ctx_cb ) arg;	2164	exim_openssl_state_st state = (exim_openssl_state_st ) arg;
1687	int rc;	2165	int rc;
1688	int old_pool = store_pool;	2166	int old_pool = store_pool;
1689	uschar * dummy_errstr;	2167	uschar * dummy_errstr;
Lines 1696-1702 Link Here
1696		2174
1697	/* Make the extension value available for expansion */	2175	/* Make the extension value available for expansion */
1698	store_pool = POOL_PERM;	2176	store_pool = POOL_PERM;
1699	tls_in.sni = string_copy_taint(US servername, TRUE);	2177	tls_in.sni = string_copy_taint(US servername, GET_TAINTED);
1700	store_pool = old_pool;	2178	store_pool = old_pool;
1701		2179
1702	if (!reexpand_tls_files_for_sni)	2180	if (!reexpand_tls_files_for_sni)
Lines 1706-1756 Link Here
1706	not confident that memcpy wouldn't break some internal reference counting.	2184	not confident that memcpy wouldn't break some internal reference counting.
1707	Especially since there's a references struct member, which would be off. */	2185	Especially since there's a references struct member, which would be off. */
1708		2186
1709	#ifdef EXIM_HAVE_OPENSSL_TLS_METHOD	2187	if (lib_ctx_new(&server_sni, NULL, &dummy_errstr) != OK)
1710	if (!(server_sni = SSL_CTX_new(TLS_server_method())))
1711	#else
1712	if (!(server_sni = SSL_CTX_new(SSLv23_server_method())))
1713	#endif
1714	{
1715	ERR_error_string_n(ERR_get_error(), ssl_errstring, sizeof(ssl_errstring));
1716	DEBUG(D_tls) debug_printf("SSL_CTX_new() failed: %s\n", ssl_errstring);
1717	goto bad;	2188	goto bad;
1718	}
1719		2189
1720	/* Not sure how many of these are actually needed, since SSL object	2190	/* Not sure how many of these are actually needed, since SSL object
1721	already exists. Might even need this selfsame callback, for reneg? */	2191	already exists. Might even need this selfsame callback, for reneg? */
1722		2192
1723	SSL_CTX_set_info_callback(server_sni, SSL_CTX_get_info_callback(server_ctx));	2193	{
1724	SSL_CTX_set_mode(server_sni, SSL_CTX_get_mode(server_ctx));	2194	SSL_CTX * ctx = state_server.lib_state.lib_ctx;
1725	SSL_CTX_set_options(server_sni, SSL_CTX_get_options(server_ctx));	2195	SSL_CTX_set_info_callback(server_sni, SSL_CTX_get_info_callback(ctx));
1726	SSL_CTX_set_timeout(server_sni, SSL_CTX_get_timeout(server_ctx));	2196	SSL_CTX_set_mode(server_sni, SSL_CTX_get_mode(ctx));
1727	SSL_CTX_set_tlsext_servername_callback(server_sni, tls_servername_cb);	2197	SSL_CTX_set_options(server_sni, SSL_CTX_get_options(ctx));
1728	SSL_CTX_set_tlsext_servername_arg(server_sni, cbinfo);	2198	SSL_CTX_set_timeout(server_sni, SSL_CTX_get_timeout(ctx));
		2199	SSL_CTX_set_tlsext_servername_callback(server_sni, tls_servername_cb);
		2200	SSL_CTX_set_tlsext_servername_arg(server_sni, state);
		2201	}
1729		2202
1730	if ( !init_dh(server_sni, cbinfo->dhparam, NULL, &dummy_errstr)	2203	if ( !init_dh(server_sni, state->dhparam, &dummy_errstr)
1731	\|\| !init_ecdh(server_sni, NULL, &dummy_errstr)	2204	\|\| !init_ecdh(server_sni, &dummy_errstr)
1732	)	2205	)
1733	goto bad;	2206	goto bad;
1734		2207
1735	if ( cbinfo->server_cipher_list	2208	if ( state->server_cipher_list
1736	&& !SSL_CTX_set_cipher_list(server_sni, CS cbinfo->server_cipher_list))	2209	&& !SSL_CTX_set_cipher_list(server_sni, CS state->server_cipher_list))
1737	goto bad;	2210	goto bad;
1738		2211
1739	#ifndef DISABLE_OCSP	2212	#ifndef DISABLE_OCSP
1740	if (cbinfo->u_ocsp.server.file)	2213	if (state->u_ocsp.server.file)
1741	{	2214	{
1742	SSL_CTX_set_tlsext_status_cb(server_sni, tls_server_stapling_cb);	2215	SSL_CTX_set_tlsext_status_cb(server_sni, tls_server_stapling_cb);
1743	SSL_CTX_set_tlsext_status_arg(server_sni, cbinfo);	2216	SSL_CTX_set_tlsext_status_arg(server_sni, state);
1744	}	2217	}
1745	#endif	2218	#endif
1746		2219
1747	if ((rc = setup_certs(server_sni, tls_verify_certificates, tls_crl, NULL, FALSE,	2220	{
1748	verify_callback_server, &dummy_errstr)) != OK)	2221	uschar * expcerts;
1749	goto bad;	2222	if ( !expand_check(tls_verify_certificates, US"tls_verify_certificates",
		2223	&expcerts, &dummy_errstr)
		2224	\|\| (rc = setup_certs(server_sni, expcerts, tls_crl, NULL,
		2225	&dummy_errstr)) != OK)
		2226	goto bad;
		2227
		2228	if (expcerts && *expcerts)
		2229	setup_cert_verify(server_sni, FALSE, verify_callback_server);
		2230	}
1750		2231
1751	/* do this after setup_certs, because this can require the certs for verifying	2232	/* do this after setup_certs, because this can require the certs for verifying
1752	OCSP information. */	2233	OCSP information. */
1753	if ((rc = tls_expand_session_files(server_sni, cbinfo, &dummy_errstr)) != OK)	2234	if ((rc = tls_expand_session_files(server_sni, state, &dummy_errstr)) != OK)
1754	goto bad;	2235	goto bad;
1755		2236
1756	DEBUG(D_tls) debug_printf("Switching SSL context.\n");	2237	DEBUG(D_tls) debug_printf("Switching SSL context.\n");
Lines 1764-1769 Link Here
1764		2245
1765		2246
1766		2247
		2248	#ifdef EXIM_HAVE_ALPN
		2249	/*************************************************
		2250	* Callback to handle ALPN *
		2251	*************************************************/
		2252
		2253	/* Called on server if tls_alpn nonblank after expansion,
		2254	when client offers ALPN, after the SNI callback.
		2255	If set and not matching the list then we dump the connection */
		2256
		2257	static int
		2258	tls_server_alpn_cb(SSL ssl, const uschar * out, uschar * outlen,
		2259	const uschar * in, unsigned int inlen, void * arg)
		2260	{
		2261	server_seen_alpn = TRUE;
		2262	DEBUG(D_tls)
		2263	{
		2264	debug_printf("Received TLS ALPN offer:");
		2265	for (int pos = 0, siz; pos < inlen; pos += siz+1)
		2266	{
		2267	siz = in[pos];
		2268	if (pos + 1 + siz > inlen) siz = inlen - pos - 1;
		2269	debug_printf(" '%.*s'", siz, in + pos + 1);
		2270	}
		2271	debug_printf(". Our list: '%s'\n", tls_alpn);
		2272	}
		2273
		2274	/* Look for an acceptable ALPN */
		2275
		2276	if ( inlen > 1 /* at least one name */
		2277	&& in[0]+1 == inlen /* filling the vector, so exactly one name */
		2278	)
		2279	{
		2280	const uschar * list = tls_alpn;
		2281	int sep = 0;
		2282	for (uschar * name; name = string_nextinlist(&list, &sep, NULL, 0); )
		2283	if (Ustrncmp(in+1, name, in[0]) == 0)
		2284	{
		2285	out = in+1; / we checked for exactly one, so can just point to it */
		2286	*outlen = inlen;
		2287	return SSL_TLSEXT_ERR_OK; /* use ALPN */
		2288	}
		2289	}
		2290
		2291	/* More than one name from clilent, or name did not match our list. */
		2292
		2293	/* This will be fatal to the TLS conn; would be nice to kill TCP also.
		2294	Maybe as an option in future; for now leave control to the config (must-tls). */
		2295
		2296	DEBUG(D_tls) debug_printf("TLS ALPN rejected\n");
		2297	return SSL_TLSEXT_ERR_ALERT_FATAL;
		2298	}
		2299	#endif /* EXIM_HAVE_ALPN */
		2300
		2301
		2302
1767	#ifndef DISABLE_OCSP	2303	#ifndef DISABLE_OCSP
1768		2304
1769	/*************************************************	2305	/*************************************************
Lines 1781-1788 Link Here
1781	static int	2317	static int
1782	tls_server_stapling_cb(SSL s, void arg)	2318	tls_server_stapling_cb(SSL s, void arg)
1783	{	2319	{
1784	const tls_ext_ctx_cb * cbinfo = (tls_ext_ctx_cb *) arg;	2320	const exim_openssl_state_st * state = arg;
1785	ocsp_resplist * olist = cbinfo->u_ocsp.server.olist;	2321	ocsp_resplist * olist = state->u_ocsp.server.olist;
1786	uschar * response_der; /XXX blob /	2322	uschar * response_der; /XXX blob /
1787	int response_der_len;	2323	int response_der_len;
1788		2324
Lines 1799-1807 Link Here
1799	const X509 * cert_sent = SSL_get_certificate(s);	2335	const X509 * cert_sent = SSL_get_certificate(s);
1800	const ASN1_INTEGER * cert_serial = X509_get0_serialNumber(cert_sent);	2336	const ASN1_INTEGER * cert_serial = X509_get0_serialNumber(cert_sent);
1801	const BIGNUM * cert_bn = ASN1_INTEGER_to_BN(cert_serial, NULL);	2337	const BIGNUM * cert_bn = ASN1_INTEGER_to_BN(cert_serial, NULL);
1802	const X509_NAME * cert_issuer = X509_get_issuer_name(cert_sent);
1803	uschar * chash;
1804	uint chash_len;
1805		2338
1806	for (; olist; olist = olist->next)	2339	for (; olist; olist = olist->next)
1807	{	2340	{
Lines 1856-1862 Link Here
1856	if (response_der_len <= 0)	2389	if (response_der_len <= 0)
1857	return SSL_TLSEXT_ERR_NOACK;	2390	return SSL_TLSEXT_ERR_NOACK;
1858		2391
1859	SSL_set_tlsext_status_ocsp_resp(server_ssl, response_der, response_der_len);	2392	SSL_set_tlsext_status_ocsp_resp(state_server.lib_state.lib_ssl,
		2393	response_der, response_der_len);
1860	tls_in.ocsp = OCSP_VFIED;	2394	tls_in.ocsp = OCSP_VFIED;
1861	return SSL_TLSEXT_ERR_OK;	2395	return SSL_TLSEXT_ERR_OK;
1862	}	2396	}
Lines 1873-1879 Link Here
1873	static int	2407	static int
1874	tls_client_stapling_cb(SSL s, void arg)	2408	tls_client_stapling_cb(SSL s, void arg)
1875	{	2409	{
1876	tls_ext_ctx_cb * cbinfo = arg;	2410	exim_openssl_state_st * cbinfo = arg;
1877	const unsigned char * p;	2411	const unsigned char * p;
1878	int len;	2412	int len;
1879	OCSP_RESPONSE * rsp;	2413	OCSP_RESPONSE * rsp;
Lines 1883-1890 Link Here
1883	DEBUG(D_tls) debug_printf("Received TLS status callback (OCSP stapling):\n");	2417	DEBUG(D_tls) debug_printf("Received TLS status callback (OCSP stapling):\n");
1884	len = SSL_get_tlsext_status_ocsp_resp(s, &p);	2418	len = SSL_get_tlsext_status_ocsp_resp(s, &p);
1885	if(!p)	2419	if(!p)
1886	{	2420	{ /* Expect this when we requested ocsp but got none */
1887	/* Expect this when we requested ocsp but got none */	2421	if (SSL_session_reused(s) && tls_out.ocsp == OCSP_VFIED)
		2422	{
		2423	DEBUG(D_tls) debug_printf(" null, but resumed; ocsp vfy stored with session is good\n");
		2424	return 1;
		2425	}
1888	if (cbinfo->u_ocsp.client.verify_required && LOGGING(tls_cipher))	2426	if (cbinfo->u_ocsp.client.verify_required && LOGGING(tls_cipher))
1889	log_write(0, LOG_MAIN, "Required TLS certificate status not received");	2427	log_write(0, LOG_MAIN, "Required TLS certificate status not received");
1890	else	2428	else
Lines 1926-1932 Link Here
1926	STACK_OF(OCSP_SINGLERESP) * sresp = bs->tbsResponseData->responses;	2464	STACK_OF(OCSP_SINGLERESP) * sresp = bs->tbsResponseData->responses;
1927	#endif	2465	#endif
1928		2466
1929	DEBUG(D_tls) bp = BIO_new_fp(debug_file, BIO_NOCLOSE);	2467	DEBUG(D_tls) bp = BIO_new(BIO_s_mem());
1930		2468
1931	/OCSP_RESPONSE_print(bp, rsp, 0); extreme debug: stapling content /	2469	/OCSP_RESPONSE_print(bp, rsp, 0); extreme debug: stapling content /
1932		2470
Lines 1941-1949 Link Here
1941	if (LOGGING(tls_cipher)) log_write(0, LOG_MAIN,	2479	if (LOGGING(tls_cipher)) log_write(0, LOG_MAIN,
1942	"Received TLS cert status response, itself unverifiable: %s",	2480	"Received TLS cert status response, itself unverifiable: %s",
1943	ERR_reason_error_string(ERR_peek_error()));	2481	ERR_reason_error_string(ERR_peek_error()));
1944	BIO_printf(bp, "OCSP response verify failure\n");	2482	DEBUG(D_tls)
1945	ERR_print_errors(bp);	2483	{
1946	OCSP_RESPONSE_print(bp, rsp, 0);	2484	BIO_printf(bp, "OCSP response verify failure\n");
		2485	ERR_print_errors(bp);
		2486	OCSP_RESPONSE_print(bp, rsp, 0);
		2487	}
1947	goto failed;	2488	goto failed;
1948	}	2489	}
1949	else	2490	else
Lines 1981-1994 Link Here
1981	status = OCSP_single_get0_status(single, &reason, &rev,	2522	status = OCSP_single_get0_status(single, &reason, &rev,
1982	&thisupd, &nextupd);	2523	&thisupd, &nextupd);
1983		2524
1984	DEBUG(D_tls) time_print(bp, "This OCSP Update", thisupd);	2525	DEBUG(D_tls)
1985	DEBUG(D_tls) if(nextupd) time_print(bp, "Next OCSP Update", nextupd);	2526	{
		2527	time_print(bp, "This OCSP Update", thisupd);
		2528	if (nextupd) time_print(bp, "Next OCSP Update", nextupd);
		2529	}
1986	if (!OCSP_check_validity(thisupd, nextupd,	2530	if (!OCSP_check_validity(thisupd, nextupd,
1987	EXIM_OCSP_SKEW_SECONDS, EXIM_OCSP_MAX_AGE))	2531	EXIM_OCSP_SKEW_SECONDS, EXIM_OCSP_MAX_AGE))
1988	{	2532	{
1989	tls_out.ocsp = OCSP_FAILED;	2533	tls_out.ocsp = OCSP_FAILED;
1990	DEBUG(D_tls) ERR_print_errors(bp);	2534	DEBUG(D_tls) ERR_print_errors(bp);
1991	log_write(0, LOG_MAIN, "Server OSCP dates invalid");	2535	log_write(0, LOG_MAIN, "OCSP dates invalid");
1992	goto failed;	2536	goto failed;
1993	}	2537	}
1994		2538
Lines 2021-2026 Link Here
2021	tls_out.ocsp = OCSP_FAILED;	2565	tls_out.ocsp = OCSP_FAILED;
2022	i = cbinfo->u_ocsp.client.verify_required ? 0 : 1;	2566	i = cbinfo->u_ocsp.client.verify_required ? 0 : 1;
2023	good:	2567	good:
		2568	{
		2569	uschar * s = NULL;
		2570	int len = (int) BIO_get_mem_data(bp, CSS &s);
		2571	if (len > 0) debug_printf("%.*s", len, s);
		2572	}
2024	BIO_free(bp);	2573	BIO_free(bp);
2025	}	2574	}
2026		2575
Lines 2033-2127 Link Here
2033	/*************************************************	2582	/*************************************************
2034	* Initialize for TLS *	2583	* Initialize for TLS *
2035	*************************************************/	2584	*************************************************/
2036
2037	static void
2038	tls_openssl_init(void)
2039	{
2040	#ifdef EXIM_NEED_OPENSSL_INIT
2041	SSL_load_error_strings(); /* basic set up */
2042	OpenSSL_add_ssl_algorithms();
2043	#endif
2044
2045	#if defined(EXIM_HAVE_SHA256) && !defined(OPENSSL_AUTO_SHA256)
2046	/* SHA256 is becoming ever more popular. This makes sure it gets added to the
2047	list of available digests. */
2048	EVP_add_digest(EVP_sha256());
2049	#endif
2050	}
2051
2052
2053
2054	/* Called from both server and client code, to do preliminary initialization	2585	/* Called from both server and client code, to do preliminary initialization
2055	of the library. We allocate and return a context structure.	2586	of the library. We allocate and return a context structure.
2056		2587
2057	Arguments:	2588	Arguments:
2058	ctxp returned SSL context
2059	host connected host, if client; NULL if server	2589	host connected host, if client; NULL if server
2060	dhparam DH parameter file	2590	ob transport options block, if client; NULL if server
2061	certificate certificate file
2062	privatekey private key
2063	ocsp_file file of stapling info (server); flag for require ocsp (client)	2591	ocsp_file file of stapling info (server); flag for require ocsp (client)
2064	addr address if client; NULL if server (for some randomness)	2592	addr address if client; NULL if server (for some randomness)
2065	cbp place to put allocated callback context	2593	caller_state place to put pointer to allocated state-struct
2066	errstr error string pointer	2594	errstr error string pointer
2067		2595
2068	Returns: OK/DEFER/FAIL	2596	Returns: OK/DEFER/FAIL
2069	*/	2597	*/
2070		2598
2071	static int	2599	static int
2072	tls_init(SSL_CTX *ctxp, host_item host, uschar dhparam, uschar certificate,	2600	tls_init(host_item * host, smtp_transport_options_block * ob,
2073	uschar *privatekey,
2074	#ifndef DISABLE_OCSP	2601	#ifndef DISABLE_OCSP
2075	uschar *ocsp_file,	2602	uschar *ocsp_file,
2076	#endif	2603	#endif
2077	address_item addr, tls_ext_ctx_cb * cbp,	2604	address_item addr, exim_openssl_state_st * caller_state,
2078	tls_support * tlsp,	2605	tls_support * tlsp,
2079	uschar ** errstr)	2606	uschar ** errstr)
2080	{	2607	{
2081	SSL_CTX * ctx;	2608	SSL_CTX * ctx;
2082	long init_options;	2609	exim_openssl_state_st * state;
2083	int rc;	2610	int rc;
2084	tls_ext_ctx_cb * cbinfo;
2085		2611
2086	cbinfo = store_malloc(sizeof(tls_ext_ctx_cb));	2612	if (host) /* client */
2087	cbinfo->tlsp = tlsp;
2088	cbinfo->certificate = certificate;
2089	cbinfo->privatekey = privatekey;
2090	cbinfo->is_server = host==NULL;
2091	#ifndef DISABLE_OCSP
2092	cbinfo->verify_stack = NULL;
2093	if (!host)
2094	{	2613	{
2095	cbinfo->u_ocsp.server.file = ocsp_file;	2614	state = store_malloc(sizeof(exim_openssl_state_st));
2096	cbinfo->u_ocsp.server.file_expanded = NULL;	2615	memset(state, 0, sizeof(*state));
2097	cbinfo->u_ocsp.server.olist = NULL;	2616	state->certificate = ob->tls_certificate;
		2617	state->privatekey = ob->tls_privatekey;
		2618	state->is_server = FALSE;
		2619	state->dhparam = NULL;
		2620	state->lib_state = ob->tls_preload;
		2621	}
		2622	else /* server */
		2623	{
		2624	state = &state_server;
		2625	state->certificate = tls_certificate;
		2626	state->privatekey = tls_privatekey;
		2627	state->is_server = TRUE;
		2628	state->dhparam = tls_dhparam;
		2629	state->lib_state = state_server.lib_state;
2098	}	2630	}
2099	else
2100	cbinfo->u_ocsp.client.verify_store = NULL;
2101	#endif
2102	cbinfo->dhparam = dhparam;
2103	cbinfo->server_cipher_list = NULL;
2104	cbinfo->host = host;
2105	#ifndef DISABLE_EVENT
2106	cbinfo->event_action = NULL;
2107	#endif
2108		2631
2109	tls_openssl_init();	2632	state->tlsp = tlsp;
		2633	state->host = host;
2110		2634
2111	/* Create a context.	2635	if (!state->lib_state.pri_string)
2112	The OpenSSL docs in 1.0.1b have not been updated to clarify TLS variant	2636	state->server_cipher_list = NULL;
2113	negotiation in the different methods; as far as I can tell, the only
2114	*_{server,client}_method which allows negotiation is SSLv23, which exists even
2115	when OpenSSL is built without SSLv2 support.
2116	By disabling with openssl_options, we can let admins re-enable with the
2117	existing knob. */
2118		2637
2119	#ifdef EXIM_HAVE_OPENSSL_TLS_METHOD	2638	#ifndef DISABLE_EVENT
2120	if (!(ctx = SSL_CTX_new(host ? TLS_client_method() : TLS_server_method())))	2639	state->event_action = NULL;
2121	#else
2122	if (!(ctx = SSL_CTX_new(host ? SSLv23_client_method() : SSLv23_server_method())))
2123	#endif	2640	#endif
2124	return tls_error(US"SSL_CTX_new", host, NULL, errstr);	2641
		2642	tls_openssl_init();
2125		2643
2126	/* It turns out that we need to seed the random number generator this early in	2644	/* It turns out that we need to seed the random number generator this early in
2127	order to get the full complement of ciphers to work. It took me roughly a day	2645	order to get the full complement of ciphers to work. It took me roughly a day
Lines 2129-2168 Link Here
2129		2647
2130	On systems that have /dev/urandom, SSL may automatically seed itself from	2648	On systems that have /dev/urandom, SSL may automatically seed itself from
2131	there. Otherwise, we have to make something up as best we can. Double check	2649	there. Otherwise, we have to make something up as best we can. Double check
2132	afterwards. */	2650	afterwards.
2133		2651
2134	if (!RAND_status())	2652	Although we likely called this before, at daemon startup, this is a chance
2135	{	2653	to mix in further variable info (time, pid) if needed. */
2136	randstuff r;
2137	gettimeofday(&r.tv, NULL);
2138	r.p = getpid();
2139		2654
2140	RAND_seed(US (&r), sizeof(r));	2655	if (!lib_rand_init(addr))
2141	RAND_seed(US big_buffer, big_buffer_size);	2656	return tls_error(US"RAND_status", host,
2142	if (addr != NULL) RAND_seed(US addr, sizeof(addr));	2657	US"unable to seed random number generator", errstr);
2143
2144	if (!RAND_status())
2145	return tls_error(US"RAND_status", host,
2146	US"unable to seed random number generator", errstr);
2147	}
2148
2149	/* Set up the information callback, which outputs if debugging is at a suitable
2150	level. */
2151
2152	DEBUG(D_tls)
2153	{
2154	SSL_CTX_set_info_callback(ctx, (void (*)())info_callback);
2155	#if defined(EXIM_HAVE_OPESSL_TRACE) && !defined(OPENSSL_NO_SSL_TRACE)
2156	/* this needs a debug build of OpenSSL */
2157	SSL_CTX_set_msg_callback(ctx, (void (*)())SSL_trace);
2158	#endif
2159	#ifdef OPENSSL_HAVE_KEYLOG_CB
2160	SSL_CTX_set_keylog_callback(ctx, (void (*)())keylog_callback);
2161	#endif
2162	}
2163
2164	/* Automatically re-try reads/writes after renegotiation. */
2165	(void) SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY);
2166		2658
2167	/* Apply administrator-supplied work-arounds.	2659	/* Apply administrator-supplied work-arounds.
2168	Historically we applied just one requested option,	2660	Historically we applied just one requested option,
Lines 2173-2187 Link Here
2173	No OpenSSL version number checks: the options we accept depend upon the	2665	No OpenSSL version number checks: the options we accept depend upon the
2174	availability of the option value macros from OpenSSL. */	2666	availability of the option value macros from OpenSSL. */
2175		2667
2176	if (!tls_openssl_options_parse(openssl_options, &init_options))	2668	if (!init_options)
2177	return tls_error(US"openssl_options parsing failed", host, NULL, errstr);	2669	if (!tls_openssl_options_parse(openssl_options, &init_options))
		2670	return tls_error(US"openssl_options parsing failed", host, NULL, errstr);
		2671
		2672	/* Create a context.
		2673	The OpenSSL docs in 1.0.1b have not been updated to clarify TLS variant
		2674	negotiation in the different methods; as far as I can tell, the only
		2675	*_{server,client}_method which allows negotiation is SSLv23, which exists even
		2676	when OpenSSL is built without SSLv2 support.
		2677	By disabling with openssl_options, we can let admins re-enable with the
		2678	existing knob. */
2178		2679
2179	#ifdef EXPERIMENTAL_TLS_RESUME	2680	if (!(ctx = state->lib_state.lib_ctx))
		2681	{
		2682	if ((rc = lib_ctx_new(&ctx, host, errstr)) != OK)
		2683	return rc;
		2684	state->lib_state.lib_ctx = ctx;
		2685	}
		2686
		2687	#ifndef DISABLE_TLS_RESUME
2180	tlsp->resumption = RESUME_SUPPORTED;	2688	tlsp->resumption = RESUME_SUPPORTED;
2181	#endif	2689	#endif
2182	if (init_options)	2690	if (init_options)
2183	{	2691	{
2184	#ifdef EXPERIMENTAL_TLS_RESUME	2692	#ifndef DISABLE_TLS_RESUME
2185	/* Should the server offer session resumption? */	2693	/* Should the server offer session resumption? */
2186	if (!host && verify_check_host(&tls_resumption_hosts) == OK)	2694	if (!host && verify_check_host(&tls_resumption_hosts) == OK)
2187	{	2695	{
Lines 2213-2233 Link Here
2213	/* Initialize with DH parameters if supplied */	2721	/* Initialize with DH parameters if supplied */
2214	/* Initialize ECDH temp key parameter selection */	2722	/* Initialize ECDH temp key parameter selection */
2215		2723
2216	if ( !init_dh(ctx, dhparam, host, errstr)	2724	if (!host)
2217	\|\| !init_ecdh(ctx, host, errstr)	2725	{
2218	)	2726	if (state->lib_state.dh)
2219	return DEFER;	2727	{ DEBUG(D_tls) debug_printf("TLS: DH params were preloaded\n"); }
		2728	else
		2729	if (!init_dh(ctx, state->dhparam, errstr)) return DEFER;
		2730
		2731	if (state->lib_state.ecdh)
		2732	{ DEBUG(D_tls) debug_printf("TLS: ECDH curve was preloaded\n"); }
		2733	else
		2734	if (!init_ecdh(ctx, errstr)) return DEFER;
		2735	}
2220		2736
2221	/* Set up certificate and key (and perhaps OCSP info) */	2737	/* Set up certificate and key (and perhaps OCSP info) */
2222		2738
2223	if ((rc = tls_expand_session_files(ctx, cbinfo, errstr)) != OK)	2739	if (state->lib_state.conn_certs)
2224	return rc;	2740	{
		2741	DEBUG(D_tls)
		2742	debug_printf("TLS: %s certs were preloaded\n", host ? "client":"server");
		2743	}
		2744	else
		2745	{
		2746	#ifndef DISABLE_OCSP
		2747	if (!host)
		2748	{
		2749	state->u_ocsp.server.file = ocsp_file;
		2750	state->u_ocsp.server.file_expanded = NULL;
		2751	state->u_ocsp.server.olist = NULL;
		2752	}
		2753	#endif
		2754	if ((rc = tls_expand_session_files(ctx, state, errstr)) != OK) return rc;
		2755	}
2225		2756
2226	/* If we need to handle SNI or OCSP, do so */	2757	/* If we need to handle SNI or OCSP, do so */
2227		2758
2228	#ifdef EXIM_HAVE_OPENSSL_TLSEXT	2759	#ifdef EXIM_HAVE_OPENSSL_TLSEXT
2229	# ifndef DISABLE_OCSP	2760	# ifndef DISABLE_OCSP
2230	if (!(cbinfo->verify_stack = sk_X509_new_null()))	2761	if (!(state->verify_stack = sk_X509_new_null()))
2231	{	2762	{
2232	DEBUG(D_tls) debug_printf("failed to create stack for stapling verify\n");	2763	DEBUG(D_tls) debug_printf("failed to create stack for stapling verify\n");
2233	return FAIL;	2764	return FAIL;
Lines 2241-2273 Link Here
2241	the option exists, not what the current expansion might be, as SNI might	2772	the option exists, not what the current expansion might be, as SNI might
2242	change the certificate and OCSP file in use between now and the time the	2773	change the certificate and OCSP file in use between now and the time the
2243	callback is invoked. */	2774	callback is invoked. */
2244	if (cbinfo->u_ocsp.server.file)	2775	if (state->u_ocsp.server.file)
2245	{	2776	{
2246	SSL_CTX_set_tlsext_status_cb(ctx, tls_server_stapling_cb);	2777	SSL_CTX_set_tlsext_status_cb(ctx, tls_server_stapling_cb);
2247	SSL_CTX_set_tlsext_status_arg(ctx, cbinfo);	2778	SSL_CTX_set_tlsext_status_arg(ctx, state);
2248	}	2779	}
2249	# endif	2780	# endif
2250	/* We always do this, so that $tls_sni is available even if not used in	2781	/* We always do this, so that $tls_sni is available even if not used in
2251	tls_certificate */	2782	tls_certificate */
2252	SSL_CTX_set_tlsext_servername_callback(ctx, tls_servername_cb);	2783	SSL_CTX_set_tlsext_servername_callback(ctx, tls_servername_cb);
2253	SSL_CTX_set_tlsext_servername_arg(ctx, cbinfo);	2784	SSL_CTX_set_tlsext_servername_arg(ctx, state);
		2785
		2786	# ifdef EXIM_HAVE_ALPN
		2787	if (tls_alpn && *tls_alpn)
		2788	{
		2789	uschar * exp_alpn;
		2790	if ( expand_check(tls_alpn, US"tls_alpn", &exp_alpn, errstr)
		2791	&& exp_alpn && !isblank(exp_alpn))
		2792	{
		2793	tls_alpn = exp_alpn; /* subprocess so ok to overwrite */
		2794	SSL_CTX_set_alpn_select_cb(ctx, tls_server_alpn_cb, state);
		2795	}
		2796	else
		2797	tls_alpn = NULL;
		2798	}
		2799	# endif
2254	}	2800	}
2255	# ifndef DISABLE_OCSP	2801	# ifndef DISABLE_OCSP
2256	else /* client */	2802	else /* client */
2257	if(ocsp_file) /* wanting stapling */	2803	if(ocsp_file) /* wanting stapling */
2258	{	2804	{
2259	if (!(cbinfo->u_ocsp.client.verify_store = X509_STORE_new()))	2805	if (!(state->u_ocsp.client.verify_store = X509_STORE_new()))
2260	{	2806	{
2261	DEBUG(D_tls) debug_printf("failed to create store for stapling verify\n");	2807	DEBUG(D_tls) debug_printf("failed to create store for stapling verify\n");
2262	return FAIL;	2808	return FAIL;
2263	}	2809	}
2264	SSL_CTX_set_tlsext_status_cb(ctx, tls_client_stapling_cb);	2810	SSL_CTX_set_tlsext_status_cb(ctx, tls_client_stapling_cb);
2265	SSL_CTX_set_tlsext_status_arg(ctx, cbinfo);	2811	SSL_CTX_set_tlsext_status_arg(ctx, state);
2266	}	2812	}
2267	# endif	2813	# endif
2268	#endif	2814	#endif
2269		2815
2270	cbinfo->verify_cert_hostnames = NULL;	2816	state->verify_cert_hostnames = NULL;
2271		2817
2272	#ifdef EXIM_HAVE_EPHEM_RSA_KEX	2818	#ifdef EXIM_HAVE_EPHEM_RSA_KEX
2273	/* Set up the RSA callback */	2819	/* Set up the RSA callback */
Lines 2280-2287 Link Here
2280	SSL_CTX_set_timeout(ctx, ssl_session_timeout);	2826	SSL_CTX_set_timeout(ctx, ssl_session_timeout);
2281	DEBUG(D_tls) debug_printf("Initialized TLS\n");	2827	DEBUG(D_tls) debug_printf("Initialized TLS\n");
2282		2828
2283	*cbp = cbinfo;	2829	*caller_state = state;
2284	*ctxp = ctx;
2285		2830
2286	return OK;	2831	return OK;
2287	}	2832	}
Lines 2408-2425 Link Here
2408	/* Load certs from file, return TRUE on success */	2953	/* Load certs from file, return TRUE on success */
2409		2954
2410	static BOOL	2955	static BOOL
2411	chain_from_pem_file(const uschar * file, STACK_OF(X509) * verify_stack)	2956	chain_from_pem_file(const uschar * file, STACK_OF(X509) ** vp)
2412	{	2957	{
2413	BIO * bp;	2958	BIO * bp;
2414	X509 * x;	2959	STACK_OF(X509) * verify_stack = *vp;
2415		2960
2416	while (sk_X509_num(verify_stack) > 0)	2961	if (verify_stack)
2417	X509_free(sk_X509_pop(verify_stack));	2962	while (sk_X509_num(verify_stack) > 0)
		2963	X509_free(sk_X509_pop(verify_stack));
		2964	else
		2965	verify_stack = sk_X509_new_null();
2418		2966
2419	if (!(bp = BIO_new_file(CS file, "r"))) return FALSE;	2967	if (!(bp = BIO_new_file(CS file, "r"))) return FALSE;
2420	while ((x = PEM_read_bio_X509(bp, NULL, 0, NULL)))	2968	for (X509 * x; x = PEM_read_bio_X509(bp, NULL, 0, NULL); )
2421	sk_X509_push(verify_stack, x);	2969	sk_X509_push(verify_stack, x);
2422	BIO_free(bp);	2970	BIO_free(bp);
		2971	*vp = verify_stack;
2423	return TRUE;	2972	return TRUE;
2424	}	2973	}
2425	#endif	2974	#endif
Lines 2431-2450 Link Here
2431		2980
2432	Arguments:	2981	Arguments:
2433	sctx SSL_CTX* to initialise	2982	sctx SSL_CTX* to initialise
2434	certs certs file or NULL	2983	certs certs file, expanded
2435	crl CRL file or NULL	2984	crl CRL file or NULL
2436	host NULL in a server; the remote host in a client	2985	host NULL in a server; the remote host in a client
2437	optional TRUE if called from a server for a host in tls_try_verify_hosts;
2438	otherwise passed as FALSE
2439	cert_vfy_cb Callback function for certificate verification
2440	errstr error string pointer	2986	errstr error string pointer
2441		2987
2442	Returns: OK/DEFER/FAIL	2988	Returns: OK/DEFER/FAIL
2443	*/	2989	*/
2444		2990
2445	static int	2991	static int
2446	setup_certs(SSL_CTX sctx, uschar certs, uschar crl, host_item host, BOOL optional,	2992	setup_certs(SSL_CTX sctx, uschar certs, uschar crl, host_item host,
2447	int (cert_vfy_cb)(int, X509_STORE_CTX ), uschar ** errstr)	2993	uschar ** errstr)
2448	{	2994	{
2449	uschar expcerts, expcrl;	2995	uschar expcerts, expcrl;
2450		2996
Lines 2460-2466 Link Here
2460	if (!SSL_CTX_set_default_verify_paths(sctx))	3006	if (!SSL_CTX_set_default_verify_paths(sctx))
2461	return tls_error(US"SSL_CTX_set_default_verify_paths", host, NULL, errstr);	3007	return tls_error(US"SSL_CTX_set_default_verify_paths", host, NULL, errstr);
2462		3008
2463	if (Ustrcmp(expcerts, "system") != 0)	3009	if (Ustrcmp(expcerts, "system") != 0 && Ustrncmp(expcerts, "system,", 7) != 0)
2464	{	3010	{
2465	struct stat statbuf;	3011	struct stat statbuf;
2466		3012
Lines 2477-2482 Link Here
2477	{ file = NULL; dir = expcerts; }	3023	{ file = NULL; dir = expcerts; }
2478	else	3024	else
2479	{	3025	{
		3026	STACK_OF(X509) * verify_stack =
		3027	#ifndef DISABLE_OCSP
		3028	!host ? state_server.verify_stack :
		3029	#endif
		3030	NULL;
		3031	STACK_OF(X509) ** vp = &verify_stack;
		3032
2480	file = expcerts; dir = NULL;	3033	file = expcerts; dir = NULL;
2481	#ifndef DISABLE_OCSP	3034	#ifndef DISABLE_OCSP
2482	/* In the server if we will be offering an OCSP proof, load chain from	3035	/* In the server if we will be offering an OCSP proof, load chain from
Lines 2485-2495 Link Here
2485	/*XXX Glitch! The file here is tls_verify_certs: the chain for verifying the client cert.	3038	/*XXX Glitch! The file here is tls_verify_certs: the chain for verifying the client cert.
2486	This is inconsistent with the need to verify the OCSP proof of the server cert.	3039	This is inconsistent with the need to verify the OCSP proof of the server cert.
2487	*/	3040	*/
2488
2489	if ( !host	3041	if ( !host
2490	&& statbuf.st_size > 0	3042	&& statbuf.st_size > 0
2491	&& server_static_cbinfo->u_ocsp.server.file	3043	&& state_server.u_ocsp.server.file
2492	&& !chain_from_pem_file(file, server_static_cbinfo->verify_stack)	3044	&& !chain_from_pem_file(file, vp)
2493	)	3045	)
2494	{	3046	{
2495	log_write(0, LOG_MAIN\|LOG_PANIC,	3047	log_write(0, LOG_MAIN\|LOG_PANIC,
Lines 2506-2512 Link Here
2506		3058
2507	if ( (!file \|\| statbuf.st_size > 0)	3059	if ( (!file \|\| statbuf.st_size > 0)
2508	&& !SSL_CTX_load_verify_locations(sctx, CS file, CS dir))	3060	&& !SSL_CTX_load_verify_locations(sctx, CS file, CS dir))
2509	return tls_error(US"SSL_CTX_load_verify_locations", host, NULL, errstr);	3061	return tls_error(US"SSL_CTX_load_verify_locations",
		3062	host, NULL, errstr);
2510		3063
2511	/* On the server load the list of CAs for which we will accept certs, for	3064	/* On the server load the list of CAs for which we will accept certs, for
2512	sending to the client. This is only for the one-file	3065	sending to the client. This is only for the one-file
Lines 2521-2531 Link Here
2521	if (file)	3074	if (file)
2522	{	3075	{
2523	STACK_OF(X509_NAME) * names = SSL_load_client_CA_file(CS file);	3076	STACK_OF(X509_NAME) * names = SSL_load_client_CA_file(CS file);
		3077	int i = sk_X509_NAME_num(names);
2524		3078
2525	if (!host) SSL_CTX_set_client_CA_list(sctx, names);	3079	if (!host) SSL_CTX_set_client_CA_list(sctx, names);
2526	DEBUG(D_tls) debug_printf("Added %d certificate authorities.\n",	3080	DEBUG(D_tls) debug_printf("Added %d additional certificate authorit%s\n",
2527	sk_X509_NAME_num(names));	3081	i, i>1 ? "ies":"y");
2528	}	3082	}
		3083	else
		3084	DEBUG(D_tls)
		3085	debug_printf("Added dir for additional certificate authorities\n");
2529	}	3086	}
2530	}	3087	}
2531		3088
Lines 2581-2592 Link Here
2581	}	3138	}
2582		3139
2583	#endif /* OPENSSL_VERSION_NUMBER > 0x00907000L */	3140	#endif /* OPENSSL_VERSION_NUMBER > 0x00907000L */
2584
2585	/* If verification is optional, don't fail if no certificate */
2586
2587	SSL_CTX_set_verify(sctx,
2588	SSL_VERIFY_PEER \| (optional ? 0 : SSL_VERIFY_FAIL_IF_NO_PEER_CERT),
2589	cert_vfy_cb);
2590	}	3141	}
2591		3142
2592	return OK;	3143	return OK;
Lines 2594-2609 Link Here
2594		3145
2595		3146
2596		3147
		3148	static void
		3149	tls_dump_keylog(SSL * ssl)
		3150	{
		3151	#ifdef EXIM_HAVE_OPENSSL_KEYLOG
		3152	BIO * bp = BIO_new(BIO_s_mem());
		3153	uschar * s = NULL;
		3154	int len;
		3155	SSL_SESSION_print_keylog(bp, SSL_get_session(ssl));
		3156	len = (int) BIO_get_mem_data(bp, CSS &s);
		3157	if (len > 0) debug_printf("%.*s", len, s);
		3158	BIO_free(bp);
		3159	#endif
		3160	}
		3161
		3162
2597	/*************************************************	3163	/*************************************************
2598	* Start a TLS session in a server *	3164	* Start a TLS session in a server *
2599	*************************************************/	3165	*************************************************/
2600
2601	/* This is called when Exim is running as a server, after having received	3166	/* This is called when Exim is running as a server, after having received
2602	the STARTTLS command. It must respond to that command, and then negotiate	3167	the STARTTLS command. It must respond to that command, and then negotiate
2603	a TLS session.	3168	a TLS session.
2604		3169
2605	Arguments:	3170	Arguments:
2606	require_ciphers allowed ciphers
2607	errstr pointer to error message	3171	errstr pointer to error message
2608		3172
2609	Returns: OK on success	3173	Returns: OK on success
Lines 2613-2623 Link Here
2613	*/	3177	*/
2614		3178
2615	int	3179	int
2616	tls_server_start(const uschar * require_ciphers, uschar ** errstr)	3180	tls_server_start(uschar ** errstr)
2617	{	3181	{
2618	int rc;	3182	int rc;
2619	uschar * expciphers;	3183	uschar * expciphers;
2620	tls_ext_ctx_cb * cbinfo;	3184	exim_openssl_state_st * dummy_statep;
		3185	SSL_CTX * ctx;
		3186	SSL * ssl;
2621	static uschar peerdn[256];	3187	static uschar peerdn[256];
2622		3188
2623	/* Check for previous activation */	3189	/* Check for previous activation */
Lines 2632-2647 Link Here
2632	/* Initialize the SSL library. If it fails, it will already have logged	3198	/* Initialize the SSL library. If it fails, it will already have logged
2633	the error. */	3199	the error. */
2634		3200
2635	rc = tls_init(&server_ctx, NULL, tls_dhparam, tls_certificate, tls_privatekey,	3201	rc = tls_init(NULL, NULL,
2636	#ifndef DISABLE_OCSP	3202	#ifndef DISABLE_OCSP
2637	tls_ocsp_file,	3203	tls_ocsp_file,
2638	#endif	3204	#endif
2639	NULL, &server_static_cbinfo, &tls_in, errstr);	3205	NULL, &dummy_statep, &tls_in, errstr);
2640	if (rc != OK) return rc;	3206	if (rc != OK) return rc;
2641	cbinfo = server_static_cbinfo;	3207	ctx = state_server.lib_state.lib_ctx;
2642
2643	if (!expand_check(require_ciphers, US"tls_require_ciphers", &expciphers, errstr))
2644	return FAIL;
2645		3208
2646	/* In OpenSSL, cipher components are separated by hyphens. In GnuTLS, they	3209	/* In OpenSSL, cipher components are separated by hyphens. In GnuTLS, they
2647	were historically separated by underscores. So that I can use either form in my	3210	were historically separated by underscores. So that I can use either form in my
Lines 2652-2664 Link Here
2652	TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256	3215	TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
2653	*/	3216	*/
2654		3217
2655	if (expciphers)	3218	if (state_server.lib_state.pri_string)
		3219	{ DEBUG(D_tls) debug_printf("TLS: cipher list was preloaded\n"); }
		3220	else
2656	{	3221	{
2657	for (uschar * s = expciphers; s; s++ ) if (s == '_') *s = '-';	3222	if (!expand_check(tls_require_ciphers, US"tls_require_ciphers", &expciphers, errstr))
2658	DEBUG(D_tls) debug_printf("required ciphers: %s\n", expciphers);	3223	return FAIL;
2659	if (!SSL_CTX_set_cipher_list(server_ctx, CS expciphers))	3224
2660	return tls_error(US"SSL_CTX_set_cipher_list", NULL, NULL, errstr);	3225	if (expciphers)
2661	cbinfo->server_cipher_list = expciphers;	3226	{
		3227	normalise_ciphers(&expciphers, tls_require_ciphers);
		3228	if ((rc = server_load_ciphers(ctx, &state_server, expciphers, errstr)) != OK)
		3229	return rc;
		3230	}
2662	}	3231	}
2663		3232
2664	/* If this is a host for which certificate verification is mandatory or	3233	/* If this is a host for which certificate verification is mandatory or
Lines 2671-2707 Link Here
2671	server_verify_callback_called = FALSE;	3240	server_verify_callback_called = FALSE;
2672		3241
2673	if (verify_check_host(&tls_verify_hosts) == OK)	3242	if (verify_check_host(&tls_verify_hosts) == OK)
2674	{
2675	rc = setup_certs(server_ctx, tls_verify_certificates, tls_crl, NULL,
2676	FALSE, verify_callback_server, errstr);
2677	if (rc != OK) return rc;
2678	server_verify_optional = FALSE;	3243	server_verify_optional = FALSE;
2679	}
2680	else if (verify_check_host(&tls_try_verify_hosts) == OK)	3244	else if (verify_check_host(&tls_try_verify_hosts) == OK)
2681	{
2682	rc = setup_certs(server_ctx, tls_verify_certificates, tls_crl, NULL,
2683	TRUE, verify_callback_server, errstr);
2684	if (rc != OK) return rc;
2685	server_verify_optional = TRUE;	3245	server_verify_optional = TRUE;
2686	}	3246	else
		3247	goto skip_certs;
		3248
		3249	{
		3250	uschar * expcerts;
		3251	if (!expand_check(tls_verify_certificates, US"tls_verify_certificates",
		3252	&expcerts, errstr))
		3253	return DEFER;
		3254	DEBUG(D_tls) debug_printf("tls_verify_certificates: %s\n", expcerts);
		3255
		3256	if (state_server.lib_state.cabundle)
		3257	{ DEBUG(D_tls) debug_printf("TLS: CA bundle for server was preloaded\n"); }
		3258	else
		3259	if ((rc = setup_certs(ctx, expcerts, tls_crl, NULL, errstr)) != OK)
		3260	return rc;
		3261
		3262	if (expcerts && *expcerts)
		3263	setup_cert_verify(ctx, server_verify_optional, verify_callback_server);
		3264	}
		3265	skip_certs: ;
2687		3266
2688	#ifdef EXPERIMENTAL_TLS_RESUME	3267	#ifndef DISABLE_TLS_RESUME
2689	SSL_CTX_set_tlsext_ticket_key_cb(server_ctx, ticket_key_callback);	3268	# if OPENSSL_VERSION_NUMBER < 0x30000000L
		3269	SSL_CTX_set_tlsext_ticket_key_cb(ctx, ticket_key_callback);
2690	/* despite working, appears to always return failure, so ignoring */	3270	/* despite working, appears to always return failure, so ignoring */
		3271	# else
		3272	SSL_CTX_set_tlsext_ticket_key_evp_cb(ctx, ticket_key_callback);
		3273	/* despite working, appears to always return failure, so ignoring */
		3274	# endif
2691	#endif	3275	#endif
		3276
2692	#ifdef OPENSSL_HAVE_NUM_TICKETS	3277	#ifdef OPENSSL_HAVE_NUM_TICKETS
2693	# ifdef EXPERIMENTAL_TLS_RESUME	3278	# ifndef DISABLE_TLS_RESUME
2694	SSL_CTX_set_num_tickets(server_ctx, tls_in.host_resumable ? 1 : 0);	3279	SSL_CTX_set_num_tickets(ctx, tls_in.host_resumable ? 1 : 0);
2695	# else	3280	# else
2696	SSL_CTX_set_num_tickets(server_ctx, 0); /* send no TLS1.3 stateful-tickets */	3281	SSL_CTX_set_num_tickets(ctx, 0); /* send no TLS1.3 stateful-tickets */
2697	# endif	3282	# endif
2698	#endif	3283	#endif
2699		3284
2700		3285
2701	/* Prepare for new connection */	3286	/* Prepare for new connection */
2702		3287
2703	if (!(server_ssl = SSL_new(server_ctx)))	3288	if (!(ssl = SSL_new(ctx)))
2704	return tls_error(US"SSL_new", NULL, NULL, errstr);	3289	return tls_error(US"SSL_new", NULL, NULL, errstr);
		3290	state_server.lib_state.lib_ssl = ssl;
2705		3291
2706	/* Warning: we used to SSL_clear(ssl) here, it was removed.	3292	/* Warning: we used to SSL_clear(ssl) here, it was removed.
2707	*	3293	*
Lines 2722-2728 Link Here
2722	the response. Other smtp_printf() calls do not need it, because in non-TLS	3308	the response. Other smtp_printf() calls do not need it, because in non-TLS
2723	mode, the fflush() happens when smtp_getc() is called. */	3309	mode, the fflush() happens when smtp_getc() is called. */
2724		3310
2725	SSL_set_session_id_context(server_ssl, sid_ctx, Ustrlen(sid_ctx));	3311	SSL_set_session_id_context(ssl, sid_ctx, Ustrlen(sid_ctx));
2726	if (!tls_in.on_connect)	3312	if (!tls_in.on_connect)
2727	{	3313	{
2728	smtp_printf("220 TLS go ahead\r\n", FALSE);	3314	smtp_printf("220 TLS go ahead\r\n", FALSE);
Lines 2732-2751 Link Here
2732	/* Now negotiate the TLS session. We put our own timer on it, since it seems	3318	/* Now negotiate the TLS session. We put our own timer on it, since it seems
2733	that the OpenSSL library doesn't. */	3319	that the OpenSSL library doesn't. */
2734		3320
2735	SSL_set_wfd(server_ssl, fileno(smtp_out));	3321	SSL_set_wfd(ssl, fileno(smtp_out));
2736	SSL_set_rfd(server_ssl, fileno(smtp_in));	3322	SSL_set_rfd(ssl, fileno(smtp_in));
2737	SSL_set_accept_state(server_ssl);	3323	SSL_set_accept_state(ssl);
2738		3324
2739	DEBUG(D_tls) debug_printf("Calling SSL_accept\n");	3325	DEBUG(D_tls) debug_printf("Calling SSL_accept\n");
2740		3326
		3327	ERR_clear_error();
2741	sigalrm_seen = FALSE;	3328	sigalrm_seen = FALSE;
2742	if (smtp_receive_timeout > 0) ALARM(smtp_receive_timeout);	3329	if (smtp_receive_timeout > 0) ALARM(smtp_receive_timeout);
2743	rc = SSL_accept(server_ssl);	3330	rc = SSL_accept(ssl);
2744	ALARM_CLR(0);	3331	ALARM_CLR(0);
2745		3332
2746	if (rc <= 0)	3333	if (rc <= 0)
2747	{	3334	{
2748	int error = SSL_get_error(server_ssl, rc);	3335	int error = SSL_get_error(ssl, rc);
2749	switch(error)	3336	switch(error)
2750	{	3337	{
2751	case SSL_ERROR_NONE:	3338	case SSL_ERROR_NONE:
Lines 2754-2762 Link Here
2754	case SSL_ERROR_ZERO_RETURN:	3341	case SSL_ERROR_ZERO_RETURN:
2755	DEBUG(D_tls) debug_printf("Got SSL_ERROR_ZERO_RETURN\n");	3342	DEBUG(D_tls) debug_printf("Got SSL_ERROR_ZERO_RETURN\n");
2756	(void) tls_error(US"SSL_accept", NULL, sigalrm_seen ? US"timed out" : NULL, errstr);	3343	(void) tls_error(US"SSL_accept", NULL, sigalrm_seen ? US"timed out" : NULL, errstr);
2757		3344	#ifndef DISABLE_EVENT
2758	if (SSL_get_shutdown(server_ssl) == SSL_RECEIVED_SHUTDOWN)	3345	(void) event_raise(event_action, US"tls:fail:connect", *errstr, NULL);
2759	SSL_shutdown(server_ssl);	3346	#endif
		3347	if (SSL_get_shutdown(ssl) == SSL_RECEIVED_SHUTDOWN)
		3348	SSL_shutdown(ssl);
2760		3349
2761	tls_close(NULL, TLS_NO_SHUTDOWN);	3350	tls_close(NULL, TLS_NO_SHUTDOWN);
2762	return FAIL;	3351	return FAIL;
Lines 2764-2778 Link Here
2764	/* Handle genuine errors */	3353	/* Handle genuine errors */
2765	case SSL_ERROR_SSL:	3354	case SSL_ERROR_SSL:
2766	{	3355	{
2767	uschar * s = US"SSL_accept";	3356	uschar * s = NULL;
2768	int r = ERR_GET_REASON(ERR_peek_error());	3357	int r = ERR_GET_REASON(ERR_peek_error());
2769	if ( r == SSL_R_WRONG_VERSION_NUMBER	3358	if ( r == SSL_R_WRONG_VERSION_NUMBER
2770	#ifdef SSL_R_VERSION_TOO_LOW	3359	#ifdef SSL_R_VERSION_TOO_LOW
2771	\|\| r == SSL_R_VERSION_TOO_LOW	3360	\|\| r == SSL_R_VERSION_TOO_LOW
2772	#endif	3361	#endif
2773	\|\| r == SSL_R_UNKNOWN_PROTOCOL \|\| r == SSL_R_UNSUPPORTED_PROTOCOL)	3362	\|\| r == SSL_R_UNKNOWN_PROTOCOL \|\| r == SSL_R_UNSUPPORTED_PROTOCOL)
2774	s = string_sprintf("%s (%s)", s, SSL_get_version(server_ssl));	3363	s = string_sprintf("(%s)", SSL_get_version(ssl));
2775	(void) tls_error(s, NULL, sigalrm_seen ? US"timed out" : NULL, errstr);	3364	(void) tls_error(US"SSL_accept", NULL, sigalrm_seen ? US"timed out" : s, errstr);
		3365	#ifndef DISABLE_EVENT
		3366	(void) event_raise(event_action, US"tls:fail:connect", *errstr, NULL);
		3367	#endif
2776	return FAIL;	3368	return FAIL;
2777	}	3369	}
2778		3370
Lines 2783-2793 Link Here
2783	if (!errno)	3375	if (!errno)
2784	{	3376	{
2785	*errstr = US"SSL_accept: TCP connection closed by peer";	3377	*errstr = US"SSL_accept: TCP connection closed by peer";
		3378	#ifndef DISABLE_EVENT
		3379	(void) event_raise(event_action, US"tls:fail:connect", *errstr, NULL);
		3380	#endif
2786	return FAIL;	3381	return FAIL;
2787	}	3382	}
2788	DEBUG(D_tls) debug_printf(" - syscall %s\n", strerror(errno));	3383	DEBUG(D_tls) debug_printf(" - syscall %s\n", strerror(errno));
2789	}	3384	}
2790	(void) tls_error(US"SSL_accept", NULL, sigalrm_seen ? US"timed out" : NULL, errstr);	3385	(void) tls_error(US"SSL_accept", NULL,
		3386	sigalrm_seen ? US"timed out"
		3387	: ERR_peek_error() ? NULL : string_sprintf("ret %d", error),
		3388	errstr);
		3389	#ifndef DISABLE_EVENT
		3390	(void) event_raise(event_action, US"tls:fail:connect", *errstr, NULL);
		3391	#endif
2791	return FAIL;	3392	return FAIL;
2792	}	3393	}
2793	}	3394	}
Lines 2796-2838 Link Here
2796	ERR_clear_error(); /* Even success can leave errors in the stack. Seen with	3397	ERR_clear_error(); /* Even success can leave errors in the stack. Seen with
2797	anon-authentication ciphersuite negotiated. */	3398	anon-authentication ciphersuite negotiated. */
2798		3399
2799	#ifdef EXPERIMENTAL_TLS_RESUME	3400	#ifndef DISABLE_TLS_RESUME
2800	if (SSL_session_reused(server_ssl))	3401	if (SSL_session_reused(ssl))
2801	{	3402	{
2802	tls_in.resumption \|= RESUME_USED;	3403	tls_in.resumption \|= RESUME_USED;
2803	DEBUG(D_tls) debug_printf("Session reused\n");	3404	DEBUG(D_tls) debug_printf("Session reused\n");
2804	}	3405	}
2805	#endif	3406	#endif
2806		3407
		3408	#ifdef EXIM_HAVE_ALPN
		3409	/* If require-alpn, check server_seen_alpn here. Else abort TLS */
		3410	if (!tls_alpn \|\| !*tls_alpn)
		3411	{ DEBUG(D_tls) debug_printf("TLS: was not watching for ALPN\n"); }
		3412	else if (!server_seen_alpn)
		3413	if (verify_check_host(&hosts_require_alpn) == OK)
		3414	{
		3415	/* We'd like to send a definitive Alert but OpenSSL provides no facility */
		3416	SSL_shutdown(ssl);
		3417	tls_error(US"handshake", NULL, US"ALPN required but not negotiated", errstr);
		3418	return FAIL;
		3419	}
		3420	else
		3421	{ DEBUG(D_tls) debug_printf("TLS: no ALPN presented in handshake\n"); }
		3422	else DEBUG(D_tls)
		3423	{
		3424	const uschar * name;
		3425	unsigned len;
		3426	SSL_get0_alpn_selected(ssl, &name, &len);
		3427	if (len && name)
		3428	debug_printf("ALPN negotiated: '%.s'\n", (int)name, name+1);
		3429	else
		3430	debug_printf("ALPN: no protocol negotiated\n");
		3431	}
		3432	#endif
		3433
		3434
2807	/* TLS has been set up. Record data for the connection,	3435	/* TLS has been set up. Record data for the connection,
2808	adjust the input functions to read via TLS, and initialize things. */	3436	adjust the input functions to read via TLS, and initialize things. */
2809		3437
2810	#ifdef SSL_get_extms_support	3438	#ifdef SSL_get_extms_support
2811	tls_in.ext_master_secret = SSL_get_extms_support(server_ssl) == 1;	3439	tls_in.ext_master_secret = SSL_get_extms_support(ssl) == 1;
2812	#endif	3440	#endif
2813	peer_cert(server_ssl, &tls_in, peerdn, sizeof(peerdn));	3441	peer_cert(ssl, &tls_in, peerdn, sizeof(peerdn));
2814		3442
2815	tls_in.ver = tlsver_name(server_ssl);	3443	tls_in.ver = tlsver_name(ssl);
2816	tls_in.cipher = construct_cipher_name(server_ssl, tls_in.ver, &tls_in.bits);	3444	tls_in.cipher = construct_cipher_name(ssl, tls_in.ver, &tls_in.bits);
2817	tls_in.cipher_stdname = cipher_stdname_ssl(server_ssl);	3445	tls_in.cipher_stdname = cipher_stdname_ssl(ssl);
2818		3446
2819	DEBUG(D_tls)	3447	DEBUG(D_tls)
2820	{	3448	{
2821	uschar buf[2048];	3449	uschar buf[2048];
2822	if (SSL_get_shared_ciphers(server_ssl, CS buf, sizeof(buf)))	3450	if (SSL_get_shared_ciphers(ssl, CS buf, sizeof(buf)))
2823	debug_printf("Shared ciphers: %s\n", buf);	3451	debug_printf("Shared ciphers: %s\n", buf);
2824		3452
2825	#ifdef EXIM_HAVE_OPENSSL_KEYLOG	3453	tls_dump_keylog(ssl);
2826	{
2827	BIO * bp = BIO_new_fp(debug_file, BIO_NOCLOSE);
2828	SSL_SESSION_print_keylog(bp, SSL_get_session(server_ssl));
2829	BIO_free(bp);
2830	}
2831	#endif
2832		3454
2833	#ifdef EXIM_HAVE_SESSION_TICKET	3455	#ifdef EXIM_HAVE_SESSION_TICKET
2834	{	3456	{
2835	SSL_SESSION * ss = SSL_get_session(server_ssl);	3457	SSL_SESSION * ss = SSL_get_session(ssl);
2836	if (SSL_SESSION_has_ticket(ss)) /* 1.1.0 */	3458	if (SSL_SESSION_has_ticket(ss)) /* 1.1.0 */
2837	debug_printf("The session has a ticket, life %lu seconds\n",	3459	debug_printf("The session has a ticket, life %lu seconds\n",
2838	SSL_SESSION_get_ticket_lifetime_hint(ss));	3460	SSL_SESSION_get_ticket_lifetime_hint(ss));
Lines 2842-2848 Link Here
2842		3464
2843	/* Record the certificate we presented */	3465	/* Record the certificate we presented */
2844	{	3466	{
2845	X509 * crt = SSL_get_certificate(server_ssl);	3467	X509 * crt = SSL_get_certificate(ssl);
2846	tls_in.ourcert = crt ? X509_dup(crt) : NULL;	3468	tls_in.ourcert = crt ? X509_dup(crt) : NULL;
2847	}	3469	}
2848		3470
Lines 2850-2861 Link Here
2850	See description in https://paquier.xyz/postgresql-2/channel-binding-openssl/ */	3472	See description in https://paquier.xyz/postgresql-2/channel-binding-openssl/ */
2851	{	3473	{
2852	uschar c, * s;	3474	uschar c, * s;
2853	size_t len = SSL_get_peer_finished(server_ssl, &c, 0);	3475	size_t len = SSL_get_peer_finished(ssl, &c, 0);
2854	int old_pool = store_pool;	3476	int old_pool = store_pool;
2855		3477
2856	SSL_get_peer_finished(server_ssl, s = store_get((int)len, FALSE), len);	3478	SSL_get_peer_finished(ssl, s = store_get((int)len, GET_UNTAINTED), len);
2857	store_pool = POOL_PERM;	3479	store_pool = POOL_PERM;
2858	tls_in.channelbinding = b64encode_taint(CUS s, (int)len, FALSE);	3480	tls_in.channelbinding = b64encode_taint(CUS s, (int)len, GET_UNTAINTED);
2859	store_pool = old_pool;	3481	store_pool = old_pool;
2860	DEBUG(D_tls) debug_printf("Have channel bindings cached for possible auth usage %p\n", tls_in.channelbinding);	3482	DEBUG(D_tls) debug_printf("Have channel bindings cached for possible auth usage %p\n", tls_in.channelbinding);
2861	}	3483	}
Lines 2872-2881 Link Here
2872	receive_getc = tls_getc;	3494	receive_getc = tls_getc;
2873	receive_getbuf = tls_getbuf;	3495	receive_getbuf = tls_getbuf;
2874	receive_get_cache = tls_get_cache;	3496	receive_get_cache = tls_get_cache;
		3497	receive_hasc = tls_hasc;
2875	receive_ungetc = tls_ungetc;	3498	receive_ungetc = tls_ungetc;
2876	receive_feof = tls_feof;	3499	receive_feof = tls_feof;
2877	receive_ferror = tls_ferror;	3500	receive_ferror = tls_ferror;
2878	receive_smtp_buffered = tls_smtp_buffered;
2879		3501
2880	tls_in.active.sock = fileno(smtp_out);	3502	tls_in.active.sock = fileno(smtp_out);
2881	tls_in.active.tls_ctx = NULL; /* not using explicit ctx for server-side */	3503	tls_in.active.tls_ctx = NULL; /* not using explicit ctx for server-side */
Lines 2887-2902 Link Here
2887		3509
2888	static int	3510	static int
2889	tls_client_basic_ctx_init(SSL_CTX * ctx,	3511	tls_client_basic_ctx_init(SSL_CTX * ctx,
2890	host_item * host, smtp_transport_options_block * ob, tls_ext_ctx_cb * cbinfo,	3512	host_item * host, smtp_transport_options_block * ob, exim_openssl_state_st * state,
2891	uschar ** errstr)	3513	uschar ** errstr)
2892	{	3514	{
2893	int rc;	3515	int rc;
2894	/* stick to the old behaviour for compatibility if tls_verify_certificates is
2895	set but both tls_verify_hosts and tls_try_verify_hosts is not set. Check only
2896	the specified host patterns if one of them is defined */
2897		3516
2898	if ( ( !ob->tls_verify_hosts	3517	/* Back-compatible old behaviour if tls_verify_certificates is set but both
2899	&& (!ob->tls_try_verify_hosts \|\| !*ob->tls_try_verify_hosts)	3518	tls_verify_hosts and tls_try_verify_hosts are not set. Check only the specified
		3519	host patterns if one of them is set with content. */
		3520
		3521	if ( ( ( !ob->tls_verify_hosts \|\| !ob->tls_verify_hosts
		3522	\|\| Ustrcmp(ob->tls_try_verify_hosts, ":") == 0
		3523	)
		3524	&& ( !ob->tls_try_verify_hosts \|\| !*ob->tls_try_verify_hosts
		3525	\|\| Ustrcmp(ob->tls_try_verify_hosts, ":") == 0
		3526	)
2900	)	3527	)
2901	\|\| verify_check_given_host(CUSS &ob->tls_verify_hosts, host) == OK	3528	\|\| verify_check_given_host(CUSS &ob->tls_verify_hosts, host) == OK
2902	)	3529	)
Lines 2906-2926 Link Here
2906	else	3533	else
2907	return OK;	3534	return OK;
2908		3535
2909	if ((rc = setup_certs(ctx, ob->tls_verify_certificates,	3536	{
2910	ob->tls_crl, host, client_verify_optional, verify_callback_client,	3537	uschar * expcerts;
2911	errstr)) != OK)	3538	if (!expand_check(ob->tls_verify_certificates, US"tls_verify_certificates",
2912	return rc;	3539	&expcerts, errstr))
		3540	return DEFER;
		3541	DEBUG(D_tls) debug_printf("tls_verify_certificates: %s\n", expcerts);
		3542
		3543	if (state->lib_state.cabundle)
		3544	{ DEBUG(D_tls) debug_printf("TLS: CA bundle was preloaded\n"); }
		3545	else
		3546	if ((rc = setup_certs(ctx, expcerts, ob->tls_crl, host, errstr)) != OK)
		3547	return rc;
		3548
		3549	if (expcerts && *expcerts)
		3550	setup_cert_verify(ctx, client_verify_optional, verify_callback_client);
		3551	}
2913		3552
2914	if (verify_check_given_host(CUSS &ob->tls_verify_cert_hostnames, host) == OK)	3553	if (verify_check_given_host(CUSS &ob->tls_verify_cert_hostnames, host) == OK)
2915	{	3554	{
2916	cbinfo->verify_cert_hostnames =	3555	state->verify_cert_hostnames =
2917	#ifdef SUPPORT_I18N	3556	#ifdef SUPPORT_I18N
2918	string_domain_utf8_to_alabel(host->certname, NULL);	3557	string_domain_utf8_to_alabel(host->certname, NULL);
2919	#else	3558	#else
2920	host->certname;	3559	host->certname;
2921	#endif	3560	#endif
2922	DEBUG(D_tls) debug_printf("Cert hostname to check: \"%s\"\n",	3561	DEBUG(D_tls) debug_printf("Cert hostname to check: \"%s\"\n",
2923	cbinfo->verify_cert_hostnames);	3562	state->verify_cert_hostnames);
2924	}	3563	}
2925	return OK;	3564	return OK;
2926	}	3565	}
Lines 2983-3008 Link Here
2983		3622
2984		3623
2985		3624
2986	#ifdef EXPERIMENTAL_TLS_RESUME	3625	#ifndef DISABLE_TLS_RESUME
2987	/* On the client, get any stashed session for the given IP from hints db	3626	/* On the client, get any stashed session for the given IP from hints db
2988	and apply it to the ssl-connection for attempted resumption. */	3627	and apply it to the ssl-connection for attempted resumption. */
2989		3628
2990	static void	3629	static void
2991	tls_retrieve_session(tls_support * tlsp, SSL * ssl, const uschar * key)	3630	tls_retrieve_session(tls_support * tlsp, SSL * ssl)
2992	{	3631	{
2993	tlsp->resumption \|= RESUME_SUPPORTED;
2994	if (tlsp->host_resumable)	3632	if (tlsp->host_resumable)
2995	{	3633	{
		3634	const uschar * key = tlsp->resume_index;
2996	dbdata_tls_session * dt;	3635	dbdata_tls_session * dt;
2997	int len;	3636	int len;
2998	open_db dbblock, * dbm_file;	3637	open_db dbblock, * dbm_file;
2999		3638
3000	tlsp->resumption \|= RESUME_CLIENT_REQUESTED;	3639	tlsp->resumption \|= RESUME_CLIENT_REQUESTED;
3001	DEBUG(D_tls) debug_printf("checking for resumable session for %s\n", key);	3640	DEBUG(D_tls)
		3641	debug_printf("checking for resumable session for %s\n", tlsp->resume_index);
3002	if ((dbm_file = dbfn_open(US"tls", O_RDWR, &dbblock, FALSE, FALSE)))	3642	if ((dbm_file = dbfn_open(US"tls", O_RDWR, &dbblock, FALSE, FALSE)))
3003	{	3643	{
3004	/* key for the db is the IP */	3644	if ((dt = dbfn_read_with_length(dbm_file, tlsp->resume_index, &len)))
3005	if ((dt = dbfn_read_with_length(dbm_file, key, &len)))
3006	{	3645	{
3007	SSL_SESSION * ss = NULL;	3646	SSL_SESSION * ss = NULL;
3008	const uschar * sess_asn1 = dt->session;	3647	const uschar * sess_asn1 = dt->session;
Lines 3017-3046 Link Here
3017	debug_printf("decoding session: %s\n", ssl_errstring);	3656	debug_printf("decoding session: %s\n", ssl_errstring);
3018	}	3657	}
3019	}	3658	}
3020	#ifdef EXIM_HAVE_SESSION_TICKET	3659	else
3021	else if ( SSL_SESSION_get_ticket_lifetime_hint(ss) + dt->time_stamp
3022	< time(NULL))
3023	{	3660	{
3024	DEBUG(D_tls) debug_printf("session expired\n");	3661	unsigned long lifetime =
3025	dbfn_delete(dbm_file, key);	3662	#ifdef EXIM_HAVE_SESSION_TICKET
3026	}	3663	SSL_SESSION_get_ticket_lifetime_hint(ss);
		3664	#else /* Use, fairly arbitrilarily, what we as server would */
		3665	f.running_in_test_harness ? 6 : ssl_session_timeout;
3027	#endif	3666	#endif
3028	else if (!SSL_set_session(ssl, ss))	3667	if (lifetime + dt->time_stamp < time(NULL))
3029	{	3668	{
3030	DEBUG(D_tls)	3669	DEBUG(D_tls) debug_printf("session expired\n");
		3670	dbfn_delete(dbm_file, tlsp->resume_index);
		3671	}
		3672	else if (SSL_set_session(ssl, ss))
		3673	{
		3674	DEBUG(D_tls) debug_printf("good session\n");
		3675	tlsp->resumption \|= RESUME_CLIENT_SUGGESTED;
		3676	tlsp->verify_override = dt->verify_override;
		3677	tlsp->ocsp = dt->ocsp;
		3678	}
		3679	else DEBUG(D_tls)
3031	{	3680	{
3032	ERR_error_string_n(ERR_get_error(),	3681	ERR_error_string_n(ERR_get_error(),
3033	ssl_errstring, sizeof(ssl_errstring));	3682	ssl_errstring, sizeof(ssl_errstring));
3034	debug_printf("applying session to ssl: %s\n", ssl_errstring);	3683	debug_printf("applying session to ssl: %s\n", ssl_errstring);
3035	}	3684	}
3036	}	3685	}
3037	else
3038	{
3039	DEBUG(D_tls) debug_printf("good session\n");
3040	tlsp->resumption \|= RESUME_CLIENT_SUGGESTED;
3041	tlsp->verify_override = dt->verify_override;
3042	tlsp->ocsp = dt->ocsp;
3043	}
3044	}	3686	}
3045	else	3687	else
3046	DEBUG(D_tls) debug_printf("no session record\n");	3688	DEBUG(D_tls) debug_printf("no session record\n");
Lines 3055-3061 Link Here
3055	static int	3697	static int
3056	tls_save_session_cb(SSL * ssl, SSL_SESSION * ss)	3698	tls_save_session_cb(SSL * ssl, SSL_SESSION * ss)
3057	{	3699	{
3058	tls_ext_ctx_cb * cbinfo = SSL_get_ex_data(ssl, tls_exdata_idx);	3700	exim_openssl_state_st * cbinfo = SSL_get_ex_data(ssl, tls_exdata_idx);
3059	tls_support * tlsp;	3701	tls_support * tlsp;
3060		3702
3061	DEBUG(D_tls) debug_printf("tls_save_session_cb\n");	3703	DEBUG(D_tls) debug_printf("tls_save_session_cb\n");
Lines 3068-3074 Link Here
3068	{	3710	{
3069	int len = i2d_SSL_SESSION(ss, NULL);	3711	int len = i2d_SSL_SESSION(ss, NULL);
3070	int dlen = sizeof(dbdata_tls_session) + len;	3712	int dlen = sizeof(dbdata_tls_session) + len;
3071	dbdata_tls_session * dt = store_get(dlen, TRUE);	3713	dbdata_tls_session * dt = store_get(dlen, GET_TAINTED);
3072	uschar * s = dt->session;	3714	uschar * s = dt->session;
3073	open_db dbblock, * dbm_file;	3715	open_db dbblock, * dbm_file;
3074		3716
Lines 3081-3089 Link Here
3081		3723
3082	if ((dbm_file = dbfn_open(US"tls", O_RDWR, &dbblock, FALSE, FALSE)))	3724	if ((dbm_file = dbfn_open(US"tls", O_RDWR, &dbblock, FALSE, FALSE)))
3083	{	3725	{
3084	const uschar * key = cbinfo->host->address;	3726	dbfn_write(dbm_file, tlsp->resume_index, dt, dlen);
3085	dbfn_delete(dbm_file, key);
3086	dbfn_write(dbm_file, key, dt, dlen);
3087	dbfn_close(dbm_file);	3727	dbfn_close(dbm_file);
3088	DEBUG(D_tls) debug_printf("wrote session (len %u) to db\n",	3728	DEBUG(D_tls) debug_printf("wrote session (len %u) to db\n",
3089	(unsigned)dlen);	3729	(unsigned)dlen);
Lines 3093-3113 Link Here
3093	}	3733	}
3094		3734
3095		3735
		3736	/* Construct a key for session DB lookup, and setup the SSL_CTX for resumption */
		3737
3096	static void	3738	static void
3097	tls_client_ctx_resume_prehandshake(	3739	tls_client_ctx_resume_prehandshake(
3098	exim_openssl_client_tls_ctx * exim_client_ctx, tls_support * tlsp,	3740	exim_openssl_client_tls_ctx * exim_client_ctx, smtp_connect_args * conn_args,
3099	smtp_transport_options_block * ob, host_item * host)	3741	tls_support * tlsp, smtp_transport_options_block * ob)
3100	{	3742	{
3101	/* Should the client request a session resumption ticket? */	3743	tlsp->host_resumable = TRUE;
3102	if (verify_check_given_host(CUSS &ob->tls_resumption_hosts, host) == OK)	3744	tls_client_resmption_key(tlsp, conn_args, ob);
3103	{
3104	tlsp->host_resumable = TRUE;
3105		3745
3106	SSL_CTX_set_session_cache_mode(exim_client_ctx->ctx,	3746	SSL_CTX_set_session_cache_mode(exim_client_ctx->ctx,
3107	SSL_SESS_CACHE_CLIENT	3747	SSL_SESS_CACHE_CLIENT
3108	\| SSL_SESS_CACHE_NO_INTERNAL \| SSL_SESS_CACHE_NO_AUTO_CLEAR);	3748	\| SSL_SESS_CACHE_NO_INTERNAL \| SSL_SESS_CACHE_NO_AUTO_CLEAR);
3109	SSL_CTX_sess_set_new_cb(exim_client_ctx->ctx, tls_save_session_cb);	3749	SSL_CTX_sess_set_new_cb(exim_client_ctx->ctx, tls_save_session_cb);
3110	}
3111	}	3750	}
3112		3751
3113	static BOOL	3752	static BOOL
Lines 3121-3137 Link Here
3121	SSL_clear_options(ssl, SSL_OP_NO_TICKET);	3760	SSL_clear_options(ssl, SSL_OP_NO_TICKET);
3122		3761
3123	tls_exdata_idx = SSL_get_ex_new_index(0, 0, 0, 0, 0);	3762	tls_exdata_idx = SSL_get_ex_new_index(0, 0, 0, 0, 0);
3124	if (!SSL_set_ex_data(ssl, tls_exdata_idx, client_static_cbinfo))	3763	if (!SSL_set_ex_data(ssl, tls_exdata_idx, client_static_state))
3125	{	3764	{
3126	tls_error(US"set ex_data", host, NULL, errstr);	3765	tls_error(US"set ex_data", host, NULL, errstr);
3127	return FALSE;	3766	return FALSE;
3128	}	3767	}
3129	debug_printf("tls_exdata_idx %d cbinfo %p\n", tls_exdata_idx, client_static_cbinfo);	3768	debug_printf("tls_exdata_idx %d cbinfo %p\n", tls_exdata_idx, client_static_state);
3130	}	3769	}
3131		3770
3132	tlsp->resumption = RESUME_SUPPORTED;	3771	tlsp->resumption = RESUME_SUPPORTED;
3133	/* Pick up a previous session, saved on an old ticket */	3772	/* Pick up a previous session, saved on an old ticket */
3134	tls_retrieve_session(tlsp, ssl, host->address);	3773	tls_retrieve_session(tlsp, ssl);
3135	return TRUE;	3774	return TRUE;
3136	}	3775	}
3137		3776
Lines 3145-3151 Link Here
3145	tlsp->resumption \|= RESUME_USED;	3784	tlsp->resumption \|= RESUME_USED;
3146	}	3785	}
3147	}	3786	}
3148	#endif /* EXPERIMENTAL_TLS_RESUME */	3787	#endif /* !DISABLE_TLS_RESUME */
		3788
		3789
		3790	#ifdef EXIM_HAVE_ALPN
		3791	/* Expand and convert an Exim list to an ALPN list. False return for fail.
		3792	NULL plist return for silent no-ALPN.
		3793
		3794	Overwite the passed-in list with the expanded version.
		3795	*/
		3796
		3797	static BOOL
		3798	tls_alpn_plist(uschar tls_alpn, const uschar plist, unsigned * plen,
		3799	uschar ** errstr)
		3800	{
		3801	uschar * exp_alpn;
		3802
		3803	if (!expand_check(*tls_alpn, US"tls_alpn", &exp_alpn, errstr))
		3804	return FALSE;
		3805	*tls_alpn = exp_alpn;
		3806
		3807	if (!exp_alpn)
		3808	{
		3809	DEBUG(D_tls) debug_printf("Setting TLS ALPN forced to fail, not sending\n");
		3810	*plist = NULL;
		3811	}
		3812	else
		3813	{
		3814	/* The server implementation only accepts exactly one protocol name
		3815	but it's little extra code complexity in the client. */
		3816
		3817	const uschar * list = exp_alpn;
		3818	uschar * p = store_get(Ustrlen(exp_alpn), exp_alpn), * s, * t;
		3819	int sep = 0;
		3820	uschar len;
		3821
		3822	for (t = p; s = string_nextinlist(&list, &sep, NULL, 0); t += len)
		3823	{
		3824	*t++ = len = (uschar) Ustrlen(s);
		3825	memcpy(t, s, len);
		3826	}
		3827	plist = (plen = t - p) ? p : NULL;
		3828	}
		3829	return TRUE;
		3830	}
		3831	#endif /* EXIM_HAVE_ALPN */
3149		3832
3150		3833
3151	/*************************************************	3834	/*************************************************
Lines 3186-3192 Link Here
3186		3869
3187	rc = store_pool;	3870	rc = store_pool;
3188	store_pool = POOL_PERM;	3871	store_pool = POOL_PERM;
3189	exim_client_ctx = store_get(sizeof(exim_openssl_client_tls_ctx), FALSE);	3872	exim_client_ctx = store_get(sizeof(exim_openssl_client_tls_ctx), GET_UNTAINTED);
3190	exim_client_ctx->corked = NULL;	3873	exim_client_ctx->corked = NULL;
3191	store_pool = rc;	3874	store_pool = rc;
3192		3875
Lines 3223-3236 Link Here
3223	}	3906	}
3224	#endif	3907	#endif
3225		3908
3226	rc = tls_init(&exim_client_ctx->ctx, host, NULL,	3909	rc = tls_init(host, ob,
3227	ob->tls_certificate, ob->tls_privatekey,
3228	#ifndef DISABLE_OCSP	3910	#ifndef DISABLE_OCSP
3229	(void *)(long)request_ocsp,	3911	(void *)(long)request_ocsp,
3230	#endif	3912	#endif
3231	cookie, &client_static_cbinfo, tlsp, errstr);	3913	cookie, &client_static_state, tlsp, errstr);
3232	if (rc != OK) return FALSE;	3914	if (rc != OK) return FALSE;
3233		3915
		3916	exim_client_ctx->ctx = client_static_state->lib_state.lib_ctx;
		3917
3234	tlsp->certificate_verified = FALSE;	3918	tlsp->certificate_verified = FALSE;
3235	client_verify_callback_called = FALSE;	3919	client_verify_callback_called = FALSE;
3236		3920
Lines 3246-3266 Link Here
3246	return FALSE;	3930	return FALSE;
3247	if (expciphers && *expciphers == '\0')	3931	if (expciphers && *expciphers == '\0')
3248	expciphers = NULL;	3932	expciphers = NULL;
		3933
		3934	normalise_ciphers(&expciphers, ob->dane_require_tls_ciphers);
3249	}	3935	}
3250	#endif	3936	#endif
3251	if (!expciphers &&	3937	if (!expciphers)
3252	!expand_check(ob->tls_require_ciphers, US"tls_require_ciphers",	3938	{
		3939	if (!expand_check(ob->tls_require_ciphers, US"tls_require_ciphers",
3253	&expciphers, errstr))	3940	&expciphers, errstr))
3254	return FALSE;	3941	return FALSE;
3255		3942
3256	/* In OpenSSL, cipher components are separated by hyphens. In GnuTLS, they	3943	/* In OpenSSL, cipher components are separated by hyphens. In GnuTLS, they
3257	are separated by underscores. So that I can use either form in my tests, and	3944	are separated by underscores. So that I can use either form in my tests, and
3258	also for general convenience, we turn underscores into hyphens here. */	3945	also for general convenience, we turn underscores into hyphens here. */
		3946
		3947	normalise_ciphers(&expciphers, ob->tls_require_ciphers);
		3948	}
3259		3949
3260	if (expciphers)	3950	if (expciphers)
3261	{	3951	{
3262	uschar *s = expciphers;
3263	while (s) { if (s == '_') *s = '-'; s++; }
3264	DEBUG(D_tls) debug_printf("required ciphers: %s\n", expciphers);	3952	DEBUG(D_tls) debug_printf("required ciphers: %s\n", expciphers);
3265	if (!SSL_CTX_set_cipher_list(exim_client_ctx->ctx, CS expciphers))	3953	if (!SSL_CTX_set_cipher_list(exim_client_ctx->ctx, CS expciphers))
3266	{	3954	{
Lines 3291-3337 Link Here
3291		3979
3292	#endif	3980	#endif
3293		3981
3294	if (tls_client_basic_ctx_init(exim_client_ctx->ctx, host, ob,	3982	if (tls_client_basic_ctx_init(exim_client_ctx->ctx, host, ob,
3295	client_static_cbinfo, errstr) != OK)	3983	client_static_state, errstr) != OK)
3296	return FALSE;
3297
3298	#ifdef EXPERIMENTAL_TLS_RESUME
3299	tls_client_ctx_resume_prehandshake(exim_client_ctx, tlsp, ob, host);
3300	#endif
3301
3302
3303	if (!(exim_client_ctx->ssl = SSL_new(exim_client_ctx->ctx)))
3304	{
3305	tls_error(US"SSL_new", host, NULL, errstr);
3306	return FALSE;	3984	return FALSE;
3307	}
3308	SSL_set_session_id_context(exim_client_ctx->ssl, sid_ctx, Ustrlen(sid_ctx));
3309
3310	SSL_set_fd(exim_client_ctx->ssl, cctx->sock);
3311	SSL_set_connect_state(exim_client_ctx->ssl);
3312		3985
3313	if (ob->tls_sni)	3986	if (ob->tls_sni)
3314	{	3987	{
3315	if (!expand_check(ob->tls_sni, US"tls_sni", &tlsp->sni, errstr))	3988	if (!expand_check(ob->tls_sni, US"tls_sni", &tlsp->sni, errstr))
3316	return FALSE;	3989	return FALSE;
3317	if (!tlsp->sni)	3990	if (!tlsp->sni)
3318	{	3991	{ DEBUG(D_tls) debug_printf("Setting TLS SNI forced to fail, not sending\n"); }
3319	DEBUG(D_tls) debug_printf("Setting TLS SNI forced to fail, not sending\n");
3320	}
3321	else if (!Ustrlen(tlsp->sni))	3992	else if (!Ustrlen(tlsp->sni))
3322	tlsp->sni = NULL;	3993	tlsp->sni = NULL;
3323	else	3994	else
3324	{	3995	{
3325	#ifdef EXIM_HAVE_OPENSSL_TLSEXT	3996	#ifndef EXIM_HAVE_OPENSSL_TLSEXT
3326	DEBUG(D_tls) debug_printf("Setting TLS SNI \"%s\"\n", tlsp->sni);
3327	SSL_set_tlsext_host_name(exim_client_ctx->ssl, tlsp->sni);
3328	#else
3329	log_write(0, LOG_MAIN, "SNI unusable with this OpenSSL library version; ignoring \"%s\"\n",	3997	log_write(0, LOG_MAIN, "SNI unusable with this OpenSSL library version; ignoring \"%s\"\n",
3330	tlsp->sni);	3998	tlsp->sni);
		3999	tlsp->sni = NULL;
3331	#endif	4000	#endif
3332	}	4001	}
3333	}	4002	}
3334		4003
		4004	if (ob->tls_alpn)
		4005	#ifdef EXIM_HAVE_ALPN
		4006	{
		4007	const uschar * plist;
		4008	unsigned plen;
		4009
		4010	if (!tls_alpn_plist(&ob->tls_alpn, &plist, &plen, errstr))
		4011	return FALSE;
		4012	if (plist)
		4013	if (SSL_CTX_set_alpn_protos(exim_client_ctx->ctx, plist, plen) != 0)
		4014	{
		4015	tls_error(US"alpn init", host, NULL, errstr);
		4016	return FALSE;
		4017	}
		4018	else
		4019	DEBUG(D_tls) debug_printf("Setting TLS ALPN '%s'\n", ob->tls_alpn);
		4020	}
		4021	#else
		4022	log_write(0, LOG_MAIN, "ALPN unusable with this OpenSSL library version; ignoring \"%s\"\n",
		4023	ob->tls_alpn);
		4024	#endif
		4025
		4026	#ifndef DISABLE_TLS_RESUME
		4027	/*XXX have_lbserver: another cmdline arg possibly, for continued-conn, but use
		4028	will be very low. */
		4029
		4030	if (!conn_args->have_lbserver) /* wanted for tls_client_resmption_key() */
		4031	{ DEBUG(D_tls) debug_printf("resumption not supported on continued-connection\n"); }
		4032	else if (verify_check_given_host(CUSS &ob->tls_resumption_hosts, host) == OK)
		4033	tls_client_ctx_resume_prehandshake(exim_client_ctx, conn_args, tlsp, ob);
		4034	#endif
		4035
		4036
		4037	if (!(exim_client_ctx->ssl = SSL_new(exim_client_ctx->ctx)))
		4038	{
		4039	tls_error(US"SSL_new", host, NULL, errstr);
		4040	return FALSE;
		4041	}
		4042	SSL_set_session_id_context(exim_client_ctx->ssl, sid_ctx, Ustrlen(sid_ctx));
		4043	SSL_set_fd(exim_client_ctx->ssl, cctx->sock);
		4044	SSL_set_connect_state(exim_client_ctx->ssl);
		4045
		4046	#ifdef EXIM_HAVE_OPENSSL_TLSEXT
		4047	if (tlsp->sni)
		4048	{
		4049	DEBUG(D_tls) debug_printf("Setting TLS SNI \"%s\"\n", tlsp->sni);
		4050	SSL_set_tlsext_host_name(exim_client_ctx->ssl, tlsp->sni);
		4051	}
		4052	#endif
		4053
3335	#ifdef SUPPORT_DANE	4054	#ifdef SUPPORT_DANE
3336	if (conn_args->dane)	4055	if (conn_args->dane)
3337	if (dane_tlsa_load(exim_client_ctx->ssl, host, &conn_args->tlsa_dnsa, errstr) != OK)	4056	if (dane_tlsa_load(exim_client_ctx->ssl, host, &conn_args->tlsa_dnsa, errstr) != OK)
Lines 3361-3379 Link Here
3361	if (request_ocsp)	4080	if (request_ocsp)
3362	{	4081	{
3363	SSL_set_tlsext_status_type(exim_client_ctx->ssl, TLSEXT_STATUSTYPE_ocsp);	4082	SSL_set_tlsext_status_type(exim_client_ctx->ssl, TLSEXT_STATUSTYPE_ocsp);
3364	client_static_cbinfo->u_ocsp.client.verify_required = require_ocsp;	4083	client_static_state->u_ocsp.client.verify_required = require_ocsp;
3365	tlsp->ocsp = OCSP_NOT_RESP;	4084	tlsp->ocsp = OCSP_NOT_RESP;
3366	}	4085	}
3367	#endif	4086	#endif
3368		4087
3369	#ifdef EXPERIMENTAL_TLS_RESUME	4088	#ifndef DISABLE_TLS_RESUME
3370	if (!tls_client_ssl_resume_prehandshake(exim_client_ctx->ssl, tlsp, host,	4089	if (!tls_client_ssl_resume_prehandshake(exim_client_ctx->ssl, tlsp, host,
3371	errstr))	4090	errstr))
3372	return FALSE;	4091	return FALSE;
3373	#endif	4092	#endif
3374		4093
3375	#ifndef DISABLE_EVENT	4094	#ifndef DISABLE_EVENT
3376	client_static_cbinfo->event_action = tb ? tb->event_action : NULL;	4095	client_static_state->event_action = tb ? tb->event_action : NULL;
3377	#endif	4096	#endif
3378		4097
3379	/* There doesn't seem to be a built-in timeout on connection. */	4098	/* There doesn't seem to be a built-in timeout on connection. */
Lines 3398-3416 Link Here
3398	DEBUG(D_tls)	4117	DEBUG(D_tls)
3399	{	4118	{
3400	debug_printf("SSL_connect succeeded\n");	4119	debug_printf("SSL_connect succeeded\n");
3401	#ifdef EXIM_HAVE_OPENSSL_KEYLOG	4120	tls_dump_keylog(exim_client_ctx->ssl);
3402	{
3403	BIO * bp = BIO_new_fp(debug_file, BIO_NOCLOSE);
3404	SSL_SESSION_print_keylog(bp, SSL_get_session(exim_client_ctx->ssl));
3405	BIO_free(bp);
3406	}
3407	#endif
3408	}	4121	}
3409		4122
3410	#ifdef EXPERIMENTAL_TLS_RESUME	4123	#ifndef DISABLE_TLS_RESUME
3411	tls_client_resume_posthandshake(exim_client_ctx, tlsp);	4124	tls_client_resume_posthandshake(exim_client_ctx, tlsp);
3412	#endif	4125	#endif
3413		4126
		4127	#ifdef EXIM_HAVE_ALPN
		4128	if (ob->tls_alpn) /* We requested. See what was negotiated. */
		4129	{
		4130	const uschar * name;
		4131	unsigned len;
		4132
		4133	SSL_get0_alpn_selected(exim_client_ctx->ssl, &name, &len);
		4134	if (len > 0)
		4135	{ DEBUG(D_tls) debug_printf("ALPN negotiated %u: '%.s'\n", len, (int)name, name+1); }
		4136	else if (verify_check_given_host(CUSS &ob->hosts_require_alpn, host) == OK)
		4137	{
		4138	/* Would like to send a relevant fatal Alert, but OpenSSL has no API */
		4139	tls_error(US"handshake", host, US"ALPN required but not negotiated", errstr);
		4140	return FALSE;
		4141	}
		4142	}
		4143	#endif
		4144
3414	#ifdef SSL_get_extms_support	4145	#ifdef SSL_get_extms_support
3415	tlsp->ext_master_secret = SSL_get_extms_support(exim_client_ctx->ssl) == 1;	4146	tlsp->ext_master_secret = SSL_get_extms_support(exim_client_ctx->ssl) == 1;
3416	#endif	4147	#endif
Lines 3433-3441 Link Here
3433	size_t len = SSL_get_finished(exim_client_ctx->ssl, &c, 0);	4164	size_t len = SSL_get_finished(exim_client_ctx->ssl, &c, 0);
3434	int old_pool = store_pool;	4165	int old_pool = store_pool;
3435		4166
3436	SSL_get_finished(exim_client_ctx->ssl, s = store_get((int)len, TRUE), len);	4167	SSL_get_finished(exim_client_ctx->ssl, s = store_get((int)len, GET_TAINTED), len);
3437	store_pool = POOL_PERM;	4168	store_pool = POOL_PERM;
3438	tlsp->channelbinding = b64encode_taint(CUS s, (int)len, TRUE);	4169	tlsp->channelbinding = b64encode_taint(CUS s, (int)len, GET_TAINTED);
3439	store_pool = old_pool;	4170	store_pool = old_pool;
3440	DEBUG(D_tls) debug_printf("Have channel bindings cached for possible auth usage %p %p\n", tlsp->channelbinding, tlsp);	4171	DEBUG(D_tls) debug_printf("Have channel bindings cached for possible auth usage %p %p\n", tlsp->channelbinding, tlsp);
3441	}	4172	}
Lines 3453-3469 Link Here
3453	static BOOL	4184	static BOOL
3454	tls_refill(unsigned lim)	4185	tls_refill(unsigned lim)
3455	{	4186	{
		4187	SSL * ssl = state_server.lib_state.lib_ssl;
3456	int error;	4188	int error;
3457	int inbytes;	4189	int inbytes;
3458		4190
3459	DEBUG(D_tls) debug_printf("Calling SSL_read(%p, %p, %u)\n", server_ssl,	4191	DEBUG(D_tls) debug_printf("Calling SSL_read(%p, %p, %u)\n", ssl,
3460	ssl_xfer_buffer, ssl_xfer_buffer_size);	4192	ssl_xfer_buffer, ssl_xfer_buffer_size);
3461		4193
3462	ERR_clear_error();	4194	ERR_clear_error();
3463	if (smtp_receive_timeout > 0) ALARM(smtp_receive_timeout);	4195	if (smtp_receive_timeout > 0) ALARM(smtp_receive_timeout);
3464	inbytes = SSL_read(server_ssl, CS ssl_xfer_buffer,	4196	inbytes = SSL_read(ssl, CS ssl_xfer_buffer,
3465	MIN(ssl_xfer_buffer_size, lim));	4197	MIN(ssl_xfer_buffer_size, lim));
3466	error = SSL_get_error(server_ssl, inbytes);	4198	error = SSL_get_error(ssl, inbytes);
3467	if (smtp_receive_timeout > 0) ALARM_CLR(0);	4199	if (smtp_receive_timeout > 0) ALARM_CLR(0);
3468		4200
3469	if (had_command_timeout) /* set by signal handler */	4201	if (had_command_timeout) /* set by signal handler */
Lines 3487-3494 Link Here
3487	case SSL_ERROR_ZERO_RETURN:	4219	case SSL_ERROR_ZERO_RETURN:
3488	DEBUG(D_tls) debug_printf("Got SSL_ERROR_ZERO_RETURN\n");	4220	DEBUG(D_tls) debug_printf("Got SSL_ERROR_ZERO_RETURN\n");
3489		4221
3490	if (SSL_get_shutdown(server_ssl) == SSL_RECEIVED_SHUTDOWN)	4222	if (SSL_get_shutdown(ssl) == SSL_RECEIVED_SHUTDOWN)
3491	SSL_shutdown(server_ssl);	4223	SSL_shutdown(ssl);
3492		4224
3493	tls_close(NULL, TLS_NO_SHUTDOWN);	4225	tls_close(NULL, TLS_NO_SHUTDOWN);
3494	return FALSE;	4226	return FALSE;
Lines 3542-3547 Link Here
3542	return ssl_xfer_buffer[ssl_xfer_buffer_lwm++];	4274	return ssl_xfer_buffer[ssl_xfer_buffer_lwm++];
3543	}	4275	}
3544		4276
		4277	BOOL
		4278	tls_hasc(void)
		4279	{
		4280	return ssl_xfer_buffer_lwm < ssl_xfer_buffer_hwm;
		4281	}
		4282
3545	uschar *	4283	uschar *
3546	tls_getbuf(unsigned * len)	4284	tls_getbuf(unsigned * len)
3547	{	4285	{
Lines 3566-3575 Link Here
3566		4304
3567		4305
3568	void	4306	void
3569	tls_get_cache()	4307	tls_get_cache(unsigned lim)
3570	{	4308	{
3571	#ifndef DISABLE_DKIM	4309	#ifndef DISABLE_DKIM
3572	int n = ssl_xfer_buffer_hwm - ssl_xfer_buffer_lwm;	4310	int n = ssl_xfer_buffer_hwm - ssl_xfer_buffer_lwm;
		4311	debug_printf("tls_get_cache\n");
		4312	if (n > lim)
		4313	n = lim;
3573	if (n > 0)	4314	if (n > 0)
3574	dkim_exim_verify_feed(ssl_xfer_buffer+ssl_xfer_buffer_lwm, n);	4315	dkim_exim_verify_feed(ssl_xfer_buffer+ssl_xfer_buffer_lwm, n);
3575	#endif	4316	#endif
Lines 3577-3585 Link Here
3577		4318
3578		4319
3579	BOOL	4320	BOOL
3580	tls_could_read(void)	4321	tls_could_getc(void)
3581	{	4322	{
3582	return ssl_xfer_buffer_lwm < ssl_xfer_buffer_hwm \|\| SSL_pending(server_ssl) > 0;	4323	return ssl_xfer_buffer_lwm < ssl_xfer_buffer_hwm
		4324	\|\| SSL_pending(state_server.lib_state.lib_ssl) > 0;
3583	}	4325	}
3584		4326
3585		4327
Lines 3602-3608 Link Here
3602	int	4344	int
3603	tls_read(void * ct_ctx, uschar *buff, size_t len)	4345	tls_read(void * ct_ctx, uschar *buff, size_t len)
3604	{	4346	{
3605	SSL * ssl = ct_ctx ? ((exim_openssl_client_tls_ctx *)ct_ctx)->ssl : server_ssl;	4347	SSL * ssl = ct_ctx ? ((exim_openssl_client_tls_ctx *)ct_ctx)->ssl
		4348	: state_server.lib_state.lib_ssl;
3606	int inbytes;	4349	int inbytes;
3607	int error;	4350	int error;
3608		4351
Lines 3652-3658 Link Here
3652	size_t olen = len;	4395	size_t olen = len;
3653	int outbytes, error;	4396	int outbytes, error;
3654	SSL * ssl = ct_ctx	4397	SSL * ssl = ct_ctx
3655	? ((exim_openssl_client_tls_ctx *)ct_ctx)->ssl : server_ssl;	4398	? ((exim_openssl_client_tls_ctx *)ct_ctx)->ssl
		4399	: state_server.lib_state.lib_ssl;
3656	static gstring * server_corked = NULL;	4400	static gstring * server_corked = NULL;
3657	gstring ** corkedp = ct_ctx	4401	gstring ** corkedp = ct_ctx
3658	? &((exim_openssl_client_tls_ctx *)ct_ctx)->corked : &server_corked;	4402	? &((exim_openssl_client_tls_ctx *)ct_ctx)->corked : &server_corked;
Lines 3671-3677 Link Here
3671	a store reset there, so use POOL_PERM. */	4415	a store reset there, so use POOL_PERM. */
3672	/* + if CHUNKING, cmds EHLO,MAIL,RCPT(s),BDAT */	4416	/* + if CHUNKING, cmds EHLO,MAIL,RCPT(s),BDAT */
3673		4417
3674	if ((more \|\| corked))	4418	if (more \|\| corked)
3675	{	4419	{
3676	if (!len) buff = US &error; /* dummy just so that string_catn is ok */	4420	if (!len) buff = US &error; /* dummy just so that string_catn is ok */
3677		4421
Lines 3716-3724 Link Here
3716	return -1;	4460	return -1;
3717		4461
3718	case SSL_ERROR_SYSCALL:	4462	case SSL_ERROR_SYSCALL:
3719	log_write(0, LOG_MAIN, "SSL_write: (from %s) syscall: %s",	4463	if (ct_ctx \|\| errno != ECONNRESET \|\| !f.smtp_in_quit)
3720	sender_fullhost ? sender_fullhost : US"<unknown>",	4464	log_write(0, LOG_MAIN, "SSL_write: (from %s) syscall: %s",
3721	strerror(errno));	4465	sender_fullhost ? sender_fullhost : US"<unknown>",
		4466	strerror(errno));
		4467	else if (LOGGING(protocol_detail))
		4468	log_write(0, LOG_MAIN, "[%s] after QUIT, client reset TCP before"
		4469	" SMTP response and TLS close\n", sender_host_address);
		4470	else
		4471	DEBUG(D_tls) debug_printf("[%s] SSL_write: after QUIT,"
		4472	" client reset TCP before TLS close\n", sender_host_address);
3722	return -1;	4473	return -1;
3723		4474
3724	default:	4475	default:
Lines 3731-3736 Link Here
3731		4482
3732		4483
3733		4484
		4485	/*
		4486	Arguments:
		4487	ct_ctx client TLS context pointer, or NULL for the one global server context
		4488	*/
		4489
		4490	void
		4491	tls_shutdown_wr(void * ct_ctx)
		4492	{
		4493	exim_openssl_client_tls_ctx * o_ctx = ct_ctx;
		4494	SSL sslp = o_ctx ? &o_ctx->ssl : (SSL ) &state_server.lib_state.lib_ssl;
		4495	int * fdp = o_ctx ? &tls_out.active.sock : &tls_in.active.sock;
		4496	int rc;
		4497
		4498	if (fdp < 0) return; / TLS was not active */
		4499
		4500	tls_write(ct_ctx, NULL, 0, FALSE); /* flush write buffer */
		4501
		4502	HDEBUG(D_transport\|D_tls\|D_acl\|D_v) debug_printf_indent(" SMTP(TLS shutdown)>>\n");
		4503	rc = SSL_shutdown(*sslp);
		4504	if (rc < 0) DEBUG(D_tls)
		4505	{
		4506	ERR_error_string_n(ERR_get_error(), ssl_errstring, sizeof(ssl_errstring));
		4507	debug_printf("SSL_shutdown: %s\n", ssl_errstring);
		4508	}
		4509	}
		4510
3734	/*************************************************	4511	/*************************************************
3735	* Close down a TLS session *	4512	* Close down a TLS session *
3736	*************************************************/	4513	*************************************************/
Lines 3741-3747 Link Here
3741		4518
3742	Arguments:	4519	Arguments:
3743	ct_ctx client TLS context pointer, or NULL for the one global server context	4520	ct_ctx client TLS context pointer, or NULL for the one global server context
3744	shutdown 1 if TLS close-alert is to be sent,	4521	do_shutdown 0 no data-flush or TLS close-alert
		4522	1 if TLS close-alert is to be sent,
3745	2 if also response to be waited for	4523	2 if also response to be waited for
3746		4524
3747	Returns: nothing	4525	Returns: nothing
Lines 3750-3775 Link Here
3750	*/	4528	*/
3751		4529
3752	void	4530	void
3753	tls_close(void * ct_ctx, int shutdown)	4531	tls_close(void * ct_ctx, int do_shutdown)
3754	{	4532	{
3755	exim_openssl_client_tls_ctx * o_ctx = ct_ctx;	4533	exim_openssl_client_tls_ctx * o_ctx = ct_ctx;
3756	SSL_CTX **ctxp = o_ctx ? &o_ctx->ctx : &server_ctx;	4534	SSL sslp = o_ctx ? &o_ctx->ssl : (SSL ) &state_server.lib_state.lib_ssl;
3757	SSL **sslp = o_ctx ? &o_ctx->ssl : &server_ssl;	4535	int * fdp = o_ctx ? &tls_out.active.sock : &tls_in.active.sock;
3758	int *fdp = o_ctx ? &tls_out.active.sock : &tls_in.active.sock;
3759		4536
3760	if (fdp < 0) return; / TLS was not active */	4537	if (fdp < 0) return; / TLS was not active */
3761		4538
3762	if (shutdown)	4539	if (do_shutdown > TLS_NO_SHUTDOWN)
3763	{	4540	{
3764	int rc;	4541	int rc;
3765	DEBUG(D_tls) debug_printf("tls_close(): shutting down TLS%s\n",	4542	DEBUG(D_tls) debug_printf("tls_close(): shutting down TLS%s\n",
3766	shutdown > 1 ? " (with response-wait)" : "");	4543	do_shutdown > TLS_SHUTDOWN_NOWAIT ? " (with response-wait)" : "");
		4544
		4545	tls_write(ct_ctx, NULL, 0, FALSE); /* flush write buffer */
3767		4546
3768	if ( (rc = SSL_shutdown(sslp)) == 0 / send "close notify" alert */	4547	if ( ( do_shutdown >= TLS_SHUTDOWN_WONLY
3769	&& shutdown > 1)	4548	\|\| (rc = SSL_shutdown(sslp)) == 0 / send "close notify" alert */
		4549	)
		4550	&& do_shutdown > TLS_SHUTDOWN_NOWAIT
		4551	)
3770	{	4552	{
		4553	#ifdef EXIM_TCP_CORK
		4554	(void) setsockopt(*fdp, IPPROTO_TCP, EXIM_TCP_CORK, US &off, sizeof(off));
		4555	#endif
3771	ALARM(2);	4556	ALARM(2);
3772	rc = SSL_shutdown(sslp); / wait for response */	4557	rc = SSL_shutdown(sslp); / wait for response */
3773	ALARM_CLR(0);	4558	ALARM_CLR(0);
3774	}	4559	}
3775		4560
Lines 3783-3807 Link Here
3783	if (!o_ctx) /* server side */	4568	if (!o_ctx) /* server side */
3784	{	4569	{
3785	#ifndef DISABLE_OCSP	4570	#ifndef DISABLE_OCSP
3786	sk_X509_pop_free(server_static_cbinfo->verify_stack, X509_free);	4571	sk_X509_pop_free(state_server.verify_stack, X509_free);
3787	server_static_cbinfo->verify_stack = NULL;	4572	state_server.verify_stack = NULL;
3788	#endif	4573	#endif
3789		4574
3790	receive_getc = smtp_getc;	4575	receive_getc = smtp_getc;
3791	receive_getbuf = smtp_getbuf;	4576	receive_getbuf = smtp_getbuf;
3792	receive_get_cache = smtp_get_cache;	4577	receive_get_cache = smtp_get_cache;
		4578	receive_hasc = smtp_hasc;
3793	receive_ungetc = smtp_ungetc;	4579	receive_ungetc = smtp_ungetc;
3794	receive_feof = smtp_feof;	4580	receive_feof = smtp_feof;
3795	receive_ferror = smtp_ferror;	4581	receive_ferror = smtp_ferror;
3796	receive_smtp_buffered = smtp_buffered;
3797	tls_in.active.tls_ctx = NULL;	4582	tls_in.active.tls_ctx = NULL;
3798	tls_in.sni = NULL;	4583	tls_in.sni = NULL;
3799	/* Leave bits, peercert, cipher, peerdn, certificate_verified set, for logging */	4584	/* Leave bits, peercert, cipher, peerdn, certificate_verified set, for logging */
3800	}	4585	}
3801		4586
3802	SSL_CTX_free(*ctxp);
3803	SSL_free(*sslp);	4587	SSL_free(*sslp);
3804	*ctxp = NULL;
3805	*sslp = NULL;	4588	*sslp = NULL;
3806	*fdp = -1;	4589	*fdp = -1;
3807	}	4590	}
Lines 3822-3829 Link Here
3822	uschar *	4605	uschar *
3823	tls_validate_require_cipher(void)	4606	tls_validate_require_cipher(void)
3824	{	4607	{
3825	SSL_CTX *ctx;	4608	SSL_CTX * ctx;
3826	uschar s, expciphers, *err;	4609	uschar * expciphers, * err;
3827		4610
3828	tls_openssl_init();	4611	tls_openssl_init();
3829		4612
Lines 3837-3870 Link Here
3837	if (!(expciphers && *expciphers))	4620	if (!(expciphers && *expciphers))
3838	return NULL;	4621	return NULL;
3839		4622
3840	/* normalisation ripped from above */	4623	normalise_ciphers(&expciphers, tls_require_ciphers);
3841	s = expciphers;
3842	while (s != 0) { if (s == '_') *s = '-'; s++; }
3843		4624
3844	err = NULL;	4625	err = NULL;
3845		4626	if (lib_ctx_new(&ctx, NULL, &err) == OK)
3846	#ifdef EXIM_HAVE_OPENSSL_TLS_METHOD
3847	if (!(ctx = SSL_CTX_new(TLS_server_method())))
3848	#else
3849	if (!(ctx = SSL_CTX_new(SSLv23_server_method())))
3850	#endif
3851	{	4627	{
3852	ERR_error_string_n(ERR_get_error(), ssl_errstring, sizeof(ssl_errstring));	4628	DEBUG(D_tls)
3853	return string_sprintf("SSL_CTX_new() failed: %s", ssl_errstring);	4629	debug_printf("tls_require_ciphers expands to \"%s\"\n", expciphers);
3854	}
3855		4630
3856	DEBUG(D_tls)	4631	if (!SSL_CTX_set_cipher_list(ctx, CS expciphers))
3857	debug_printf("tls_require_ciphers expands to \"%s\"\n", expciphers);	4632	{
		4633	ERR_error_string_n(ERR_get_error(), ssl_errstring, sizeof(ssl_errstring));
		4634	err = string_sprintf("SSL_CTX_set_cipher_list(%s) failed: %s",
		4635	expciphers, ssl_errstring);
		4636	}
3858		4637
3859	if (!SSL_CTX_set_cipher_list(ctx, CS expciphers))	4638	SSL_CTX_free(ctx);
3860	{
3861	ERR_error_string_n(ERR_get_error(), ssl_errstring, sizeof(ssl_errstring));
3862	err = string_sprintf("SSL_CTX_set_cipher_list(%s) failed: %s",
3863	expciphers, ssl_errstring);
3864	}	4639	}
3865
3866	SSL_CTX_free(ctx);
3867
3868	return err;	4640	return err;
3869	}	4641	}
3870		4642
Lines 3886-3906 Link Here
3886	will change, so we can more usefully assist with version diagnosis by also	4658	will change, so we can more usefully assist with version diagnosis by also
3887	reporting the build date.	4659	reporting the build date.
3888		4660
3889	Arguments: a FILE* to print the results to	4661	Arguments: string to append to
3890	Returns: nothing	4662	Returns: string
3891	*/	4663	*/
3892		4664
3893	void	4665	gstring *
3894	tls_version_report(FILE *f)	4666	tls_version_report(gstring * g)
3895	{	4667	{
3896	fprintf(f, "Library version: OpenSSL: Compile: %s\n"	4668	return string_fmt_append(g,
3897	" Runtime: %s\n"	4669	"Library version: OpenSSL: Compile: %s\n"
3898	" : %s\n",	4670	" Runtime: %s\n"
3899	OPENSSL_VERSION_TEXT,	4671	" : %s\n",
3900	SSLeay_version(SSLEAY_VERSION),	4672	OPENSSL_VERSION_TEXT,
3901	SSLeay_version(SSLEAY_BUILT_ON));	4673	SSLeay_version(SSLEAY_VERSION),
3902	/* third line is 38 characters for the %s and the line is 73 chars long;	4674	SSLeay_version(SSLEAY_BUILT_ON));
3903	the OpenSSL output includes a "built on: " prefix already. */	4675	/* third line is 38 characters for the %s and the line is 73 chars long;
		4676	the OpenSSL output includes a "built on: " prefix already. */
3904	}	4677	}
3905		4678
3906		4679
Lines 4054-4060 Link Here
4054	{	4827	{
4055	long result, item;	4828	long result, item;
4056	uschar * exp, * end;	4829	uschar * exp, * end;
4057	uschar keep_c;
4058	BOOL adding, item_parsed;	4830	BOOL adding, item_parsed;
4059		4831
4060	/* Server: send no (<= TLS1.2) session tickets */	4832	/* Server: send no (<= TLS1.2) session tickets */
Lines 4096-4106 Link Here
4096	return FALSE;	4868	return FALSE;
4097	}	4869	}
4098	adding = *s++ == '+';	4870	adding = *s++ == '+';
4099	for (end = s; (end != '\0') && !isspace(end); ++end) /**/ ;	4871	for (end = s; end && !isspace(end); ) end++;
4100	keep_c = *end;	4872	item_parsed = tls_openssl_one_option_parse(string_copyn(s, end-s), &item);
4101	*end = '\0';
4102	item_parsed = tls_openssl_one_option_parse(s, &item);
4103	*end = keep_c;
4104	if (!item_parsed)	4873	if (!item_parsed)
4105	{	4874	{
4106	DEBUG(D_tls) debug_printf("openssl option setting unrecognised: \"%s\"\n", s);	4875	DEBUG(D_tls) debug_printf("openssl option setting unrecognised: \"%s\"\n", s);




*     Exim - an Internet mail transport agent    *
*************************************************/

/* Copyright (c) The Exim Maintainers 2020 - 2022 */
/* Copyright (c) University of Cambridge 1995 - 2018 */
/* Copyright (c) The Exim Maintainers 2020 */
/* See the file NOTICE for conditions of use and distribution. */

/* General functions concerned with transportation, and generic options for all


  for(;;)
    {
    fd_set fds;
    /* This code makes use of alarm() in order to implement the timeout. This
    isn't a very tidy way of doing things. Using non-blocking I/O with select()
    provides a neater approach. However, I don't know how to do this when TLS is

    if (rc >= 0 || errno != ENOTCONN || connretry <= 0)
      break;

    poll_one_fd(fd, POLLOUT, -1);		/* could set timeout? retval check? */
    select(fd+1, NULL, &fds, NULL, NULL);	/* could set timout? */
    connretry--;
    }



for (ppp = *pdlist; ppp; ppp = ppp->next) if (p == ppp->ptr) return TRUE;

ppp = store_get(sizeof(struct aci), GET_UNTAINTED);
ppp->next = *pdlist;
*pdlist = ppp;
ppp->ptr = p;


/* Remember what we have output, and output it. */

ppp = store_get(sizeof(struct aci), GET_UNTAINTED);
ppp->next = *pplist;
*pplist = ppp;
ppp->ptr = pp;

  /* Header removed */

  else
    DEBUG(D_transport) debug_printf("removed header line:\n %s---\n", h->text);
  }

/* Add on any address-specific headers. If there are multiple addresses,


if (addr)
  {
  header_line * hprev = addr->prop.extra_headers, * hnext, * h;

  for (int i = 0; i < 2; i++)
    for (h = hprev, hprev = NULL; h; h = hnext)
      {

	{
	if (!sendfn(tctx, h->text, h->slen)) return FALSE;
	DEBUG(D_transport)
	  debug_printf("added header line(s):\n %s---\n", h->text);
	}
      }
  }

	  return FALSE;
	DEBUG(D_transport)
	  {
	  debug_printf("added header line:\n %s", s);
	  if (s[len-1] != '\n') debug_printf("\n");
	  debug_printf("---\n");
	  }


Arguments:
  tctx
    (fd, msg)		Either an fd, to write the message to,
			or a string: if null write message to allocated space
			otherwire take content as headers.
    addr                (chain of) addresses (for extra headers), or NULL;

      add_delivery_date     if TRUE, add a "delivery-date" header
      use_crlf              if TRUE, turn NL into CR LF
      end_dot               if TRUE, send a terminating "." line at the end
      no_flush		    if TRUE, do not flush at end
      no_headers            if TRUE, omit the headers
      no_body               if TRUE, omit the body
    check_string          a string to check for at the start of lines, or NULL


/* If requested, add a terminating "." line (SMTP output). */

if (tctx->options & topt_end_dot)
  {
  smtp_debug_cmd(US".", 0);
  if (!write_chunk(tctx, US".\n", 2))
    return FALSE;
  }

/* Write out any remaining data in the buffer before returning. */

return (len = chunk_ptr - deliver_out_buffer) <= 0
  || transport_write_block(tctx, deliver_out_buffer, len,
			    !!(tctx->options & topt_no_flush));
}




  tctx->u.fd = fd_write;
  tctx->check_string = tctx->escape_string = NULL;
  tctx->options &= ~(topt_use_crlf | topt_end_dot | topt_use_bdat | topt_no_flush);

  rc = internal_transport_write_message(tctx, size_limit);


        yield = FALSE;
	}
      else if (!ok)
        {		/* Try to drain the pipe; read fails are don't care */
	int dummy = read(pfd[pipe_read], (void *)&save_errno, sizeof(int));
        dummy = read(pfd[pipe_read], (void *)&tctx->addr->more_errno, sizeof(int));
        dummy = read(pfd[pipe_read], (void *)&tctx->addr->delivery_time, sizeof(struct timeval));
	dummy = dummy;		/* compiler quietening */
        yield = FALSE;
        }
      }

        ? !write_chunk(tctx, US".\n", 2)
	: !write_chunk(tctx, US"\n.\n", 3)
     )  )
    { smtp_debug_cmd(US".", 0); yield = FALSE; }

  /* Write out any remaining data in the buffer. */



  if (!(host_record = dbfn_read(dbm_file, host->name)))
    {
    host_record = store_get(sizeof(dbdata_wait) + MESSAGE_ID_LENGTH, GET_UNTAINTED);
    host_record->count = host_record->sequence = 0;
    }


    {
    sprintf(CS buffer, "%.200s:%d", host->name, host_record->sequence);
    dbfn_write(dbm_file, buffer, host_record, sizeof(dbdata_wait) + host_length);
#ifndef DISABLE_QUEUE_RAMP
    if (f.queue_2stage && queue_fast_ramp && !queue_run_in_order)
      queue_notify_daemon(message_id);
#endif

  else
    {
    dbdata_wait *newr =
      store_get(sizeof(dbdata_wait) + host_length + MESSAGE_ID_LENGTH, GET_UNTAINTED);
    memcpy(newr, host_record, sizeof(dbdata_wait) + host_length);
    host_record = newr;
    }

  /* Update the database */

  dbfn_write(dbm_file, host->name, host_record, sizeof(dbdata_wait) + host_length);
  DEBUG(D_transport) debug_printf("added %.*s to queue for %s\n",
				  MESSAGE_ID_LENGTH, message_id, host->name);
  }

/* All now done */

  local_message_max  maximum number of messages down one connection
                       as set by the caller transport
  new_message_id     set to the message id of a waiting message
  more               set TRUE if there are yet more messages waiting
  oicf_func          function to call to validate if it is ok to send
                     to this message_id from the current instance.
  oicf_data          opaque data for oicf_func


BOOL
transport_check_waiting(const uschar *transport_name, const uschar *hostname,
  int local_message_max, uschar *new_message_id, oicf oicf_func, void *oicf_data)
{
dbdata_wait *host_record;
int host_length;

int         i;
struct stat statbuf;

*more = FALSE;

DEBUG(D_transport)
  {
  debug_printf("transport_check_waiting entered\n");


  /* create an array to read entire message queue into memory for processing  */

  msgq = store_get(sizeof(msgq_t) * host_record->count, GET_UNTAINTED);
  msgq_count = host_record->count;
  msgq_actual = msgq_count;


if (host_length > 0)
  {
  host_record->count = host_length/MESSAGE_ID_LENGTH;

  dbfn_write(dbm_file, hostname, host_record, (int)sizeof(dbdata_wait) + host_length);
  *more = TRUE;
  }

dbfn_close(dbm_file);

transport_do_pass_socket(const uschar *transport_name, const uschar *hostname,
  const uschar *hostaddress, uschar *id, int socket_fd)
{
int i = 13;
const uschar **argv;

#ifndef DISABLE_TLS
if (smtp_peer_options & OPTION_TLS) i += 6;
#endif
#ifdef EXPERIMENTAL_ESMTP_LIMITS
if (continue_limit_mail || continue_limit_rcpt || continue_limit_rcptdom)
				    i += 4;
#endif
if (queue_run_pid != (pid_t)0)	    i += 3;
#ifdef SUPPORT_SOCKS
if (proxy_session)		    i += 5;
#endif

/* Set up the calling arguments; use the standard function for the basics,
but we have a number of extras that may be added. */


    argv[i++] = US"-MCT";
#endif

#ifdef EXPERIMENTAL_ESMTP_LIMITS
if (continue_limit_rcpt || continue_limit_rcptdom)
  {
  argv[i++] = US"-MCL";
  argv[i++] = string_sprintf("%u", continue_limit_mail);
  argv[i++] = string_sprintf("%u", continue_limit_rcpt);
  argv[i++] = string_sprintf("%u", continue_limit_rcptdom);
  }
#endif

if (queue_run_pid != (pid_t)0)
  {
  argv[i++] = US"-MCQ";

  argv[i++] = string_sprintf("%d", queue_run_pipe);
  }

#ifdef SUPPORT_SOCKS
if (proxy_session)
  {
  argv[i++] = US"-MCp";
  argv[i++] = proxy_local_address;
  argv[i++] = string_sprintf("%d", proxy_local_port);
  argv[i++] = proxy_external_address;
  argv[i++] = string_sprintf("%d", proxy_external_port);
  }
#endif

argv[i++] = US"-MC";
argv[i++] = US transport_name;
argv[i++] = US hostname;


DEBUG(D_exec) debug_print_argv(argv);
exim_nullstd();                          /* Ensure std{out,err} exist */
/* argv[0] should be untainted, from child_exec_exim() */
execv(CS argv[0], (char *const *)argv);

DEBUG(D_any) debug_printf("execv failed: %s\n", strerror(errno));


BOOL
transport_pass_socket(const uschar *transport_name, const uschar *hostname,
  const uschar *hostaddress, uschar *id, int socket_fd
#ifdef EXPERIMENTAL_ESMTP_LIMITS
  , unsigned peer_limit_mail, unsigned peer_limit_rcpt, unsigned peer_limit_rcptdom
#endif
  )
{
pid_t pid;
int status;

DEBUG(D_transport) debug_printf("transport_pass_socket entered\n");

#ifdef EXPERIMENTAL_ESMTP_LIMITS
continue_limit_mail = peer_limit_mail;
continue_limit_rcpt = peer_limit_rcpt;
continue_limit_rcptdom = peer_limit_rcptdom;
#endif

if ((pid = exim_fork(US"continued-transport-interproc")) == 0)
  {
  /* Disconnect entirely from the parent process. If we are running in the




/* Enforce all args untainted, for consistency with a router-sourced pipe
command, where (because the whole line is passed as one to the tpt) a
tainted arg taints the executable name.  It's unclear also that letting an
attacker supply command arguments is wise. */

static BOOL
arg_is_tainted(const uschar * s, int argn, address_item * addr,
  const uschar * etext, uschar ** errptr)
{
if (is_tainted(s))
  {
  uschar * msg = string_sprintf("Tainted arg %d for %s command: '%s'",
				argn, etext, s);
  if (addr)
    {
    addr->transport_return = FAIL;
    addr->message = msg;
    }
  else *errptr = msg;
  return TRUE;
  }
return FALSE;
}


/*************************************************
*          Set up direct (non-shell) command     *
*************************************************/

  expand_failed      error value to set if expansion fails; not relevant if
                     addr == NULL
  addr               chain of addresses, or NULL
  allow_tainted_args as it says; used for ${run}
  etext              text for use in error messages
  errptr             where to put error message if addr is NULL;
                     otherwise it is put in the first address

*/

BOOL
transport_set_up_command(const uschar *** argvptr, const uschar * cmd,
  BOOL expand_arguments, int expand_failed, address_item * addr,
  BOOL allow_tainted_args, const uschar * etext, uschar ** errptr)
{
const uschar ** argv, * s;
int address_count = 0, argcount = 0, max_args;
int address_count = 0;
int argcount = 0;
int max_args;

/* Get store in which to build an argument list. Count the number of addresses
supplied, and allow for that many arguments, plus an additional 60, which


for (address_item * ad = addr; ad; ad = ad->next) address_count++;
max_args = address_count + 60;
*argvptr = argv = store_get((max_args+1)*sizeof(uschar *), GET_UNTAINTED);

/* Split the command up into arguments terminated by white space. Lose
trailing space at the start and end. Double-quoted arguments can contain \\ and

arguments are verbatim. Copy each argument into a new string. */

s = cmd;
Uskip_whitespace(&s);

for (; *s && argcount < max_args; argcount++)
  {
  if (*s == '\'')
    {
    int n = Ustrcspn(++s, "'");
    argv[argcount] = string_copyn(s, n);
    if (*(s += n) == '\'') s++;
    while (*s != 0 && *s != '\'') *ss++ = *s++;
    if (*s != 0) s++;
    *ss++ = 0;
    }
  else
    argv[argcount] = string_dequote(CUSS &s);
  Uskip_whitespace(&s);
  }

argv[argcount] = NULL;

/* If *s != 0 we have run out of argument slots. */

if (*s)
  {
  uschar *msg = string_sprintf("Too many arguments in command \"%s\" in "
    "%s", cmd, etext);
  if (addr)
    {
    addr->transport_return = FAIL;
    addr->message = msg;


if (expand_arguments)
  {
  BOOL allow_dollar_recipients = addr && addr->parent
    && Ustrcmp(addr->parent->address, "system-filter") == 0;
    Ustrcmp(addr->parent->address, "system-filter") == 0;

  for (int i = 0; argv[i]; i++)
    {

    /* Handle special fudge for passing an address list */

    if (addr &&
        (Ustrcmp(argv[i], "$pipe_addresses") == 0 ||
         Ustrcmp(argv[i], "${pipe_addresses}") == 0))
      {


      for (address_item * ad = addr; ad; ad = ad->next)
        {
	/* $pipe_addresses is spefically not checked for taint, because there is
	a testcase (321) depending on it.  It's unclear if the exact thing being
	done really needs to be legitimate, though I suspect it reflects an
	actual use-case that showed up a bug.
	This is a hole in the taint-pretection, mitigated only in that
	shell-syntax metachars cannot be injected via this route. */

	DEBUG(D_transport) if (is_tainted(ad->address))
	  debug_printf("tainted element '%s' from $pipe_addresses\n", ad->address);

	argv[i++] = ad->address;
	argcount++;
	}


      /* Handle special case of $address_pipe when af_force_command is set */

    else if (addr && testflag(addr,af_force_command) &&
        (Ustrcmp(argv[i], "$address_pipe") == 0 ||
         Ustrcmp(argv[i], "${address_pipe}") == 0))
      {
      int address_pipe_argcount = 0;
      int address_pipe_max_args;
      uschar **address_pipe_argv;
      BOOL tainted;

      /* We can never have more then the argv we will be loading into */
      address_pipe_max_args = max_args - argcount + 1;

        debug_printf("address_pipe_max_args=%d\n", address_pipe_max_args);

      /* We allocate an additional for (uschar *)0 */
      address_pipe_argv = store_get((address_pipe_max_args+1)*sizeof(uschar *), GET_UNTAINTED);

      /* +1 because addr->local_part[0] == '|' since af_force_command is set */
      s = expand_string(addr->local_part + 1);
      tainted = is_tainted(s);

      if (!s || !*s)
        {
        addr->transport_return = FAIL;
        addr->message = string_sprintf("Expansion of \"%s\" "

        return FALSE;
        }

      Uskip_whitespace(&s);			/* strip leading space */

      while (*s && address_pipe_argcount < address_pipe_max_args)
        {
        if (*s == '\'')
	  {
	  int n = Ustrcspn(++s, "'");
	  argv[argcount] = string_copyn(s, n);
	  if (*(s += n) == '\'') s++;
	  }
        else
	  address_pipe_argv[address_pipe_argcount++] = string_dequote(CUSS &s);
	Uskip_whitespace(&s);			/* strip space after arg */
        else address_pipe_argv[address_pipe_argcount++] =
	      string_copy(string_dequote(CUSS &s));
        while (isspace(*s)) s++; /* strip space after arg */
        }

      address_pipe_argv[address_pipe_argcount] = NULL;

      /* If *s != 0 we have run out of argument slots. */
      if (*s)
        {
        uschar *msg = string_sprintf("Too many arguments in $address_pipe "
          "\"%s\" in %s", addr->local_part + 1, etext);
        if (addr)
          {
          addr->transport_return = FAIL;
          addr->message = msg;

        }

      /* address_pipe_argcount - 1
      because we are replacing $address_pipe in the argument list
      with the first thing it expands to */

      if (argcount + address_pipe_argcount - 1 > max_args)
        {
        addr->transport_return = FAIL;

        }

      /* If we are not just able to replace the slot that contained
      $address_pipe (address_pipe_argcount == 1)
      We have to move the existing argv by address_pipe_argcount - 1
      Visually if address_pipe_argcount == 2:
      [argv 0][argv 1][argv 2($address_pipe)][argv 3][0]
      [argv 0][argv 1][ap_arg0][ap_arg1][old argv 3][0] */

      if (address_pipe_argcount > 1)
        memmove(
          /* current position + additional args */

        );

      /* Now we fill in the slots we just moved argv out of
      [argv 0][argv 1][argv 2=pipeargv[0]][argv 3=pipeargv[1]][old argv 3][0] */

      for (int address_pipe_i = 0;
           address_pipe_argv[address_pipe_i];
           address_pipe_i++, argcount++)
	{
        uschar * s = address_pipe_argv[address_pipe_i];
	if (arg_is_tainted(s, i, addr, etext, errptr)) return FALSE;
        argv[i++] = s;
	}

      /* Subtract one since we replace $address_pipe */
      argcount--;

        else *errptr = msg;
        return FALSE;
        }

      if ( f.running_in_test_harness && is_tainted(expanded_arg)
	 && Ustrcmp(etext, "queryprogram router") == 0)
	{			/* hack, would be good to not need it */
	DEBUG(D_transport)
	  debug_printf("SPECIFIC TESTSUITE EXEMPTION: tainted arg '%s'\n",
		      expanded_arg);
	}
      else if (  !allow_tainted_args
	      && arg_is_tainted(expanded_arg, i, addr, etext, errptr))
	return FALSE;
      argv[i] = expanded_arg;
      }
    }

  DEBUG(D_transport)
    {
    debug_printf("direct command after expansion:\n");
    for (int i = 0; argv[i]; i++)
      {
      debug_printf("  argv[%d] = '%s'\n", i, string_printing(argv[i]));
      debug_print_taint(argv[i]);
      }
    }
  }

return TRUE;
}



/* For error messages, a string describing the config location associated
with current processing.  NULL if we are not in a transport. */
/* Name only, for now */

uschar *
transport_current_name(void)
{
if (!transport_name) return NULL;
return string_sprintf(" (transport %s, %s %d)", transport_name, driver_srcfile, driver_srcline);
}

#endif	/*!MACRO_PREDEF*/
/* vi: aw ai sw=2
*/




*     Exim - an Internet mail transport agent    *
*************************************************/

/* Copyright (c) The Exim maintainers 2020 - 2022 */
/* Copyright (c) University of Cambridge 1995 - 2020 */
/* See the file NOTICE for conditions of use and distribution. */



/* Default private options block for the appendfile transport. */

appendfile_transport_options_block appendfile_transport_option_defaults = {
  /* all non-mentioned members zero/null/false */
  .dirfilename = US"q${base62:$tod_epoch}-$inode",
  .create_file_string = US"anywhere",
  .maildir_dir_regex = US"^(?:cur|new|\\..*)$",
  .mailbox_size_value = -1,
  .mailbox_filecount_value = -1,
  .mode = APPENDFILE_MODE,
  .dirmode = APPENDFILE_DIRECTORY_MODE,
  .lockfile_mode = APPENDFILE_LOCKFILE_MODE,
  .lockfile_timeout = 30*60,
  .lock_retries = 10,
   .lock_interval = 3,
  .maildir_retries = 10,
  .create_file = create_anywhere,
  .check_owner = TRUE,
  .create_directory = TRUE,
  .notify_comsat = FALSE,
  .use_lockfile = TRUE,
  .use_fcntl = TRUE,
  .mode_fail_narrower = TRUE,
  .quota_is_inclusive = TRUE,
  NULL,           /* file_format */
  0,              /* quota_value */
  0,              /* quota_warn_threshold_value */
  -1,             /* mailbox_size_value */
  -1,             /* mailbox_filecount_value */
  0,              /* quota_filecount_value */
  APPENDFILE_MODE,           /* mode */
  APPENDFILE_DIRECTORY_MODE, /* dirmode */
  APPENDFILE_LOCKFILE_MODE,  /* lockfile_mode */
  30*60,          /* lockfile_timeout */
  0,              /* lock_fcntl_timeout */
  0,              /* lock_flock_timeout */
  10,             /* lock_retries */
   3,             /* lock_interval */
  10,             /* maildir_retries */
  create_anywhere,/* create_file */
  0,              /* options */
  FALSE,          /* allow_fifo */
  FALSE,          /* allow_symlink */
  FALSE,          /* check_group */
  TRUE,           /* check_owner */
  TRUE,           /* create_directory */
  FALSE,          /* notify_comsat */
  TRUE,           /* use_lockfile */
  FALSE,          /* set_use_lockfile */
  TRUE,           /* use_fcntl */
  FALSE,          /* set_use_fcntl */
  FALSE,          /* use_flock */
  FALSE,          /* set_use_flock */
  FALSE,          /* use_mbx_lock */
  FALSE,          /* set_use_mbx_lock */
  FALSE,          /* use_bsmtp */
  FALSE,          /* use_crlf */
  FALSE,          /* file_must_exist */
  TRUE,           /* mode_fail_narrower */
  FALSE,          /* maildir_format */
  FALSE,          /* maildir_use_size_file */
  FALSE,          /* mailstore_format */
  FALSE,          /* mbx_format */
  FALSE,          /* quota_warn_threshold_is_percent */
  TRUE,           /* quota_is_inclusive */
  FALSE,          /* quota_no_check */
  FALSE           /* quota_filecount_no_check */
};



uschar *q = ob->quota;
double default_value = 0.0;

addrlist = addrlist;    /* Keep picky compilers happy */
dummy = dummy;
uid = uid;
gid = gid;

if (ob->expand_maildir_use_size_file)
	ob->maildir_use_size_file = expand_check_condition(ob->expand_maildir_use_size_file,
		US"`maildir_use_size_file` in transport", tblock->name);


for (int i = 0; i < 5; i++)
  {
  double d = default_value;
  int no_check = 0;
  uschar *which = NULL;

  if (q)
  else
    {
    uschar * rest, * s;
    uschar *s = expand_string(q);

    if (!(s =  expand_string(q)))
      {
      *errmsg = string_sprintf("Expansion of \"%s\" in %s transport failed: "
        "%s", q, tblock->name, expand_string_message);

      break;

    case 2:
      if (d >= 2.0*1024.0*1024.0*1024.0 && sizeof(off_t) <= 4)
	  which = US"quota_warn_threshold";
      ob->quota_warn_threshold_value = (off_t)d;
      q = ob->mailbox_size_string;
      default_value = -1.0;

{
appendfile_transport_options_block *ob =
  (appendfile_transport_options_block *)(tblock->options_block);
uschar * s;

/* Set up the setup entry point, to be called in the privileged state */


/* If "create_file" is set, check that a valid option is given, and set the
integer variable. */

if ((s = ob->create_file_string ) && *s)
  {
  int val = 0;
  if (Ustrcmp(s, "anywhere") == 0)			val = create_anywhere;
  else if (*s == '/' || Ustrcmp(s, "belowhome") == 0)	val = create_belowhome;
  else if (Ustrcmp(s, "inhome") == 0)			val = create_inhome;
    value = create_belowhome;
  else if (Ustrcmp(ob->create_file_string, "inhome") == 0)
    value = create_inhome;
  else
    log_write(0, LOG_PANIC_DIE|LOG_CONFIG,
      "invalid value given for \"create_file\" for the %s transport: '%s'",
      tblock->name, s);
  ob->create_file = val;
  }

/* If quota_warn_threshold is set, set up default for warn_message. It may


/* Search the formats for a match */

/* not expanded so cannot be tainted */
while ((s = string_nextinlist(&format, &sep, big_buffer, big_buffer_size)))
  {
  int slen = Ustrlen(s);
  BOOL match = len >= slen && Ustrncmp(data, s, slen) == 0;

Arguments:
  dirname       the name of the directory
  countptr      where to add the file count (because this function recurses)
  re            a compiled regex to get the size from a name

Returns:        the sum of the sizes of the stattable files
                zero if the directory cannot be opened
*/

off_t
check_dir_size(const uschar * dirname, int * countptr, const pcre2_code * re)
{
DIR *dir;
off_t sum = 0;


  /* If there's a regex, try to find the size using it */

  if (re)
    {
    pcre2_match_data * md = pcre2_match_data_create(2, pcre_gen_ctx);
    int rc = pcre2_match(re, (PCRE2_SPTR)name, PCRE2_ZERO_TERMINATED,
			  0, 0, md, pcre_mtc_ctx);
    PCRE2_SIZE * ovec = pcre2_get_ovector_pointer(md);
    if (  rc >= 0
       && (rc = pcre2_get_ovector_count(md)) >= 2)
      {
      uschar *endptr;
      off_t size = (off_t)Ustrtod(name + ovec[2], &endptr);
      if (endptr == name + ovec[3])
        {
        sum += size;
        DEBUG(D_transport)

    if ((statbuf.st_mode & S_IFMT) == S_IFREG)
      sum += statbuf.st_size / statbuf.st_nlink;
    else if ((statbuf.st_mode & S_IFMT) == S_IFDIR)
      sum += check_dir_size(path, &count, re);
  }

closedir(dir);

Arguments:
  filename     the file name
  create_file  the ob->create_file option
  deliver_dir  the delivery directory

Returns:       TRUE if creation is permitted
*/

static BOOL
check_creation(uschar *filename, int create_file, const uschar * deliver_dir)
{
BOOL yield = TRUE;

if (deliver_dir  &&  create_file != create_anywhere)
  {
  int len = Ustrlen(deliver_dir);
  uschar *file = filename;

  while (file[0] == '/' && file[1] == '/') file++;
  if (  Ustrncmp(file, deliver_dir, len) != 0
     || file[len] != '/'
     ||    Ustrchr(file+len+2, '/') != NULL
	&& (  create_file != create_belowhome
	   || Ustrstr(file+len, "/../") != NULL
	   )
       )
     ) yield = FALSE;

  /* If yield is TRUE, the file name starts with the home directory, and does

    if (rp)
      {
      uschar hdbuffer[PATH_MAX+1];
      const uschar * rph = deliver_dir;
      int rlen = Ustrlen(big_buffer);

      if ((rp = US realpath(CS deliver_dir, CS hdbuffer)))
        {
        rph = hdbuffer;
        len = Ustrlen(rph);

        {
        yield = FALSE;
        DEBUG(D_transport) debug_printf("Real path \"%s\" does not match \"%s\"\n",
          big_buffer, deliver_dir);
        }
      }
    }

appendfile_transport_options_block *ob =
  (appendfile_transport_options_block *)(tblock->options_block);
struct stat statbuf;
const uschar * deliver_dir;
uschar *fdname = NULL;
uschar *filename = NULL;
uschar *hitchname = NULL;

    expand_string_message);
  goto ret_panic;
  }
if (is_tainted(path))
  {
  addr->message = string_sprintf("Tainted '%s' (file or directory "
    "name for %s transport) not permitted", path, tblock->name);
  goto ret_panic;
  }

if (path[0] != '/')
  {

  return FALSE;
  }

/* If an absolute path was given for create_file the it overrides deliver_home
(here) and de-taints the filename (below, after check_creation() */

deliver_dir = *ob->create_file_string == '/'
  ? ob->create_file_string : deliver_home;

/* Handle the case of a file name. If the file name is /dev/null, we can save
ourselves some effort and just give a success return right away. */


    }

  /* Set the name of the file to be opened, and the file to which the data
  is written, and find out if we are permitted to create a non-existent file.
  If the create_file option is an absolute path and the file was within it,
  de-taint.  Chaeck for a tainted path. */

  if (  (allow_creation_here = check_creation(path, ob->create_file, deliver_dir))
     && ob->create_file == create_belowhome)
    if (is_tainted(path))
      {
      DEBUG(D_transport) debug_printf("de-tainting path '%s'\n", path);
      path = string_copy_taint(path, GET_UNTAINTED);
      }

  if (is_tainted(path)) goto tainted_ret_panic;
  dataname = filename = path;
  allow_creation_here = check_creation(filename, ob->create_file);

  /* If ob->create_directory is set, attempt to create the directories in
  which this mailbox lives, but only if we are permitted to create the file

  if (ob->create_directory && allow_creation_here)
    {
    uschar *p = Ustrrchr(path, '/');
    p = string_copyn(path, p - path);
    if (!directory_make(NULL, p, ob->dirmode, FALSE))
      {
      addr->basic_errno = errno;
      addr->message =
        string_sprintf("failed to create directories for %s: %s", path,
          exim_errstr(errno));
      DEBUG(D_transport) debug_printf("%s transport: %s\n", tblock->name, path);
      return FALSE;
      }
    *p = '/';
    }

  /* If file_format is set we must check that any existing file matches one of


else
  {
  uschar *check_path;		/* Default quota check path */
  const pcre2_code * re = NULL;     /* Regex for file size from file name */

  if (!check_creation(string_sprintf("%s/any", path),
		      ob->create_file, deliver_dir))
    {
    addr->basic_errno = ERRNO_BADCREATE;
    addr->message = string_sprintf("tried to create file in %s, but "

    goto RETURN;
    }

  /* If the create_file option is an absolute path and the file was within
  it, de-taint. Otherwise check for taint. */

  if (is_tainted(path))
    if (ob->create_file == create_belowhome)
      {
      DEBUG(D_transport) debug_printf("de-tainting path '%s'\n", path);
      path = string_copy_taint(path, GET_UNTAINTED);
      }
    else
      goto tainted_ret_panic;

  check_path = path;

  #ifdef SUPPORT_MAILDIR
  /* For a maildir delivery, ensure that all the relevant directories exist,
  and a maildirfolder file if necessary. */


  if (ob->quota_value > 0 || THRESHOLD_CHECK || ob->maildir_use_size_file)
    {
    PCRE2_SIZE offset;
    int err;

    /* Compile the regex if there is one. */

    if (ob->quota_size_regex)
      {
      if (!(re = pcre2_compile((PCRE2_SPTR)ob->quota_size_regex,
		  PCRE2_ZERO_TERMINATED, PCRE_COPT, &err, &offset, pcre_cmp_ctx)))
        {
	uschar errbuf[128];
	pcre2_get_error_message(err, errbuf, sizeof(errbuf));
        addr->message = string_sprintf("appendfile: regular expression "
          "error: %s at offset %ld while compiling %s", errbuf, (long)offset,
          ob->quota_size_regex);
        return FALSE;
        }

        {
        uschar *new_check_path = string_copy(check_path);
        uschar *slash = Ustrrchr(new_check_path, '/');
        if (slash)
          {
          if (!slash[1])
            {
            *slash = 0;
            slash = Ustrrchr(new_check_path, '/');
            }
          if (slash)
            {
            *slash = 0;
            check_path = new_check_path;

  #ifdef SUPPORT_MAILDIR
  if (ob->maildir_use_size_file)
    {
    const pcre2_code * dir_regex = NULL;
    PCRE2_SIZE offset;
    int err;

    if (ob->maildir_dir_regex)
      {
      int check_path_len = Ustrlen(check_path);

      if (!(dir_regex = pcre2_compile((PCRE2_SPTR)ob->maildir_dir_regex,
	    PCRE2_ZERO_TERMINATED, PCRE_COPT, &err, &offset, pcre_cmp_ctx)))
        {
	uschar errbuf[128];
	pcre2_get_error_message(err, errbuf, sizeof(errbuf));
        addr->message = string_sprintf("appendfile: regular expression "
          "error: %s at offset %ld while compiling %s", errbuf, (long)offset,
          ob->maildir_dir_regex);
        return FALSE;
        }

        {
        uschar *s = path + check_path_len;
        while (*s == '/') s++;
        s = *s ? string_sprintf("%s/new", s) : US"new";
	if (!regex_match(dir_regex, s, -1, NULL))
          {
          disable_quota = TRUE;
          DEBUG(D_transport) debug_printf("delivery directory does not match "

      off_t size;
      int filecount;

      if ((maildirsize_fd = maildir_ensure_sizefile(check_path, ob,  re, dir_regex,
	  &size, &filecount)) == -1)
        {
        addr->basic_errno = errno;

 *    (void)unlink(CS string_sprintf("%s/maildirsize", check_path));
 *    if (THRESHOLD_CHECK)
 *      mailbox_size = maildir_compute_size(check_path, &mailbox_filecount, &old_latest,
 *         re, dir_regex, FALSE);
 *    }
*/


  count. Note that ob->quota_filecount_value cannot be set without
  ob->quota_value being set. */

  if (  !disable_quota
     && (ob->quota_value > 0 || THRESHOLD_CHECK)
     && (  mailbox_size < 0
	|| mailbox_filecount < 0 && ob->quota_filecount_value > 0
    )   )
    {
    off_t size;
    int filecount = 0;
    DEBUG(D_transport)
      debug_printf("quota checks on directory %s\n", check_path);
    size = check_dir_size(check_path, &filecount,  re);
    if (mailbox_size < 0) mailbox_size = size;
    if (mailbox_filecount < 0) mailbox_filecount = filecount;
    }

      uschar *basename;

      (void)gettimeofday(&msg_tv, NULL);
      basename = string_sprintf(TIME_T_FMT ".M%luP" PID_T_FMT ".%s",
       	msg_tv.tv_sec, msg_tv.tv_usec, getpid(), primary_hostname);

      filename = dataname = string_sprintf("tmp/%s", basename);

    dataname = string_sprintf("%s.msg", mailstore_basename);

    fd = Uopen(filename, O_WRONLY|O_CREAT|O_EXCL, mode);
    if (  fd < 0				/* failed to open, and */
       && (   errno != ENOENT			/* either not non-exist */
	  || !ob->create_directory		/* or not allowed to make */
	  || !directory_make(NULL, path, ob->dirmode, FALSE)  /* or failed to create dir */
	  || (fd = Uopen(filename, O_WRONLY|O_CREAT|O_EXCL, mode)) < 0 /* or then failed to open */
       )  )
      {
      addr->basic_errno = errno;
      addr->message = string_sprintf("while creating file %s", filename);


  }

if (verify_mode)
  {
  addr->basic_errno = errno;
  addr->message = US"Over quota";
  addr->transport_return = yield;
  DEBUG(D_transport)
    debug_printf("appendfile (verify) yields %d with errno=%d more_errno=%d\n",
      yield, addr->basic_errno, addr->more_errno);

  goto RETURN;
  }

/* If we are writing in MBX format, what we actually do is to write the message
to a temporary file, and then copy it to the real file once we know its size.
This is the most straightforward way of getting the correct length in the

          uschar *iptr = expand_string(nametag);
          if (iptr)
            {
            uschar *etag = store_get(Ustrlen(iptr) + 2, iptr);
            uschar *optr = etag;
            for ( ; *iptr; iptr++)
              if (mac_isgraph(*iptr) && *iptr != '/')


return FALSE;

tainted_ret_panic:
  addr->message = string_sprintf("Tainted '%s' (file or directory "
      "name for %s transport) not permitted", path, tblock->name);
ret_panic:
  addr->transport_return = PANIC;
  return FALSE;

Lines 3-8 Link Here

(-)exim.orig/src/transports/appendfile.h (-1 / +2 lines)
3	*************************************************/	3	*************************************************/
4		4
5	/* Copyright (c) University of Cambridge 1995 - 2018 */	5	/* Copyright (c) University of Cambridge 1995 - 2018 */
		6	/* Copyright (c) The Exim Maintainers 2021 */
6	/* See the file NOTICE for conditions of use and distribution. */	7	/* See the file NOTICE for conditions of use and distribution. */
7		8
8	/* Private structure for the private options. */	9	/* Private structure for the private options. */
Lines 94-99 Link Here
94		95
95	/* Function that is shared with tf_maildir.c */	96	/* Function that is shared with tf_maildir.c */
96		97
97	extern off_t check_dir_size(const uschar , int , const pcre *);	98	extern off_t check_dir_size(const uschar , int , const pcre2_code *);
98		99
99	/* End of transports/appendfile.h */	100	/* End of transports/appendfile.h */




*     Exim - an Internet mail transport agent    *
*************************************************/

/* Copyright (c) The Exim Maintainers 2020 - 2022 */
/* Copyright (c) University of Cambridge 1995 - 2018 */
/* Copyright (c) The Exim Maintainers 2020 */
/* See the file NOTICE for conditions of use and distribution. */



#else   /*!MACRO_PREDEF*/


/* Default private options block for the autoreply transport.
All non-mentioned lements zero/null/false. */

autoreply_transport_options_block autoreply_transport_option_defaults = {
  .mode = 0600,
  NULL,           /* reply_to */
  NULL,           /* to */
  NULL,           /* cc */
  NULL,           /* bcc */
  NULL,           /* subject */
  NULL,           /* headers */
  NULL,           /* text */
  NULL,           /* file */
  NULL,           /* logfile */
  NULL,           /* oncelog */
  NULL,           /* once_repeat */
  NULL,           /* never_mail */
  0600,           /* mode */
  0,              /* once_file_size */
  FALSE,          /* file_expand */
  FALSE,          /* file_optional */
  FALSE           /* return message */
};



list. Any that are found are removed.

Arguments:
  list        list of addresses to be checked
  never_mail  an address list, already expanded

Returns:      edited replacement address list, or NULL, or original
*/

static uschar *
check_never_mail(uschar * list, const uschar * never_mail)
{
rmark reset_point = store_mark();
uschar * newlist = string_copy(list);
uschar * s = newlist;
BOOL hit = FALSE;

while (*s)
  {
  uschar *error, *next;
  uschar *e = parse_find_address_end(s, FALSE);

    {
    DEBUG(D_transport)
      debug_printf("discarding recipient %s (matched never_mail)\n", next);
    hit = TRUE;
    if (terminator == ',') e++;
    memmove(s, e, Ustrlen(e) + 1);
    }

    }
  }

/* If no addresses were removed, retrieve the memory used and return
the original. */

if (!hit)
  {
  store_reset(reset_point);
  return list;
  }

/* Check to see if we removed the last address, leaving a terminating comma
that needs to be removed */

s = newlist + Ustrlen(newlist);
while (s > newlist && (isspace(s[-1]) || s[-1] == ',')) s--;
*s = 0;

/* Check to see if there any addresses left; if not, return NULL */

s = newlist;
while (s && isspace(*s)) s++;
if (*s)
  return newlist;

store_reset(reset_point);
return NULL;
if (*s == 0) *listptr = NULL;
}



int cache_fd = -1;
int cache_size = 0;
int add_size = 0;
EXIM_DB * dbm_file = NULL;
BOOL file_expand, return_message;
uschar *from, *reply_to, *to, *cc, *bcc, *subject, *headers, *text, *file;
uschar *logfile, *oncelog;

    return FALSE;

  if (oncerepeat)
    if ((once_repeat_sec = readconf_readtime(oncerepeat, 0, FALSE)) < 0)
    once_repeat_sec = readconf_readtime(oncerepeat, 0, FALSE);
    if (once_repeat_sec < 0)
      {
      addr->transport_return = FAIL;
      addr->message = string_sprintf("Invalid time value \"%s\" for "
        "\"once_repeat\" in %s transport", oncerepeat, tblock->name);
      return FALSE;
      }
    }
  }

/* If the never_mail option is set, we have to scan all the recipients and

    return FALSE;
    }

  if (to) to = check_never_mail(to, never_mail);
  if (cc) cc = check_never_mail(cc, never_mail);
  if (bcc) bcc = check_never_mail(bcc, never_mail);

  if (!to && !cc && !bcc)
    {


    cache_size = statbuf.st_size;
    add_size = sizeof(time_t) + Ustrlen(to) + 1;
    cache_buff = store_get(cache_size + add_size, oncelog);

    if (read(cache_fd, cache_buff, cache_size) != cache_size)
      {


    dirname = (s = Ustrrchr(oncelog, '/'))
      ? string_copyn(oncelog, s - oncelog) : NULL;
    if (!(dbm_file = exim_dbopen(oncelog, dirname, O_RDWR|O_CREAT, ob->mode)))
    if (!dbm_file)
      {
      addr->transport_return = DEFER;
      addr->basic_errno = errno;

      goto END_OFF;
      }

    exim_datum_init(&key_datum);        /* Some DBM libraries need datums */
    exim_datum_init(&result_datum);     /* to be cleared */
    exim_datum_data_set(&key_datum, (void *) to);
    exim_datum_size_set(&key_datum, Ustrlen(to) + 1);

    if (exim_dbget(dbm_file, &key_datum, &result_datum))
      {
      /* If the datum size is that of a binary time, we are in the new world
      where messages are sent periodically. Otherwise the file is an old one,

      introduced at Exim 3.00. In a couple of years' time the test on the size
      can be abolished. */

      if (exim_datum_size_get(&result_datum) == sizeof(time_t))
        memcpy(&then, exim_datum_data_get(&result_datum), sizeof(time_t));
      else
        then = now;
      }

  addr->message = string_sprintf("Failed to create child process to send "
    "message from %s transport: %s", tblock->name, strerror(errno));
  DEBUG(D_transport) debug_printf("%s\n", addr->message);
  if (dbm_file) exim_dbclose(dbm_file);
  return FALSE;
  }



if (return_message)
  {
  uschar *rubric = tblock->headers_only
    ? US"------ This is a copy of the message's header lines.\n"
    : tblock->body_only
    ? US"------ This is a copy of the body of the message, without the headers.\n"
    : US"------ This is a copy of the message, including all the headers.\n";
    US"------ This is a copy of the message, including all the headers.\n";
  transport_ctx tctx = {
    .u = {.fd = fileno(fp)},
    .tblock = tblock,

else if (dbm_file)
  {
  EXIM_DATUM key_datum, value_datum;
  exim_datum_init(&key_datum);          /* Some DBM libraries need to have */
  exim_datum_init(&value_datum);        /* cleared datums. */
  exim_datum_data_set(&key_datum, to);
  exim_datum_size_set(&key_datum, Ustrlen(to) + 1);

  /* Many OS define the datum value, sensibly, as a void *. However, there
  are some which still have char *. By casting this address to a char * we
  can avoid warning messages from the char * systems. */

  exim_datum_data_set(&value_datum, &now);
  exim_datum_size_set(&value_datum, sizeof(time_t));
  exim_dbput(dbm_file, &key_datum, &value_datum);
  }

/* If sending failed, defer to try again - but if once is set the next

  }

END_OFF:
if (dbm_file) exim_dbclose(dbm_file);
if (cache_fd > 0) (void)close(cache_fd);

DEBUG(D_transport) debug_printf("%s transport succeeded\n", tblock->name);




*     Exim - an Internet mail transport agent    *
*************************************************/

/* Copyright (c) The Exim Maintainers 2020 - 2022 */
/* Copyright (c) University of Cambridge 1995 - 2018 */
/* Copyright (c) The Exim Maintainers 2020 */
/* See the file NOTICE for conditions of use and distribution. */



  {
  DEBUG(D_transport) debug_printf("using command %s\n", ob->cmd);
  sprintf(CS buffer, "%.50s transport", tblock->name);
  if (!transport_set_up_command(&argv, ob->cmd, TRUE, PANIC, addrlist, FALSE,
	buffer, NULL))
    return FALSE;

  /* If the -N option is set, can't do any more. Presume all has gone well. */

/* First thing is to wait for an initial greeting. */

Ustrcpy(big_buffer, US"initial connection");
if (!lmtp_read_response(out, buffer, sizeof(buffer), '2', timeout))
  goto RESPONSE_FAILED;

/* Next, we send a LHLO command, and expect a positive response */

if (!lmtp_write_command(fd_in, "%s %s\r\n", "LHLO", primary_hostname))
  goto WRITE_FAILED;

if (!lmtp_read_response(out, buffer, sizeof(buffer), '2', timeout))
  goto RESPONSE_FAILED;

/* If the ignore_quota option is set, note whether the server supports the
IGNOREQUOTA option, and if so, set an appropriate addition for RCPT. */

if (ob->ignore_quota)
  igquotstr = regex_match(regex_IGNOREQUOTA, buffer, -1, NULL)
    ? US" IGNOREQUOTA" : US"";

/* Now the envelope sender */





*     Exim - an Internet mail transport agent    *
*************************************************/

/* Copyright (c) The Exim maintainers 2020 - 2022 */
/* Copyright (c) University of Cambridge 1995 - 2018 */
/* Copyright (c) The Exim maintainers 2020 */
/* See the file NOTICE for conditions of use and distribution. */



/* Default private options block for the pipe transport. */

pipe_transport_options_block pipe_transport_option_defaults = {
  .path =	US"/bin:/usr/bin",
  .temp_errors = US mac_expanded_string(EX_TEMPFAIL) ":"
		   mac_expanded_string(EX_CANTCREAT),
  .umask =	022,
  .max_output = 20480,
  .timeout =	60*60,
  /* all others null/zero/false */
     mac_expanded_string(EX_CANTCREAT),
  NULL,           /* check_string */
  NULL,           /* escape_string */
  022,            /* umask */
  20480,          /* max_output */
  60*60,          /* timeout */
  0,              /* options */
  FALSE,          /* force_command */
  FALSE,          /* freeze_exec_fail */
  FALSE,          /* freeze_signal */
  FALSE,          /* ignore_status */
  FALSE,          /* permit_coredump */
  FALSE,          /* restrict_to_path */
  FALSE,          /* timeout_defer */
  FALSE,          /* use_shell */
  FALSE,          /* use_bsmtp */
  FALSE,          /* use_classresources */
  FALSE           /* use_crlf */
};



pipe_transport_options_block *ob =
  (pipe_transport_options_block *)(tblock->options_block);

addrlist = addrlist;  /* Keep compiler happy */
dummy = dummy;
uid = uid;
gid = gid;
errmsg = errmsg;
ob = ob;

#ifdef HAVE_SETCLASSRESOURCES
if (ob->use_classresources)
  {

driver options. Only one of body_only and headers_only can be set. */

ob->options |=
    (tblock->body_only ? topt_no_headers : 0)
  | (tblock->headers_only ? topt_no_body : 0)
  | (tblock->return_path_add ? topt_add_return_path : 0)
  | (tblock->delivery_date_add ? topt_add_delivery_date : 0)
  | (tblock->envelope_to_add ? topt_add_envelope_to : 0)
  | (ob->use_crlf ? topt_use_crlf : 0);
}



is in the addresses). */

if (!transport_set_up_command(argvptr, cmd, expand_arguments, expand_fail,
      addr, FALSE, string_sprintf("%.50s transport", tname), NULL))
  return FALSE;

/* Point to the set-up arguments. */

{
const uschar **argv;

*argvptr = argv = store_get((4)*sizeof(uschar *), GET_UNTAINTED);

argv[0] = US"/bin/sh";
argv[1] = US"-c";


    for (address_item * ad = addr; ad; ad = ad->next)
      {
      DEBUG(D_transport) if (is_tainted(ad->address))
	debug_printf("tainted element '%s' from $pipe_addresses\n", ad->address);

      /*XXX string_append_listele() ? */
      if (ad != addr) g = string_catn(g, US" ", 1);
      g = string_cat(g, ad->address);

  }

/* If no command has been supplied, we are in trouble.
We also check for an empty string since it may be
coming from addr->local_part[0] == '|' */
 */

if (!cmd || !*cmd)
  {

  }
if (is_tainted(cmd))
  {
  DEBUG(D_transport) debug_printf("cmd '%s' is tainted\n", cmd);
  addr->message = string_sprintf("Tainted '%s' (command "
    "for %s transport) not permitted", cmd, tblock->name);
  addr->transport_return = PANIC;

envp[envcount++] = string_sprintf("SENDER=%s", sender_address);
envp[envcount++] = US"SHELL=/bin/sh";

if (addr->host_list)
  envp[envcount++] = string_sprintf("HOST=%s", addr->host_list->name);

if (f.timestamps_utc)
  envp[envcount++] = US"TZ=UTC";
else if (timezone_string && timezone_string[0])
  envp[envcount++] = string_sprintf("TZ=%s", timezone_string);

/* Add any requested items */

Lines 4-10 Link Here

(-)exim.orig/src/transports/queuefile.c (-1 / +5 lines)
4		4
5	/* Copyright (c) Andrew Colin Kissa <andrew@topdog.za.net> 2016 */	5	/* Copyright (c) Andrew Colin Kissa <andrew@topdog.za.net> 2016 */
6	/* Copyright (c) University of Cambridge 2016 */	6	/* Copyright (c) University of Cambridge 2016 */
7	/* Copyright (c) The Exim Maintainers 1995 - 2020 */	7	/* Copyright (c) The Exim Maintainers 1995 - 2021 */
8	/* See the file NOTICE for conditions of use and distribution. */	8	/* See the file NOTICE for conditions of use and distribution. */
9		9
10		10
Lines 14-19 Link Here
14	#ifdef EXPERIMENTAL_QUEUEFILE /* whole file */	14	#ifdef EXPERIMENTAL_QUEUEFILE /* whole file */
15	#include "queuefile.h"	15	#include "queuefile.h"
16		16
		17	#ifndef EXIM_HAVE_OPENAT
		18	# error queuefile transport reqires openat() support
		19	#endif
		20
17	/* Options specific to the appendfile transport. They must be in alphabetic	21	/* Options specific to the appendfile transport. They must be in alphabetic
18	order (note that "_" comes before the lower case letters). Some of them are	22	order (note that "_" comes before the lower case letters). Some of them are
19	stored in the publicly visible instance block - these are flagged with the	23	stored in the publicly visible instance block - these are flagged with the

Lines 2-9 Link Here

(-)exim.orig/src/transports/smtp.c (-468 / +899 lines)
2	* Exim - an Internet mail transport agent *	2	* Exim - an Internet mail transport agent *
3	*************************************************/	3	*************************************************/
4		4
		5	/* Copyright (c) The Exim Maintainers 2020 - 2022 */
5	/* Copyright (c) University of Cambridge 1995 - 2018 */	6	/* Copyright (c) University of Cambridge 1995 - 2018 */
6	/* Copyright (c) The Exim Maintainers 2020 */
7	/* See the file NOTICE for conditions of use and distribution. */	7	/* See the file NOTICE for conditions of use and distribution. */
8		8
9	#include "../exim.h"	9	#include "../exim.h"
Lines 43-49 Link Here
43	{ "dane_require_tls_ciphers", opt_stringptr, LOFF(dane_require_tls_ciphers) },	43	{ "dane_require_tls_ciphers", opt_stringptr, LOFF(dane_require_tls_ciphers) },
44	# endif	44	# endif
45	{ "data_timeout", opt_time, LOFF(data_timeout) },	45	{ "data_timeout", opt_time, LOFF(data_timeout) },
46	{ "delay_after_cutoff", opt_bool, LOFF(delay_after_cutoff) },	46	{ "delay_after_cutoff", opt_bool, LOFF(delay_after_cutoff) },
47	#ifndef DISABLE_DKIM	47	#ifndef DISABLE_DKIM
48	{ "dkim_canon", opt_stringptr, LOFF(dkim.dkim_canon) },	48	{ "dkim_canon", opt_stringptr, LOFF(dkim.dkim_canon) },
49	{ "dkim_domain", opt_stringptr, LOFF(dkim.dkim_domain) },	49	{ "dkim_domain", opt_stringptr, LOFF(dkim.dkim_domain) },
Lines 64-69 Link Here
64	{ "final_timeout", opt_time, LOFF(final_timeout) },	64	{ "final_timeout", opt_time, LOFF(final_timeout) },
65	{ "gethostbyname", opt_bool, LOFF(gethostbyname) },	65	{ "gethostbyname", opt_bool, LOFF(gethostbyname) },
66	{ "helo_data", opt_stringptr, LOFF(helo_data) },	66	{ "helo_data", opt_stringptr, LOFF(helo_data) },
		67	#if !defined(DISABLE_TLS) && !defined(DISABLE_TLS_RESUME)
		68	{ "host_name_extract", opt_stringptr, LOFF(host_name_extract) },
		69	# endif
67	{ "hosts", opt_stringptr, LOFF(hosts) },	70	{ "hosts", opt_stringptr, LOFF(hosts) },
68	{ "hosts_avoid_esmtp", opt_stringptr, LOFF(hosts_avoid_esmtp) },	71	{ "hosts_avoid_esmtp", opt_stringptr, LOFF(hosts_avoid_esmtp) },
69	{ "hosts_avoid_pipelining", opt_stringptr, LOFF(hosts_avoid_pipelining) },	72	{ "hosts_avoid_pipelining", opt_stringptr, LOFF(hosts_avoid_pipelining) },
Lines 84-89 Link Here
84	#if !defined(DISABLE_TLS) && !defined(DISABLE_OCSP)	87	#if !defined(DISABLE_TLS) && !defined(DISABLE_OCSP)
85	{ "hosts_request_ocsp", opt_stringptr, LOFF(hosts_request_ocsp) },	88	{ "hosts_request_ocsp", opt_stringptr, LOFF(hosts_request_ocsp) },
86	#endif	89	#endif
		90	{ "hosts_require_alpn", opt_stringptr, LOFF(hosts_require_alpn) },
87	{ "hosts_require_auth", opt_stringptr, LOFF(hosts_require_auth) },	91	{ "hosts_require_auth", opt_stringptr, LOFF(hosts_require_auth) },
88	#ifndef DISABLE_TLS	92	#ifndef DISABLE_TLS
89	# ifdef SUPPORT_DANE	93	# ifdef SUPPORT_DANE
Lines 111-116 Link Here
111	{ "lmtp_ignore_quota", opt_bool, LOFF(lmtp_ignore_quota) },	115	{ "lmtp_ignore_quota", opt_bool, LOFF(lmtp_ignore_quota) },
112	{ "max_rcpt", opt_int \| opt_public,	116	{ "max_rcpt", opt_int \| opt_public,
113	OPT_OFF(transport_instance, max_addresses) },	117	OPT_OFF(transport_instance, max_addresses) },
		118	{ "message_linelength_limit", opt_int, LOFF(message_linelength_limit) },
114	{ "multi_domain", opt_expand_bool \| opt_public,	119	{ "multi_domain", opt_expand_bool \| opt_public,
115	OPT_OFF(transport_instance, multi_domain) },	120	OPT_OFF(transport_instance, multi_domain) },
116	{ "port", opt_stringptr, LOFF(port) },	121	{ "port", opt_stringptr, LOFF(port) },
Lines 122-133 Link Here
122	{ "socks_proxy", opt_stringptr, LOFF(socks_proxy) },	127	{ "socks_proxy", opt_stringptr, LOFF(socks_proxy) },
123	#endif	128	#endif
124	#ifndef DISABLE_TLS	129	#ifndef DISABLE_TLS
		130	{ "tls_alpn", opt_stringptr, LOFF(tls_alpn) },
125	{ "tls_certificate", opt_stringptr, LOFF(tls_certificate) },	131	{ "tls_certificate", opt_stringptr, LOFF(tls_certificate) },
126	{ "tls_crl", opt_stringptr, LOFF(tls_crl) },	132	{ "tls_crl", opt_stringptr, LOFF(tls_crl) },
127	{ "tls_dh_min_bits", opt_int, LOFF(tls_dh_min_bits) },	133	{ "tls_dh_min_bits", opt_int, LOFF(tls_dh_min_bits) },
128	{ "tls_privatekey", opt_stringptr, LOFF(tls_privatekey) },	134	{ "tls_privatekey", opt_stringptr, LOFF(tls_privatekey) },
129	{ "tls_require_ciphers", opt_stringptr, LOFF(tls_require_ciphers) },	135	{ "tls_require_ciphers", opt_stringptr, LOFF(tls_require_ciphers) },
130	# ifdef EXPERIMENTAL_TLS_RESUME	136	# ifndef DISABLE_TLS_RESUME
131	{ "tls_resumption_hosts", opt_stringptr, LOFF(tls_resumption_hosts) },	137	{ "tls_resumption_hosts", opt_stringptr, LOFF(tls_resumption_hosts) },
132	# endif	138	# endif
133	{ "tls_sni", opt_stringptr, LOFF(tls_sni) },	139	{ "tls_sni", opt_stringptr, LOFF(tls_sni) },
Lines 162-184 Link Here
162	/* Default private options block for the smtp transport. */	168	/* Default private options block for the smtp transport. */
163		169
164	smtp_transport_options_block smtp_transport_option_defaults = {	170	smtp_transport_options_block smtp_transport_option_defaults = {
165	.hosts = NULL,	171	/* All non-mentioned elements 0/NULL/FALSE */
166	.fallback_hosts = NULL,
167	.hostlist = NULL,
168	.fallback_hostlist = NULL,
169	.helo_data = US"$primary_hostname",	172	.helo_data = US"$primary_hostname",
170	.interface = NULL,
171	.port = NULL,
172	.protocol = US"smtp",	173	.protocol = US"smtp",
173	.dscp = NULL,
174	.serialize_hosts = NULL,
175	.hosts_try_auth = NULL,
176	.hosts_require_auth = NULL,
177	.hosts_try_chunking = US"*",	174	.hosts_try_chunking = US"*",
178	#ifdef SUPPORT_DANE	175	#ifdef SUPPORT_DANE
179	.hosts_try_dane = US"*",	176	.hosts_try_dane = US"*",
180	.hosts_require_dane = NULL,
181	.dane_require_tls_ciphers = NULL,
182	#endif	177	#endif
183	.hosts_try_fastopen = US"*",	178	.hosts_try_fastopen = US"*",
184	#ifndef DISABLE_PRDR	179	#ifndef DISABLE_PRDR
Lines 186-204 Link Here
186	#endif	181	#endif
187	#ifndef DISABLE_OCSP	182	#ifndef DISABLE_OCSP
188	.hosts_request_ocsp = US"", / hosts_request_ocsp (except under DANE; tls_client_start()) */	183	.hosts_request_ocsp = US"", / hosts_request_ocsp (except under DANE; tls_client_start()) */
189	.hosts_require_ocsp = NULL,
190	#endif
191	.hosts_require_tls = NULL,
192	.hosts_avoid_tls = NULL,
193	.hosts_verify_avoid_tls = NULL,
194	.hosts_avoid_pipelining = NULL,
195	#ifndef DISABLE_PIPE_CONNECT
196	.hosts_pipe_connect = NULL,
197	#endif
198	.hosts_avoid_esmtp = NULL,
199	#ifndef DISABLE_TLS
200	.hosts_nopass_tls = NULL,
201	.hosts_noproxy_tls = NULL,
202	#endif	184	#endif
203	.command_timeout = 5*60,	185	.command_timeout = 5*60,
204	.connect_timeout = 5*60,	186	.connect_timeout = 5*60,
Lines 207-268 Link Here
207	.size_addition = 1024,	189	.size_addition = 1024,
208	.hosts_max_try = 5,	190	.hosts_max_try = 5,
209	.hosts_max_try_hardlimit = 50,	191	.hosts_max_try_hardlimit = 50,
		192	.message_linelength_limit = 998,
210	.address_retry_include_sender = TRUE,	193	.address_retry_include_sender = TRUE,
211	.allow_localhost = FALSE,
212	.authenticated_sender_force = FALSE,
213	.gethostbyname = FALSE,
214	.dns_qualify_single = TRUE,	194	.dns_qualify_single = TRUE,
215	.dns_search_parents = FALSE,
216	.dnssec = { .request= US"*", .require=NULL },	195	.dnssec = { .request= US"*", .require=NULL },
217	.delay_after_cutoff = TRUE,	196	.delay_after_cutoff = TRUE,
218	.hosts_override = FALSE,
219	.hosts_randomize = FALSE,
220	.keepalive = TRUE,	197	.keepalive = TRUE,
221	.lmtp_ignore_quota = FALSE,
222	.expand_retry_include_ip_address = NULL,
223	.retry_include_ip_address = TRUE,	198	.retry_include_ip_address = TRUE,
224	#ifdef SUPPORT_SOCKS
225	.socks_proxy = NULL,
226	#endif
227	#ifndef DISABLE_TLS	199	#ifndef DISABLE_TLS
228	.tls_certificate = NULL,
229	.tls_crl = NULL,
230	.tls_privatekey = NULL,
231	.tls_require_ciphers = NULL,
232	.tls_sni = NULL,
233	.tls_verify_certificates = US"system",	200	.tls_verify_certificates = US"system",
234	.tls_dh_min_bits = EXIM_CLIENT_DH_DEFAULT_MIN_BITS,	201	.tls_dh_min_bits = EXIM_CLIENT_DH_DEFAULT_MIN_BITS,
235	.tls_tempfail_tryclear = TRUE,	202	.tls_tempfail_tryclear = TRUE,
236	# ifdef EXPERIMENTAL_TLS_RESUME
237	.tls_resumption_hosts = NULL,
238	# endif
239	.tls_verify_hosts = NULL,
240	.tls_try_verify_hosts = US"*",	203	.tls_try_verify_hosts = US"*",
241	.tls_verify_cert_hostnames = US"*",	204	.tls_verify_cert_hostnames = US"*",
		205	# ifndef DISABLE_TLS_RESUME
		206	.host_name_extract = US"${if and {{match{$host}{.outlook.com\\$}} {match{$item}{\\N^250-([\\w.]+)\\s\\N}}} {$1}}",
		207	# endif
242	#endif	208	#endif
243	#ifdef SUPPORT_I18N	209	#ifdef SUPPORT_I18N
244	.utf8_downconvert = US"-1",	210	.utf8_downconvert = US"-1",
245	#endif	211	#endif
246	#ifndef DISABLE_DKIM	212	#ifndef DISABLE_DKIM
247	.dkim =	213	.dkim =
248	{.dkim_domain = NULL,	214	{ .dkim_hash = US"sha256", },
249	.dkim_identity = NULL,
250	.dkim_private_key = NULL,
251	.dkim_selector = NULL,
252	.dkim_canon = NULL,
253	.dkim_sign_headers = NULL,
254	.dkim_strict = NULL,
255	.dkim_hash = US"sha256",
256	.dkim_timestamps = NULL,
257	.dot_stuffed = FALSE,
258	.force_bodyhash = FALSE,
259	# ifdef EXPERIMENTAL_ARC
260	.arc_signspec = NULL,
261	# endif
262	},
263	# ifdef EXPERIMENTAL_ARC
264	.arc_sign = NULL,
265	# endif
266	#endif	215	#endif
267	};	216	};
268		217
Lines 294-336 Link Here
294	void	243	void
295	smtp_deliver_init(void)	244	smtp_deliver_init(void)
296	{	245	{
297	if (!regex_PIPELINING) regex_PIPELINING =	246	struct list
298	regex_must_compile(US"\\n250[\\s\\-]PIPELINING(\\s\|\\n\|$)", FALSE, TRUE);	247	{
299		248	const pcre2_code ** re;
300	if (!regex_SIZE) regex_SIZE =	249	const uschar * string;
301	regex_must_compile(US"\\n250[\\s\\-]SIZE(\\s\|\\n\|$)", FALSE, TRUE);	250	} list[] =
302		251	{
303	if (!regex_AUTH) regex_AUTH =	252	{ &regex_AUTH, AUTHS_REGEX },
304	regex_must_compile(AUTHS_REGEX, FALSE, TRUE);	253	{ &regex_CHUNKING, US"\\n250[\\s\\-]CHUNKING(\\s\|\\n\|$)" },
		254	{ &regex_DSN, US"\\n250[\\s\\-]DSN(\\s\|\\n\|$)" },
		255	{ &regex_IGNOREQUOTA, US"\\n250[\\s\\-]IGNOREQUOTA(\\s\|\\n\|$)" },
		256	{ &regex_PIPELINING, US"\\n250[\\s\\-]PIPELINING(\\s\|\\n\|$)" },
		257	{ &regex_SIZE, US"\\n250[\\s\\-]SIZE(\\s\|\\n\|$)" },
305		258
306	#ifndef DISABLE_TLS	259	#ifndef DISABLE_TLS
307	if (!regex_STARTTLS) regex_STARTTLS =	260	{ &regex_STARTTLS, US"\\n250[\\s\\-]STARTTLS(\\s\|\\n\|$)" },
308	regex_must_compile(US"\\n250[\\s\\-]STARTTLS(\\s\|\\n\|$)", FALSE, TRUE);
309	#endif	261	#endif
310
311	if (!regex_CHUNKING) regex_CHUNKING =
312	regex_must_compile(US"\\n250[\\s\\-]CHUNKING(\\s\|\\n\|$)", FALSE, TRUE);
313
314	#ifndef DISABLE_PRDR	262	#ifndef DISABLE_PRDR
315	if (!regex_PRDR) regex_PRDR =	263	{ &regex_PRDR, US"\\n250[\\s\\-]PRDR(\\s\|\\n\|$)" },
316	regex_must_compile(US"\\n250[\\s\\-]PRDR(\\s\|\\n\|$)", FALSE, TRUE);
317	#endif	264	#endif
318
319	#ifdef SUPPORT_I18N	265	#ifdef SUPPORT_I18N
320	if (!regex_UTF8) regex_UTF8 =	266	{ &regex_UTF8, US"\\n250[\\s\\-]SMTPUTF8(\\s\|\\n\|$)" },
321	regex_must_compile(US"\\n250[\\s\\-]SMTPUTF8(\\s\|\\n\|$)", FALSE, TRUE);
322	#endif	267	#endif
323
324	if (!regex_DSN) regex_DSN =
325	regex_must_compile(US"\\n250[\\s\\-]DSN(\\s\|\\n\|$)", FALSE, TRUE);
326
327	if (!regex_IGNOREQUOTA) regex_IGNOREQUOTA =
328	regex_must_compile(US"\\n250[\\s\\-]IGNOREQUOTA(\\s\|\\n\|$)", FALSE, TRUE);
329
330	#ifndef DISABLE_PIPE_CONNECT	268	#ifndef DISABLE_PIPE_CONNECT
331	if (!regex_EARLY_PIPE) regex_EARLY_PIPE =	269	{ &regex_EARLY_PIPE, US"\\n250[\\s\\-]" EARLY_PIPE_FEATURE_NAME "(\\s\|\\n\|$)" },
332	regex_must_compile(US"\\n250[\\s\\-]" EARLY_PIPE_FEATURE_NAME "(\\s\|\\n\|$)", FALSE, TRUE);	270	#endif
		271	#ifdef EXPERIMENTAL_ESMTP_LIMITS
		272	{ &regex_LIMITS, US"\\n250[\\s\\-]LIMITS\\s" },
333	#endif	273	#endif
		274	};
		275
		276	for (struct list * l = list; l < list + nelem(list); l++)
		277	if (!*l->re)
		278	*l->re = regex_must_compile(l->string, FALSE, TRUE);
334	}	279	}
335		280
336		281
Lines 362-371 Link Here
362	{	307	{
363	smtp_transport_options_block *ob = SOB tblock->options_block;	308	smtp_transport_options_block *ob = SOB tblock->options_block;
364		309
365	errmsg = errmsg; /* Keep picky compilers happy */
366	uid = uid;
367	gid = gid;
368
369	/* Pass back options if required. This interface is getting very messy. */	310	/* Pass back options if required. This interface is getting very messy. */
370		311
371	if (tf)	312	if (tf)
Lines 411-416 Link Here
411	smtp_transport_init(transport_instance *tblock)	352	smtp_transport_init(transport_instance *tblock)
412	{	353	{
413	smtp_transport_options_block *ob = SOB tblock->options_block;	354	smtp_transport_options_block *ob = SOB tblock->options_block;
		355	int old_pool = store_pool;
414		356
415	/* Retry_use_local_part defaults FALSE if unset */	357	/* Retry_use_local_part defaults FALSE if unset */
416		358
Lines 441-452 Link Here
441	/* If hosts_override is set and there are local hosts, set the global	383	/* If hosts_override is set and there are local hosts, set the global
442	flag that stops verify from showing router hosts. */	384	flag that stops verify from showing router hosts. */
443		385
444	if (ob->hosts_override && ob->hosts != NULL) tblock->overrides_hosts = TRUE;	386	if (ob->hosts_override && ob->hosts) tblock->overrides_hosts = TRUE;
445		387
446	/* If there are any fallback hosts listed, build a chain of host items	388	/* If there are any fallback hosts listed, build a chain of host items
447	for them, but do not do any lookups at this time. */	389	for them, but do not do any lookups at this time. */
448		390
449	host_build_hostlist(&(ob->fallback_hostlist), ob->fallback_hosts, FALSE);	391	store_pool = POOL_PERM;
		392	host_build_hostlist(&ob->fallback_hostlist, ob->fallback_hosts, FALSE);
		393	store_pool = old_pool;
450	}	394	}
451		395
452		396
Lines 740-746 Link Here
740	: string_copy(addr->message)	684	: string_copy(addr->message)
741	: addr->basic_errno > 0	685	: addr->basic_errno > 0
742	? string_copy(US strerror(addr->basic_errno))	686	? string_copy(US strerror(addr->basic_errno))
743	: NULL);	687	: NULL,
		688	NULL);
744		689
745	deliver_localpart = save_local;	690	deliver_localpart = save_local;
746	deliver_domain = save_domain;	691	deliver_domain = save_domain;
Lines 773-779 Link Here
773	static BOOL	718	static BOOL
774	smtp_reap_banner(smtp_context * sx)	719	smtp_reap_banner(smtp_context * sx)
775	{	720	{
776	BOOL good_response = smtp_read_response(sx, sx->buffer, sizeof(sx->buffer),	721	BOOL good_response;
		722	#if defined(__linux__) && defined(TCP_QUICKACK)
		723	{ /* Hack to get QUICKACK disabled; has to be right after 3whs, and has to on->off */
		724	int sock = sx->cctx.sock;
		725	struct pollfd p = {.fd = sock, .events = POLLOUT};
		726	if (poll(&p, 1, 1000) >= 0) /* retval test solely for compiler quitening */
		727	{
		728	(void) setsockopt(sock, IPPROTO_TCP, TCP_QUICKACK, US &on, sizeof(on));
		729	(void) setsockopt(sock, IPPROTO_TCP, TCP_QUICKACK, US &off, sizeof(off));
		730	}
		731	}
		732	#endif
		733	good_response = smtp_read_response(sx, sx->buffer, sizeof(sx->buffer),
777	'2', (SOB sx->conn_args.ob)->command_timeout);	734	'2', (SOB sx->conn_args.ob)->command_timeout);
778	#ifdef EXPERIMENTAL_DSN_INFO	735	#ifdef EXPERIMENTAL_DSN_INFO
779	sx->smtp_greeting = string_copy(sx->buffer);	736	sx->smtp_greeting = string_copy(sx->buffer);
Lines 801-812 Link Here
801	#endif	758	#endif
802	#ifndef DISABLE_EVENT	759	#ifndef DISABLE_EVENT
803	(void) event_raise(sx->conn_args.tblock->event_action,	760	(void) event_raise(sx->conn_args.tblock->event_action,
804	US"smtp:ehlo", sx->buffer);	761	US"smtp:ehlo", sx->buffer, NULL);
805	#endif	762	#endif
806	return TRUE;	763	return TRUE;
807	}	764	}
808		765
809		766
		767	/* Grab a string differentiating server behind a loadbalancer, for TLS
		768	resumption when such servers do not share a session-cache */
		769
		770	static void
		771	ehlo_response_lbserver(smtp_context * sx, smtp_transport_options_block * ob)
		772	{
		773	#if !defined(DISABLE_TLS) && !defined(DISABLE_TLS_RESUME)
		774	const uschar * s;
		775	uschar * save_item = iterate_item;
		776
		777	if (sx->conn_args.have_lbserver)
		778	return;
		779	iterate_item = sx->buffer;
		780	s = expand_cstring(ob->host_name_extract);
		781	iterate_item = save_item;
		782	sx->conn_args.host_lbserver = s && !*s ? NULL : s;
		783	sx->conn_args.have_lbserver = TRUE;
		784	#endif
		785	}
		786
		787
		788
		789	/******************************************************************************/
		790
		791	#ifdef EXPERIMENTAL_ESMTP_LIMITS
		792	/* If TLS, or TLS not offered, called with the EHLO response in the buffer.
		793	Check it for a LIMITS keyword and parse values into the smtp context structure.
		794
		795	We don't bother with peers that we won't talk TLS to, even though they can,
		796	just ignore their LIMITS advice (if any) and treat them as if they do not.
		797	This saves us dealing with a duplicate set of values. */
		798
		799	static void
		800	ehlo_response_limits_read(smtp_context * sx)
		801	{
		802	uschar * match;
		803
		804	/* matches up to just after the first space after the keyword */
		805
		806	if (regex_match(regex_LIMITS, sx->buffer, -1, &match))
		807	for (const uschar * s = sx->buffer + Ustrlen(match); *s; )
		808	{
		809	while (isspace(*s)) s++;
		810	if (*s == '\n') break;
		811
		812	if (strncmpic(s, US"MAILMAX=", 8) == 0)
		813	{
		814	sx->peer_limit_mail = atoi(CS (s += 8));
		815	while (isdigit(*s)) s++;
		816	}
		817	else if (strncmpic(s, US"RCPTMAX=", 8) == 0)
		818	{
		819	sx->peer_limit_rcpt = atoi(CS (s += 8));
		820	while (isdigit(*s)) s++;
		821	}
		822	else if (strncmpic(s, US"RCPTDOMAINMAX=", 14) == 0)
		823	{
		824	sx->peer_limit_rcptdom = atoi(CS (s += 14));
		825	while (isdigit(*s)) s++;
		826	}
		827	else
		828	while (s && !isspace(s)) s++;
		829	}
		830	}
831
832	/* Apply given values to the current connection */
833	static void
834	ehlo_limits_apply(smtp_context * sx,
835	unsigned limit_mail, unsigned limit_rcpt, unsigned limit_rcptdom)
836	{
837	if (limit_mail && limit_mail < sx->max_mail) sx->max_mail = limit_mail;
838	if (limit_rcpt && limit_rcpt < sx->max_rcpt) sx->max_rcpt = limit_rcpt;
839	if (limit_rcptdom)
840	{
841	DEBUG(D_transport) debug_printf("will treat as !multi_domain\n");
842	sx->single_rcpt_domain = TRUE;
843	}
844	}
845
846	/* Apply values from EHLO-resp to the current connection */
847	static void
848	ehlo_response_limits_apply(smtp_context * sx)
849	{
850	ehlo_limits_apply(sx, sx->peer_limit_mail, sx->peer_limit_rcpt,
851	sx->peer_limit_rcptdom);
852	}
853
854	/* Apply values read from cache to the current connection */
855	static void
856	ehlo_cache_limits_apply(smtp_context * sx)
857	{
858	# ifndef DISABLE_PIPE_CONNECT
859	ehlo_limits_apply(sx, sx->ehlo_resp.limit_mail, sx->ehlo_resp.limit_rcpt,
860	sx->ehlo_resp.limit_rcptdom);
861	# endif
862	}
863	#endif /EXPERIMENTAL_ESMTP_LIMITS/
864
865	/******************************************************************************/
810		866
811	#ifndef DISABLE_PIPE_CONNECT	867	#ifndef DISABLE_PIPE_CONNECT
812	static uschar *	868	static uschar *
Lines 820-838 Link Here
820	host->port == PORT_NONE ? sx->port : host->port);	876	host->port == PORT_NONE ? sx->port : host->port);
821	}	877	}
822		878
		879	/* Cache EHLO-response info for use by early-pipe.
		880	Called
		881	- During a normal flow on EHLO response (either cleartext or under TLS),
		882	when we are willing to do PIPECONNECT and it is offered
		883	- During an early-pipe flow on receiving the actual EHLO response and noting
		884	disparity versus the cached info used, when PIPECONNECT is still being offered
		885
		886	We assume that suitable values have been set in the sx.ehlo_resp structure for
		887	features and auths; we handle the copy of limits. */
		888
823	static void	889	static void
824	write_ehlo_cache_entry(const smtp_context * sx)	890	write_ehlo_cache_entry(smtp_context * sx)
825	{	891	{
826	open_db dbblock, * dbm_file;	892	open_db dbblock, * dbm_file;
827		893
		894	# ifdef EXPERIMENTAL_ESMTP_LIMITS
		895	sx->ehlo_resp.limit_mail = sx->peer_limit_mail;
		896	sx->ehlo_resp.limit_rcpt = sx->peer_limit_rcpt;
		897	sx->ehlo_resp.limit_rcptdom = sx->peer_limit_rcptdom;
		898	# endif
		899
828	if ((dbm_file = dbfn_open(US"misc", O_RDWR, &dbblock, TRUE, TRUE)))	900	if ((dbm_file = dbfn_open(US"misc", O_RDWR, &dbblock, TRUE, TRUE)))
829	{	901	{
830	uschar * ehlo_resp_key = ehlo_cache_key(sx);	902	uschar * ehlo_resp_key = ehlo_cache_key(sx);
831	dbdata_ehlo_resp er = { .data = sx->ehlo_resp };	903	dbdata_ehlo_resp er = { .data = sx->ehlo_resp };
832		904
833	HDEBUG(D_transport) debug_printf("writing clr %04x/%04x cry %04x/%04x\n",	905	HDEBUG(D_transport)
834	sx->ehlo_resp.cleartext_features, sx->ehlo_resp.cleartext_auths,	906	# ifdef EXPERIMENTAL_ESMTP_LIMITS
835	sx->ehlo_resp.crypted_features, sx->ehlo_resp.crypted_auths);	907	if (sx->ehlo_resp.limit_mail \|\| sx->ehlo_resp.limit_rcpt \|\| sx->ehlo_resp.limit_rcptdom)
		908	debug_printf("writing clr %04x/%04x cry %04x/%04x lim %05d/%05d/%05d\n",
		909	sx->ehlo_resp.cleartext_features, sx->ehlo_resp.cleartext_auths,
		910	sx->ehlo_resp.crypted_features, sx->ehlo_resp.crypted_auths,
		911	sx->ehlo_resp.limit_mail, sx->ehlo_resp.limit_rcpt,
		912	sx->ehlo_resp.limit_rcptdom);
		913	else
		914	# endif
		915	debug_printf("writing clr %04x/%04x cry %04x/%04x\n",
		916	sx->ehlo_resp.cleartext_features, sx->ehlo_resp.cleartext_auths,
		917	sx->ehlo_resp.crypted_features, sx->ehlo_resp.crypted_auths);
836		918
837	dbfn_write(dbm_file, ehlo_resp_key, &er, (int)sizeof(er));	919	dbfn_write(dbm_file, ehlo_resp_key, &er, (int)sizeof(er));
838	dbfn_close(dbm_file);	920	dbfn_close(dbm_file);
Lines 866-872 Link Here
866	uschar * ehlo_resp_key = ehlo_cache_key(sx);	948	uschar * ehlo_resp_key = ehlo_cache_key(sx);
867	dbdata_ehlo_resp * er;	949	dbdata_ehlo_resp * er;
868		950
869	if (!(er = dbfn_read(dbm_file, ehlo_resp_key)))	951	if (!(er = dbfn_read_enforce_length(dbm_file, ehlo_resp_key, sizeof(dbdata_ehlo_resp))))
870	{ DEBUG(D_transport) debug_printf("no ehlo-resp record\n"); }	952	{ DEBUG(D_transport) debug_printf("no ehlo-resp record\n"); }
871	else if (time(NULL) - er->time_stamp > retry_data_expire)	953	else if (time(NULL) - er->time_stamp > retry_data_expire)
872	{	954	{
Lines 877-888 Link Here
877	}	959	}
878	else	960	else
879	{	961	{
		962	DEBUG(D_transport)
		963	# ifdef EXPERIMENTAL_ESMTP_LIMITS
		964	if (er->data.limit_mail \|\| er->data.limit_rcpt \|\| er->data.limit_rcptdom)
		965	debug_printf("EHLO response bits from cache:"
		966	" cleartext 0x%04x/0x%04x crypted 0x%04x/0x%04x lim %05d/%05d/%05d\n",
		967	er->data.cleartext_features, er->data.cleartext_auths,
		968	er->data.crypted_features, er->data.crypted_auths,
		969	er->data.limit_mail, er->data.limit_rcpt, er->data.limit_rcptdom);
		970	else
		971	# endif
		972	debug_printf("EHLO response bits from cache:"
		973	" cleartext 0x%04x/0x%04x crypted 0x%04x/0x%04x\n",
		974	er->data.cleartext_features, er->data.cleartext_auths,
		975	er->data.crypted_features, er->data.crypted_auths);
		976
880	sx->ehlo_resp = er->data;	977	sx->ehlo_resp = er->data;
		978	# ifdef EXPERIMENTAL_ESMTP_LIMITS
		979	ehlo_cache_limits_apply(sx);
		980	# endif
881	dbfn_close(dbm_file);	981	dbfn_close(dbm_file);
882	DEBUG(D_transport) debug_printf(
883	"EHLO response bits from cache: cleartext 0x%04x/0x%04x crypted 0x%04x/0x%04x\n",
884	er->data.cleartext_features, er->data.cleartext_auths,
885	er->data.crypted_features, er->data.crypted_auths);
886	return TRUE;	982	return TRUE;
887	}	983	}
888	dbfn_close(dbm_file);	984	dbfn_close(dbm_file);
Lines 968-973 Link Here
968	if (tls_out.active.sock >= 0) rc = DEFER;	1064	if (tls_out.active.sock >= 0) rc = DEFER;
969	goto fail;	1065	goto fail;
970	}	1066	}
		1067	/XXX EXPERIMENTAL_ESMTP_LIMITS ? /
		1068	ehlo_response_lbserver(sx, sx->conn_args.ob);
971	}	1069	}
972		1070
973	if (pending_EHLO)	1071	if (pending_EHLO)
Lines 984-991 Link Here
984	goto fail;	1082	goto fail;
985	}	1083	}
986		1084
987	/* Compare the actual EHLO response to the cached value we assumed;	1085	/* Compare the actual EHLO response extensions and AUTH methods to the cached
988	on difference, dump or rewrite the cache and arrange for a retry. */	1086	value we assumed; on difference, dump or rewrite the cache and arrange for a
		1087	retry. */
989		1088
990	ap = tls_out.active.sock < 0	1089	ap = tls_out.active.sock < 0
991	? &sx->ehlo_resp.cleartext_auths : &sx->ehlo_resp.crypted_auths;	1090	? &sx->ehlo_resp.cleartext_auths : &sx->ehlo_resp.crypted_auths;
Lines 995-1000 Link Here
995	\| OPTION_CHUNKING \| OPTION_PRDR \| OPTION_DSN \| OPTION_PIPE \| OPTION_SIZE	1094	\| OPTION_CHUNKING \| OPTION_PRDR \| OPTION_DSN \| OPTION_PIPE \| OPTION_SIZE
996	\| OPTION_UTF8 \| OPTION_EARLY_PIPE	1095	\| OPTION_UTF8 \| OPTION_EARLY_PIPE
997	);	1096	);
		1097	# ifdef EXPERIMENTAL_ESMTP_LIMITS
		1098	if (tls_out.active.sock >= 0 \|\| !(peer_offered & OPTION_TLS))
		1099	ehlo_response_limits_read(sx);
		1100	# endif
998	if ( peer_offered != sx->peer_offered	1101	if ( peer_offered != sx->peer_offered
999	\|\| (authbits = study_ehlo_auths(sx)) != *ap)	1102	\|\| (authbits = study_ehlo_auths(sx)) != *ap)
1000	{	1103	{
Lines 1002-1017 Link Here
1002	debug_printf("EHLO %s extensions changed, 0x%04x/0x%04x -> 0x%04x/0x%04x\n",	1105	debug_printf("EHLO %s extensions changed, 0x%04x/0x%04x -> 0x%04x/0x%04x\n",
1003	tls_out.active.sock < 0 ? "cleartext" : "crypted",	1106	tls_out.active.sock < 0 ? "cleartext" : "crypted",
1004	sx->peer_offered, *ap, peer_offered, authbits);	1107	sx->peer_offered, *ap, peer_offered, authbits);
1005	*(tls_out.active.sock < 0
1006	? &sx->ehlo_resp.cleartext_features : &sx->ehlo_resp.crypted_features) = peer_offered;
1007	*ap = authbits;
1008	if (peer_offered & OPTION_EARLY_PIPE)	1108	if (peer_offered & OPTION_EARLY_PIPE)
		1109	{
		1110	*(tls_out.active.sock < 0
		1111	? &sx->ehlo_resp.cleartext_features : &sx->ehlo_resp.crypted_features) =
		1112	peer_offered;
		1113	*ap = authbits;
1009	write_ehlo_cache_entry(sx);	1114	write_ehlo_cache_entry(sx);
		1115	}
1010	else	1116	else
1011	invalidate_ehlo_cache_entry(sx);	1117	invalidate_ehlo_cache_entry(sx);
1012		1118
1013	return OK; /* just carry on */	1119	return OK; /* just carry on */
1014	}	1120	}
		1121	# ifdef EXPERIMENTAL_ESMTP_LIMITS
		1122	/* If we are handling LIMITS, compare the actual EHLO LIMITS values with the
		1123	cached values and invalidate cache if different. OK to carry on with
		1124	connect since values are advisory. */
		1125	{
		1126	if ( (tls_out.active.sock >= 0 \|\| !(peer_offered & OPTION_TLS))
		1127	&& ( sx->peer_limit_mail != sx->ehlo_resp.limit_mail
		1128	\|\| sx->peer_limit_rcpt != sx->ehlo_resp.limit_rcpt
		1129	\|\| sx->peer_limit_rcptdom != sx->ehlo_resp.limit_rcptdom
		1130	) )
		1131	{
		1132	HDEBUG(D_transport)
		1133	{
		1134	debug_printf("EHLO LIMITS changed:");
		1135	if (sx->peer_limit_mail != sx->ehlo_resp.limit_mail)
		1136	debug_printf(" MAILMAX %u -> %u\n", sx->ehlo_resp.limit_mail, sx->peer_limit_mail);
		1137	else if (sx->peer_limit_rcpt != sx->ehlo_resp.limit_rcpt)
		1138	debug_printf(" RCPTMAX %u -> %u\n", sx->ehlo_resp.limit_rcpt, sx->peer_limit_rcpt);
		1139	else
		1140	debug_printf(" RCPTDOMAINMAX %u -> %u\n", sx->ehlo_resp.limit_rcptdom, sx->peer_limit_rcptdom);
		1141	}
		1142	invalidate_ehlo_cache_entry(sx);
		1143	}
		1144	}
		1145	# endif
1015	}	1146	}
1016	return OK;	1147	return OK;
1017		1148
Lines 1133-1139 Link Here
1133	/* The address was accepted */	1264	/* The address was accepted */
1134	addr->host_used = sx->conn_args.host;	1265	addr->host_used = sx->conn_args.host;
1135		1266
1136	DEBUG(D_transport) debug_printf("%s expect rcpt\n", __FUNCTION__);	1267	DEBUG(D_transport) debug_printf("%s expect rcpt for %s\n", __FUNCTION__, addr->address);
1137	if (smtp_read_response(sx, sx->buffer, sizeof(sx->buffer),	1268	if (smtp_read_response(sx, sx->buffer, sizeof(sx->buffer),
1138	'2', ob->command_timeout))	1269	'2', ob->command_timeout))
1139	{	1270	{
Lines 1334-1343 Link Here
1334	host_item * host = sx->conn_args.host; /* host to deliver to */	1465	host_item * host = sx->conn_args.host; /* host to deliver to */
1335	int rc;	1466	int rc;
1336		1467
		1468	/* Set up globals for error messages */
		1469
		1470	authenticator_name = au->name;
		1471	driver_srcfile = au->srcfile;
		1472	driver_srcline = au->srcline;
		1473
1337	sx->outblock.authenticating = TRUE;	1474	sx->outblock.authenticating = TRUE;
1338	rc = (au->info->clientcode)(au, sx, ob->command_timeout,	1475	rc = (au->info->clientcode)(au, sx, ob->command_timeout,
1339	sx->buffer, sizeof(sx->buffer));	1476	sx->buffer, sizeof(sx->buffer));
1340	sx->outblock.authenticating = FALSE;	1477	sx->outblock.authenticating = FALSE;
		1478	driver_srcfile = authenticator_name = NULL; driver_srcline = 0;
1341	DEBUG(D_transport) debug_printf("%s authenticator yielded %d\n", au->name, rc);	1479	DEBUG(D_transport) debug_printf("%s authenticator yielded %d\n", au->name, rc);
1342		1480
1343	/* A temporary authentication failure must hold up delivery to	1481	/* A temporary authentication failure must hold up delivery to
Lines 1688-1695 Link Here
1688	current_local_identity =	1826	current_local_identity =
1689	smtp_local_identity(s_compare->current_sender_address, s_compare->tblock);	1827	smtp_local_identity(s_compare->current_sender_address, s_compare->tblock);
1690		1828
1691	if (!(new_sender_address = deliver_get_sender_address(message_id)))	1829	if (!(new_sender_address = spool_sender_from_msgid(message_id)))
1692	return FALSE;	1830	return FALSE;
		1831
1693		1832
1694	message_local_identity =	1833	message_local_identity =
1695	smtp_local_identity(new_sender_address, s_compare->tblock);	1834	smtp_local_identity(new_sender_address, s_compare->tblock);
Lines 1702-1758 Link Here
1702	static unsigned	1841	static unsigned
1703	ehlo_response(uschar * buf, unsigned checks)	1842	ehlo_response(uschar * buf, unsigned checks)
1704	{	1843	{
1705	size_t bsize = Ustrlen(buf);	1844	PCRE2_SIZE bsize = Ustrlen(buf);
		1845	pcre2_match_data * md = pcre2_match_data_create(1, pcre_gen_ctx);
1706		1846
1707	/* debug_printf("%s: check for 0x%04x\n", __FUNCTION__, checks); */	1847	/* debug_printf("%s: check for 0x%04x\n", __FUNCTION__, checks); */
1708		1848
1709	#ifndef DISABLE_TLS	1849	#ifndef DISABLE_TLS
1710	if ( checks & OPTION_TLS	1850	if ( checks & OPTION_TLS
1711	&& pcre_exec(regex_STARTTLS, NULL, CS buf, bsize, 0, PCRE_EOPT, NULL, 0) < 0)	1851	&& pcre2_match(regex_STARTTLS,
		1852	(PCRE2_SPTR)buf, bsize, 0, PCRE_EOPT, md, pcre_mtc_ctx) < 0)
1712	#endif	1853	#endif
1713	checks &= ~OPTION_TLS;	1854	checks &= ~OPTION_TLS;
1714		1855
1715	if ( checks & OPTION_IGNQ	1856	if ( checks & OPTION_IGNQ
1716	&& pcre_exec(regex_IGNOREQUOTA, NULL, CS buf, bsize, 0,	1857	&& pcre2_match(regex_IGNOREQUOTA,
1717	PCRE_EOPT, NULL, 0) < 0)	1858	(PCRE2_SPTR)buf, bsize, 0, PCRE_EOPT, md, pcre_mtc_ctx) < 0)
1718	checks &= ~OPTION_IGNQ;	1859	checks &= ~OPTION_IGNQ;
1719		1860
1720	if ( checks & OPTION_CHUNKING	1861	if ( checks & OPTION_CHUNKING
1721	&& pcre_exec(regex_CHUNKING, NULL, CS buf, bsize, 0, PCRE_EOPT, NULL, 0) < 0)	1862	&& pcre2_match(regex_CHUNKING,
		1863	(PCRE2_SPTR)buf, bsize, 0, PCRE_EOPT, md, pcre_mtc_ctx) < 0)
1722	checks &= ~OPTION_CHUNKING;	1864	checks &= ~OPTION_CHUNKING;
1723		1865
1724	#ifndef DISABLE_PRDR	1866	#ifndef DISABLE_PRDR
1725	if ( checks & OPTION_PRDR	1867	if ( checks & OPTION_PRDR
1726	&& pcre_exec(regex_PRDR, NULL, CS buf, bsize, 0, PCRE_EOPT, NULL, 0) < 0)	1868	&& pcre2_match(regex_PRDR,
		1869	(PCRE2_SPTR)buf, bsize, 0, PCRE_EOPT, md, pcre_mtc_ctx) < 0)
1727	#endif	1870	#endif
1728	checks &= ~OPTION_PRDR;	1871	checks &= ~OPTION_PRDR;
1729		1872
1730	#ifdef SUPPORT_I18N	1873	#ifdef SUPPORT_I18N
1731	if ( checks & OPTION_UTF8	1874	if ( checks & OPTION_UTF8
1732	&& pcre_exec(regex_UTF8, NULL, CS buf, bsize, 0, PCRE_EOPT, NULL, 0) < 0)	1875	&& pcre2_match(regex_UTF8,
		1876	(PCRE2_SPTR)buf, bsize, 0, PCRE_EOPT, md, pcre_mtc_ctx) < 0)
1733	#endif	1877	#endif
1734	checks &= ~OPTION_UTF8;	1878	checks &= ~OPTION_UTF8;
1735		1879
1736	if ( checks & OPTION_DSN	1880	if ( checks & OPTION_DSN
1737	&& pcre_exec(regex_DSN, NULL, CS buf, bsize, 0, PCRE_EOPT, NULL, 0) < 0)	1881	&& pcre2_match(regex_DSN,
		1882	(PCRE2_SPTR)buf, bsize, 0, PCRE_EOPT, md, pcre_mtc_ctx) < 0)
1738	checks &= ~OPTION_DSN;	1883	checks &= ~OPTION_DSN;
1739		1884
1740	if ( checks & OPTION_PIPE	1885	if ( checks & OPTION_PIPE
1741	&& pcre_exec(regex_PIPELINING, NULL, CS buf, bsize, 0,	1886	&& pcre2_match(regex_PIPELINING,
1742	PCRE_EOPT, NULL, 0) < 0)	1887	(PCRE2_SPTR)buf, bsize, 0, PCRE_EOPT, md, pcre_mtc_ctx) < 0)
1743	checks &= ~OPTION_PIPE;	1888	checks &= ~OPTION_PIPE;
1744		1889
1745	if ( checks & OPTION_SIZE	1890	if ( checks & OPTION_SIZE
1746	&& pcre_exec(regex_SIZE, NULL, CS buf, bsize, 0, PCRE_EOPT, NULL, 0) < 0)	1891	&& pcre2_match(regex_SIZE,
		1892	(PCRE2_SPTR)buf, bsize, 0, PCRE_EOPT, md, pcre_mtc_ctx) < 0)
1747	checks &= ~OPTION_SIZE;	1893	checks &= ~OPTION_SIZE;
1748		1894
1749	#ifndef DISABLE_PIPE_CONNECT	1895	#ifndef DISABLE_PIPE_CONNECT
1750	if ( checks & OPTION_EARLY_PIPE	1896	if ( checks & OPTION_EARLY_PIPE
1751	&& pcre_exec(regex_EARLY_PIPE, NULL, CS buf, bsize, 0,	1897	&& pcre2_match(regex_EARLY_PIPE,
1752	PCRE_EOPT, NULL, 0) < 0)	1898	(PCRE2_SPTR)buf, bsize, 0, PCRE_EOPT, md, pcre_mtc_ctx) < 0)
1753	#endif	1899	#endif
1754	checks &= ~OPTION_EARLY_PIPE;	1900	checks &= ~OPTION_EARLY_PIPE;
1755		1901
		1902	pcre2_match_data_free(md);
1756	/* debug_printf("%s: found 0x%04x\n", __FUNCTION__, checks); */	1903	/* debug_printf("%s: found 0x%04x\n", __FUNCTION__, checks); */
1757	return checks;	1904	return checks;
1758	}	1905	}
Lines 1877-1882 Link Here
1877		2024
1878		2025
1879		2026
		2027	#ifdef SUPPORT_DANE
		2028	static int
		2029	check_force_dane_conn(smtp_context * sx, smtp_transport_options_block * ob)
		2030	{
		2031	int rc;
		2032	if( sx->dane_required
		2033	\|\| verify_check_given_host(CUSS &ob->hosts_try_dane, sx->conn_args.host) == OK
		2034	)
		2035	switch (rc = tlsa_lookup(sx->conn_args.host, &sx->conn_args.tlsa_dnsa, sx->dane_required))
		2036	{
		2037	case OK: sx->conn_args.dane = TRUE;
		2038	ob->tls_tempfail_tryclear = FALSE; /* force TLS */
		2039	ob->tls_sni = sx->conn_args.host->name; /* force SNI */
		2040	break;
		2041	case FAIL_FORCED: break;
		2042	default: set_errno_nohost(sx->addrlist, ERRNO_DNSDEFER,
		2043	string_sprintf("DANE error: tlsa lookup %s",
		2044	rc_to_string(rc)),
		2045	rc, FALSE, &sx->delivery_start);
		2046	# ifndef DISABLE_EVENT
		2047	(void) event_raise(sx->conn_args.tblock->event_action,
		2048	US"dane:fail", sx->dane_required
		2049	? US"dane-required" : US"dnssec-invalid",
		2050	NULL);
		2051	# endif
		2052	return rc;
		2053	}
		2054	return OK;
		2055	}
		2056	#endif
1880		2057
1881		2058
1882	/*************************************************	2059	/*************************************************
Lines 1885-1891 Link Here
1885		2062
1886	/*	2063	/*
1887	Arguments:	2064	Arguments:
1888	ctx connection context	2065	sx connection context
1889	suppress_tls if TRUE, don't attempt a TLS connection - this is set for	2066	suppress_tls if TRUE, don't attempt a TLS connection - this is set for
1890	a second attempt after TLS initialization fails	2067	a second attempt after TLS initialization fails
1891		2068
Lines 1909-1951 Link Here
1909	uschar * tls_errstr;	2086	uschar * tls_errstr;
1910	#endif	2087	#endif
1911		2088
		2089	/* Many lines of clearing individual elements of *sx that used to
		2090	be here have been replaced by a full memset to zero (de41aff051).
		2091	There are two callers, this file and verify.c . Now we only set
		2092	up nonzero elements. */
		2093
1912	sx->conn_args.ob = ob;	2094	sx->conn_args.ob = ob;
1913		2095
1914	sx->lmtp = strcmpic(ob->protocol, US"lmtp") == 0;	2096	sx->lmtp = strcmpic(ob->protocol, US"lmtp") == 0;
1915	sx->smtps = strcmpic(ob->protocol, US"smtps") == 0;	2097	sx->smtps = strcmpic(ob->protocol, US"smtps") == 0;
1916	/* sx->ok = FALSE; */
1917	sx->send_rset = TRUE;	2098	sx->send_rset = TRUE;
1918	sx->send_quit = TRUE;	2099	sx->send_quit = TRUE;
1919	sx->setting_up = TRUE;	2100	sx->setting_up = TRUE;
1920	sx->esmtp = TRUE;	2101	sx->esmtp = TRUE;
1921	/* sx->esmtp_sent = FALSE; */
1922	#ifdef SUPPORT_I18N
1923	/* sx->utf8_needed = FALSE; */
1924	#endif
1925	sx->dsn_all_lasthop = TRUE;	2102	sx->dsn_all_lasthop = TRUE;
1926	#ifdef SUPPORT_DANE	2103	#ifdef SUPPORT_DANE
1927	/* sx->conn_args.dane = FALSE; */
1928	sx->dane_required =	2104	sx->dane_required =
1929	verify_check_given_host(CUSS &ob->hosts_require_dane, sx->conn_args.host) == OK;	2105	verify_check_given_host(CUSS &ob->hosts_require_dane, sx->conn_args.host) == OK;
1930	#endif	2106	#endif
1931	#ifndef DISABLE_PIPE_CONNECT
1932	/* sx->early_pipe_active = sx->early_pipe_ok = FALSE; */
1933	/* sx->ehlo_resp.cleartext_features = sx->ehlo_resp.crypted_features = 0; */
1934	/* sx->pending_BANNER = sx->pending_EHLO = sx->pending_MAIL = FALSE; */
1935	#endif
1936		2107
1937	if ((sx->max_rcpt = sx->conn_args.tblock->max_addresses) == 0) sx->max_rcpt = 999999;	2108	if ((sx->max_mail = sx->conn_args.tblock->connection_max_messages) == 0) sx->max_mail = 999999;
1938	/* sx->peer_offered = 0; */	2109	if ((sx->max_rcpt = sx->conn_args.tblock->max_addresses) == 0) sx->max_rcpt = 999999;
1939	/* sx->avoid_option = 0; */
1940	sx->igquotstr = US"";	2110	sx->igquotstr = US"";
1941	if (!sx->helo_data) sx->helo_data = ob->helo_data;	2111	if (!sx->helo_data) sx->helo_data = ob->helo_data;
1942	#ifdef EXPERIMENTAL_DSN_INFO
1943	/* sx->smtp_greeting = NULL; */
1944	/* sx->helo_response = NULL; */
1945	#endif
1946		2112
1947	smtp_command = US"initial connection";	2113	smtp_command = US"initial connection";
1948	/* sx->buffer[0] = '\0'; */
1949		2114
1950	/* Set up the buffer for reading SMTP response packets. */	2115	/* Set up the buffer for reading SMTP response packets. */
1951		2116
Lines 1959-1967 Link Here
1959	sx->outblock.buffer = sx->outbuffer;	2124	sx->outblock.buffer = sx->outbuffer;
1960	sx->outblock.buffersize = sizeof(sx->outbuffer);	2125	sx->outblock.buffersize = sizeof(sx->outbuffer);
1961	sx->outblock.ptr = sx->outbuffer;	2126	sx->outblock.ptr = sx->outbuffer;
1962	/* sx->outblock.cmd_count = 0; */
1963	/* sx->outblock.authenticating = FALSE; */
1964	/* sx->outblock.conn_args = NULL; */
1965		2127
1966	/* Reset the parameters of a TLS session. */	2128	/* Reset the parameters of a TLS session. */
1967		2129
Lines 1974-1980 Link Here
1974	tls_out.sni = NULL;	2136	tls_out.sni = NULL;
1975	#endif	2137	#endif
1976	tls_out.ocsp = OCSP_NOT_REQ;	2138	tls_out.ocsp = OCSP_NOT_REQ;
1977	#ifdef EXPERIMENTAL_TLS_RESUME	2139	#ifndef DISABLE_TLS_RESUME
1978	tls_out.resumption = 0;	2140	tls_out.resumption = 0;
1979	#endif	2141	#endif
1980	tls_out.ver = NULL;	2142	tls_out.ver = NULL;
Lines 2003-2034 Link Here
2003	const uschar * sni = US"";	2165	const uschar * sni = US"";
2004		2166
2005	# ifdef SUPPORT_DANE	2167	# ifdef SUPPORT_DANE
2006	/* Check if the message will be DANE-verified; if so force its SNI */	2168	/* Check if the message will be DANE-verified; if so force TLS and its SNI */
2007		2169
2008	tls_out.dane_verified = FALSE;	2170	tls_out.dane_verified = FALSE;
2009	smtp_port_for_connect(sx->conn_args.host, sx->port);	2171	smtp_port_for_connect(sx->conn_args.host, sx->port);
2010	if ( sx->conn_args.host->dnssec == DS_YES	2172	if ( sx->conn_args.host->dnssec == DS_YES
2011	&& ( sx->dane_required	2173	&& (rc = check_force_dane_conn(sx, ob)) != OK
2012	\|\| verify_check_given_host(CUSS &ob->hosts_try_dane, sx->conn_args.host) == OK	2174	)
2013	) )	2175	return rc;
2014	switch (rc = tlsa_lookup(sx->conn_args.host, &sx->conn_args.tlsa_dnsa, sx->dane_required))
2015	{
2016	case OK: sx->conn_args.dane = TRUE;
2017	ob->tls_tempfail_tryclear = FALSE; /* force TLS */
2018	ob->tls_sni = sx->first_addr->domain; /* force SNI */
2019	break;
2020	case FAIL_FORCED: break;
2021	default: set_errno_nohost(sx->addrlist, ERRNO_DNSDEFER,
2022	string_sprintf("DANE error: tlsa lookup %s",
2023	rc_to_string(rc)),
2024	rc, FALSE, &sx->delivery_start);
2025	# ifndef DISABLE_EVENT
2026	(void) event_raise(sx->conn_args.tblock->event_action,
2027	US"dane:fail", sx->dane_required
2028	? US"dane-required" : US"dnssec-invalid");
2029	# endif
2030	return rc;
2031	}
2032	# endif	2176	# endif
2033		2177
2034	/* If the SNI or the DANE status required for the new message differs from the	2178	/* If the SNI or the DANE status required for the new message differs from the
Lines 2056-2062 Link Here
2056	DEBUG(D_transport)	2200	DEBUG(D_transport)
2057	debug_printf("Closing proxied-TLS connection due to SNI mismatch\n");	2201	debug_printf("Closing proxied-TLS connection due to SNI mismatch\n");
2058		2202
2059	HDEBUG(D_transport\|D_acl\|D_v) debug_printf_indent(" SMTP>> QUIT\n");	2203	smtp_debug_cmd(US"QUIT", 0);
2060	write(0, "QUIT\r\n", 6);	2204	write(0, "QUIT\r\n", 6);
2061	close(0);	2205	close(0);
2062	continue_hostname = continue_proxy_cipher = NULL;	2206	continue_hostname = continue_proxy_cipher = NULL;
Lines 2077-2082 Link Here
2077	if (sx->verify)	2221	if (sx->verify)
2078	HDEBUG(D_verify) debug_printf("interface=%s port=%d\n", sx->conn_args.interface, sx->port);	2222	HDEBUG(D_verify) debug_printf("interface=%s port=%d\n", sx->conn_args.interface, sx->port);
2079		2223
		2224	/* Arrange to report to calling process this is a new connection */
		2225
		2226	clearflag(sx->first_addr, af_cont_conn);
		2227	setflag(sx->first_addr, af_new_conn);
		2228
2080	/* Get the actual port the connection will use, into sx->conn_args.host */	2229	/* Get the actual port the connection will use, into sx->conn_args.host */
2081		2230
2082	smtp_port_for_connect(sx->conn_args.host, sx->port);	2231	smtp_port_for_connect(sx->conn_args.host, sx->port);
Lines 2090-2116 Link Here
2090	if (sx->conn_args.host->dnssec == DS_YES)	2239	if (sx->conn_args.host->dnssec == DS_YES)
2091	{	2240	{
2092	int rc;	2241	int rc;
2093	if( sx->dane_required	2242	if ((rc = check_force_dane_conn(sx, ob)) != OK)
2094	\|\| verify_check_given_host(CUSS &ob->hosts_try_dane, sx->conn_args.host) == OK	2243	return rc;
2095	)
2096	switch (rc = tlsa_lookup(sx->conn_args.host, &sx->conn_args.tlsa_dnsa, sx->dane_required))
2097	{
2098	case OK: sx->conn_args.dane = TRUE;
2099	ob->tls_tempfail_tryclear = FALSE; /* force TLS */
2100	ob->tls_sni = sx->first_addr->domain; /* force SNI */
2101	break;
2102	case FAIL_FORCED: break;
2103	default: set_errno_nohost(sx->addrlist, ERRNO_DNSDEFER,
2104	string_sprintf("DANE error: tlsa lookup %s",
2105	rc_to_string(rc)),
2106	rc, FALSE, &sx->delivery_start);
2107	# ifndef DISABLE_EVENT
2108	(void) event_raise(sx->conn_args.tblock->event_action,
2109	US"dane:fail", sx->dane_required
2110	? US"dane-required" : US"dnssec-invalid");
2111	# endif
2112	return rc;
2113	}
2114	}	2244	}
2115	else if (sx->dane_required)	2245	else if (sx->dane_required)
2116	{	2246	{
Lines 2119-2125 Link Here
2119	FAIL, FALSE, &sx->delivery_start);	2249	FAIL, FALSE, &sx->delivery_start);
2120	# ifndef DISABLE_EVENT	2250	# ifndef DISABLE_EVENT
2121	(void) event_raise(sx->conn_args.tblock->event_action,	2251	(void) event_raise(sx->conn_args.tblock->event_action,
2122	US"dane:fail", US"dane-required");	2252	US"dane:fail", US"dane-required", NULL);
2123	# endif	2253	# endif
2124	return FAIL;	2254	return FAIL;
2125	}	2255	}
Lines 2130-2136 Link Here
2130		2260
2131	sx->cctx.tls_ctx = NULL;	2261	sx->cctx.tls_ctx = NULL;
2132	sx->inblock.cctx = sx->outblock.cctx = &sx->cctx;	2262	sx->inblock.cctx = sx->outblock.cctx = &sx->cctx;
		2263	#ifdef EXPERIMENTAL_ESMTP_LIMITS
		2264	sx->peer_limit_mail = sx->peer_limit_rcpt = sx->peer_limit_rcptdom =
		2265	#endif
2133	sx->avoid_option = sx->peer_offered = smtp_peer_options = 0;	2266	sx->avoid_option = sx->peer_offered = smtp_peer_options = 0;
		2267	#ifndef DISABLE_CLIENT_CMD_LOG
		2268	client_cmd_log = NULL;
		2269	#endif
2134		2270
2135	#ifndef DISABLE_PIPE_CONNECT	2271	#ifndef DISABLE_PIPE_CONNECT
2136	if ( verify_check_given_host(CUSS &ob->hosts_pipe_connect,	2272	if ( verify_check_given_host(CUSS &ob->hosts_pipe_connect,
Lines 2140-2145 Link Here
2140	the helo string might use it avoid doing early-pipelining. */	2276	the helo string might use it avoid doing early-pipelining. */
2141		2277
2142	if ( !sx->helo_data	2278	if ( !sx->helo_data
		2279	\|\| sx->conn_args.interface
2143	\|\| !Ustrstr(sx->helo_data, "$sending_ip_address")	2280	\|\| !Ustrstr(sx->helo_data, "$sending_ip_address")
2144	\|\| Ustrstr(sx->helo_data, "def:sending_ip_address")	2281	\|\| Ustrstr(sx->helo_data, "def:sending_ip_address")
2145	)	2282	)
Lines 2149-2169 Link Here
2149	&& sx->ehlo_resp.cleartext_features & OPTION_EARLY_PIPE)	2286	&& sx->ehlo_resp.cleartext_features & OPTION_EARLY_PIPE)
2150	{	2287	{
2151	DEBUG(D_transport)	2288	DEBUG(D_transport)
2152	debug_printf("Using cached cleartext PIPE_CONNECT\n");	2289	debug_printf("Using cached cleartext PIPECONNECT\n");
2153	sx->early_pipe_active = TRUE;	2290	sx->early_pipe_active = TRUE;
2154	sx->peer_offered = sx->ehlo_resp.cleartext_features;	2291	sx->peer_offered = sx->ehlo_resp.cleartext_features;
2155	}	2292	}
2156	}	2293	}
2157	else DEBUG(D_transport)	2294	else DEBUG(D_transport)
2158	debug_printf("helo needs $sending_ip_address\n");	2295	debug_printf("helo needs $sending_ip_address; avoid early-pipelining\n");
2159		2296
2160	PIPE_CONNECT_RETRY:	2297	PIPE_CONNECT_RETRY:
2161	if (sx->early_pipe_active)	2298	if (sx->early_pipe_active)
		2299	{
2162	sx->outblock.conn_args = &sx->conn_args;	2300	sx->outblock.conn_args = &sx->conn_args;
		2301	(void) smtp_boundsock(&sx->conn_args);
		2302	}
2163	else	2303	else
2164	#endif	2304	#endif
2165	{	2305	{
2166	if ((sx->cctx.sock = smtp_connect(&sx->conn_args, NULL)) < 0)	2306	blob lazy_conn = {.data = NULL};
		2307	/* For TLS-connect, a TFO lazy-connect is useful since the Client Hello
		2308	can go on the TCP SYN. */
		2309
		2310	if ((sx->cctx.sock = smtp_connect(&sx->conn_args,
		2311	sx->smtps ? &lazy_conn : NULL)) < 0)
2167	{	2312	{
2168	set_errno_nohost(sx->addrlist,	2313	set_errno_nohost(sx->addrlist,
2169	errno == ETIMEDOUT ? ERRNO_CONNECTTIMEOUT : errno,	2314	errno == ETIMEDOUT ? ERRNO_CONNECTTIMEOUT : errno,
Lines 2172-2183 Link Here
2172	sx->send_quit = FALSE;	2317	sx->send_quit = FALSE;
2173	return DEFER;	2318	return DEFER;
2174	}	2319	}
		2320	#ifdef TCP_QUICKACK
		2321	(void) setsockopt(sx->cctx.sock, IPPROTO_TCP, TCP_QUICKACK, US &off,
		2322	sizeof(off));
		2323	#endif
2175	}	2324	}
2176	/* Expand the greeting message while waiting for the initial response. (Makes	2325	/* Expand the greeting message while waiting for the initial response. (Makes
2177	sense if helo_data contains ${lookup dnsdb ...} stuff). The expansion is	2326	sense if helo_data contains ${lookup dnsdb ...} stuff). The expansion is
2178	delayed till here so that $sending_interface and $sending_port are set. */	2327	delayed till here so that $sending_ip_address and $sending_port are set.
2179	/*XXX early-pipe: they still will not be. Is there any way to find out what they	2328	Those will be known even for a TFO lazy-connect, having been set by the bind().
2180	will be? Somehow I doubt it. */	2329	For early-pipe, we are ok if binding to a local interface; otherwise (if
		2330	$sending_ip_address is seen in helo_data) we disabled early-pipe above. */
2181		2331
2182	if (sx->helo_data)	2332	if (sx->helo_data)
2183	if (!(sx->helo_data = expand_string(sx->helo_data)))	2333	if (!(sx->helo_data = expand_string(sx->helo_data)))
Lines 2217-2226 Link Here
2217	else	2367	else
2218	#endif	2368	#endif
2219	{	2369	{
2220	#ifdef TCP_QUICKACK
2221	(void) setsockopt(sx->cctx.sock, IPPROTO_TCP, TCP_QUICKACK, US &off,
2222	sizeof(off));
2223	#endif
2224	if (!smtp_reap_banner(sx))	2370	if (!smtp_reap_banner(sx))
2225	goto RESPONSE_FAILED;	2371	goto RESPONSE_FAILED;
2226	}	2372	}
Lines 2230-2236 Link Here
2230	uschar * s;	2376	uschar * s;
2231	lookup_dnssec_authenticated = sx->conn_args.host->dnssec==DS_YES ? US"yes"	2377	lookup_dnssec_authenticated = sx->conn_args.host->dnssec==DS_YES ? US"yes"
2232	: sx->conn_args.host->dnssec==DS_NO ? US"no" : NULL;	2378	: sx->conn_args.host->dnssec==DS_NO ? US"no" : NULL;
2233	s = event_raise(sx->conn_args.tblock->event_action, US"smtp:connect", sx->buffer);	2379	s = event_raise(sx->conn_args.tblock->event_action, US"smtp:connect", sx->buffer, NULL);
2234	if (s)	2380	if (s)
2235	{	2381	{
2236	set_errno_nohost(sx->addrlist, ERRNO_EXPANDFAIL,	2382	set_errno_nohost(sx->addrlist, ERRNO_EXPANDFAIL,
Lines 2403-2408 Link Here
2403	)	2549	)
2404	#endif	2550	#endif
2405	);	2551	);
		2552	#ifdef EXPERIMENTAL_ESMTP_LIMITS
		2553	if (tls_out.active.sock >= 0 \|\| !(sx->peer_offered & OPTION_TLS))
		2554	{
		2555	ehlo_response_limits_read(sx);
		2556	ehlo_response_limits_apply(sx);
		2557	}
		2558	#endif
2406	#ifndef DISABLE_PIPE_CONNECT	2559	#ifndef DISABLE_PIPE_CONNECT
2407	if (sx->early_pipe_ok)	2560	if (sx->early_pipe_ok)
2408	{	2561	{
Lines 2411-2422 Link Here
2411	if ( (sx->peer_offered & (OPTION_PIPE \| OPTION_EARLY_PIPE))	2564	if ( (sx->peer_offered & (OPTION_PIPE \| OPTION_EARLY_PIPE))
2412	== (OPTION_PIPE \| OPTION_EARLY_PIPE))	2565	== (OPTION_PIPE \| OPTION_EARLY_PIPE))
2413	{	2566	{
2414	DEBUG(D_transport) debug_printf("PIPE_CONNECT usable in future for this IP\n");	2567	DEBUG(D_transport) debug_printf("PIPECONNECT usable in future for this IP\n");
2415	sx->ehlo_resp.cleartext_auths = study_ehlo_auths(sx);	2568	sx->ehlo_resp.cleartext_auths = study_ehlo_auths(sx);
2416	write_ehlo_cache_entry(sx);	2569	write_ehlo_cache_entry(sx);
2417	}	2570	}
2418	}	2571	}
2419	#endif	2572	#endif
		2573	ehlo_response_lbserver(sx, ob);
2420	}	2574	}
2421		2575
2422	/* Set tls_offered if the response to EHLO specifies support for STARTTLS. */	2576	/* Set tls_offered if the response to EHLO specifies support for STARTTLS. */
Lines 2457-2462 Link Here
2457	sx->inblock.cctx = sx->outblock.cctx = &sx->cctx;	2611	sx->inblock.cctx = sx->outblock.cctx = &sx->cctx;
2458	smtp_command = big_buffer;	2612	smtp_command = big_buffer;
2459	sx->peer_offered = smtp_peer_options;	2613	sx->peer_offered = smtp_peer_options;
		2614	#ifdef EXPERIMENTAL_ESMTP_LIMITS
		2615	/* Limits passed by cmdline over exec. */
		2616	ehlo_limits_apply(sx,
		2617	sx->peer_limit_mail = continue_limit_mail,
		2618	sx->peer_limit_rcpt = continue_limit_rcpt,
		2619	sx->peer_limit_rcptdom = continue_limit_rcptdom);
		2620	#endif
2460	sx->helo_data = NULL; /* ensure we re-expand ob->helo_data */	2621	sx->helo_data = NULL; /* ensure we re-expand ob->helo_data */
2461		2622
2462	/* For a continued connection with TLS being proxied for us, or a	2623	/* For a continued connection with TLS being proxied for us, or a
Lines 2498-2513 Link Here
2498		2659
2499	#ifndef DISABLE_PIPE_CONNECT	2660	#ifndef DISABLE_PIPE_CONNECT
2500	/* If doing early-pipelining reap the banner and EHLO-response but leave	2661	/* If doing early-pipelining reap the banner and EHLO-response but leave
2501	the response for the STARTTLS we just sent alone. */	2662	the response for the STARTTLS we just sent alone. On fail, assume wrong
		2663	cached capability and retry with the pipelining disabled. */
2502		2664
2503	if (sx->early_pipe_active && sync_responses(sx, 2, 0) != 0)	2665	if (sx->early_pipe_active)
2504	{	2666	{
2505	HDEBUG(D_transport)	2667	if (sync_responses(sx, 2, 0) != 0)
2506	debug_printf("failed reaping pipelined cmd responses\n");	2668	{
2507	close(sx->cctx.sock);	2669	HDEBUG(D_transport)
2508	sx->cctx.sock = -1;	2670	debug_printf("failed reaping pipelined cmd responses\n");
2509	sx->early_pipe_active = FALSE;	2671	close(sx->cctx.sock);
2510	goto PIPE_CONNECT_RETRY;	2672	sx->cctx.sock = -1;
		2673	sx->early_pipe_active = FALSE;
		2674	goto PIPE_CONNECT_RETRY;
		2675	}
2511	}	2676	}
2512	#endif	2677	#endif
2513		2678
Lines 2536-2549 Link Here
2536	else	2701	else
2537	TLS_NEGOTIATE:	2702	TLS_NEGOTIATE:
2538	{	2703	{
		2704	sx->conn_args.sending_ip_address = sending_ip_address;
2539	if (!tls_client_start(&sx->cctx, &sx->conn_args, sx->addrlist, &tls_out, &tls_errstr))	2705	if (!tls_client_start(&sx->cctx, &sx->conn_args, sx->addrlist, &tls_out, &tls_errstr))
2540	{	2706	{
2541	/* TLS negotiation failed; give an error. From outside, this function may	2707	/* TLS negotiation failed; give an error. From outside, this function may
2542	be called again to try in clear on a new connection, if the options permit	2708	be called again to try in clear on a new connection, if the options permit
2543	it for this host. */	2709	it for this host. */
2544	#ifdef USE_GNUTLS	2710	TLS_CONN_FAILED:
2545	GNUTLS_CONN_FAILED:
2546	#endif
2547	DEBUG(D_tls) debug_printf("TLS session fail: %s\n", tls_errstr);	2711	DEBUG(D_tls) debug_printf("TLS session fail: %s\n", tls_errstr);
2548		2712
2549	# ifdef SUPPORT_DANE	2713	# ifdef SUPPORT_DANE
Lines 2554-2560 Link Here
2554	sx->conn_args.host->name, sx->conn_args.host->address, tls_errstr);	2718	sx->conn_args.host->name, sx->conn_args.host->address, tls_errstr);
2555	# ifndef DISABLE_EVENT	2719	# ifndef DISABLE_EVENT
2556	(void) event_raise(sx->conn_args.tblock->event_action,	2720	(void) event_raise(sx->conn_args.tblock->event_action,
2557	US"dane:fail", US"validation-failure"); /* could do with better detail */	2721	US"dane:fail", US"validation-failure", NULL); /* could do with better detail */
2558	# endif	2722	# endif
2559	}	2723	}
2560	# endif	2724	# endif
Lines 2564-2571 Link Here
2564	sx->send_quit = FALSE;	2728	sx->send_quit = FALSE;
2565	goto TLS_FAILED;	2729	goto TLS_FAILED;
2566	}	2730	}
		2731	sx->send_tlsclose = TRUE;
		2732
		2733	/* TLS session is set up. Check the inblock fill level. If there is
		2734	content then as we have not yet done a tls read it must have arrived before
		2735	the TLS handshake, in-clear. That violates the sync requirement of the
		2736	STARTTLS RFC, so fail. */
2567		2737
2568	/* TLS session is set up */	2738	if (sx->inblock.ptr != sx->inblock.ptrend)
		2739	{
		2740	DEBUG(D_tls)
		2741	{
		2742	int i = sx->inblock.ptrend - sx->inblock.ptr;
		2743	debug_printf("unused data in input buffer after ack for STARTTLS:\n"
		2744	"'%.*s'%s\n",
		2745	i > 100 ? 100 : i, sx->inblock.ptr, i > 100 ? "..." : "");
		2746	}
		2747	tls_errstr = US"synch error before connect";
		2748	goto TLS_CONN_FAILED;
		2749	}
2569		2750
2570	smtp_peer_options_wrap = smtp_peer_options;	2751	smtp_peer_options_wrap = smtp_peer_options;
2571	for (address_item * addr = sx->addrlist; addr; addr = addr->next)	2752	for (address_item * addr = sx->addrlist; addr; addr = addr->next)
Lines 2616-2624 Link Here
2616	sx->peer_offered = sx->ehlo_resp.crypted_features;	2797	sx->peer_offered = sx->ehlo_resp.crypted_features;
2617	if ((sx->early_pipe_active =	2798	if ((sx->early_pipe_active =
2618	!!(sx->ehlo_resp.crypted_features & OPTION_EARLY_PIPE)))	2799	!!(sx->ehlo_resp.crypted_features & OPTION_EARLY_PIPE)))
2619	DEBUG(D_transport) debug_printf("Using cached crypted PIPE_CONNECT\n");	2800	DEBUG(D_transport) debug_printf("Using cached crypted PIPECONNECT\n");
2620	}	2801	}
2621	#endif	2802	#endif
		2803	#ifdef EXPERIMMENTAL_ESMTP_LIMITS
		2804	/* As we are about to send another EHLO, forget any LIMITS received so far. */
		2805	sx->peer_limit_mail = sx->peer_limit_rcpt = sx->peer_limit_rcptdom = 0;
		2806	if ((sx->max_mail = sx->conn_args.tblock->connection_max_message) == 0) sx->max_mail = 999999;
		2807	if ((sx->max_rcpt = sx->conn_args.tblock->max_addresses) == 0) sx->max_rcpt = 999999;
		2808	sx->single_rcpt_domain = FALSE;
		2809	#endif
2622		2810
2623	/* For SMTPS we need to wait for the initial OK response. */	2811	/* For SMTPS we need to wait for the initial OK response. */
2624	if (sx->smtps)	2812	if (sx->smtps)
Lines 2670-2676 Link Here
2670	Can it do that, with all the flexibility we need? */	2858	Can it do that, with all the flexibility we need? */
2671		2859
2672	tls_errstr = US"error on first read";	2860	tls_errstr = US"error on first read";
2673	goto GNUTLS_CONN_FAILED;	2861	goto TLS_CONN_FAILED;
2674	}	2862	}
2675	#else	2863	#else
2676	goto RESPONSE_FAILED;	2864	goto RESPONSE_FAILED;
Lines 2698-2704 Link Here
2698	(void) event_raise(sx->conn_args.tblock->event_action, US"dane:fail",	2886	(void) event_raise(sx->conn_args.tblock->event_action, US"dane:fail",
2699	smtp_peer_options & OPTION_TLS	2887	smtp_peer_options & OPTION_TLS
2700	? US"validation-failure" /* could do with better detail */	2888	? US"validation-failure" /* could do with better detail */
2701	: US"starttls-not-supported");	2889	: US"starttls-not-supported",
		2890	NULL);
2702	# endif	2891	# endif
2703	goto TLS_FAILED;	2892	goto TLS_FAILED;
2704	}	2893	}
Lines 2709-2715 Link Here
2709	continued session down a previously-used socket, we haven't just done EHLO, so	2898	continued session down a previously-used socket, we haven't just done EHLO, so
2710	we skip this. */	2899	we skip this. */
2711		2900
2712	if (continue_hostname == NULL	2901	if ( !continue_hostname
2713	#ifndef DISABLE_TLS	2902	#ifndef DISABLE_TLS
2714	\|\| tls_out.active.sock >= 0	2903	\|\| tls_out.active.sock >= 0
2715	#endif	2904	#endif
Lines 2748-2753 Link Here
2748	if (tls_out.active.sock >= 0)	2937	if (tls_out.active.sock >= 0)
2749	sx->ehlo_resp.crypted_features = sx->peer_offered;	2938	sx->ehlo_resp.crypted_features = sx->peer_offered;
2750	#endif	2939	#endif
		2940
		2941	#ifdef EXPERIMENTAL_ESMTP_LIMITS
		2942	if (tls_out.active.sock >= 0 \|\| !(sx->peer_offered & OPTION_TLS))
		2943	{
		2944	ehlo_response_limits_read(sx);
		2945	ehlo_response_limits_apply(sx);
		2946	}
		2947	#endif
2751	}	2948	}
2752		2949
2753	/* Set for IGNOREQUOTA if the response to LHLO specifies support and the	2950	/* Set for IGNOREQUOTA if the response to LHLO specifies support and the
Lines 2772-2789 Link Here
2772	smtp_peer_options & OPTION_PIPE ? "" : "not ");	2969	smtp_peer_options & OPTION_PIPE ? "" : "not ");
2773		2970
2774	if ( sx->peer_offered & OPTION_CHUNKING	2971	if ( sx->peer_offered & OPTION_CHUNKING
2775	&& verify_check_given_host(CUSS &ob->hosts_try_chunking, sx->conn_args.host) != OK)	2972	&& verify_check_given_host(CUSS &ob->hosts_try_chunking, sx->conn_args.host) == OK)
2776	sx->peer_offered &= ~OPTION_CHUNKING;	2973	smtp_peer_options \|= OPTION_CHUNKING;
2777		2974
2778	if (sx->peer_offered & OPTION_CHUNKING)	2975	if (smtp_peer_options & OPTION_CHUNKING)
2779	DEBUG(D_transport) debug_printf("CHUNKING usable\n");	2976	DEBUG(D_transport) debug_printf("CHUNKING usable\n");
2780		2977
2781	#ifndef DISABLE_PRDR	2978	#ifndef DISABLE_PRDR
2782	if ( sx->peer_offered & OPTION_PRDR	2979	if ( sx->peer_offered & OPTION_PRDR
2783	&& verify_check_given_host(CUSS &ob->hosts_try_prdr, sx->conn_args.host) != OK)	2980	&& verify_check_given_host(CUSS &ob->hosts_try_prdr, sx->conn_args.host) == OK)
2784	sx->peer_offered &= ~OPTION_PRDR;	2981	smtp_peer_options \|= OPTION_PRDR;
2785		2982
2786	if (sx->peer_offered & OPTION_PRDR)	2983	if (smtp_peer_options & OPTION_PRDR)
2787	DEBUG(D_transport) debug_printf("PRDR usable\n");	2984	DEBUG(D_transport) debug_printf("PRDR usable\n");
2788	#endif	2985	#endif
2789		2986
Lines 2800-2806 Link Here
2800	&& ( sx->ehlo_resp.cleartext_features \| sx->ehlo_resp.crypted_features)	2997	&& ( sx->ehlo_resp.cleartext_features \| sx->ehlo_resp.crypted_features)
2801	& OPTION_EARLY_PIPE)	2998	& OPTION_EARLY_PIPE)
2802	{	2999	{
2803	DEBUG(D_transport) debug_printf("PIPE_CONNECT usable in future for this IP\n");	3000	DEBUG(D_transport) debug_printf("PIPECONNECT usable in future for this IP\n");
2804	sx->ehlo_resp.crypted_auths = study_ehlo_auths(sx);	3001	sx->ehlo_resp.crypted_auths = study_ehlo_auths(sx);
2805	write_ehlo_cache_entry(sx);	3002	write_ehlo_cache_entry(sx);
2806	}	3003	}
Lines 2915-2921 Link Here
2915		3112
2916	SEND_FAILED:	3113	SEND_FAILED:
2917	code = '4';	3114	code = '4';
2918	message = US string_sprintf("send() to %s [%s] failed: %s",	3115	message = US string_sprintf("smtp send to %s [%s] failed: %s",
2919	sx->conn_args.host->name, sx->conn_args.host->address, strerror(errno));	3116	sx->conn_args.host->name, sx->conn_args.host->address, strerror(errno));
2920	sx->send_quit = FALSE;	3117	sx->send_quit = FALSE;
2921	yield = DEFER;	3118	yield = DEFER;
Lines 2981-2987 Link Here
2981	#ifndef DISABLE_TLS	3178	#ifndef DISABLE_TLS
2982	if (sx->cctx.tls_ctx)	3179	if (sx->cctx.tls_ctx)
2983	{	3180	{
2984	tls_close(sx->cctx.tls_ctx, TLS_SHUTDOWN_NOWAIT);	3181	if (sx->send_tlsclose)
		3182	{
		3183	tls_close(sx->cctx.tls_ctx, TLS_SHUTDOWN_NOWAIT);
		3184	sx->send_tlsclose = FALSE;
		3185	}
2985	sx->cctx.tls_ctx = NULL;	3186	sx->cctx.tls_ctx = NULL;
2986	}	3187	}
2987	#endif	3188	#endif
Lines 3004-3012 Link Here
3004	sx->cctx.sock = -1;	3205	sx->cctx.sock = -1;
3005		3206
3006	#ifndef DISABLE_EVENT	3207	#ifndef DISABLE_EVENT
3007	(void) event_raise(sx->conn_args.tblock->event_action, US"tcp:close", NULL);	3208	(void) event_raise(sx->conn_args.tblock->event_action, US"tcp:close", NULL, NULL);
3008	#endif	3209	#endif
3009		3210
		3211	smtp_debug_cmd_report();
3010	continue_transport = NULL;	3212	continue_transport = NULL;
3011	continue_hostname = NULL;	3213	continue_hostname = NULL;
3012	return yield;	3214	return yield;
Lines 3049-3055 Link Here
3049	request that */	3251	request that */
3050		3252
3051	sx->prdr_active = FALSE;	3253	sx->prdr_active = FALSE;
3052	if (sx->peer_offered & OPTION_PRDR)	3254	if (smtp_peer_options & OPTION_PRDR)
3053	for (address_item * addr = addrlist; addr; addr = addr->next)	3255	for (address_item * addr = addrlist; addr; addr = addr->next)
3054	if (addr->transport_return == PENDING_DEFER)	3256	if (addr->transport_return == PENDING_DEFER)
3055	{	3257	{
Lines 3077-3083 Link Here
3077		3279
3078	/* check if all addresses have DSN-lasthop flag; do not send RET and ENVID if so */	3280	/* check if all addresses have DSN-lasthop flag; do not send RET and ENVID if so */
3079	for (sx->dsn_all_lasthop = TRUE, addr = addrlist, address_count = 0;	3281	for (sx->dsn_all_lasthop = TRUE, addr = addrlist, address_count = 0;
3080	addr && address_count < sx->max_rcpt;	3282	addr && address_count < sx->max_rcpt; /XXX maybe also \|\| sx->single_rcpt_domain ? /
3081	addr = addr->next) if (addr->transport_return == PENDING_DEFER)	3283	addr = addr->next) if (addr->transport_return == PENDING_DEFER)
3082	{	3284	{
3083	address_count++;	3285	address_count++;
Lines 3165-3170 Link Here
3165	smtp_write_mail_and_rcpt_cmds(smtp_context * sx, int * yield)	3367	smtp_write_mail_and_rcpt_cmds(smtp_context * sx, int * yield)
3166	{	3368	{
3167	address_item * addr;	3369	address_item * addr;
		3370	#ifdef EXPERIMENTAL_ESMTP_LIMITS
		3371	address_item * restart_addr = NULL;
		3372	#endif
3168	int address_count, pipe_limit;	3373	int address_count, pipe_limit;
3169	int rc;	3374	int rc;
3170		3375
Lines 3249-3261 Link Here
3249	For verify we flush the pipeline after any (the only) rcpt address. */	3454	For verify we flush the pipeline after any (the only) rcpt address. */
3250		3455
3251	for (addr = sx->first_addr, address_count = 0, pipe_limit = 100;	3456	for (addr = sx->first_addr, address_count = 0, pipe_limit = 100;
3252	addr && address_count < sx->max_rcpt;	3457	addr && address_count < sx->max_rcpt;
3253	addr = addr->next) if (addr->transport_return == PENDING_DEFER)	3458	addr = addr->next) if (addr->transport_return == PENDING_DEFER)
3254	{	3459	{
3255	int cmds_sent;	3460	int cmds_sent;
3256	BOOL no_flush;	3461	BOOL no_flush;
3257	uschar * rcpt_addr;	3462	uschar * rcpt_addr;
3258		3463
		3464	#ifdef EXPERIMENTAL_ESMTP_LIMITS
		3465	if ( sx->single_rcpt_domain /* restriction on domains */
		3466	&& address_count > 0 /* not first being sent */
		3467	&& Ustrcmp(addr->domain, sx->first_addr->domain) != 0 /* dom diff from first */
		3468	)
		3469	{
		3470	DEBUG(D_transport) debug_printf("skipping different domain %s\n", addr->domain);
		3471
		3472	/* Ensure the smtp-response reaper does not think the address had a RCPT
		3473	command sent for it. Reset to PENDING_DEFER in smtp_deliver(), where we
		3474	goto SEND_MESSAGE. */
		3475
		3476	addr->transport_return = SKIP;
		3477	if (!restart_addr) restart_addr = addr; /* note restart point */
		3478	continue; /* skip this one */
		3479	}
		3480	#endif
		3481
3259	addr->dsn_aware = sx->peer_offered & OPTION_DSN	3482	addr->dsn_aware = sx->peer_offered & OPTION_DSN
3260	? dsn_support_yes : dsn_support_no;	3483	? dsn_support_yes : dsn_support_no;
3261		3484
Lines 3327-3333 Link Here
3327	}	3550	}
3328	} /* Loop for next address */	3551	} /* Loop for next address */
3329		3552
		3553	#ifdef EXPERIMENTAL_ESMTP_LIMITS
		3554	sx->next_addr = restart_addr ? restart_addr : addr;
		3555	#else
3330	sx->next_addr = addr;	3556	sx->next_addr = addr;
		3557	#endif
3331	return 0;	3558	return 0;
3332	}	3559	}
3333		3560
Lines 3349-3388 Link Here
3349	bufsiz size of buffer	3576	bufsiz size of buffer
3350	pfd pipe filedescriptor array; [0] is comms to proxied process	3577	pfd pipe filedescriptor array; [0] is comms to proxied process
3351	timeout per-read timeout, seconds	3578	timeout per-read timeout, seconds
		3579	host hostname of remote
3352		3580
3353	Does not return.	3581	Does not return.
3354	*/	3582	*/
3355		3583
3356	void	3584	void
3357	smtp_proxy_tls(void * ct_ctx, uschar * buf, size_t bsize, int * pfd,	3585	smtp_proxy_tls(void * ct_ctx, uschar * buf, size_t bsize, int * pfd,
3358	int timeout)	3586	int timeout, const uschar * host)
3359	{	3587	{
3360	fd_set rfds, efds;	3588	struct pollfd p[2] = {{.fd = tls_out.active.sock, .events = POLLIN},
3361	int max_fd = MAX(pfd[0], tls_out.active.sock) + 1;	3589	{.fd = pfd[0], .events = POLLIN}};
3362	int rc, i;	3590	int rc, i;
		3591	BOOL send_tls_shutdown = TRUE;
3363		3592
3364	close(pfd[1]);	3593	close(pfd[1]);
3365	if ((rc = exim_fork(US"tls-proxy")))	3594	if ((rc = exim_fork(US"tls-proxy")))
3366	_exit(rc < 0 ? EXIT_FAILURE : EXIT_SUCCESS);	3595	_exit(rc < 0 ? EXIT_FAILURE : EXIT_SUCCESS);
3367		3596
3368	set_process_info("proxying TLS connection for continued transport");	3597	set_process_info("proxying TLS connection for continued transport to %s\n", host);
3369	FD_ZERO(&rfds);
3370	FD_SET(tls_out.active.sock, &rfds);
3371	FD_SET(pfd[0], &rfds);
3372		3598
3373	for (int fd_bits = 3; fd_bits; )	3599	do
3374	{	3600	{
3375	time_t time_left = timeout;	3601	time_t time_left = timeout;
3376	time_t time_start = time(NULL);	3602	time_t time_start = time(NULL);
3377		3603
3378	/* wait for data */	3604	/* wait for data */
3379	efds = rfds;
3380	do	3605	do
3381	{	3606	{
3382	struct timeval tv = { time_left, 0 };	3607	rc = poll(p, 2, time_left * 1000);
3383
3384	rc = select(max_fd,
3385	(SELECT_ARG2_TYPE )&rfds, NULL, (SELECT_ARG2_TYPE )&efds, &tv);
3386		3608
3387	if (rc < 0 && errno == EINTR)	3609	if (rc < 0 && errno == EINTR)
3388	if ((time_left -= time(NULL) - time_start) > 0) continue;	3610	if ((time_left -= time(NULL) - time_start) > 0) continue;
Lines 3393-3443 Link Here
3393	goto done;	3615	goto done;
3394	}	3616	}
3395		3617
3396	if (FD_ISSET(tls_out.active.sock, &efds) \|\| FD_ISSET(pfd[0], &efds))	3618	/* For errors where not readable, bomb out */
		3619
		3620	if (p[0].revents & POLLERR \|\| p[1].revents & POLLERR)
3397	{	3621	{
3398	DEBUG(D_transport) debug_printf("select: exceptional cond on %s fd\n",	3622	DEBUG(D_transport) debug_printf("select: exceptional cond on %s fd\n",
3399	FD_ISSET(pfd[0], &efds) ? "proxy" : "tls");	3623	p[0].revents & POLLERR ? "tls" : "proxy");
3400	goto done;	3624	if (!(p[0].revents & POLLIN \|\| p[1].events & POLLIN))
		3625	goto done;
		3626	DEBUG(D_transport) debug_printf("- but also readable; no exit yet\n");
3401	}	3627	}
3402	}	3628	}
3403	while (rc < 0 \|\| !(FD_ISSET(tls_out.active.sock, &rfds) \|\| FD_ISSET(pfd[0], &rfds)));	3629	while (rc < 0 \|\| !(p[0].revents & POLLIN \|\| p[1].revents & POLLIN));
3404		3630
3405	/* handle inbound data */	3631	/* handle inbound data */
3406	if (FD_ISSET(tls_out.active.sock, &rfds))	3632	if (p[0].revents & POLLIN)
3407	if ((rc = tls_read(ct_ctx, buf, bsize)) <= 0)	3633	if ((rc = tls_read(ct_ctx, buf, bsize)) <= 0) /* Expect -1 for EOF; */
3408	{	3634	{ /* that reaps the TLS Close Notify record */
3409	fd_bits &= ~1;	3635	p[0].fd = -1;
3410	FD_CLR(tls_out.active.sock, &rfds);
3411	shutdown(pfd[0], SHUT_WR);	3636	shutdown(pfd[0], SHUT_WR);
3412	timeout = 5;	3637	timeout = 5;
3413	}	3638	}
3414	else	3639	else
3415	{
3416	for (int nbytes = 0; rc - nbytes > 0; nbytes += i)	3640	for (int nbytes = 0; rc - nbytes > 0; nbytes += i)
3417	if ((i = write(pfd[0], buf + nbytes, rc - nbytes)) < 0) goto done;	3641	if ((i = write(pfd[0], buf + nbytes, rc - nbytes)) < 0) goto done;
3418	}
3419	else if (fd_bits & 1)
3420	FD_SET(tls_out.active.sock, &rfds);
3421		3642
3422	/* handle outbound data */	3643	/* Handle outbound data. We cannot combine payload and the TLS-close
3423	if (FD_ISSET(pfd[0], &rfds))	3644	due to the limitations of the (pipe) channel feeding us. Maybe use a unix-domain
		3645	socket? */
		3646	if (p[1].revents & POLLIN)
3424	if ((rc = read(pfd[0], buf, bsize)) <= 0)	3647	if ((rc = read(pfd[0], buf, bsize)) <= 0)
3425	{	3648	{
3426	fd_bits = 0;	3649	p[1].fd = -1;
3427	tls_close(ct_ctx, TLS_SHUTDOWN_NOWAIT);	3650
3428	ct_ctx = NULL;	3651	# ifdef EXIM_TCP_CORK /* Use _CORK to get TLS Close Notify in FIN segment */
		3652	(void) setsockopt(tls_out.active.sock, IPPROTO_TCP, EXIM_TCP_CORK, US &on, sizeof(on));
		3653	# endif
		3654	tls_shutdown_wr(ct_ctx);
		3655	send_tls_shutdown = FALSE;
		3656	shutdown(tls_out.active.sock, SHUT_WR);
3429	}	3657	}
3430	else	3658	else
3431	{
3432	for (int nbytes = 0; rc - nbytes > 0; nbytes += i)	3659	for (int nbytes = 0; rc - nbytes > 0; nbytes += i)
3433	if ((i = tls_write(ct_ctx, buf + nbytes, rc - nbytes, FALSE)) < 0)	3660	if ((i = tls_write(ct_ctx, buf + nbytes, rc - nbytes, FALSE)) < 0)
3434	goto done;	3661	goto done;
3435	}
3436	else if (fd_bits & 2)
3437	FD_SET(pfd[0], &rfds);
3438	}	3662	}
		3663	while (p[0].fd >= 0 \|\| p[1].fd >= 0);
3439		3664
3440	done:	3665	done:
		3666	if (send_tls_shutdown) tls_close(ct_ctx, TLS_SHUTDOWN_NOWAIT);
		3667	ct_ctx = NULL;
3441	testharness_pause_ms(100); /* let logging complete */	3668	testharness_pause_ms(100); /* let logging complete */
3442	exim_exit(EXIT_SUCCESS);	3669	exim_exit(EXIT_SUCCESS);
3443	}	3670	}
Lines 3503-3533 Link Here
3503	int save_errno;	3730	int save_errno;
3504	int rc;	3731	int rc;
3505		3732
3506	BOOL pass_message = FALSE;
3507	uschar *message = NULL;	3733	uschar *message = NULL;
3508	uschar new_message_id[MESSAGE_ID_LENGTH + 1];	3734	uschar new_message_id[MESSAGE_ID_LENGTH + 1];
3509	smtp_context * sx = store_get(sizeof(sx), TRUE); / tainted, for the data buffers */	3735	smtp_context * sx = store_get(sizeof(sx), GET_TAINTED); / tainted, for the data buffers */
		3736	BOOL pass_message = FALSE;
		3737	#ifdef EXPERIMENTAL_ESMTP_LIMITS
		3738	BOOL mail_limit = FALSE;
		3739	#endif
3510	#ifdef SUPPORT_DANE	3740	#ifdef SUPPORT_DANE
3511	BOOL dane_held;	3741	BOOL dane_held;
3512	#endif	3742	#endif
		3743	BOOL tcw_done = FALSE, tcw = FALSE;
3513		3744
3514	suppress_tls = suppress_tls; /* stop compiler warning when no TLS support */
3515	*message_defer = FALSE;	3745	*message_defer = FALSE;
3516		3746
3517	memset(sx, 0, sizeof(*sx));	3747	memset(sx, 0, sizeof(*sx));
3518	sx->addrlist = addrlist;	3748	sx->addrlist = addrlist;
3519	sx->conn_args.host = host;	3749	sx->conn_args.host = host;
3520	sx->conn_args.host_af = host_af,	3750	sx->conn_args.host_af = host_af;
3521	sx->port = defport;	3751	sx->port = defport;
3522	sx->conn_args.interface = interface;	3752	sx->conn_args.interface = interface;
3523	sx->helo_data = NULL;	3753	sx->helo_data = NULL;
3524	sx->conn_args.tblock = tblock;	3754	sx->conn_args.tblock = tblock;
3525	/* sx->verify = FALSE; */	3755	sx->conn_args.sock = -1;
3526	gettimeofday(&sx->delivery_start, NULL);	3756	gettimeofday(&sx->delivery_start, NULL);
3527	sx->sync_addr = sx->first_addr = addrlist;	3757	sx->sync_addr = sx->first_addr = addrlist;
3528		3758
		3759	REPEAT_CONN:
3529	#ifdef SUPPORT_DANE	3760	#ifdef SUPPORT_DANE
3530	DANE_DOMAINS:
3531	dane_held = FALSE;	3761	dane_held = FALSE;
3532	#endif	3762	#endif
3533		3763
Lines 3572-3579 Link Here
3572	yield ERROR. */	3802	yield ERROR. */
3573		3803
3574	if (!transport_set_up_command(&transport_filter_argv,	3804	if (!transport_set_up_command(&transport_filter_argv,
3575	tblock->filter_command, TRUE, DEFER, addrlist,	3805	tblock->filter_command, TRUE, DEFER, addrlist, FALSE,
3576	string_sprintf("%.50s transport", tblock->name), NULL))	3806	string_sprintf("%.50s transport filter", tblock->name), NULL))
3577	{	3807	{
3578	set_errno_nohost(addrlist->next, addrlist->basic_errno, addrlist->message, DEFER,	3808	set_errno_nohost(addrlist->next, addrlist->basic_errno, addrlist->message, DEFER,
3579	FALSE, &sx->delivery_start);	3809	FALSE, &sx->delivery_start);
Lines 3584-3590 Link Here
3584	if ( transport_filter_argv	3814	if ( transport_filter_argv
3585	&& *transport_filter_argv	3815	&& *transport_filter_argv
3586	&& **transport_filter_argv	3816	&& **transport_filter_argv
3587	&& sx->peer_offered & OPTION_CHUNKING	3817	&& smtp_peer_options & OPTION_CHUNKING
3588	#ifndef DISABLE_DKIM	3818	#ifndef DISABLE_DKIM
3589	/* When dkim signing, chunking is handled even with a transport-filter */	3819	/* When dkim signing, chunking is handled even with a transport-filter */
3590	&& !(ob->dkim.dkim_private_key && ob->dkim.dkim_domain && ob->dkim.dkim_selector)	3820	&& !(ob->dkim.dkim_private_key && ob->dkim.dkim_domain && ob->dkim.dkim_selector)
Lines 3592-3598 Link Here
3592	#endif	3822	#endif
3593	)	3823	)
3594	{	3824	{
3595	sx->peer_offered &= ~OPTION_CHUNKING;	3825	smtp_peer_options &= ~OPTION_CHUNKING;
3596	DEBUG(D_transport) debug_printf("CHUNKING not usable due to transport filter\n");	3826	DEBUG(D_transport) debug_printf("CHUNKING not usable due to transport filter\n");
3597	}	3827	}
3598	}	3828	}
Lines 3669-3675 Link Here
3669	If using CHUNKING, do not send a BDAT until we know how big a chunk we want	3899	If using CHUNKING, do not send a BDAT until we know how big a chunk we want
3670	to send is. */	3900	to send is. */
3671		3901
3672	if ( !(sx->peer_offered & OPTION_CHUNKING)	3902	if ( !(smtp_peer_options & OPTION_CHUNKING)
3673	&& (sx->ok \|\| (pipelining_active && !mua_wrapper)))	3903	&& (sx->ok \|\| (pipelining_active && !mua_wrapper)))
3674	{	3904	{
3675	int count = smtp_write_command(sx, SCMD_FLUSH, "DATA\r\n");	3905	int count = smtp_write_command(sx, SCMD_FLUSH, "DATA\r\n");
Lines 3706-3712 Link Here
3706	(Haven't been able to make it work using select() for writing yet.) */	3936	(Haven't been able to make it work using select() for writing yet.) */
3707		3937
3708	if ( !sx->ok	3938	if ( !sx->ok
3709	&& (!(sx->peer_offered & OPTION_CHUNKING) \|\| !pipelining_active))	3939	&& (!(smtp_peer_options & OPTION_CHUNKING) \|\| !pipelining_active))
3710	{	3940	{
3711	/* Save the first address of the next batch. */	3941	/* Save the first address of the next batch. */
3712	sx->first_addr = sx->next_addr;	3942	sx->first_addr = sx->next_addr;
Lines 3735-3741 Link Here
3735	of responses. The callback needs a whole bunch of state so set up	3965	of responses. The callback needs a whole bunch of state so set up
3736	a transport-context structure to be passed around. */	3966	a transport-context structure to be passed around. */
3737		3967
3738	if (sx->peer_offered & OPTION_CHUNKING)	3968	if (smtp_peer_options & OPTION_CHUNKING)
3739	{	3969	{
3740	tctx.check_string = tctx.escape_string = NULL;	3970	tctx.check_string = tctx.escape_string = NULL;
3741	tctx.options \|= topt_use_bdat;	3971	tctx.options \|= topt_use_bdat;
Lines 3760-3769 Link Here
3760	transport_write_timeout = ob->data_timeout;	3990	transport_write_timeout = ob->data_timeout;
3761	smtp_command = US"sending data block"; /* For error messages */	3991	smtp_command = US"sending data block"; /* For error messages */
3762	DEBUG(D_transport\|D_v)	3992	DEBUG(D_transport\|D_v)
3763	if (sx->peer_offered & OPTION_CHUNKING)	3993	if (smtp_peer_options & OPTION_CHUNKING)
3764	debug_printf(" will write message using CHUNKING\n");	3994	debug_printf(" will write message using CHUNKING\n");
3765	else	3995	else
3766	debug_printf(" SMTP>> writing message and terminating \".\"\n");	3996	debug_printf(" SMTP>> (writing message)\n");
3767	transport_count = 0;	3997	transport_count = 0;
3768		3998
3769	#ifndef DISABLE_DKIM	3999	#ifndef DISABLE_DKIM
Lines 3800-3805 Link Here
3800	report_time_since(&t0, US"dkim_exim_sign_init (delta)");	4030	report_time_since(&t0, US"dkim_exim_sign_init (delta)");
3801	# endif	4031	# endif
3802	}	4032	}
		4033	#endif
		4034
		4035	/* See if we can pipeline QUIT. Reasons not to are
		4036	- pipelining not active
		4037	- not ok to send quit
		4038	- errors in amtp transation responses
		4039	- more addrs to send for this message or this host
		4040	- this message was being retried
		4041	- more messages for this host
		4042	If we can, we want the message-write to not flush (the tail end of) its data out. */
		4043
		4044	if ( sx->pipelining_used
		4045	&& (sx->ok && sx->completed_addr \|\| smtp_peer_options & OPTION_CHUNKING)
		4046	&& sx->send_quit
		4047	&& !(sx->first_addr \|\| f.continue_more)
		4048	&& f.deliver_firsttime
		4049	)
		4050	{
		4051	smtp_compare_t t_compare =
		4052	{.tblock = tblock, .current_sender_address = sender_address};
		4053
		4054	tcw_done = TRUE;
		4055	tcw =
		4056	#ifndef DISABLE_TLS
		4057	( tls_out.active.sock < 0 && !continue_proxy_cipher
		4058	\|\| verify_check_given_host(CUSS &ob->hosts_nopass_tls, host) != OK
		4059	)
		4060	&&
		4061	#endif
		4062	transport_check_waiting(tblock->name, host->name,
		4063	tblock->connection_max_messages, new_message_id,
		4064	(oicf)smtp_are_same_identities, (void*)&t_compare);
		4065	if (!tcw)
		4066	{
		4067	HDEBUG(D_transport) debug_printf("will pipeline QUIT\n");
		4068	tctx.options \|= topt_no_flush;
		4069	}
		4070	}
		4071
		4072	#ifndef DISABLE_DKIM
3803	sx->ok = dkim_transport_write_message(&tctx, &ob->dkim, CUSS &message);	4073	sx->ok = dkim_transport_write_message(&tctx, &ob->dkim, CUSS &message);
3804	#else	4074	#else
3805	sx->ok = transport_write_message(&tctx, 0);	4075	sx->ok = transport_write_message(&tctx, 0);
Lines 3828-3834 Link Here
3828		4098
3829	smtp_command = US"end of data";	4099	smtp_command = US"end of data";
3830		4100
3831	if (sx->peer_offered & OPTION_CHUNKING && sx->cmd_count > 1)	4101	/* If we can pipeline a QUIT with the data them send it now. If a new message
		4102	for this host appeared in the queue while data was being sent, we will not see
		4103	it and it will have to wait for a queue run. If there was one but another
		4104	thread took it, we might attempt to send it - but locking of spoolfiles will
		4105	detect that. Use _MORE to get QUIT in FIN segment. */
		4106
		4107	if (tcw_done && !tcw)
		4108	{
		4109	/*XXX jgh 2021/03/10 google et. al screwup. G, at least, sends TCP FIN in response to TLS
		4110	close-notify. Under TLS 1.3, violating RFC.
		4111	However, TLS 1.2 does not have half-close semantics. */
		4112
		4113	if ( sx->cctx.tls_ctx
		4114	#if 0 && !defined(DISABLE_TLS)
		4115	&& Ustrcmp(tls_out.ver, "TLS1.3") != 0
		4116	#endif
		4117	\|\| !f.deliver_firsttime
		4118	)
		4119	{ /* Send QUIT now and not later */
		4120	(void)smtp_write_command(sx, SCMD_FLUSH, "QUIT\r\n");
		4121	sx->send_quit = FALSE;
		4122	}
		4123	else
		4124	{ /* add QUIT to the output buffer */
		4125	(void)smtp_write_command(sx, SCMD_MORE, "QUIT\r\n");
		4126	sx->send_quit = FALSE; /* avoid sending it later */
		4127
		4128	#ifndef DISABLE_TLS
		4129	if (sx->cctx.tls_ctx && sx->send_tlsclose) /* need to send TLS Close Notify */
		4130	{
		4131	# ifdef EXIM_TCP_CORK /* Use _CORK to get Close Notify in FIN segment */
		4132	(void) setsockopt(sx->cctx.sock, IPPROTO_TCP, EXIM_TCP_CORK, US &on, sizeof(on));
		4133	# endif
		4134	tls_shutdown_wr(sx->cctx.tls_ctx);
		4135	sx->send_tlsclose = FALSE; /* avoid later repeat */
		4136	}
		4137	#endif
		4138	HDEBUG(D_transport\|D_acl\|D_v) debug_printf_indent(" SMTP(shutdown)>>\n");
		4139	shutdown(sx->cctx.sock, SHUT_WR); /* flush output buffer, with TCP FIN */
		4140	}
		4141	}
		4142
		4143	if (smtp_peer_options & OPTION_CHUNKING && sx->cmd_count > 1)
3832	{	4144	{
3833	/* Reap any outstanding MAIL & RCPT commands, but not a DATA-go-ahead */	4145	/* Reap any outstanding MAIL & RCPT commands, but not a DATA-go-ahead */
3834	switch(sync_responses(sx, sx->cmd_count-1, 0))	4146	switch(sync_responses(sx, sx->cmd_count-1, 0))
Lines 3920-3928 Link Here
3920	!sx->lmtp	4232	!sx->lmtp
3921	)	4233	)
3922	{	4234	{
3923	const uschar *s = string_printing(sx->buffer);	4235	const uschar * s = string_printing(sx->buffer);
3924	/* deconst cast ok here as string_printing was checked to have alloc'n'copied */	4236	/* deconst cast ok here as string_printing was checked to have alloc'n'copied */
3925	conf = (s == sx->buffer)? US string_copy(s) : US s;	4237	conf = s == sx->buffer ? US string_copy(s) : US s;
3926	}	4238	}
3927		4239
3928	/* Process all transported addresses - for LMTP or PRDR, read a status for	4240	/* Process all transported addresses - for LMTP or PRDR, read a status for
Lines 4001-4007 Link Here
4001	#ifndef DISABLE_PRDR	4313	#ifndef DISABLE_PRDR
4002	if (sx->prdr_active) setflag(addr, af_prdr_used);	4314	if (sx->prdr_active) setflag(addr, af_prdr_used);
4003	#endif	4315	#endif
4004	if (sx->peer_offered & OPTION_CHUNKING) setflag(addr, af_chunking_used);	4316	if (smtp_peer_options & OPTION_CHUNKING) setflag(addr, af_chunking_used);
4005	flag = '-';	4317	flag = '-';
4006		4318
4007	#ifndef DISABLE_PRDR	4319	#ifndef DISABLE_PRDR
Lines 4018-4024 Link Here
4018	else	4330	else
4019	sprintf(CS sx->buffer, "%.500s\n", addr->unique);	4331	sprintf(CS sx->buffer, "%.500s\n", addr->unique);
4020		4332
4021	DEBUG(D_deliver) debug_printf("S:journalling %s\n", sx->buffer);	4333	DEBUG(D_deliver) debug_printf("S:journalling %s", sx->buffer);
4022	len = Ustrlen(CS sx->buffer);	4334	len = Ustrlen(CS sx->buffer);
4023	if (write(journal_fd, sx->buffer, len) != len)	4335	if (write(journal_fd, sx->buffer, len) != len)
4024	log_write(0, LOG_MAIN\|LOG_PANIC, "failed to write journal for "	4336	log_write(0, LOG_MAIN\|LOG_PANIC, "failed to write journal for "
Lines 4072-4077 Link Here
4072	"%s: %s", sx->buffer, strerror(errno));	4384	"%s: %s", sx->buffer, strerror(errno));
4073	}	4385	}
4074	else if (addr->transport_return == DEFER)	4386	else if (addr->transport_return == DEFER)
		4387	/XXX magic value -2 ? maybe host+message ? /
4075	retry_add_item(addr, addr->address_retry_key, -2);	4388	retry_add_item(addr, addr->address_retry_key, -2);
4076	}	4389	}
4077	#endif	4390	#endif
Lines 4102-4108 Link Here
4102	{	4415	{
4103	save_errno = errno;	4416	save_errno = errno;
4104	message = NULL;	4417	message = NULL;
4105	sx->send_quit = check_response(host, &save_errno, addrlist->more_errno,	4418	/* Clear send_quit flag if needed. Do not set. */
		4419	sx->send_quit &= check_response(host, &save_errno, addrlist->more_errno,
4106	sx->buffer, &code, &message, &pass_message);	4420	sx->buffer, &code, &message, &pass_message);
4107	goto FAILED;	4421	goto FAILED;
4108	}	4422	}
Lines 4111-4117 Link Here
4111	{	4425	{
4112	save_errno = errno;	4426	save_errno = errno;
4113	code = '4';	4427	code = '4';
4114	message = string_sprintf("send() to %s [%s] failed: %s",	4428	message = string_sprintf("smtp send to %s [%s] failed: %s",
4115	host->name, host->address, message ? message : US strerror(save_errno));	4429	host->name, host->address, message ? message : US strerror(save_errno));
4116	sx->send_quit = FALSE;	4430	sx->send_quit = FALSE;
4117	goto FAILED;	4431	goto FAILED;
Lines 4147-4152 Link Here
4147	message_error = Ustrncmp(smtp_command,"end ",4) == 0;	4461	message_error = Ustrncmp(smtp_command,"end ",4) == 0;
4148	break;	4462	break;
4149		4463
		4464	#ifndef DISABLE_DKIM
		4465	case EACCES:
		4466	/* DKIM signing failure: avoid thinking we pipelined quit,
		4467	just abandon the message and close the socket. */
		4468
		4469	message_error = FALSE;
		4470	# ifndef DISABLE_TLS
		4471	if (sx->cctx.tls_ctx)
		4472	{
		4473	tls_close(sx->cctx.tls_ctx,
		4474	sx->send_tlsclose ? TLS_SHUTDOWN_WAIT : TLS_SHUTDOWN_WONLY);
		4475	sx->cctx.tls_ctx = NULL;
		4476	}
		4477	# endif
		4478	break;
		4479	#endif
4150	default:	4480	default:
4151	message_error = FALSE;	4481	message_error = FALSE;
4152	break;	4482	break;
Lines 4187-4194 Link Here
4187		4517
4188	*message_defer = TRUE;	4518	*message_defer = TRUE;
4189	}	4519	}
		4520	#ifdef TIOCOUTQ
		4521	DEBUG(D_transport) if (sx->cctx.sock >= 0)
		4522	{
		4523	int n;
		4524	if (ioctl(sx->cctx.sock, TIOCOUTQ, &n) == 0)
		4525	debug_printf("%d bytes remain in socket output buffer\n", n);
		4526	}
		4527	#endif
4190	}	4528	}
4191
4192	/* Otherwise, we have an I/O error or a timeout other than after MAIL or	4529	/* Otherwise, we have an I/O error or a timeout other than after MAIL or
4193	".", or some other transportation error. We defer all addresses and yield	4530	".", or some other transportation error. We defer all addresses and yield
4194	DEFER, except for the case of failed add_headers expansion, or a transport	4531	DEFER, except for the case of failed add_headers expansion, or a transport
Lines 4255-4338 Link Here
4255	sx->send_rset, f.continue_more, yield, sx->first_addr ? "not " : "");	4592	sx->send_rset, f.continue_more, yield, sx->first_addr ? "not " : "");
4256		4593
4257	if (sx->completed_addr && sx->ok && sx->send_quit)	4594	if (sx->completed_addr && sx->ok && sx->send_quit)
4258	{	4595	#ifdef EXPERIMENTAL_ESMTP_LIMITS
4259	BOOL more;	4596	if (mail_limit = continue_sequence >= sx->max_mail)
4260	smtp_compare_t t_compare;	4597	{
4261		4598	DEBUG(D_transport)
4262	t_compare.tblock = tblock;	4599	debug_printf("reached limit %u for MAILs per conn\n", sx->max_mail);
4263	t_compare.current_sender_address = sender_address;	4600	}
4264		4601	else
4265	if ( sx->first_addr != NULL /* more addrs for this message */
4266	\|\| f.continue_more /* more addrs for coninued-host */
4267	\|\| (
4268	#ifndef DISABLE_TLS
4269	( tls_out.active.sock < 0 && !continue_proxy_cipher
4270	\|\| verify_check_given_host(CUSS &ob->hosts_nopass_tls, host) != OK
4271	)
4272	&&
4273	#endif	4602	#endif
4274	transport_check_waiting(tblock->name, host->name,
4275	tblock->connection_max_messages, new_message_id, &more,
4276	(oicf)smtp_are_same_identities, (void*)&t_compare)
4277	) )
4278	{	4603	{
4279	uschar *msg;	4604	smtp_compare_t t_compare =
4280	BOOL pass_message;	4605	{.tblock = tblock, .current_sender_address = sender_address};
4281		4606
4282	if (sx->send_rset)	4607	if ( sx->first_addr /* more addrs for this message */
4283	if (! (sx->ok = smtp_write_command(sx, SCMD_FLUSH, "RSET\r\n") >= 0))	4608	\|\| f.continue_more /* more addrs for continued-host */
4284	{	4609	\|\| tcw_done && tcw /* more messages for host */
4285	msg = US string_sprintf("send() to %s [%s] failed: %s", host->name,	4610	\|\| (
4286	host->address, strerror(errno));	4611	#ifndef DISABLE_TLS
4287	sx->send_quit = FALSE;	4612	( tls_out.active.sock < 0 && !continue_proxy_cipher
4288	}	4613	\|\| verify_check_given_host(CUSS &ob->hosts_nopass_tls, host) != OK
4289	else if (! (sx->ok = smtp_read_response(sx, sx->buffer, sizeof(sx->buffer),	4614	)
4290	'2', ob->command_timeout)))	4615	&&
4291	{	4616	#endif
4292	int code;	4617	transport_check_waiting(tblock->name, host->name,
4293	sx->send_quit = check_response(host, &errno, 0, sx->buffer, &code, &msg,	4618	sx->max_mail, new_message_id,
4294	&pass_message);	4619	(oicf)smtp_are_same_identities, (void*)&t_compare)
4295	if (!sx->send_quit)	4620	) )
4296	{	4621	{
4297	DEBUG(D_transport) debug_printf("H=%s [%s] %s\n",	4622	uschar *msg;
4298	host->name, host->address, msg);	4623	BOOL pass_message;
4299	}
4300	}
4301		4624
4302	/* Either RSET was not needed, or it succeeded */	4625	if (sx->send_rset)
		4626	if (! (sx->ok = smtp_write_command(sx, SCMD_FLUSH, "RSET\r\n") >= 0))
		4627	{
		4628	msg = US string_sprintf("smtp send to %s [%s] failed: %s", host->name,
		4629	host->address, strerror(errno));
		4630	sx->send_quit = FALSE;
		4631	}
		4632	else if (! (sx->ok = smtp_read_response(sx, sx->buffer, sizeof(sx->buffer),
		4633	'2', ob->command_timeout)))
		4634	{
		4635	int code;
		4636	sx->send_quit = check_response(host, &errno, 0, sx->buffer, &code, &msg,
		4637	&pass_message);
		4638	if (!sx->send_quit)
		4639	{
		4640	DEBUG(D_transport) debug_printf("H=%s [%s] %s\n",
		4641	host->name, host->address, msg);
		4642	}
		4643	}
4303		4644
4304	if (sx->ok)	4645	/* Either RSET was not needed, or it succeeded */
4305	{	4646
		4647	if (sx->ok)
		4648	{
4306	#ifndef DISABLE_TLS	4649	#ifndef DISABLE_TLS
4307	int pfd[2];	4650	int pfd[2];
4308	#endif	4651	#endif
4309	int socket_fd = sx->cctx.sock;	4652	int socket_fd = sx->cctx.sock;
4310
4311		4653
4312	if (sx->first_addr != NULL) /* More addresses still to be sent */	4654	if (sx->first_addr) /* More addresses still to be sent */
4313	{ /* for this message */	4655	{ /* for this message */
4314	continue_sequence++; /* Causes * in logging */	4656	#ifdef EXPERIMENTAL_ESMTP_LIMITS
4315	pipelining_active = sx->pipelining_used; /* was cleared at DATA */	4657	/* Any that we marked as skipped, reset to do now */
4316	goto SEND_MESSAGE;	4658	for (address_item * a = sx->first_addr; a; a = a->next)
4317	}	4659	if (a->transport_return == SKIP)
		4660	a->transport_return = PENDING_DEFER;
		4661	#endif
		4662	continue_sequence++; /* for consistency */
		4663	clearflag(sx->first_addr, af_new_conn);
		4664	setflag(sx->first_addr, af_cont_conn); /* Causes * in logging */
		4665	pipelining_active = sx->pipelining_used; /* was cleared at DATA */
		4666	goto SEND_MESSAGE;
		4667	}
4318		4668
4319	/* Unless caller said it already has more messages listed for this host,	4669	/* Unless caller said it already has more messages listed for this host,
4320	pass the connection on to a new Exim process (below, the call to	4670	pass the connection on to a new Exim process (below, the call to
4321	transport_pass_socket). If the caller has more ready, just return with	4671	transport_pass_socket). If the caller has more ready, just return with
4322	the connection still open. */	4672	the connection still open. */
4323		4673
4324	#ifndef DISABLE_TLS	4674	#ifndef DISABLE_TLS
4325	if (tls_out.active.sock >= 0)	4675	if (tls_out.active.sock >= 0)
4326	if ( f.continue_more	4676	if ( f.continue_more
4327	\|\| verify_check_given_host(CUSS &ob->hosts_noproxy_tls, host) == OK)	4677	\|\| verify_check_given_host(CUSS &ob->hosts_noproxy_tls, host) == OK)
4328	{	4678	{
4329	/* Before passing the socket on, or returning to caller with it still	4679	/* Before passing the socket on, or returning to caller with it still
4330	open, we must shut down TLS. Not all MTAs allow for the continuation	4680	open, we must shut down TLS. Not all MTAs allow for the continuation
4331	of the SMTP session when TLS is shut down. We test for this by sending	4681	of the SMTP session when TLS is shut down. We test for this by sending
4332	a new EHLO. If we don't get a good response, we don't attempt to pass	4682	a new EHLO. If we don't get a good response, we don't attempt to pass
4333	the socket on. */	4683	the socket on. */
4334		4684
4335	tls_close(sx->cctx.tls_ctx, TLS_SHUTDOWN_WAIT);	4685	tls_close(sx->cctx.tls_ctx,
		4686	sx->send_tlsclose ? TLS_SHUTDOWN_WAIT : TLS_SHUTDOWN_WONLY);
		4687	sx->send_tlsclose = FALSE;
4336	sx->cctx.tls_ctx = NULL;	4688	sx->cctx.tls_ctx = NULL;
4337	tls_out.active.sock = -1;	4689	tls_out.active.sock = -1;
4338	smtp_peer_options = smtp_peer_options_wrap;	4690	smtp_peer_options = smtp_peer_options_wrap;
Lines 4342-4457 Link Here
4342	&& smtp_read_response(sx, sx->buffer, sizeof(sx->buffer),	4694	&& smtp_read_response(sx, sx->buffer, sizeof(sx->buffer),
4343	'2', ob->command_timeout);	4695	'2', ob->command_timeout);
4344		4696
4345	if (sx->ok && f.continue_more)	4697	if (sx->ok && f.continue_more)
4346	goto TIDYUP; /* More addresses for another run */	4698	goto TIDYUP; /* More addresses for another run */
4347	}	4699	}
4348	else
4349	{
4350	/* Set up a pipe for proxying TLS for the new transport process */
4351
4352	smtp_peer_options \|= OPTION_TLS;
4353	if ((sx->ok = socketpair(AF_UNIX, SOCK_STREAM, 0, pfd) == 0))
4354	socket_fd = pfd[1];
4355	else	4700	else
4356	set_errno(sx->first_addr, errno, US"internal allocation problem",	4701	{
4357	DEFER, FALSE, host,	4702	/* Set up a pipe for proxying TLS for the new transport process */
		4703
		4704	smtp_peer_options \|= OPTION_TLS;
		4705	if ((sx->ok = socketpair(AF_UNIX, SOCK_STREAM, 0, pfd) == 0))
		4706	socket_fd = pfd[1];
		4707	else
		4708	set_errno(sx->first_addr, errno, US"internal allocation problem",
		4709	DEFER, FALSE, host,
4358	# ifdef EXPERIMENTAL_DSN_INFO	4710	# ifdef EXPERIMENTAL_DSN_INFO
4359	sx->smtp_greeting, sx->helo_response,	4711	sx->smtp_greeting, sx->helo_response,
4360	# endif	4712	# endif
4361	&sx->delivery_start);	4713	&sx->delivery_start);
4362	}	4714	}
4363	else	4715	else
4364	#endif	4716	#endif
4365	if (f.continue_more)	4717	if (f.continue_more)
4366	goto TIDYUP; /* More addresses for another run */	4718	goto TIDYUP; /* More addresses for another run */
4367
4368	/* If the socket is successfully passed, we mustn't send QUIT (or
4369	indeed anything!) from here. */
4370		4719
4371	/*XXX DSN_INFO: assume likely to do new HELO; but for greet we'll want to	4720	/* If the socket is successfully passed, we mustn't send QUIT (or
4372	propagate it from the initial	4721	indeed anything!) from here. */
4373	*/
4374	if (sx->ok && transport_pass_socket(tblock->name, host->name,
4375	host->address, new_message_id, socket_fd))
4376	{
4377	sx->send_quit = FALSE;
4378		4722
4379	/* We have passed the client socket to a fresh transport process.	4723	/*XXX DSN_INFO: assume likely to do new HELO; but for greet we'll want to
4380	If TLS is still active, we need to proxy it for the transport we	4724	propagate it from the initial
4381	just passed the baton to. Fork a child to to do it, and return to	4725	*/
4382	get logging done asap. Which way to place the work makes assumptions	4726	if (sx->ok && transport_pass_socket(tblock->name, host->name,
4383	about post-fork prioritisation which may not hold on all platforms. */	4727	host->address, new_message_id, socket_fd
4384	#ifndef DISABLE_TLS	4728	#ifdef EXPERIMENTAL_ESMTP_LIMITS
4385	if (tls_out.active.sock >= 0)	4729	, sx->peer_limit_mail, sx->peer_limit_rcpt, sx->peer_limit_rcptdom
		4730	#endif
		4731	))
4386	{	4732	{
4387	int pid = exim_fork(US"tls-proxy-interproc");	4733	sx->send_quit = FALSE;
4388	if (pid == 0) /* child; fork again to disconnect totally */
4389	{
4390	/* does not return */
4391	smtp_proxy_tls(sx->cctx.tls_ctx, sx->buffer, sizeof(sx->buffer), pfd,
4392	ob->command_timeout);
4393	}
4394		4734
4395	if (pid > 0) /* parent */	4735	/* We have passed the client socket to a fresh transport process.
		4736	If TLS is still active, we need to proxy it for the transport we
		4737	just passed the baton to. Fork a child to to do it, and return to
		4738	get logging done asap. Which way to place the work makes assumptions
		4739	about post-fork prioritisation which may not hold on all platforms. */
		4740	#ifndef DISABLE_TLS
		4741	if (tls_out.active.sock >= 0)
4396	{	4742	{
4397	close(pfd[0]);	4743	int pid = exim_fork(US"tls-proxy-interproc");
4398	/* tidy the inter-proc to disconn the proxy proc */	4744	if (pid == 0) /* child; fork again to disconnect totally */
4399	waitpid(pid, NULL, 0);	4745	{
4400	tls_close(sx->cctx.tls_ctx, TLS_NO_SHUTDOWN);	4746	/* does not return */
4401	sx->cctx.tls_ctx = NULL;	4747	smtp_proxy_tls(sx->cctx.tls_ctx, sx->buffer, sizeof(sx->buffer), pfd,
4402	(void)close(sx->cctx.sock);	4748	ob->command_timeout, host->name);
4403	sx->cctx.sock = -1;	4749	}
4404	continue_transport = NULL;	4750
4405	continue_hostname = NULL;	4751	if (pid > 0) /* parent */
4406	goto TIDYUP;	4752	{
		4753	close(pfd[0]);
		4754	/* tidy the inter-proc to disconn the proxy proc */
		4755	waitpid(pid, NULL, 0);
		4756	tls_close(sx->cctx.tls_ctx, TLS_NO_SHUTDOWN);
		4757	sx->cctx.tls_ctx = NULL;
		4758	(void)close(sx->cctx.sock);
		4759	sx->cctx.sock = -1;
		4760	continue_transport = NULL;
		4761	continue_hostname = NULL;
		4762	goto TIDYUP;
		4763	}
		4764	log_write(0, LOG_PANIC_DIE, "fork failed");
4407	}	4765	}
4408	log_write(0, LOG_PANIC_DIE, "fork failed");
4409	}
4410	#endif	4766	#endif
		4767	}
4411	}	4768	}
4412	}
4413		4769
4414	/* If RSET failed and there are addresses left, they get deferred. */	4770	/* If RSET failed and there are addresses left, they get deferred. */
4415	else	4771	else
4416	set_errno(sx->first_addr, errno, msg, DEFER, FALSE, host,	4772	set_errno(sx->first_addr, errno, msg, DEFER, FALSE, host,
4417	#ifdef EXPERIMENTAL_DSN_INFO	4773	#ifdef EXPERIMENTAL_DSN_INFO
4418	sx->smtp_greeting, sx->helo_response,	4774	sx->smtp_greeting, sx->helo_response,
4419	#endif	4775	#endif
4420	&sx->delivery_start);	4776	&sx->delivery_start);
		4777	}
4421	}	4778	}
4422	}
4423		4779
4424	/* End off tidily with QUIT unless the connection has died or the socket has	4780	/* End off tidily with QUIT unless the connection has died or the socket has
4425	been passed to another process. There has been discussion on the net about what	4781	been passed to another process. */
4426	to do after sending QUIT. The wording of the RFC suggests that it is necessary
4427	to wait for a response, but on the other hand, there isn't anything one can do
4428	with an error response, other than log it. Exim used to do that. However,
4429	further discussion suggested that it is positively advantageous not to wait for
4430	the response, but to close the session immediately. This is supposed to move
4431	the TCP/IP TIME_WAIT state from the server to the client, thereby removing some
4432	load from the server. (Hosts that are both servers and clients may not see much
4433	difference, of course.) Further discussion indicated that this was safe to do
4434	on Unix systems which have decent implementations of TCP/IP that leave the
4435	connection around for a while (TIME_WAIT) after the application has gone away.
4436	This enables the response sent by the server to be properly ACKed rather than
4437	timed out, as can happen on broken TCP/IP implementations on other OS.
4438
4439	This change is being made on 31-Jul-98. After over a year of trouble-free
4440	operation, the old commented-out code was removed on 17-Sep-99. */
4441		4782
4442	SEND_QUIT:	4783	SEND_QUIT:
4443	#ifdef TCP_CORK	4784	if (sx->send_quit)
4444	(void) setsockopt(sx->cctx.sock, IPPROTO_TCP, TCP_CORK, US &on, sizeof(on));	4785	{ /* Use _MORE to get QUIT in FIN segment */
		4786	(void)smtp_write_command(sx, SCMD_MORE, "QUIT\r\n");
		4787	#ifndef DISABLE_TLS
		4788	if (sx->cctx.tls_ctx && sx->send_tlsclose)
		4789	{
		4790	# ifdef EXIM_TCP_CORK /* Use _CORK to get TLS Close Notify in FIN segment */
		4791	(void) setsockopt(sx->cctx.sock, IPPROTO_TCP, EXIM_TCP_CORK, US &on, sizeof(on));
		4792	# endif
		4793	tls_shutdown_wr(sx->cctx.tls_ctx);
		4794	sx->send_tlsclose = FALSE;
		4795	}
4445	#endif	4796	#endif
4446	if (sx->send_quit) (void)smtp_write_command(sx, SCMD_FLUSH, "QUIT\r\n");	4797	}
4447		4798
4448	END_OFF:	4799	END_OFF:
4449		4800
4450	#ifndef DISABLE_TLS
4451	tls_close(sx->cctx.tls_ctx, TLS_SHUTDOWN_NOWAIT);
4452	sx->cctx.tls_ctx = NULL;
4453	#endif
4454
4455	/* Close the socket, and return the appropriate value, first setting	4801	/* Close the socket, and return the appropriate value, first setting
4456	works because the NULL setting is passed back to the calling process, and	4802	works because the NULL setting is passed back to the calling process, and
4457	remote_max_parallel is forced to 1 when delivering over an existing connection,	4803	remote_max_parallel is forced to 1 when delivering over an existing connection,
Lines 4462-4481 Link Here
4462	specified in the transports, and therefore not visible at top level, in which	4808	specified in the transports, and therefore not visible at top level, in which
4463	case continue_more won't get set. */	4809	case continue_more won't get set. */
4464		4810
4465	HDEBUG(D_transport\|D_acl\|D_v) debug_printf_indent(" SMTP(close)>>\n");
4466	if (sx->send_quit)	4811	if (sx->send_quit)
4467	{	4812	{
		4813	/* This flushes data queued in the socket, being the QUIT and any TLS Close,
		4814	sending them along with the client FIN flag. Us (we hope) sending FIN first
		4815	means we (client) take the TIME_WAIT state, so the server (which likely has a
		4816	higher connection rate) does not have to. */
		4817
		4818	HDEBUG(D_transport\|D_acl\|D_v) debug_printf_indent(" SMTP(shutdown)>>\n");
4468	shutdown(sx->cctx.sock, SHUT_WR);	4819	shutdown(sx->cctx.sock, SHUT_WR);
4469	millisleep(20);
4470	testharness_pause_ms(200);
4471	if (fcntl(sx->cctx.sock, F_SETFL, O_NONBLOCK) == 0)
4472	for (int i = 16; read(sx->cctx.sock, sx->inbuffer, sizeof(sx->inbuffer)) > 0 && i > 0;)
4473	i--; /* drain socket */
4474	}	4820	}
		4821
		4822	if (sx->send_quit \|\| tcw_done && !tcw)
		4823	{
		4824	/* Wait for (we hope) ack of our QUIT, and a server FIN. Discard any data
		4825	received, then discard the socket. Any packet received after then, or receive
		4826	data still in the socket, will get a RST - hence the pause/drain. */
		4827
		4828	/* Reap the response to QUIT, timing out after one second */
		4829	(void) smtp_read_response(sx, sx->buffer, sizeof(sx->buffer), '2', 1);
		4830	#ifndef DISABLE_TLS
		4831	if (sx->cctx.tls_ctx)
		4832	{
		4833	int n;
		4834
		4835	/* Reap the TLS Close Notify from the server, timing out after one second */
		4836	sigalrm_seen = FALSE;
		4837	ALARM(1);
		4838	do
		4839	n = tls_read(sx->cctx.tls_ctx, sx->inbuffer, sizeof(sx->inbuffer));
		4840	while (!sigalrm_seen && n > 0);
		4841	ALARM_CLR(0);
		4842
		4843	if (sx->send_tlsclose)
		4844	{
		4845	# ifdef EXIM_TCP_CORK
		4846	(void) setsockopt(sx->cctx.sock, IPPROTO_TCP, EXIM_TCP_CORK, US &on, sizeof(on));
		4847	# endif
		4848	tls_close(sx->cctx.tls_ctx, TLS_SHUTDOWN_WAIT);
		4849	}
		4850	else
		4851	tls_close(sx->cctx.tls_ctx, TLS_SHUTDOWN_WONLY);
		4852	sx->cctx.tls_ctx = NULL;
		4853	}
		4854	#endif
		4855
		4856	/* Drain any trailing data from the socket before close, to avoid sending a RST */
		4857
		4858	if ( poll_one_fd(sx->cctx.sock, POLLIN, 20) != 0 /* 20ms */
		4859	&& fcntl(sx->cctx.sock, F_SETFL, O_NONBLOCK) == 0)
		4860	for (int i = 16, n; /* drain socket */
		4861	(n = read(sx->cctx.sock, sx->inbuffer, sizeof(sx->inbuffer))) > 0 && i > 0;
		4862	i--) HDEBUG(D_transport\|D_acl\|D_v)
		4863	{
		4864	int m = MIN(n, 64);
		4865	debug_printf_indent(" SMTP(drain %d bytes)<< %.*s\n", n, m, sx->inbuffer);
		4866	for (m = 0; m < n; m++)
		4867	debug_printf("0x%02x\n", sx->inbuffer[m]);
		4868	}
		4869	}
		4870	HDEBUG(D_transport\|D_acl\|D_v) debug_printf_indent(" SMTP(close)>>\n");
4475	(void)close(sx->cctx.sock);	4871	(void)close(sx->cctx.sock);
		4872	sx->cctx.sock = -1;
		4873	continue_transport = NULL;
		4874	continue_hostname = NULL;
		4875	smtp_debug_cmd_report();
4476		4876
4477	#ifndef DISABLE_EVENT	4877	#ifndef DISABLE_EVENT
4478	(void) event_raise(tblock->event_action, US"tcp:close", NULL);	4878	(void) event_raise(tblock->event_action, US"tcp:close", NULL, NULL);
4479	#endif	4879	#endif
4480		4880
4481	#ifdef SUPPORT_DANE	4881	#ifdef SUPPORT_DANE
Lines 4492-4506 Link Here
4492	to get the domain string for SNI */	4892	to get the domain string for SNI */
4493		4893
4494	sx->first_addr = a;	4894	sx->first_addr = a;
		4895	clearflag(a, af_cont_conn);
		4896	setflag(a, af_new_conn); /* clear * from logging */
4495	DEBUG(D_transport) debug_printf("DANE: go-around for %s\n", a->domain);	4897	DEBUG(D_transport) debug_printf("DANE: go-around for %s\n", a->domain);
4496	}	4898	}
4497	}	4899	}
4498	goto DANE_DOMAINS;	4900	continue_sequence = 1; /* for consistency */
		4901	goto REPEAT_CONN;
		4902	}
		4903	#endif
		4904
		4905	#ifdef EXPERIMENTAL_ESMTP_LIMITS
		4906	if (mail_limit && sx->first_addr)
		4907	{
		4908	/* Reset the sequence count since we closed the connection. This is flagged
		4909	on the pipe back to the delivery process so that a non-continued-conn delivery
		4910	is logged. */
		4911
		4912	continue_sequence = 1; /* for consistency */
		4913	clearflag(sx->first_addr, af_cont_conn);
		4914	setflag(sx->first_addr, af_new_conn); /* clear * from logging */
		4915	goto REPEAT_CONN;
4499	}	4916	}
4500	#endif	4917	#endif
4501		4918
4502	continue_transport = NULL;
4503	continue_hostname = NULL;
4504	return yield;	4919	return yield;
4505		4920
4506	TIDYUP:	4921	TIDYUP:
Lines 4662-4667 Link Here
4662	cutthrough.cctx.sock >= 0 ? cutthrough.cctx.sock : 0);	5077	cutthrough.cctx.sock >= 0 ? cutthrough.cctx.sock : 0);
4663	}	5078	}
4664		5079
		5080	/* Check the restrictions on line length */
		5081
		5082	if (max_received_linelength > ob->message_linelength_limit)
		5083	{
		5084	struct timeval now;
		5085	gettimeofday(&now, NULL);
		5086
		5087	for (address_item * addr = addrlist; addr; addr = addr->next)
		5088	if (addr->transport_return == DEFER)
		5089	addr->transport_return = PENDING_DEFER;
		5090
		5091	set_errno_nohost(addrlist, ERRNO_SMTPFORMAT,
		5092	US"message has lines too long for transport", FAIL, TRUE, &now);
		5093	goto END_TRANSPORT;
		5094	}
		5095
4665	/* Set the flag requesting that these hosts be added to the waiting	5096	/* Set the flag requesting that these hosts be added to the waiting
4666	database if the delivery fails temporarily or if we are running with	5097	database if the delivery fails temporarily or if we are running with
4667	queue_smtp or a 2-stage queue run. This gets unset for certain	5098	queue_smtp or a 2-stage queue run. This gets unset for certain
Lines 4699-4705 Link Here
4699	{	5130	{
4700	uschar *s = ob->hosts;	5131	uschar *s = ob->hosts;
4701		5132
4702	if (Ustrchr(s, '$') != NULL)	5133	if (Ustrchr(s, '$'))
4703	{	5134	{
4704	if (!(expanded_hosts = expand_string(s)))	5135	if (!(expanded_hosts = expand_string(s)))
4705	{	5136	{
Lines 5047-5053 Link Here
5047	because connections to the same host from a different interface should be	5478	because connections to the same host from a different interface should be
5048	treated separately. */	5479	treated separately. */
5049		5480
5050	host_af = Ustrchr(host->address, ':') == NULL ? AF_INET : AF_INET6;	5481	host_af = Ustrchr(host->address, ':') ? AF_INET6 : AF_INET;
5051	{	5482	{
5052	uschar * s = ob->interface;	5483	uschar * s = ob->interface;
5053	if (s && *s)	5484	if (s && *s)
Lines 5216-5222 Link Here
5216		5647
5217	if (expanded_hosts)	5648	if (expanded_hosts)
5218	{	5649	{
5219	thost = store_get(sizeof(host_item), FALSE);	5650	thost = store_get(sizeof(host_item), GET_UNTAINTED);
5220	thost = host;	5651	thost = host;
5221	thost->name = string_copy(host->name);	5652	thost->name = string_copy(host->name);
5222	thost->address = string_copy(host->address);	5653	thost->address = string_copy(host->address);




*     Exim - an Internet mail transport agent    *
*************************************************/

/* Copyright (c) The Exim Maintainers 2020 - 2022 */
/* Copyright (c) University of Cambridge 1995 - 2018 */
/* Copyright (c) The Exim Maintainers 2020 */
/* See the file NOTICE for conditions of use and distribution. */

#define DELIVER_BUFFER_SIZE 4096

#define PENDING_OK      (PENDING + OK)


#ifndef DISABLE_TLS
/* Flags structure for validity of TLS configuration */

typedef struct {
  BOOL conn_certs:1;		/* certificates etc. loaded */
  BOOL cabundle:1;		/* CA certificates loaded */
  BOOL crl:1;			/* CRL loaded */
  BOOL pri_string:1;		/* cipher priority-string cache loaded */
  BOOL dh:1;			/* Diffie-Helman params loaded */
  BOOL ecdh:1;			/* EC Diffie-Helman params loaded */

  BOOL ca_rdn_emulate:1;	/* do not advertise usable-cert list */
  BOOL ocsp_hook:1;		/* need hshake callback on session */

  void * libdata0;		/* library-dependent preloaded data */
  void * libdata1;		/* library-dependent preloaded data */
} exim_tlslib_state;
#endif


/* Private structure for the private options and other private data. */

typedef struct {
  uschar	*hosts;
  uschar	*fallback_hosts;
  host_item	*hostlist;
  host_item	*fallback_hostlist;
  uschar	*authenticated_sender;
  uschar	*helo_data;
  uschar	*interface;
  uschar	*port;
  uschar	*protocol;
  uschar	*dscp;
  uschar	*serialize_hosts;
  uschar	*hosts_try_auth;
  uschar	*hosts_require_alpn;
  uschar	*hosts_require_auth;
  uschar	*hosts_try_chunking;
#ifdef SUPPORT_DANE
  uschar	*hosts_try_dane;
  uschar	*hosts_require_dane;
  uschar	*dane_require_tls_ciphers;
#endif
  uschar	*hosts_try_fastopen;
#ifndef DISABLE_PRDR
  uschar	*hosts_try_prdr;
#endif
#ifndef DISABLE_OCSP
  uschar	*hosts_request_ocsp;
  uschar	*hosts_require_ocsp;
#endif
  uschar	*hosts_require_tls;
  uschar	*hosts_avoid_tls;
  uschar	*hosts_verify_avoid_tls;
  uschar	*hosts_avoid_pipelining;
#ifndef DISABLE_PIPE_CONNECT
  uschar	*hosts_pipe_connect;
#endif
  uschar	*hosts_avoid_esmtp;
#ifndef DISABLE_TLS
  uschar	*hosts_nopass_tls;
  uschar	*hosts_noproxy_tls;
#endif
  int		command_timeout;
  int		connect_timeout;
  int		data_timeout;
  int		final_timeout;
  int		size_addition;
  int		hosts_max_try;
  int		hosts_max_try_hardlimit;
  int		message_linelength_limit;
  BOOL		address_retry_include_sender;
  BOOL		allow_localhost;
  BOOL		authenticated_sender_force;
  BOOL		gethostbyname;
  BOOL		dns_qualify_single;
  BOOL		dns_search_parents;
  dnssec_domains dnssec;
  BOOL		delay_after_cutoff;
  BOOL		hosts_override;
  BOOL		hosts_randomize;
  BOOL		keepalive;
  BOOL		lmtp_ignore_quota;
  uschar	*expand_retry_include_ip_address;
  BOOL		retry_include_ip_address;
#ifdef SUPPORT_SOCKS
  uschar	*socks_proxy;
#endif
#ifndef DISABLE_TLS
  uschar	*tls_alpn;
  uschar	*tls_certificate;
  uschar	*tls_crl;
  uschar	*tls_privatekey;
  uschar	*tls_require_ciphers;
# ifndef DISABLE_TLS_RESUME
  uschar	*host_name_extract;
  uschar	*tls_resumption_hosts;
# endif
  const uschar	*tls_sni;
  uschar	*tls_verify_certificates;
  int		tls_dh_min_bits;
  BOOL		tls_tempfail_tryclear;
  uschar	*tls_verify_hosts;
  uschar	*tls_try_verify_hosts;
  uschar	*tls_verify_cert_hostnames;
#endif
#ifdef SUPPORT_I18N
  uschar	*utf8_downconvert;
#endif
#ifndef DISABLE_DKIM
  struct ob_dkim dkim;
#endif
#ifdef EXPERIMENTAL_ARC
  uschar	*arc_sign;
#endif
#ifndef DISABLE_TLS
  exim_tlslib_state tls_preload;
#endif
} smtp_transport_options_block;


  BOOL pending_BDAT:1;
  BOOL RCPT_452:1;
  BOOL good_RCPT:1;
#ifdef EXPERIMENTAL_ESMTP_LIMITS
  BOOL single_rcpt_domain:1;
#endif
  BOOL completed_addr:1;
  BOOL send_rset:1;
  BOOL send_quit:1;
  BOOL send_tlsclose:1;

  unsigned	peer_offered;
#ifdef EXPERIMENTAL_ESMTP_LIMITS
  unsigned	peer_limit_mail;
  unsigned	peer_limit_rcpt;
  unsigned	peer_limit_rcptdom;
#endif

  unsigned	max_mail;
  int		max_rcpt;
  int		cmd_count;

  unsigned	peer_offered;
  unsigned	avoid_option;
  uschar *	igquotstr;
  uschar *	helo_data;

  uschar *	helo_response;
#endif
#ifndef DISABLE_PIPE_CONNECT
  /* Info about the EHLO response stored to / retrieved from cache.  When
  operating early-pipe, we use the cached values.  For each of plaintext and
  crypted we store bitmaps for ESMTP features and AUTH methods.  If the LIMITS
  extension is built and usable them at least one of the limits values cached
  is nonzero, and we use the values to constrain the connection. */
  ehlo_resp_precis	ehlo_resp;
#endif





*     Exim - an Internet mail transport agent    *
*************************************************/

/* Copyright (c) The Exim Maintainers 2021 - 2022 */
/* Copyright (c) Jeremy Harris 2015 - 2018 */
/* See the file NOTICE for conditions of use and distribution. */


socks_opts * lim = &proxies[nproxies];
long rnd, weights;
unsigned pri;
static BOOL srandomed = FALSE;

if (nproxies == 1)		/* shortcut, if we have only 1 server */
  return (proxies[0].is_failed ? -1 : 0);

/* init random */
if (!srandomed)
  {
  struct timeval tv;
  gettimeofday(&tv, NULL);
  srandom((unsigned int)(tv.tv_usec/1000));
  srandomed = TRUE;
  }

/* scan for highest pri */
for (pri = 0, sd = proxies; sd < lim; sd++)
  if (!sd->is_failed && sd->priority > pri)

if (weights == 0)       /* all servers failed */
  return -1;

for (rnd = random_number(weights), i = 0; i < nproxies; i++)
  {
  sd = &proxies[i];
  if (!sd->is_failed && sd->priority == pri)

uschar buf[24];
socks_opts proxies[32];			/* max #proxies handled */
unsigned nproxies;
socks_opts * sob = NULL;
unsigned size;
blob early_data;


  while ((option = string_nextinlist(&proxy_spec, &subsep, NULL, 0)))
    socks_option(sob, option);
  }
if (!sob) return -1;

/* Set up the socks protocol method-selection message,
for sending on connection */

  {
  int idx;
  host_item proxy;
  smtp_connect_args sc = {.sock = -1};

  if ((idx = socks_get_proxy(proxies, nproxies)) < 0)
    {


  /* bodge up a host struct for the proxy */
  proxy.address = proxy.name = sob->proxy_host;
  proxy.port = sob->port;

  sc.tblock = tb;
  sc.ob = ob;
  sc.host = &proxy;
  sc.host_af = Ustrchr(sob->proxy_host, ':') ? AF_INET6 : AF_INET;
  sc.interface = interface;

  /*XXX we trust that the method-select command is idempotent */
  if ((fd = smtp_sock_connect(&sc, sob->timeout, &early_data)) >= 0)
	      interface, tb, sob->timeout, &early_data)) >= 0)
    {
    proxy_local_address = string_copy(proxy.address);
    proxy_local_port = sob->port;

   )
  goto proxy_err;

 {
  union sockaddr_46 sin;
  (void) ip_addr(&sin, host_af, host->address, port);


      &sin.v4.sin_port, sizeof(sin.v4.sin_port));
    size = 4+sizeof(sin.v4.sin_addr.s_addr)+sizeof(sin.v4.sin_port);
    }
 }

state = US"connect";
HDEBUG(D_transport|D_acl|D_v)




*************************************************/

/* Copyright (c) University of Cambridge 1995 - 2018 */
/* Copyright (c) The Exim Maintainers 2020 - 2021 */
/* See the file NOTICE for conditions of use and distribution. */

/* Functions in support of the use of maildirsize files for handling quotas in

/* If the basic path matches maildirfolder_create_regex, we are dealing with
a subfolder, and should ensure that a maildirfolder file exists. */

if (maildirfolder_create_regex)
  {
  int err;
  PCRE2_SIZE offset;
  const pcre2_code * re;

  DEBUG(D_transport) debug_printf("checking for maildirfolder requirement\n");

  if (!(re = pcre2_compile((PCRE2_SPTR)maildirfolder_create_regex,
	      PCRE2_ZERO_TERMINATED, PCRE_COPT, &err, &offset, pcre_cmp_ctx)))
    {
    uschar errbuf[128];
    pcre2_get_error_message(err, errbuf, sizeof(errbuf));
    addr->message = string_sprintf("appendfile: regular expression "
      "error: %s at offset %ld while compiling %s", errbuf, (long)offset,
      maildirfolder_create_regex);
    return FALSE;
    }

  if (regex_match(re, path, -1, NULL))
    {
    uschar *fname = string_sprintf("%s/maildirfolder", path);
    if (Ustat(fname, &statbuf) == 0)


off_t
maildir_compute_size(uschar *path, int *filecount, time_t *latest,
  const pcre2_code *regex, const pcre2_code *dir_regex, BOOL timestamp_only)
{
DIR *dir;
off_t sum = 0;

  scan. We do the regex match first, because that avoids a stat() for names
  we aren't interested in. */

  if (dir_regex && !regex_match(dir_regex, name, -1, NULL))
      pcre_exec(dir_regex, NULL, CS name, Ustrlen(name), 0, 0, NULL, 0) < 0)
    {
    DEBUG(D_transport)
      debug_printf("skipping %s/%s: dir_regex does not match\n", path, name);


int
maildir_ensure_sizefile(uschar *path, appendfile_transport_options_block *ob,
  const pcre2_code *regex, const pcre2_code *dir_regex, off_t *returned_size,
  int *returned_filecount)
{
int count, fd;




*************************************************/

/* Copyright (c) University of Cambridge 1995 - 2009 */
/* Copyright (c) The Exim Maintainers 2021 */
/* See the file NOTICE for conditions of use and distribution. */

/* Header file for the functions that are used to support the use of
maildirsize files for quota handling in maildir directories. */

extern off_t  maildir_compute_size(uschar *, int *, time_t *, const pcre2_code *,
                const pcre2_code *, BOOL);
extern BOOL   maildir_ensure_directories(uschar *, address_item *, BOOL, int,
                uschar *);
extern int    maildir_ensure_sizefile(uschar *,
                appendfile_transport_options_block *, const pcre2_code *,
                const pcre2_code *, off_t *, int *);
extern void   maildir_record_length(int, int);

/* End of tf_maildir.h */




*     Exim - an Internet mail transport agent    *
*************************************************/

/* Copyright (c) The Exim Maintainers 2021 - 2022 */
/* Copyright (c) University of Cambridge 1995 - 2015 */
/* See the file NOTICE for conditions of use and distribution. */


tree_add_nonrecipient(const uschar *s)
{
rmark rpoint = store_mark();
tree_node * node = store_get(sizeof(tree_node) + Ustrlen(s), s);
Ustrcpy(node->name, s);
node->data.ptr = NULL;
if (!tree_insertnode(&tree_nonrecipients, node)) store_reset(rpoint);

tree_add_duplicate(const uschar *s, address_item *addr)
{
rmark rpoint = store_mark();
tree_node * node = store_get(sizeof(tree_node) + Ustrlen(s), s);
Ustrcpy(node->name, s);
node->data.ptr = addr;
if (!tree_insertnode(&tree_duplicates, node)) store_reset(rpoint);

uschar s[256];
sprintf(CS s, "T:%.200s:%s", h->name, h->address);
node = store_get(sizeof(tree_node) + Ustrlen(s),
	    is_tainted(h->name) || is_tainted(h->address) ? GET_TAINTED : GET_UNTAINTED);
Ustrcpy(node->name, s);
node->data.val = h->why;
if (h->status == hstatus_unusable_expired) node->data.val += 256;

tree_add_var(uschar * name, uschar * val, void * ctx)
{
tree_node ** root = ctx;
tree_node * node = store_get(sizeof(tree_node) + Ustrlen(name), name);
Ustrcpy(node->name, name);
node->data.ptr = val;
(void) tree_insertnode(root, node);

Lines 2-7 Link Here

(-)exim.orig/src/utf8.c (-10 / +17 lines)
2	* Exim - an Internet mail transport agent *	2	* Exim - an Internet mail transport agent *
3	*************************************************/	3	*************************************************/
4		4
		5	/* Copyright (c) The Exim Maintainers 2022 */
5	/* Copyright (c) Jeremy Harris 2015 - 2018 */	6	/* Copyright (c) Jeremy Harris 2015 - 2018 */
6	/* See the file NOTICE for conditions of use and distribution. */	7	/* See the file NOTICE for conditions of use and distribution. */
7		8
Lines 133-139 Link Here
133	uschar *	134	uschar *
134	string_localpart_utf8_to_alabel(const uschar * utf8, uschar ** err)	135	string_localpart_utf8_to_alabel(const uschar * utf8, uschar ** err)
135	{	136	{
136	size_t ucs4_len;	137	size_t ucs4_len = 0;
137	punycode_uint * p;	138	punycode_uint * p;
138	size_t p_len;	139	size_t p_len;
139	uschar * res;	140	uschar * res;
Lines 142-149 Link Here
142	if (!string_is_utf8(utf8)) return string_copy(utf8);	143	if (!string_is_utf8(utf8)) return string_copy(utf8);
143		144
144	p = (punycode_uint *) stringprep_utf8_to_ucs4(CCS utf8, -1, &ucs4_len);	145	p = (punycode_uint *) stringprep_utf8_to_ucs4(CCS utf8, -1, &ucs4_len);
		146	if (!p \|\| !ucs4_len)
		147	{
		148	if (err) *err = US"l_u2a: bad UTF-8 input";
		149	return NULL;
		150	}
145	p_len = ucs4_len4; / this multiplier is pure guesswork */	151	p_len = ucs4_len4; / this multiplier is pure guesswork */
146	res = store_get(p_len+5, is_tainted(utf8));	152	res = store_get(p_len+5, utf8);
147		153
148	res[0] = 'x'; res[1] = 'n'; res[2] = res[3] = '-';	154	res[0] = 'x'; res[1] = 'n'; res[2] = res[3] = '-';
149		155
Lines 172-178 Link Here
172	DEBUG(D_expand) debug_printf("l_a2u: '%s'\n", alabel);	178	DEBUG(D_expand) debug_printf("l_a2u: '%s'\n", alabel);
173	alabel += 4;	179	alabel += 4;
174	p_len = Ustrlen(alabel);	180	p_len = Ustrlen(alabel);
175	p = store_get((p_len+1) * sizeof(*p), is_tainted(alabel));	181	p = store_get((p_len+1) * sizeof(*p), alabel);
176		182
177	if ((rc = punycode_decode(p_len, CCS alabel, &p_len, p, NULL)) != PUNYCODE_SUCCESS)	183	if ((rc = punycode_decode(p_len, CCS alabel, &p_len, p, NULL)) != PUNYCODE_SUCCESS)
178	{	184	{
Lines 240-267 Link Here
240		246
241	/* See a description in tls-openssl.c for an explanation of why this exists.	247	/* See a description in tls-openssl.c for an explanation of why this exists.
242		248
243	Arguments: a FILE* to print the results to	249	Arguments: string to append to
244	Returns: nothing	250	Returns: string
245	*/	251	*/
246		252
247	void	253	gstring *
248	utf8_version_report(FILE *f)	254	utf8_version_report(gstring * g)
249	{	255	{
250	#ifdef SUPPORT_I18N_2008	256	#ifdef SUPPORT_I18N_2008
251	fprintf(f, "Library version: IDN2: Compile: %s\n"	257	g = string_fmt_append(g, "Library version: IDN2: Compile: %s\n"
252	" Runtime: %s\n",	258	" Runtime: %s\n",
253	IDN2_VERSION,	259	IDN2_VERSION,
254	idn2_check_version(NULL));	260	idn2_check_version(NULL));
255	fprintf(f, "Library version: Stringprep: Compile: %s\n"	261	g = string_fmt_append(g, "Library version: Stringprep: Compile: %s\n"
256	" Runtime: %s\n",	262	" Runtime: %s\n",
257	STRINGPREP_VERSION,	263	STRINGPREP_VERSION,
258	stringprep_check_version(NULL));	264	stringprep_check_version(NULL));
259	#else	265	#else
260	fprintf(f, "Library version: IDN: Compile: %s\n"	266	g = string_fmt_append(g, "Library version: IDN: Compile: %s\n"
261	" Runtime: %s\n",	267	" Runtime: %s\n",
262	STRINGPREP_VERSION,	268	STRINGPREP_VERSION,
263	stringprep_check_version(NULL));	269	stringprep_check_version(NULL));
264	#endif	270	#endif
		271	return g;
265	}	272	}
266		273
267	#endif /* whole file */	274	#endif /* whole file */




*     Exim - an Internet mail transport agent    *
*************************************************/

/* Copyright (c) The Exim Maintainers 2020 - 2022 */
/* Copyright (c) University of Cambridge 1995 - 2018 */
/* Copyright (c) The Exim Maintainers 2020 */
/* See the file NOTICE for conditions of use and distribution. */

/* Functions concerned with verifying things. The original code for callout

uschar ctbuffer[8192];


/* Structure for caching DNSBL lookups */

typedef struct dnsbl_cache_block {
  time_t expiry;
  dns_address *rhs;
  uschar *text;
  int rc;
  BOOL text_set;
} dnsbl_cache_block;


/* Anchor for DNSBL cache */

static tree_node *dnsbl_cache = NULL;


/* Bits for match_type in one_check_dnsbl() */

#define MT_NOT 1
#define MT_ALL 2

static uschar cutthrough_response(client_conn_ctx *, char, uschar **, int);




if (!(cache_record = dbfn_read_with_length(dbm_file, key, &length)))
  {
  HDEBUG(D_verify) debug_printf_indent("callout cache: no %s record found for %s\n", type, key);
  return NULL;
  }



if (now - cache_record->time_stamp > expire)
  {
  HDEBUG(D_verify) debug_printf_indent("callout cache: %s record expired for %s\n", type, key);
  return NULL;
  }


  {
  if (length == sizeof(dbdata_callout_cache_obs))
    {
    dbdata_callout_cache * new = store_get(sizeof(dbdata_callout_cache), GET_UNTAINTED);
    memcpy(new, cache_record, length);
    new->postmaster_stamp = new->random_stamp = new->time_stamp;
    cache_record = new;

    cache_record->random_result = ccache_unknown;
  }

HDEBUG(D_verify) debug_printf_indent("callout cache: found %s record for %s\n", type, key);
return cache_record;
}


open_db dbblock;
open_db *dbm_file = NULL;

/* Open the callout cache database, if it exists, for reading only at this
stage, unless caching has been disabled. */

if (options & vopt_callout_no_cache)
  {
  HDEBUG(D_verify) debug_printf_indent("callout cache: disabled by no_cache\n");
  }
else if (!(dbm_file = dbfn_open(US"callout", O_RDWR, &dbblock, FALSE, TRUE)))
  {
  HDEBUG(D_verify) debug_printf_indent("callout cache: not available\n");
  }
else
  {

       || *from_address == 0 && cache_record->result == ccache_reject_mfnull)
      {
      HDEBUG(D_verify)
	debug_printf_indent("callout cache: domain gave initial rejection, or "
	  "does not accept HELO or MAIL FROM:<>\n");
      setflag(addr, af_verify_nsfail);
      addr->user_message = US"(result of an earlier callout reused).";

      {
      case ccache_accept:
	HDEBUG(D_verify)
	  debug_printf_indent("callout cache: domain accepts random addresses\n");
	*failure_ptr = US"random";
	dbfn_close(dbm_file);
	return TRUE;     /* Default yield is OK */

      case ccache_reject:
	HDEBUG(D_verify)
	  debug_printf_indent("callout cache: domain rejects random addresses\n");
	*opt_ptr = options & ~vopt_callout_random;
	new_domain_record->random_result = ccache_reject;
	new_domain_record->random_stamp = cache_record->random_stamp;


      default:
	HDEBUG(D_verify)
	  debug_printf_indent("callout cache: need to check random address handling "
	    "(not cached or cache expired)\n");
	dbfn_close(dbm_file);
	return FALSE;

	{
	setflag(addr, af_verify_pmfail);
	HDEBUG(D_verify)
	  debug_printf_indent("callout cache: domain does not accept "
	    "RCPT TO:<postmaster@domain>\n");
	*yield = FAIL;
	*failure_ptr = US"postmaster";

      if (cache_record->postmaster_result == ccache_unknown)
	{
	HDEBUG(D_verify)
	  debug_printf_indent("callout cache: need to check RCPT "
	    "TO:<postmaster@domain> (not cached or cache expired)\n");
	dbfn_close(dbm_file);
	return FALSE;

      that the value in the cache record is preserved (with its old timestamp).
      */

      HDEBUG(D_verify) debug_printf_indent("callout cache: domain accepts RCPT "
	"TO:<postmaster@domain>\n");
      *pm_ptr = NULL;
      new_domain_record->postmaster_result = ccache_accept;

  if (cache_address_record->result == ccache_accept)
    {
    HDEBUG(D_verify)
      debug_printf_indent("callout cache: address record is positive\n");
    }
  else
    {
    HDEBUG(D_verify)
      debug_printf_indent("callout cache: address record is negative\n");
    addr->user_message = US"Previous (cached) callout verification failure";
    *failure_ptr = US"recipient";
    *yield = FAIL;

if (dom_rec->result != ccache_unknown)
  if (!(dbm_file = dbfn_open(US"callout", O_RDWR|O_CREAT, &dbblock, FALSE, TRUE)))
    {
    HDEBUG(D_verify) debug_printf_indent("callout cache: not available\n");
    }
  else
    {
    (void)dbfn_write(dbm_file, domain, dom_rec,
      (int)sizeof(dbdata_callout_cache));
    HDEBUG(D_verify) debug_printf_indent("wrote callout cache domain record for %s:\n"
      "  result=%d postmaster=%d random=%d\n",
      domain,
      dom_rec->result,

    dbm_file = dbfn_open(US"callout", O_RDWR|O_CREAT, &dbblock, FALSE, TRUE);
  if (!dbm_file)
    {
    HDEBUG(D_verify) debug_printf_indent("no callout cache available\n");
    }
  else
    {
    (void)dbfn_write(dbm_file, address_key, addr_rec,
      (int)sizeof(dbdata_callout_cache_address));
    HDEBUG(D_verify) debug_printf_indent("wrote %s callout cache address record for %s\n",
      addr_rec->result == ccache_accept ? "positive" : "negative",
      address_key);
    }


	if (done)
	  {
	  address_item * na = store_get(sizeof(address_item), GET_UNTAINTED);
	  *na = cutthrough.addr;
	  cutthrough.addr = *addr;
	  cutthrough.addr.host_used = &cutthrough.host;

}




/* A rcpt callout, or cached record of one, verified the address.
Set $domain_data and $local_part_data to detainted versions.
*/
static void
callout_verified_rcpt(const address_item * addr)
{
address_item a = {.address = addr->address};
if (deliver_split_address(&a) != OK) return;
deliver_localpart_data = string_copy_taint(a.local_part, GET_UNTAINTED);
deliver_domain_data =    string_copy_taint(a.domain,     GET_UNTAINTED);
}


/*************************************************
*      Do callout verification for an address    *
*************************************************/

  {
  HDEBUG(D_verify) debug_printf("cannot callout via null transport\n");
  }

else if (Ustrcmp(addr->transport->driver_name, "smtp") != 0)
  log_write(0, LOG_MAIN|LOG_PANIC|LOG_CONFIG_FOR, "callout transport '%s': %s is non-smtp",
    addr->transport->name, addr->transport->driver_name);

      log_write(0, LOG_MAIN|LOG_PANIC, "<%s>: %s", addr->address,
        addr->message);

    if (!sx) sx = store_get(sizeof(*sx), GET_TAINTED);	/* tainted buffers */
    memset(sx, 0, sizeof(*sx));

    sx->addrlist = sx->first_addr = addr;

    sx->conn_args.interface = interface;
    sx->helo_data = tf->helo_data;
    sx->conn_args.tblock = addr->transport;
    sx->conn_args.sock = -1;
    sx->verify = TRUE;

tls_retry_connection:

	    sx->cctx.sock = -1;
#ifndef DISABLE_EVENT
	    (void) event_raise(addr->transport->event_action,
			      US"tcp:close", NULL, NULL);
#endif
	    addr->address = main_address;
	    addr->transport_return = PENDING_DEFER;

      for (address_item * caddr = &cutthrough.addr, * parent = addr->parent;
	   parent;
	   caddr = caddr->parent, parent = parent->parent)
        *(caddr->parent = store_get(sizeof(address_item), GET_UNTAINTED)) = *parent;

      ctctx.outblock.buffer = ctbuffer;
      ctctx.outblock.buffersize = sizeof(ctbuffer);

	HDEBUG(D_transport|D_acl|D_v) debug_printf_indent("  SMTP(close)>>\n");
	(void)close(sx->cctx.sock);
	sx->cctx.sock = -1;
	smtp_debug_cmd_report();
#ifndef DISABLE_EVENT
	(void) event_raise(addr->transport->event_action, US"tcp:close", NULL, NULL);
#endif
	}
      }

if(cutthrough.cctx.sock < 0 || cutthrough.callout_hold_only)
  return FALSE;

smtp_debug_cmd(US"DATA", 0);
cutthrough_puts(US"DATA\r\n", 6);
cutthrough_flush_send();


  */
  client_conn_ctx tmp_ctx = cutthrough.cctx;
  ctctx.outblock.ptr = ctbuffer;
  smtp_debug_cmd(US"QUIT", 0);
  _cutthrough_puts(US"QUIT\r\n", 6);	/* avoid recursion */
  _cutthrough_flush_send();
  cutthrough.cctx.sock = -1;		/* avoid recursion via read timeout */

#endif
  HDEBUG(D_transport|D_acl|D_v) debug_printf_indent("  SMTP(close)>>\n");
  (void)close(fd);
  smtp_debug_cmd_report();
  HDEBUG(D_acl) debug_printf_indent("----------- cutthrough shutdown (%s) ------------\n", why);
  }
ctctx.outblock.ptr = ctbuffer;

Arguments:
  vaddr            contains the address to verify; the next field in this block
                     must be NULL
  fp               if not NULL, write the result to this file
  options          various option bits:
                     vopt_fake_sender => this sender verify is not for the real
                       sender (it was verify=sender=xxxx or an address from a

BOOL success_on_redirect = (options & vopt_success_on_redirect) != 0;
int i;
int yield = OK;
int verify_type = expn ? v_expn :
   f.address_test_mode ? v_none :
          options & vopt_is_recipient ? v_recipient : v_sender;
address_item *addr_list;
address_item *addr_new = NULL;
address_item *addr_remote = NULL;


  if (rc == OK)
    {
    BOOL local_verify = FALSE;

    if (routed) *routed = TRUE;
    if (callout > 0)
      {

      transport's options, so as to mimic what would happen if we were really
      sending a message to this address. */

      if ((tp = addr->transport))
	if (!tp->info->local)
	  {
	  (void)(tp->setup)(tp, addr, &tf, 0, 0, NULL);

	  /* If the transport has hosts and the router does not, or if the
	  transport is configured to override the router's hosts, we must build a
	  host list of the transport's hosts, and find the IP addresses */

	  if (tf.hosts && (!host_list || tf.hosts_override))
	    {
	    uschar *s;
	    const uschar *save_deliver_domain = deliver_domain;
	    uschar *save_deliver_localpart = deliver_localpart;

	    host_list = NULL;    /* Ignore the router's hosts */

	    deliver_domain = addr->domain;
	    deliver_localpart = addr->local_part;
	    s = expand_string(tf.hosts);
	    deliver_domain = save_deliver_domain;
	    deliver_localpart = save_deliver_localpart;

	    if (!s)
	      {
	      log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand list of hosts "
		"\"%s\" in %s transport for callout: %s", tf.hosts,
		tp->name, expand_string_message);
	      }
	    else
	      {
	      int flags;
	      host_build_hostlist(&host_list, s, tf.hosts_randomize);

	      /* Just ignore failures to find a host address. If we don't manage
	      to find any addresses, the callout will defer. Note that more than
	      one address may be found for a single host, which will result in
	      additional host items being inserted into the chain. Hence we must
	      save the next host first. */

	      flags = HOST_FIND_BY_A | HOST_FIND_BY_AAAA;
	      if (tf.qualify_single) flags |= HOST_FIND_QUALIFY_SINGLE;
	      if (tf.search_parents) flags |= HOST_FIND_SEARCH_PARENTS;

	      for (host_item * host = host_list, * nexthost; host; host = nexthost)
              {
              nexthost = host->next;
              if (tf.gethostbyname ||
                  string_is_ip_address(host->name, NULL) != 0)
                (void)host_find_byname(host, NULL, flags, NULL, TRUE);
              else
		{
		nexthost = host->next;
		if (tf.gethostbyname ||
		    string_is_ip_address(host->name, NULL) != 0)
		  (void)host_find_byname(host, NULL, flags, NULL, TRUE);
		else
		  {
		  const dnssec_domains * dsp = NULL;
		  if (Ustrcmp(tp->driver_name, "smtp") == 0)
		    {
		    smtp_transport_options_block * ob =
			(smtp_transport_options_block *) tp->options_block;
		    dsp = &ob->dnssec;
		    }

		  (void) host_find_bydns(host, NULL, flags, NULL, NULL, NULL,
		    dsp, NULL, NULL);
		  }
		}
	      }
	    }
	  }
	else if (  options & vopt_quota
		&& Ustrcmp(tp->driver_name, "appendfile") == 0)
	  local_verify = TRUE;

      /* Can only do a callout if we have at least one host! If the callout
      fails, it will have set ${sender,recipient}_verify_failure. */

#ifndef DISABLE_TLS
	  deliver_set_expansions(NULL);
#endif
	  if (  options & vopt_is_recipient
	     && rc == OK
			 /* set to "random", with OK, for an accepted random */
	     && !recipient_verify_failure
	     )
	    callout_verified_rcpt(addr);
          }
        }
      else if (local_verify)
	{
        HDEBUG(D_verify) debug_printf("Attempting quota verification\n");

	deliver_set_expansions(addr);
	deliver_local(addr, TRUE);
	rc = addr->transport_return;
	}
      else
        {
        HDEBUG(D_verify) debug_printf("Cannot do callout: neither router nor "
          "transport provided a host list, or transport is not smtp\n");
        }
      }
    }


    addr_list = addr->next;

    fprintf(fp, "%s", CS addr->address);
#ifdef EXPERIMENTAL_SRS
    if(addr->prop.srs_sender)
      fprintf(fp, "    [srs = %s]", addr->prop.srs_sender);
#endif

    /* If the address is a duplicate, show something about it. */


*/

int
check_host(void * arg, const uschar * ss, const uschar ** valueptr, uschar ** error)
{
check_host_block * cb = (check_host_block *)arg;
int mlen = -1;
int maskoffset;
BOOL iplookup = FALSE, isquery = FALSE;
BOOL isiponly = cb->host_name && !cb->host_name[0];
const uschar * t;
const uschar *t;
uschar * semicolon, * endname, * opts;
uschar ** aliases;

/* Optimize for the special case when the pattern is "*". */

if (*ss == '*' && !ss[1]) return OK;

/* If the pattern is empty, it matches only in the case when there is no host -
this can occur in ACL checking for SMTP input using the -bs option. In this
situation, the host address is the empty string. */

if (!cb->host_address[0]) return *ss ? FAIL : OK;
if (!*ss) return FAIL;

/* If the pattern is precisely "@" then match against the primary host name,
provided that host name matching is permitted; if it's "@[]" match against the

dots). */

for (t = ss; isdigit(*t) || *t == '.'; ) t++;
if (!*t  || (*t == '/' && t != ss))
  {
  *error = US"malformed IPv4 address or address mask";
  return ERROR;




/****************************************************
  Verify a local user account for quota sufficiency
****************************************************/

/* The real work, done via a re-exec for privs, calls
down to the transport for the quota check.

Route and transport (in recipient-verify mode) the
given recipient. 

A routing result indicating any transport type other than appendfile
results in a fail.

Return, on stdout, a result string containing:
- highlevel result code (OK, DEFER, FAIL)
- errno
- where string
- message string
  match_type     condition for 'succeed' result
                   0 => Any RR in iplist     (=)
                   1 => No RR in iplist      (!=)
                   2 => All RRs in iplist    (==)
                   3 => Some RRs not in iplist (!==)
                   the two bits are defined as MT_NOT and MT_ALL
  defer_return   what to return for a defer

Returns:         OK if lookup succeeded
                 FAIL if not
*/

void
verify_quota(uschar * address)
  uschar *prepend, uschar *iplist, BOOL bitmask, int match_type,
  int defer_return)
{
address_item vaddr = {.address = address};
BOOL routed;
uschar * msg = US"\0";
int rc, len = 1;
int old_pool = store_pool;
uschar * query;
int qlen;

/* Construct the specific query domainname */

query = string_sprintf("%s.%s", prepend, domain);
if ((qlen = Ustrlen(query)) >= 256)
  {
  log_write(0, LOG_MAIN|LOG_PANIC, "dnslist query is too long "
    "(ignored): %s...", query);
  return FAIL;
  }

if ((rc = verify_address(&vaddr, NULL, vopt_is_recipient | vopt_quota,
    1, 0, 0, NULL, NULL, &routed)) != OK)
if (  (t = tree_search(dnsbl_cache, query))
   && (cb = t->data.ptr)->expiry > time(NULL)
   )

/* Previous lookup was cached */

  {
  HDEBUG(D_dnsbl) debug_printf("dnslists: using result of previous lookup\n");
  }

/* If not cached from a previous lookup, we must do a DNS lookup, and
cache the result in permanent memory. */

else
  {
  uschar * where = recipient_verify_failure;
  msg = acl_verify_message ? acl_verify_message : vaddr.message;
  if (!msg) msg = US"";
  if (rc == DEFER && vaddr.basic_errno == ERRNO_EXIMQUOTA)
  if (t)
    {
    rc = FAIL;					/* DEFER -> FAIL */
    where = US"quota";
    vaddr.basic_errno = 0;
  else
    {	/* Set up a tree entry to cache the lookup */
    t = store_get(sizeof(tree_node) + qlen + 1 + 1, is_tainted(query));
    Ustrcpy(t->name, query);
    t->data.ptr = cb = store_get(sizeof(dnsbl_cache_block), FALSE);
    (void)tree_insertnode(&dnsbl_cache, t);
    }

  /* Do the DNS lookup . */

  HDEBUG(D_dnsbl) debug_printf("new DNS lookup for %s\n", query);
  cb->rc = dns_basic_lookup(dnsa, query, T_A);
  cb->text_set = FALSE;
  cb->text = NULL;
  cb->rhs = NULL;

  /* If the lookup succeeded, cache the RHS address. The code allows for
  more than one address - this was for complete generality and the possible
  use of A6 records. However, A6 records are no longer supported. Leave the code
  here, just in case.

  Quite apart from one A6 RR generating multiple addresses, there are DNS
  lists that return more than one A record, so we must handle multiple
  addresses generated in that way as well.

  Mark the cache entry with the "now" plus the minimum of the address TTLs,
  or the RFC 2308 negative-cache value from the SOA if none were found. */

  switch (cb->rc)
    {
    case DNS_SUCCEED:
      {
      dns_address ** addrp = &cb->rhs;
      dns_address * da;
      for (dns_record * rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS); rr;
	   rr = dns_next_rr(dnsa, &dnss, RESET_NEXT))
	if (rr->type == T_A && (da = dns_address_from_rr(dnsa, rr)))
	  {
	  *addrp = da;
	  while (da->next) da = da->next;
	  addrp = &da->next;
	  if (ttl > rr->ttl) ttl = rr->ttl;
	  }

      if (cb->rhs)
	{
	cb->expiry = time(NULL) + ttl;
	break;
	}

      /* If we didn't find any A records, change the return code. This can
      happen when there is a CNAME record but there are no A records for what
      it points to. */

      cb->rc = DNS_NODATA;
      }
      /*FALLTHROUGH*/

    case DNS_NOMATCH:
    case DNS_NODATA:
      {
      /* Although there already is a neg-cache layer maintained by
      dns_basic_lookup(), we have a dnslist cache entry allocated and
      tree-inserted. So we may as well use it. */

      time_t soa_negttl = dns_expire_from_soa(dnsa, T_A);
      cb->expiry = soa_negttl ? soa_negttl : time(NULL) + ttl;
      break;
      }

    default:
      cb->expiry = time(NULL) + ttl;
      break;
    }
  else if (!where) where = US"";

  len = 5 + Ustrlen(msg) + 1 + Ustrlen(where);
  msg = string_sprintf("%c%c%c%c%c%s%c%s", (uschar)rc,
    (vaddr.basic_errno >> 24) & 0xff, (vaddr.basic_errno >> 16) & 0xff,
    (vaddr.basic_errno >> 8) & 0xff, vaddr.basic_errno & 0xff,
    where, '\0', msg);
  }

DEBUG(D_verify) debug_printf_indent("verify_quota: len %d\n", len);
write(1, msg, len);
return;
}
list (introduced by "&"), or a negative bitmask list (introduced by "!&").*/

if (cb->rc == DNS_SUCCEED)
  {
  dns_address * da = NULL;
  uschar *addlist = cb->rhs->address;

  /* For A and AAAA records, there may be multiple addresses from multiple
  records. For A6 records (currently not expected to be used) there may be
  multiple addresses from a single record. */

  for (da = cb->rhs->next; da; da = da->next)
    addlist = string_sprintf("%s, %s", addlist, da->address);

  HDEBUG(D_dnsbl) debug_printf("DNS lookup for %s succeeded (yielding %s)\n",
    query, addlist);

  /* Address list check; this can be either for equality, or via a bitmask.
  In the latter case, all the bits must match. */

  if (iplist)
    {
    for (da = cb->rhs; da; da = da->next)
      {
      int ipsep = ',';
      const uschar *ptr = iplist;
      uschar *res;

      /* Handle exact matching */

      if (!bitmask)
	{
        while ((res = string_nextinlist(&ptr, &ipsep, NULL, 0)))
          if (Ustrcmp(CS da->address, res) == 0)
	    break;
	}

      /* Handle bitmask matching */

      else
        {
        int address[4];
        int mask = 0;

        /* At present, all known DNS blocking lists use A records, with
        IPv4 addresses on the RHS encoding the information they return. I
        wonder if this will linger on as the last vestige of IPv4 when IPv6
        is ubiquitous? Anyway, for now we use paranoia code to completely
        ignore IPv6 addresses. The default mask is 0, which always matches.
        We change this only for IPv4 addresses in the list. */

        if (host_aton(da->address, address) == 1) mask = address[0];

        /* Scan the returned addresses, skipping any that are IPv6 */

        while ((res = string_nextinlist(&ptr, &ipsep, NULL, 0)))
          {
          if (host_aton(res, address) != 1) continue;
          if ((address[0] & mask) == address[0]) break;
          }
        }

      /* If either

         (a) An IP address in an any ('=') list matched, or
         (b) No IP address in an all ('==') list matched

      then we're done searching. */

      if (((match_type & MT_ALL) != 0) == (res == NULL)) break;
      }

    /* If da == NULL, either

       (a) No IP address in an any ('=') list matched, or
       (b) An IP address in an all ('==') list didn't match

/******************************************************************************/
    the list. */

/* Quota cache lookup.  We use the callout hints db also for the quota cache.
Return TRUE if a nonexpired record was found, having filled in the yield
argument.
*/
        uschar *res = NULL;
        switch(match_type)
          {
          case 0:
	    res = US"was no match"; break;
          case MT_NOT:
	    res = US"was an exclude match"; break;
          case MT_ALL:
	    res = US"was an IP address that did not match"; break;
          case MT_NOT|MT_ALL:
	    res = US"were no IP addresses that did not match"; break;
          }
        debug_printf("=> but we are not accepting this block class because\n");
        debug_printf("=> there %s for %s%c%s\n",
          res,
          ((match_type & MT_ALL) == 0)? "" : "=",
          bitmask? '&' : '=', iplist);
        }
      return FAIL;
      }
    }

  /* Either there was no IP list, or the record matched, implying that the
  domain is on the list. We now want to find a corresponding TXT record. If an
  alternate domain is specified for the TXT record, call this function
  recursively to look that up; this has the side effect of re-checking that
  there is indeed an A record at the alternate domain. */

  if (domain_txt != domain)
    return one_check_dnsbl(domain_txt, domain_txt, keydomain, prepend, NULL,
      FALSE, match_type, defer_return);

  /* If there is no alternate domain, look up a TXT record in the main domain
  if it has not previously been cached. */

  if (!cb->text_set)
    {
    cb->text_set = TRUE;
    if (dns_basic_lookup(dnsa, query, T_TXT) == DNS_SUCCEED)
      for (dns_record * rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS); rr;
           rr = dns_next_rr(dnsa, &dnss, RESET_NEXT))
        if (rr->type == T_TXT)
	  {
	  int len = (rr->data)[0];
	  if (len > 511) len = 127;
	  store_pool = POOL_PERM;
	  cb->text = string_sprintf("%.*s", len, CUS (rr->data+1));
	  store_pool = old_pool;
	  break;
	  }
    }

  dnslist_value = addlist;
  dnslist_text = cb->text;
  return OK;
  }

static BOOL
cached_quota_lookup(const uschar * rcpt, int * yield,
  int pos_cache, int neg_cache)
{
open_db dbblock, *dbm_file = NULL;
dbdata_callout_cache_address * cache_address_record;

if (!pos_cache && !neg_cache)
  return FALSE;
if (!(dbm_file = dbfn_open(US"callout", O_RDWR, &dbblock, FALSE, TRUE)))
  {
  HDEBUG(D_verify) debug_printf_indent("quota cache: not available\n");
  return FALSE;
    (defer_return == OK)?   US"assumed in list" :
    (defer_return == FAIL)? US"assumed not in list" :
                            US"returned DEFER");
  return defer_return;
  }
if (!(cache_address_record = (dbdata_callout_cache_address *)
    get_callout_cache_record(dbm_file, rcpt, US"address",
      pos_cache, neg_cache)))
HDEBUG(D_dnsbl)
  {
  dbfn_close(dbm_file);
  return FALSE;
     keydomain, domain);
  }
if (cache_address_record->result == ccache_accept)
  *yield = OK;
dbfn_close(dbm_file);
return TRUE;
}

/* Quota cache write */

static void
cache_quota_write(const uschar * rcpt, int yield, int pos_cache, int neg_cache)
{
open_db dbblock, *dbm_file = NULL;
dbdata_callout_cache_address cache_address_record;

if (!pos_cache && !neg_cache)
  return;
if (!(dbm_file = dbfn_open(US"callout", O_RDWR|O_CREAT, &dbblock, FALSE, TRUE)))
  {
  HDEBUG(D_verify) debug_printf_indent("quota cache: not available\n");
  return;
  }

cache_address_record.result = yield == OK ? ccache_accept : ccache_reject;
*        Check host against DNS black lists      *
*************************************************/

/* This function runs checks against a list of DNS black lists, until one
matches. Each item on the list can be of the form

  domain=ip-address/key

The domain is the right-most domain that is used for the query, for example,
blackholes.mail-abuse.org. If the IP address is present, there is a match only
if the DNS lookup returns a matching IP address. Several addresses may be
given, comma-separated, for example: x.y.z=127.0.0.1,127.0.0.2.

If no key is given, what is looked up in the domain is the inverted IP address
of the current client host. If a key is given, it is used to construct the
domain for the lookup. For example:

  dsn.rfc-ignorant.org/$sender_address_domain

After finding a match in the DNS, the domain is placed in $dnslist_domain, and
then we check for a TXT record for an error message, and if found, save its
value in $dnslist_text. We also cache everything in a tree, to optimize
multiple lookups.

(void)dbfn_write(dbm_file, rcpt, &cache_address_record,
	(int)sizeof(dbdata_callout_cache_address));
HDEBUG(D_verify) debug_printf_indent("wrote %s quota cache record for %s\n",
      yield == OK ? "positive" : "negative", rcpt);
example:

dbfn_close(dbm_file);
return;
}

The caching ensures that only one lookup in dnsbl.sorbs.net is done.

/* To evaluate a local user's quota, starting in ACL, we need to
fork & exec to regain privileges, to that we can change to the user's
identity for access to their files.

Arguments:
 rcpt		Recipient account
 pos_cache	Number of seconds to cache a positive result (delivery
 		to be accepted).  Zero to disable caching.
 neg_cache	Number of seconds to cache a negative result.  Zero to disable.
 msg		Pointer to result string pointer

Return:		OK/DEFER/FAIL code
                      lookup deferred after +exclude_unknown (default)
            DEFER   lookup failure, if +defer_unknown was set
*/

int
verify_quota_call(const uschar * rcpt, int pos_cache, int neg_cache,
  uschar ** msg)
{
int pfd[2], pid, save_errno, yield = FAIL;
void (*oldsignal)(int);
const uschar * where = US"socketpair";
uschar *domain;
uschar revadd[128];        /* Long enough for IPv6 address */

/* Indicate that the inverted IP address is not yet set up */

revadd[0] = 0;

*msg = NULL;

if (cached_quota_lookup(rcpt, &yield, pos_cache, neg_cache))

/* Loop through all the domains supplied, until something matches */

while ((domain = string_nextinlist(&list, &sep, NULL, 0)))
  {
  HDEBUG(D_verify) debug_printf_indent("quota cache: address record is %s\n",
    yield == OK ? "positive" : "negative");
  if (yield != OK)
  uschar *domain_txt;
  uschar *comma;
  uschar *iplist;
  uschar *key;

  HDEBUG(D_dnsbl) debug_printf("dnslists check: %s\n", domain);

  /* Deal with special values that change the behaviour on defer */

  if (domain[0] == '+')
    {
    if      (strcmpic(domain, US"+include_unknown") == 0) defer_return = OK;
    else if (strcmpic(domain, US"+exclude_unknown") == 0) defer_return = FAIL;
    else if (strcmpic(domain, US"+defer_unknown") == 0)   defer_return = DEFER;
    else
      log_write(0, LOG_MAIN|LOG_PANIC, "unknown item in dnslist (ignored): %s",
        domain);
    continue;
    }

  /* See if there's explicit data to be looked up */

  if ((key = Ustrchr(domain, '/'))) *key++ = 0;

  /* See if there's a list of addresses supplied after the domain name. This is
  introduced by an = or a & character; if preceded by = we require all matches
  and if preceded by ! we invert the result. */

  if (!(iplist = Ustrchr(domain, '=')))
    {
    recipient_verify_failure = US"quota";
    acl_verify_message = *msg =
      US"Previous (cached) quota verification failure";

  if (iplist)				       /* Found either = or & */
    {
    if (iplist > domain && iplist[-1] == '!')  /* Handle preceding ! */
      {
      match_type |= MT_NOT;
      iplist[-1] = 0;
      }

    *iplist++ = 0;                             /* Terminate domain, move on */

    /* If we found = (bitmask == FALSE), check for == or =& */

    if (!bitmask && (*iplist == '=' || *iplist == '&'))
      {
      bitmask = *iplist++ == '&';
      match_type |= MT_ALL;
      }
    }


  /* If there is a comma in the domain, it indicates that a second domain for
  looking up TXT records is provided, before the main domain. Otherwise we must
  set domain_txt == domain. */

  domain_txt = domain;
  if ((comma = Ustrchr(domain, ',')))
    {
    *comma++ = 0;
    domain = comma;
    }
  return yield;
  }

if (pipe(pfd) != 0)
  goto fail;
  domains, but in practice they seem to. However, there is little point in
  actually causing an error here, because that would no doubt hold up incoming
  mail. Instead, I'll just log it. */

where = US"fork";
oldsignal = signal(SIGCHLD, SIG_DFL);
if ((pid = exim_fork(US"quota-verify")) < 0)
  {
  save_errno = errno;
  close(pfd[pipe_write]);
  close(pfd[pipe_read]);
  errno = save_errno;
  goto fail;
  }

if (pid == 0)		/* child */
  {
  close(pfd[pipe_read]);
  force_fd(pfd[pipe_write], 1);		/* stdout to pipe */
  close(pfd[pipe_write]);
  dup2(1, 0);
  if (debug_fd > 0) force_fd(debug_fd, 2);

  child_exec_exim(CEE_EXEC_EXIT, FALSE, NULL, FALSE, 3,
    US"-MCq", string_sprintf("%d", message_size), rcpt);
  /*NOTREACHED*/
  }
        "strange characters - is this right?", domain_txt);
      break;
      }

save_errno = errno;
close(pfd[pipe_write]);

if (pid < 0)
  {
  DEBUG(D_verify) debug_printf_indent(" fork: %s\n", strerror(save_errno));
  }
else
  {
  uschar buf[128];
  int n = read(pfd[pipe_read], buf, sizeof(buf));
  int status;

  waitpid(pid, &status, 0);
  if (status == 0)
    {
    uschar * s;

    if (n > 0) yield = buf[0];
    if (n > 4)
      save_errno = (buf[1] << 24) | (buf[2] << 16) | (buf[3] << 8) | buf[4];
    if ((recipient_verify_failure = n > 5
	? string_copyn_taint(buf+5, n-5, GET_UNTAINTED) : NULL))
      {
      int m;
      s = buf + 5 + Ustrlen(recipient_verify_failure) + 1;
      m = n - (s - buf);
      acl_verify_message = *msg =
	m > 0 ? string_copyn_taint(s, m, GET_UNTAINTED) : NULL;
      }

    DEBUG(D_verify) debug_printf_indent("verify call response:"
      " len %d yield %s errno '%s' where '%s' msg '%s'\n",
      n, rc_names[yield], strerror(save_errno), recipient_verify_failure, *msg);

    if (  yield == OK
       || save_errno == 0 && Ustrcmp(recipient_verify_failure, "quota") == 0)
      cache_quota_write(rcpt, yield, pos_cache, neg_cache);
    else DEBUG(D_verify)
      debug_printf_indent("result not cacheable\n");
    }

  /* If there is a key string, it can be a list of domains or IP addresses to
  be concatenated with the main domain. */

  else
    {
    DEBUG(D_verify)
      debug_printf_indent("verify call response: waitpid status 0x%04x\n", status);
    uschar *keydomain;
    uschar keyrevadd[128];

    while ((keydomain = string_nextinlist(CUSS &key, &keysep, NULL, 0)))
      {
      uschar *prepend = keydomain;

      if (string_is_ip_address(keydomain, NULL) != 0)
        {
        invert_address(keyrevadd, keydomain);
        prepend = keyrevadd;
        }

      rc = one_check_dnsbl(domain, domain_txt, keydomain, prepend, iplist,
        bitmask, match_type, defer_return);
      if (rc == OK)
        {
        dnslist_domain = string_copy(domain_txt);
        dnslist_matched = string_copy(keydomain);
        HDEBUG(D_dnsbl) debug_printf("=> that means %s is listed at %s\n",
          keydomain, dnslist_domain);
        return OK;
        }

      /* If the lookup deferred, remember this fact. We keep trying the rest
      of the list to see if we get a useful result, and if we don't, we return
      DEFER at the end. */

      if (rc == DEFER) defer = TRUE;
      }    /* continue with next keystring domain/address */

    if (defer) return DEFER;
    }
  }

close(pfd[pipe_read]);
signal(SIGCHLD, oldsignal);
errno = save_errno;
return yield;

fail:
DEBUG(D_verify) debug_printf_indent("verify_quota_call fail in %s\n", where);
return yield;
}


/* vi: aw ai sw=2
*/
/* End of verify.c */

Lines 1-4 Link Here

(-)exim.orig/util/gen_pkcs3.c (+1 lines)
1	/* Copyright (C) 2012,2016 Phil Pennock.	1	/* Copyright (C) 2012,2016 Phil Pennock.
		2	* Copyright (c) The Exim Maintainers 2021
2	* This is distributed as part of Exim and licensed under the GPL.	3	* This is distributed as part of Exim and licensed under the GPL.
3	* See the file "NOTICE" for more details.	4	* See the file "NOTICE" for more details.
4	*/	5	*/

Return to bug 46381

Lines 3-8 Link Here

(-)exim.orig/exim_monitor/em_globals.c (-2 / +4 lines)
3	*************************************************/	3	*************************************************/
4		4
5	/* Copyright (c) University of Cambridge 1995 - 2018 */	5	/* Copyright (c) University of Cambridge 1995 - 2018 */
		6	/* Copyright (c) The Exim Maintainers 2021 */
6	/* See the file NOTICE for conditions of use and distribution. */	7	/* See the file NOTICE for conditions of use and distribution. */
7		8
8		9
Lines 81-87 Link Here
81	int queue_update = 60;	82	int queue_update = 60;
82	int queue_width = 600;	83	int queue_width = 600;
83		84
84	pcre *yyyymmdd_regex;	85	pcre2_code *yyyymmdd_regex;
85		86
86	uschar *size_stripchart = NULL;	87	uschar *size_stripchart = NULL;
87	uschar *size_stripchart_name = NULL;	88	uschar *size_stripchart_name = NULL;
Lines 89-95 Link Here
89	int start_small = FALSE;	90	int start_small = FALSE;
90	int stripchart_height = 90;	91	int stripchart_height = 90;
91	int stripchart_number = 1;	92	int stripchart_number = 1;
92	pcre **stripchart_regex;	93	pcre2_code **stripchart_regex;
93	uschar **stripchart_title;	94	uschar **stripchart_title;
94	int *stripchart_total;	95	int *stripchart_total;
95	int stripchart_update = 60;	96	int stripchart_update = 60;
Lines 196-201 Link Here
196	int received_count = 0;	197	int received_count = 0;
197	uschar *received_protocol = NULL;	198	uschar *received_protocol = NULL;
198	struct timeval received_time = { 0, 0 };	199	struct timeval received_time = { 0, 0 };
		200	struct timeval received_time_complete = { 0, 0 };
199	int recipients_count = 0;	201	int recipients_count = 0;
200	recipient_item *recipients_list = NULL;	202	recipient_item *recipients_list = NULL;
201	int recipients_list_max = 0;	203	int recipients_list_max = 0;

Lines 3-8 Link Here

(-)exim.orig/exim_monitor/em_hdr.h (-5 / +8 lines)
3	*************************************************/	3	*************************************************/
4		4
5	/* Copyright (c) University of Cambridge 1995 - 2009 */	5	/* Copyright (c) University of Cambridge 1995 - 2009 */
		6	/* Copyright (c) The Exim Maintainers 2021 - 2022 */
6	/* See the file NOTICE for conditions of use and distribution. */	7	/* See the file NOTICE for conditions of use and distribution. */
7		8
8		9
Lines 85-91 Link Here
85		86
86	/* Regular expression include */	87	/* Regular expression include */
87		88
88	#include <pcre.h>	89	#define PCRE2_CODE_UNIT_WIDTH 8
		90	#include <pcre2.h>
89		91
90	/* Includes from the main source of Exim. One of these days I should tidy up	92	/* Includes from the main source of Exim. One of these days I should tidy up
91	this interface so that this kind of kludge isn't needed. */	93	this interface so that this kind of kludge isn't needed. */
Lines 93-106 Link Here
93	#ifndef NS_MAXMSG	95	#ifndef NS_MAXMSG
94	# define NS_MAXMSG 65535	96	# define NS_MAXMSG 65535
95	#endif	97	#endif
96	typedef void hctx;	98	typedef void * hctx;
97		99
98	#include "local_scan.h"	100	#include "local_scan.h"
99	#include "macros.h"	101	#include "macros.h"
100	#include "structs.h"	102	#include "structs.h"
101	#include "blob.h"	103	#include "blob.h"
102	#include "globals.h"	104	#include "globals.h"
103	#include "dbstuff.h"	105	#include "hintsdb.h"
		106	#include "hintsdb_structs.h"
104	#include "functions.h"	107	#include "functions.h"
105	#include "osfunctions.h"	108	#include "osfunctions.h"
106		109
Lines 273-279 Link Here
273	extern int queue_update; /* update interval */	276	extern int queue_update; /* update interval */
274	extern int queue_width; /* width of queue window */	277	extern int queue_width; /* width of queue window */
275		278
276	extern pcre yyyymmdd_regex; / for matching yyyy-mm-dd */	279	extern pcre2_code yyyymmdd_regex; / for matching yyyy-mm-dd */
277		280
278	extern uschar size_stripchart; / path for size monitoring */	281	extern uschar size_stripchart; / path for size monitoring */
279	extern uschar size_stripchart_name; / name for size stripchart */	282	extern uschar size_stripchart_name; / name for size stripchart */
Lines 282-288 Link Here
282	extern int start_small; /* True to start with small window */	285	extern int start_small; /* True to start with small window */
283	extern int stripchart_height; /* height of stripcharts */	286	extern int stripchart_height; /* height of stripcharts */
284	extern int stripchart_number; /* number of stripcharts */	287	extern int stripchart_number; /* number of stripcharts */
285	extern pcre *stripchart_regex; / vector of regexps */	288	extern pcre2_code *stripchart_regex; / vector of regexps */
286	extern uschar *stripchart_title; / vector of titles */	289	extern uschar *stripchart_title; / vector of titles */
287	extern int stripchart_total; / vector of accumulating values */	290	extern int stripchart_total; / vector of accumulating values */
288	extern int stripchart_update; /* update interval */	291	extern int stripchart_update; /* update interval */

Lines 3-9 Link Here

(-)exim.orig/exim_monitor/em_init.c (-54 / +55 lines)
3	*************************************************/	3	*************************************************/
4		4
5	/* Copyright (c) University of Cambridge 1995 - 2009 */	5	/* Copyright (c) University of Cambridge 1995 - 2009 */
6	/* Copyright (c) The Exim Maintainers 2020 */	6	/* Copyright (c) The Exim Maintainers 2020 - 2021 */
7	/* See the file NOTICE for conditions of use and distribution. */	7	/* See the file NOTICE for conditions of use and distribution. */
8		8
9	/* This module contains code to initialize things from the	9	/* This module contains code to initialize things from the
Lines 32-38 Link Here
32	work. */	32	work. */
33		33
34	for (i = 0; i <= 1; i++)	34	for (i = 0; i <= 1; i++)
35
36	{	35	{
37	int first = 1;	36	int first = 1;
38	int count = 0;	37	int count = 0;
Lines 69-81 Link Here
69	buffer[p-pp] = 0;	68	buffer[p-pp] = 0;
70	if (first)	69	if (first)
71	{	70	{
72	int offset;	71	size_t offset;
73	const uschar *error;	72	int err;
74	if (!(stripchart_regex[indx] = pcre_compile(CS buffer, PCRE_COPT,	73
75	CCSS &error, &offset, NULL)))	74	if (!(stripchart_regex[indx] =
		75	pcre2_compile((PCRE2_SPTR)buffer,
		76	PCRE2_ZERO_TERMINATED, PCRE_COPT,
		77	&err, &offset, NULL)))
76	{	78	{
77	printf("regular expression error: %s at offset %d "	79	uschar errbuf[128];
78	"while compiling %s\n", error, offset, buffer);	80	pcre2_get_error_message(err, errbuf, sizeof(errbuf));
		81	printf("regular expression error: %s at offset %ld "
		82	"while compiling %s\n", errbuf, (long)offset, buffer);
79	exit(99);	83	exit(99);
80	}	84	}
81	}	85	}
Lines 95-101 Link Here
95	if (i == 0)	99	if (i == 0)
96	{	100	{
97	stripchart_number += count;	101	stripchart_number += count;
98	stripchart_regex = (pcre *)store_malloc(stripchart_number sizeof(pcre *));	102	stripchart_regex = (pcre2_code *)store_malloc(stripchart_number sizeof(pcre2_code *));
99	stripchart_title = (uschar *)store_malloc(stripchart_number sizeof(uschar *));	103	stripchart_title = (uschar *)store_malloc(stripchart_number sizeof(uschar *));
100	}	104	}
101	}	105	}
Lines 109-148 Link Here
109	void init(int argc, uschar **argv)	113	void init(int argc, uschar **argv)
110	{	114	{
111	int x;	115	int x;
112	int erroroffset;	116	size_t erroroffset;
113	uschar *s;	117	uschar *s;
114	const uschar *error;
115		118
116	argc = argc; /* These are currently unused. */	119	argc = argc; /* These are currently unused. */
117	argv = argv;	120	argv = argv;
118		121
119	/* Deal with simple values in the environment. */	122	/* Deal with simple values in the environment. */
120		123
121	s = US getenv("ACTION_OUTPUT");	124	if ((s = US getenv("ACTION_OUTPUT")))
122	if (s != NULL)
123	{	125	{
124	if (Ustrcmp(s, "no") == 0) action_output = FALSE;	126	if (Ustrcmp(s, "no") == 0) action_output = FALSE;
125	if (Ustrcmp(s, "yes") == 0) action_output = TRUE;	127	if (Ustrcmp(s, "yes") == 0) action_output = TRUE;
126	}	128	}
127		129
128	s = US getenv("ACTION_QUEUE_UPDATE");	130	if ((s = US getenv("ACTION_QUEUE_UPDATE")))
129	if (s != NULL)
130	{	131	{
131	if (Ustrcmp(s, "no") == 0) action_queue_update = FALSE;	132	if (Ustrcmp(s, "no") == 0) action_queue_update = FALSE;
132	if (Ustrcmp(s, "yes") == 0) action_queue_update = TRUE;	133	if (Ustrcmp(s, "yes") == 0) action_queue_update = TRUE;
133	}	134	}
134		135
135	s = US getenv("BODY_MAX");	136	s = US getenv("BODY_MAX");
136	if (s != NULL && (x = Uatoi(s)) != 0) body_max = x;	137	if (s && (x = Uatoi(s)) != 0) body_max = x;
137		138
138	s = US getenv("EXIM_PATH");	139	if ((s = US getenv("EXIM_PATH")))
139	if (s != NULL) exim_path = string_copy(s);	140	exim_path = string_copy(s);
140		141
141	s = US getenv("EXIMON_EXIM_CONFIG");	142	if ((s = US getenv("EXIMON_EXIM_CONFIG")))
142	if (s != NULL) alternate_config = string_copy(s);	143	alternate_config = string_copy(s);
143		144
144	s = US getenv("LOG_BUFFER");	145	if ((s = US getenv("LOG_BUFFER")))
145	if (s != NULL)
146	{	146	{
147	uschar c[1];	147	uschar c[1];
148	if (sscanf(CS s, "%d%c", &x, c) > 0)	148	if (sscanf(CS s, "%d%c", &x, c) > 0)
Lines 154-216 Link Here
154	}	154	}
155		155
156	s = US getenv("LOG_DEPTH");	156	s = US getenv("LOG_DEPTH");
157	if (s != NULL && (x = Uatoi(s)) != 0) log_depth = x;	157	if (s && (x = Uatoi(s)) != 0) log_depth = x;
158		158
159	s = US getenv("LOG_FILE_NAME");	159	if ((s = US getenv("LOG_FILE_NAME")))
160	if (s != NULL) log_file = string_copy(s);	160	log_file = string_copy(s);
161		161
162	s = US getenv("LOG_FONT");	162	if ((s = US getenv("LOG_FONT")))
163	if (s != NULL) log_font = string_copy(s);	163	log_font = string_copy(s);
164		164
165	s = US getenv("LOG_WIDTH");	165	s = US getenv("LOG_WIDTH");
166	if (s != NULL && (x = Uatoi(s)) != 0) log_width = x;	166	if (s && (x = Uatoi(s)) != 0) log_width = x;
167		167
168	s = US getenv("MENU_EVENT");	168	if ((s = US getenv("MENU_EVENT")))
169	if (s != NULL) menu_event = string_copy(s);	169	menu_event = string_copy(s);
170		170
171	s = US getenv("MIN_HEIGHT");	171	s = US getenv("MIN_HEIGHT");
172	if (s != NULL && (x = Uatoi(s)) > 0) min_height = x;	172	if (s && (x = Uatoi(s)) > 0) min_height = x;
173		173
174	s = US getenv("MIN_WIDTH");	174	s = US getenv("MIN_WIDTH");
175	if (s != NULL && (x = Uatoi(s)) > 0) min_width = x;	175	if (s && (x = Uatoi(s)) > 0) min_width = x;
176		176
177	s = US getenv("QUALIFY_DOMAIN");	177	if ((s = US getenv("QUALIFY_DOMAIN")))
178	if (s != NULL) qualify_domain = string_copy(s);	178	qualify_domain = string_copy(s);
179	else qualify_domain = US""; /* Don't want NULL */	179	else
		180	qualify_domain = US""; /* Don't want NULL */
180		181
181	s = US getenv("QUEUE_DEPTH");	182	s = US getenv("QUEUE_DEPTH");
182	if (s != NULL && (x = Uatoi(s)) != 0) queue_depth = x;	183	if (s && (x = Uatoi(s)) != 0) queue_depth = x;
183		184
184	s = US getenv("QUEUE_FONT");	185	if ((s = US getenv("QUEUE_FONT")))
185	if (s != NULL) queue_font = string_copy(s);	186	queue_font = string_copy(s);
186		187
187	s = US getenv("QUEUE_INTERVAL");	188	s = US getenv("QUEUE_INTERVAL");
188	if (s != NULL && (x = Uatoi(s)) != 0) queue_update = x;	189	if (s && (x = Uatoi(s)) != 0) queue_update = x;
189		190
190	s = US getenv("QUEUE_MAX_ADDRESSES");	191	s = US getenv("QUEUE_MAX_ADDRESSES");
191	if (s != NULL && (x = Uatoi(s)) != 0) queue_max_addresses = x;	192	if (s && (x = Uatoi(s)) != 0) queue_max_addresses = x;
192		193
193	s = US getenv("QUEUE_WIDTH");	194	s = US getenv("QUEUE_WIDTH");
194	if (s != NULL && (x = Uatoi(s)) != 0) queue_width = x;	195	if (s && (x = Uatoi(s)) != 0) queue_width = x;
195		196
196	s = US getenv("SPOOL_DIRECTORY");	197	if ((s = US getenv("SPOOL_DIRECTORY")))
197	if (s != NULL) spool_directory = string_copy(s);	198	spool_directory = string_copy(s);
198		199
199	s = US getenv("START_SMALL");	200	s = US getenv("START_SMALL");
200	if (s != NULL && Ustrcmp(s, "yes") == 0) start_small = 1;	201	if (s && Ustrcmp(s, "yes") == 0) start_small = 1;
201		202
202	s = US getenv("TEXT_DEPTH");	203	s = US getenv("TEXT_DEPTH");
203	if (s != NULL && (x = Uatoi(s)) != 0) text_depth = x;	204	if (s && (x = Uatoi(s)) != 0) text_depth = x;
204		205
205	s = US getenv("WINDOW_TITLE");	206	if ((s = US getenv("WINDOW_TITLE")))
206	if (s != NULL) window_title = string_copy(s);	207	window_title = string_copy(s);
207		208
208	/* Deal with stripchart configuration. First see if we are monitoring	209	/* Deal with stripchart configuration. First see if we are monitoring
209	the size of a partition, then deal with log stripcharts in a separate	210	the size of a partition, then deal with log stripcharts in a separate
210	function */	211	function */
211		212
212	s = US getenv("SIZE_STRIPCHART");	213	s = US getenv("SIZE_STRIPCHART");
213	if (s != NULL && *s != 0)	214	if (s && *s)
214	{	215	{
215	stripchart_number++;	216	stripchart_number++;
216	stripchart_varstart++;	217	stripchart_varstart++;
Lines 219-237 Link Here
219	if (s != NULL && *s != 0) size_stripchart_name = string_copy(s);	220	if (s != NULL && *s != 0) size_stripchart_name = string_copy(s);
220	}	221	}
221		222
222	s = US getenv("LOG_STRIPCHARTS");	223	if ((s = US getenv("LOG_STRIPCHARTS")))
223	if (s != NULL) decode_stripchart_config(s);	224	decode_stripchart_config(s);
224		225
225	s = US getenv("STRIPCHART_INTERVAL");	226	s = US getenv("STRIPCHART_INTERVAL");
226	if (s != NULL && (x = Uatoi(s)) != 0) stripchart_update = x;	227	if (s && (x = Uatoi(s)) != 0) stripchart_update = x;
227		228
228	s = US getenv("QUEUE_STRIPCHART_NAME");	229	s = US getenv("QUEUE_STRIPCHART_NAME");
229	queue_stripchart_name = (s != NULL)? string_copy(s) : US"queue";	230	queue_stripchart_name = s ? string_copy(s) : US"queue";
230		231
231	/* Compile the regex for matching yyyy-mm-dd at the start of a string. */	232	/* Compile the regex for matching yyyy-mm-dd at the start of a string. */
232		233
233	yyyymmdd_regex = pcre_compile("^\\d{4}-\\d\\d-\\d\\d\\s", PCRE_COPT,	234	yyyymmdd_regex = pcre2_compile((PCRE2_SPTR)"^\\d{4}-\\d\\d-\\d\\d\\s",
234	CCSS &error, &erroroffset, NULL);	235	PCRE2_ZERO_TERMINATED, PCRE_COPT, &x, &erroroffset, NULL);
235	}	236	}
236		237
237	/* End of em_init.c */	238	/* End of em_init.c */

Lines 3-8 Link Here

(-)exim.orig/exim_monitor/em_log.c (-13 / +13 lines)
3	*************************************************/	3	*************************************************/
4		4
5	/* Copyright (c) University of Cambridge 1995 - 2018 */	5	/* Copyright (c) University of Cambridge 1995 - 2018 */
		6	/* Copyright (c) The Exim Maintainters 2021 - 2022 */
6	/* See the file NOTICE for conditions of use and distribution. */	7	/* See the file NOTICE for conditions of use and distribution. */
7		8
8	/* This module contains code for scanning the main log,	9	/* This module contains code for scanning the main log,
Lines 229-235 Link Here
229	uschar *p = buffer;	230	uschar *p = buffer;
230	rmark reset_point;	231	rmark reset_point;
231	int length = Ustrlen(buffer);	232	int length = Ustrlen(buffer);
232	int i;	233	pcre2_match_data * md = pcre2_match_data_create(1, NULL);
233		234
234	/* Skip totally blank lines (paranoia: there shouldn't be any) */	235	/* Skip totally blank lines (paranoia: there shouldn't be any) */
235		236
Lines 246-272 Link Here
246	stripchart is the queue length, which is handled elsewhere, and the	247	stripchart is the queue length, which is handled elsewhere, and the
247	1st may the a size monitor. */	248	1st may the a size monitor. */
248		249
249	for (i = stripchart_varstart; i < stripchart_number; i++)	250	for (int i = stripchart_varstart; i < stripchart_number; i++)
250	{	251	if (pcre2_match(stripchart_regex[i], (PCRE2_SPTR)buffer, length,
251	if (pcre_exec(stripchart_regex[i], NULL, CS buffer, length, 0, PCRE_EOPT,	252	0, PCRE_EOPT, md, NULL) >= 0)
252	NULL, 0) >= 0)
253	stripchart_total[i]++;	253	stripchart_total[i]++;
254	}
255		254
256	/* Munge the log entry and display shortened form on one line.	255	/* Munge the log entry and display shortened form on one line.
257	We omit the date and show only the time. Remove any time zone offset.	256	We omit the date and show only the time. Remove any time zone offset.
258	Take note of the presence of [pid]. */	257	Take note of the presence of [pid]. */
259		258
260	if (pcre_exec(yyyymmdd_regex,NULL,CS buffer,length,0,PCRE_EOPT,NULL,0) >= 0)	259	if (pcre2_match(yyyymmdd_regex, (PCRE2_SPTR) buffer, length, 0, PCRE_EOPT,
		260	md, NULL) >= 0)
261	{	261	{
262	int pidlength = 0;	262	int pidlength = 0;
263	if ((buffer[20] == '+' \|\| buffer[20] == '-') &&	263	if ( (buffer[20] == '+' \|\| buffer[20] == '-')
264	isdigit(buffer[21]) && buffer[25] == ' ')	264	&& isdigit(buffer[21]) && buffer[25] == ' ')
265	memmove(buffer + 20, buffer + 26, Ustrlen(buffer + 26) + 1);	265	memmove(buffer + 20, buffer + 26, Ustrlen(buffer + 26) + 1);
266	if (buffer[20] == '[')	266	if (buffer[20] == '[')
267	{	267	while (Ustrchr("[]0123456789", buffer[20+pidlength++]) != NULL)
268	while (Ustrchr("[]0123456789", buffer[20+pidlength++]) != NULL);	268	;
269	}
270	id = string_copyn(buffer + 20 + pidlength, MESSAGE_ID_LENGTH);	269	id = string_copyn(buffer + 20 + pidlength, MESSAGE_ID_LENGTH);
271	show_log("%s", buffer+11);	270	show_log("%s", buffer+11);
272	}	271	}
Lines 275-280 Link Here
275	id = US"";	274	id = US"";
276	show_log("%s", buffer);	275	show_log("%s", buffer);
277	}	276	}
		277	pcre2_match_data_free(md);
278		278
279	/* Deal with frozen and unfrozen messages */	279	/* Deal with frozen and unfrozen messages */
280		280
Lines 292-298 Link Here
292	if ((p = Ustrstr(buffer, "==")) != NULL)	292	if ((p = Ustrstr(buffer, "==")) != NULL)
293	{	293	{
294	queue_item *qq = find_queue(id, queue_noop, 0);	294	queue_item *qq = find_queue(id, queue_noop, 0);
295	if (qq != NULL)	295	if (qq)
296	{	296	{
297	dest_item *d;	297	dest_item *d;
298	uschar q, r;	298	uschar q, r;

Lines 3-8 Link Here

(-)exim.orig/exim_monitor/em_main.c (-37 / +46 lines)
3	*************************************************/	3	*************************************************/
4		4
5	/* Copyright (c) University of Cambridge 1995 - 2018 */	5	/* Copyright (c) University of Cambridge 1995 - 2018 */
		6	/* Copyright (c) The Exim Maintainers 2021 - 2022 */
6	/* See the file NOTICE for conditions of use and distribution. */	7	/* See the file NOTICE for conditions of use and distribution. */
7		8
8		9
Lines 173-180 Link Here
173	vfprintf(stderr, format, ap);	174	vfprintf(stderr, format, ap);
174	fprintf(stderr, "\n");	175	fprintf(stderr, "\n");
175	va_end(ap);	176	va_end(ap);
176	selector = selector; /* Keep picky compilers happy */
177	flags = flags;
178	}	177	}
179		178
180		179
Lines 198-216 Link Here
198	*/	197	*/
199		198
200	int	199	int
201	host_address_extract_port(uschar *address)	200	host_address_extract_port(uschar * address)
202	{	201	{
203	int skip = -3; /* Skip 3 dots in IPv4 addresses */	202	int port = 0;
204	address--;	203	uschar *endptr;
205	while (*(++address) != 0)	204
206	{	205	/* Handle the "bracketed with colon on the end" format */
207	int ch = *address;	206
208	if (ch == ':') skip = 0; /* Skip 0 dots in IPv6 addresses */	207	if (*address == '[')
209	else if (ch == '.' && skip++ >= 0) break;	208	{
210	}	209	uschar *rb = address + 1;
211	if (*address == 0) return 0;	210	while (rb != 0 && rb != ']') rb++;
212	*address++ = 0;	211	if (rb++ == 0) return 0; / Missing ]; leave invalid address */
213	return Uatoi(address);	212	if (*rb == ':')
		213	{
		214	port = Ustrtol(rb + 1, &endptr, 10);
		215	if (endptr != 0) return 0; / Invalid port; leave invalid address */
		216	}
		217	else if (rb != 0) return 0; / Bad syntax; leave invalid address */
		218	memmove(address, address + 1, rb - address - 2);
		219	rb[-2] = 0;
		220	}
		221
		222	/* Handle the "dot on the end" format */
		223
		224	else
		225	{
		226	int skip = -3; /* Skip 3 dots in IPv4 addresses */
		227	address--;
		228	while (*(++address) != 0)
		229	{
		230	int ch = *address;
		231	if (ch == ':') skip = 0; /* Skip 0 dots in IPv6 addresses */
		232	else if (ch == '.' && skip++ >= 0) break;
		233	}
		234	if (*address == 0) return 0;
		235	port = Ustrtol(address + 1, &endptr, 10);
		236	if (endptr != 0) return 0; / Invalid port; leave invalid address */
		237	*address = 0;
		238	}
		239
		240	return port;
214	}	241	}
215		242
216		243
Lines 240-248 Link Here
240		267
241	void updateAction(Widget w, XtPointer client_data, XtPointer call_data)	268	void updateAction(Widget w, XtPointer client_data, XtPointer call_data)
242	{	269	{
243	w = w; /* Keep picky compilers happy */
244	client_data = client_data;
245	call_data = call_data;
246	scan_spool_input(TRUE);	270	scan_spool_input(TRUE);
247	queue_display();	271	queue_display();
248	tick_queue_accumulator = 0;	272	tick_queue_accumulator = 0;
Lines 250-258 Link Here
250		274
251	void hideAction(Widget w, XtPointer client_data, XtPointer call_data)	275	void hideAction(Widget w, XtPointer client_data, XtPointer call_data)
252	{	276	{
253	w = w; /* Keep picky compilers happy */
254	client_data = client_data;
255	call_data = call_data;
256	actioned_message[0] = 0;	277	actioned_message[0] = 0;
257	dialog_ref_widget = w;	278	dialog_ref_widget = w;
258	dialog_action = da_hide;	279	dialog_action = da_hide;
Lines 263-273 Link Here
263	{	284	{
264	skip_item *sk = queue_skip;	285	skip_item *sk = queue_skip;
265		286
266	w = w; /* Keep picky compilers happy */	287	while (sk)
267	client_data = client_data;
268	call_data = call_data;
269
270	while (sk != NULL)
271	{	288	{
272	skip_item *next = sk->next;	289	skip_item *next = sk->next;
273	store_free(sk);	290	store_free(sk);
Lines 285-293 Link Here
285		302
286	void quitAction(Widget w, XtPointer client_data, XtPointer call_data)	303	void quitAction(Widget w, XtPointer client_data, XtPointer call_data)
287	{	304	{
288	w = w; /* Keep picky compilers happy */
289	client_data = client_data;
290	call_data = call_data;
291	exit(0);	305	exit(0);
292	}	306	}
293		307
Lines 318-327 Link Here
318	XWindowAttributes a;	332	XWindowAttributes a;
319	Window w = XtWindow(toplevel_widget);	333	Window w = XtWindow(toplevel_widget);
320		334
321	button = button; /* Keep picky compilers happy */
322	client_data = client_data;
323	call_data = call_data;
324
325	/* Get the position and size of the top level widget. */	335	/* Get the position and size of the top level widget. */
326		336
327	sizepos_args[0].value = (XtArgVal)(&width);	337	sizepos_args[0].value = (XtArgVal)(&width);
Lines 473-481 Link Here
473	tick_stripchart_accumulator += tick_interval;	483	tick_stripchart_accumulator += tick_interval;
474	read_log();	484	read_log();
475		485
476	pt = pt; /* Keep picky compilers happy */
477	i = i;
478
479	/* If we have passed the queue update time, we must do a full	486	/* If we have passed the queue update time, we must do a full
480	scan of the queue, checking for new arrivals, etc. This will	487	scan of the queue, checking for new arrivals, etc. This will
481	as a by-product set the count of items for use by the stripchart	488	as a by-product set the count of items for use by the stripchart
Lines 592-598 Link Here
592	* Initialize *	599	* Initialize *
593	*************************************************/	600	*************************************************/
594		601
595	int main(int argc, char **argv)	602	int
		603	main(int argc, char **argv)
596	{	604	{
597	int i;	605	int i;
598	struct stat statdata;	606	struct stat statdata;
Lines 613-619 Link Here
613	constructing file names and things. This call will initialize	621	constructing file names and things. This call will initialize
614	the store_get() function. */	622	the store_get() function. */
615		623
616	big_buffer = store_get(big_buffer_size, FALSE);	624	store_init();
		625	big_buffer = store_get(big_buffer_size, GET_UNTAINTED);
617		626
618	/* Set up the version string and date and output them */	627	/* Set up the version string and date and output them */
619		628

Lines 3-8 Link Here

(-)exim.orig/exim_monitor/em_menu.c (-112 / +48 lines)
3	*************************************************/	3	*************************************************/
4		4
5	/* Copyright (c) University of Cambridge 1995 - 2018 */	5	/* Copyright (c) University of Cambridge 1995 - 2018 */
		6	/* Copyright (c) The Exim Maintainers 2021 */
6	/* See the file NOTICE for conditions of use and distribution. */	7	/* See the file NOTICE for conditions of use and distribution. */
7		8
8		9
Lines 115-124 Link Here
115	* Destroy the menu when popped down *	116	* Destroy the menu when popped down *
116	*************************************************/	117	*************************************************/
117		118
118	static void popdownAction(Widget w, XtPointer client_data, XtPointer call_data)	119	static void
		120	popdownAction(Widget w, XtPointer client_data, XtPointer call_data)
119	{	121	{
120	client_data = client_data; /* Keep picky compilers happy */
121	call_data = call_data;
122	if (highlighted_x >= 0)	122	if (highlighted_x >= 0)
123	XawTextSinkDisplayText(queue_text_sink,	123	XawTextSinkDisplayText(queue_text_sink,
124	highlighted_x, highlighted_y,	124	highlighted_x, highlighted_y,
Lines 136-152 Link Here
136	static void	136	static void
137	msglogAction(Widget w, XtPointer client_data, XtPointer call_data)	137	msglogAction(Widget w, XtPointer client_data, XtPointer call_data)
138	{	138	{
139	int i;
140	Widget text = text_create(US client_data, text_depth);	139	Widget text = text_create(US client_data, text_depth);
141	uschar * fname = NULL;	140	uschar * fname = NULL;
142	FILE * f = NULL;	141	FILE * f = NULL;
143		142
144	w = w; /* Keep picky compilers happy */
145	call_data = call_data;
146
147	/* End up with the split version, so message looks right when non-exist */	143	/* End up with the split version, so message looks right when non-exist */
148		144
149	for (i = 0; i < (spool_is_split ? 2:1); i++)	145	for (int i = 0; i < (spool_is_split ? 2:1); i++)
150	{	146	{
151	message_subdir[0] = i != 0 ? (US client_data)[5] : 0;	147	message_subdir[0] = i != 0 ? (US client_data)[5] : 0;
152	fname = spool_fname(US"msglog", message_subdir, US client_data, US"");	148	fname = spool_fname(US"msglog", message_subdir, US client_data, US"");
Lines 173-186 Link Here
173	static void	169	static void
174	bodyAction(Widget w, XtPointer client_data, XtPointer call_data)	170	bodyAction(Widget w, XtPointer client_data, XtPointer call_data)
175	{	171	{
176	int i;
177	Widget text = text_create(US client_data, text_depth);	172	Widget text = text_create(US client_data, text_depth);
178	FILE *f = NULL;	173	FILE *f = NULL;
179		174
180	w = w; /* Keep picky compilers happy */	175	for (int i = 0; i < (spool_is_split? 2:1); i++)
181	call_data = call_data;
182
183	for (i = 0; i < (spool_is_split? 2:1); i++)
184	{	176	{
185	uschar * fname;	177	uschar * fname;
186	message_subdir[0] = i != 0 ? (US client_data)[5] : 0;	178	message_subdir[0] = i != 0 ? (US client_data)[5] : 0;
Lines 189-195 Link Here
189	break;	181	break;
190	}	182	}
191		183
192	if (f == NULL)	184	if (!f)
193	text_showf(text, "Failed to open file: %s\n", strerror(errno));	185	text_showf(text, "Failed to open file: %s\n", strerror(errno));
194	else	186	else
195	{	187	{
Lines 221-227 Link Here
221	the command whether we want the output or not, so the pipe has to be set up in	213	the command whether we want the output or not, so the pipe has to be set up in
222	all cases. */	214	all cases. */
223		215
224	static void ActOnMessage(uschar id, uschar action, uschar *address_arg)	216	static void
		217	ActOnMessage(uschar id, uschar action, uschar *address_arg)
225	{	218	{
226	int pid;	219	int pid;
227	int pipe_fd[2];	220	int pipe_fd[2];
Lines 407-447 Link Here
407	* Cause a message to be delivered *	400	* Cause a message to be delivered *
408	*************************************************/	401	*************************************************/
409		402
410	static void deliverAction(Widget w, XtPointer client_data, XtPointer call_data)	403	static void
		404	deliverAction(Widget w, XtPointer client_data, XtPointer call_data)
411	{	405	{
412	w = w; /* Keep picky compilers happy */
413	call_data = call_data;
414	ActOnMessage(US client_data, US"-v -M", US"");	406	ActOnMessage(US client_data, US"-v -M", US"");
415	}	407	}
416		408
417
418
419	/*************************************************	409	/*************************************************
420	* Cause a message to be Frozen *	410	* Cause a message to be Frozen *
421	*************************************************/	411	*************************************************/
422		412
423	static void freezeAction(Widget w, XtPointer client_data, XtPointer call_data)	413	static void
		414	freezeAction(Widget w, XtPointer client_data, XtPointer call_data)
424	{	415	{
425	w = w; /* Keep picky compilers happy */
426	call_data = call_data;
427	ActOnMessage(US client_data, US"-Mf", US"");	416	ActOnMessage(US client_data, US"-Mf", US"");
428	}	417	}
429		418
430
431
432	/*************************************************	419	/*************************************************
433	* Cause a message to be thawed *	420	* Cause a message to be thawed *
434	*************************************************/	421	*************************************************/
435		422
436	static void thawAction(Widget w, XtPointer client_data, XtPointer call_data)	423	static void
		424	thawAction(Widget w, XtPointer client_data, XtPointer call_data)
437	{	425	{
438	w = w; /* Keep picky compilers happy */
439	call_data = call_data;
440	ActOnMessage(US client_data, US"-Mt", US"");	426	ActOnMessage(US client_data, US"-Mt", US"");
441	}	427	}
442		428
443
444
445	/*************************************************	429	/*************************************************
446	* Take action using dialog data *	430	* Take action using dialog data *
447	*************************************************/	431	*************************************************/
Lines 450-474 Link Here
450	in. It is global because it is set up in the action table at	434	in. It is global because it is set up in the action table at
451	start-up time. If the string is empty, do nothing. */	435	start-up time. If the string is empty, do nothing. */
452		436
453	XtActionProc dialogAction(Widget w, XEvent event, String ss, Cardinal *c)	437	XtActionProc
		438	dialogAction(Widget w, XEvent event, String ss, Cardinal *c)
454	{	439	{
455	uschar *s = US XawDialogGetValueString(dialog_widget);	440	uschar *s = US XawDialogGetValueString(dialog_widget);
456		441
457	w = w; /* Keep picky compilers happy */
458	event = event;
459	ss = ss;
460	c = c;
461
462	XtPopdown((Widget)dialog_shell);	442	XtPopdown((Widget)dialog_shell);
463	XtDestroyWidget((Widget)dialog_shell);	443	XtDestroyWidget((Widget)dialog_shell);
464	while (isspace(*s)) s++;	444	while (isspace(*s)) s++;
465	if (s[0] != 0)	445	if (s[0] != 0)
466	{
467	if (actioned_message[0] != 0)	446	if (actioned_message[0] != 0)
468	ActOnMessage(actioned_message, action_required, s);	447	ActOnMessage(actioned_message, action_required, s);
469	else	448	else
470	NonMessageDialogue(s); /* When called from somewhere else */	449	NonMessageDialogue(s); /* When called from somewhere else */
471	}
472	return NULL;	450	return NULL;
473	}	451	}
474		452
Lines 482-488 Link Here
482	be done to the application until the box is filled in. This	460	be done to the application until the box is filled in. This
483	function is also used by the Hide button handler. */	461	function is also used by the Hide button handler. */
484		462
485	void create_dialog(uschar label, uschar value)	463	void
		464	create_dialog(uschar label, uschar value)
486	{	465	{
487	Arg warg[4];	466	Arg warg[4];
488	Dimension x, y, xx, yy;	467	Dimension x, y, xx, yy;
Lines 544-552 Link Here
544	}	523	}
545		524
546		525
547
548
549
550	/*************************************************	526	/*************************************************
551	* Cause a recipient to be added *	527	* Cause a recipient to be added *
552	*************************************************/	528	*************************************************/
Lines 554-563 Link Here
554	/* This just sets up the dialog box; the action happens when it has been filled	530	/* This just sets up the dialog box; the action happens when it has been filled
555	in. */	531	in. */
556		532
557	static void addrecipAction(Widget w, XtPointer client_data, XtPointer call_data)	533	static void
		534	addrecipAction(Widget w, XtPointer client_data, XtPointer call_data)
558	{	535	{
559	w = w; /* Keep picky compilers happy */
560	call_data = call_data;
561	Ustrncpy(actioned_message, client_data, 24);	536	Ustrncpy(actioned_message, client_data, 24);
562	actioned_message[23] = '\0';	537	actioned_message[23] = '\0';
563	action_required = US"-Mar";	538	action_required = US"-Mar";
Lines 565-580 Link Here
565	create_dialog(US"Recipient address to add?", US"");	540	create_dialog(US"Recipient address to add?", US"");
566	}	541	}
567		542
568
569
570	/*************************************************	543	/*************************************************
571	* Cause an address to be marked delivered *	544	* Cause an address to be marked delivered *
572	*************************************************/	545	*************************************************/
573		546
574	static void markdelAction(Widget w, XtPointer client_data, XtPointer call_data)	547	static void
		548	markdelAction(Widget w, XtPointer client_data, XtPointer call_data)
575	{	549	{
576	w = w; /* Keep picky compilers happy */
577	call_data = call_data;
578	Ustrncpy(actioned_message, client_data, 24);	550	Ustrncpy(actioned_message, client_data, 24);
579	actioned_message[23] = '\0';	551	actioned_message[23] = '\0';
580	action_required = US"-Mmd";	552	action_required = US"-Mmd";
Lines 582-611 Link Here
582	create_dialog(US"Recipient address to mark delivered?", US"");	554	create_dialog(US"Recipient address to mark delivered?", US"");
583	}	555	}
584		556
585
586	/*************************************************	557	/*************************************************
587	* Cause all addresses to be marked delivered *	558	* Cause all addresses to be marked delivered *
588	*************************************************/	559	*************************************************/
589		560
590	static void markalldelAction(Widget w, XtPointer client_data, XtPointer call_data)	561	static void
		562	markalldelAction(Widget w, XtPointer client_data, XtPointer call_data)
591	{	563	{
592	w = w; /* Keep picky compilers happy */
593	call_data = call_data;
594	ActOnMessage(US client_data, US"-Mmad", US"");	564	ActOnMessage(US client_data, US"-Mmad", US"");
595	}	565	}
596		566
597
598	/*************************************************	567	/*************************************************
599	* Edit the message's sender *	568	* Edit the message's sender *
600	*************************************************/	569	*************************************************/
601		570
602	static void editsenderAction(Widget w, XtPointer client_data,	571	static void
603	XtPointer call_data)	572	editsenderAction(Widget w, XtPointer client_data, XtPointer call_data)
604	{	573	{
605	queue_item *q;	574	queue_item *q;
606	uschar *sender;	575	uschar *sender;
607	w = w; /* Keep picky compilers happy */	576
608	call_data = call_data;
609	Ustrncpy(actioned_message, client_data, 24);	577	Ustrncpy(actioned_message, client_data, 24);
610	actioned_message[23] = '\0';	578	actioned_message[23] = '\0';
611	q = find_queue(actioned_message, queue_noop, 0);	579	q = find_queue(actioned_message, queue_noop, 0);
Lines 615-661 Link Here
615	create_dialog(US"New sender address?", sender);	583	create_dialog(US"New sender address?", sender);
616	}	584	}
617		585
618
619	/*************************************************	586	/*************************************************
620	* Cause a message to be returned to sender *	587	* Cause a message to be returned to sender *
621	*************************************************/	588	*************************************************/
622		589
623	static void giveupAction(Widget w, XtPointer client_data, XtPointer call_data)	590	static void
		591	giveupAction(Widget w, XtPointer client_data, XtPointer call_data)
624	{	592	{
625	w = w; /* Keep picky compilers happy */
626	call_data = call_data;
627	ActOnMessage(US client_data, US"-v -Mg", US"");	593	ActOnMessage(US client_data, US"-v -Mg", US"");
628	}	594	}
629		595
630
631
632	/*************************************************	596	/*************************************************
633	* Cause a message to be cancelled *	597	* Cause a message to be cancelled *
634	*************************************************/	598	*************************************************/
635		599
636	static void removeAction(Widget w, XtPointer client_data, XtPointer call_data)	600	static void
		601	removeAction(Widget w, XtPointer client_data, XtPointer call_data)
637	{	602	{
638	w = w; /* Keep picky compilers happy */
639	call_data = call_data;
640	ActOnMessage(US client_data, US"-Mrm", US"");	603	ActOnMessage(US client_data, US"-Mrm", US"");
641	}	604	}
642		605
643
644
645	/*************************************************	606	/*************************************************
646	* Display a message's headers *	607	* Display a message's headers *
647	*************************************************/	608	*************************************************/
648		609
649	static void headersAction(Widget w, XtPointer client_data, XtPointer call_data)	610	static void
		611	headersAction(Widget w, XtPointer client_data, XtPointer call_data)
650	{	612	{
651	uschar buffer[256];	613	uschar buffer[256];
652	header_line h, next;
653	Widget text = text_create(US client_data, text_depth);	614	Widget text = text_create(US client_data, text_depth);
654	rmark reset_point;	615	rmark reset_point;
655		616
656	w = w; /* Keep picky compilers happy */
657	call_data = call_data;
658
659	/* Remember the point in the dynamic store so we can recover to it afterwards.	617	/* Remember the point in the dynamic store so we can recover to it afterwards.
660	Then use Exim's function to read the header. */	618	Then use Exim's function to read the header. */
661		619
Lines 678-703 Link Here
678	return;	636	return;
679	}	637	}
680		638
681	if (sender_address != NULL)	639	if (sender_address)
682	{
683	text_showf(text, "%s sender: <%s>\n", f.sender_local ? "Local" : "Remote",	640	text_showf(text, "%s sender: <%s>\n", f.sender_local ? "Local" : "Remote",
684	sender_address);	641	sender_address);
685	}
686		642
687	if (recipients_list != NULL)	643	if (recipients_list)
688	{	644	{
689	int i;
690	text_show(text, US"Recipients:\n");	645	text_show(text, US"Recipients:\n");
691	for (i = 0; i < recipients_count; i++)	646	for (int i = 0; i < recipients_count; i++)
692	{
693	text_showf(text, " %s %s\n",	647	text_showf(text, " %s %s\n",
694	(tree_search(tree_nonrecipients, recipients_list[i].address) == NULL)?	648	tree_search(tree_nonrecipients, recipients_list[i].address)
695	" ":"*", recipients_list[i].address);	649	? "*" : " ",
696	}	650	recipients_list[i].address);
697	text_show(text, US"\n");	651	text_show(text, US"\n");
698	}	652	}
699		653
700	for (h = header_list; h != NULL; h = next)	654	for (header_line * next, * h = header_list; h; h = next)
701	{	655	{
702	next = h->next;	656	next = h->next;
703	text_showf(text, "%c ", h->type); /* Don't push h->text through a %s */	657	text_showf(text, "%c ", h->type); /* Don't push h->text through a %s */
Lines 707-726 Link Here
707	store_reset(reset_point);	661	store_reset(reset_point);
708	}	662	}
709		663
710
711
712
713	/*************************************************	664	/*************************************************
714	* Dismiss a text window *	665	* Dismiss a text window *
715	*************************************************/	666	*************************************************/
716		667
717	static void dismissAction(Widget w, XtPointer client_data, XtPointer call_data)	668	static void
		669	dismissAction(Widget w, XtPointer client_data, XtPointer call_data)
718	{	670	{
719	pipe_item *p = pipe_chain;
720
721	w = w; /* Keep picky compilers happy */
722	call_data = call_data;
723
724	XtPopdown((Widget)client_data);	671	XtPopdown((Widget)client_data);
725	XtDestroyWidget((Widget)client_data);	672	XtDestroyWidget((Widget)client_data);
726		673
Lines 729-744 Link Here
729	to search the parents of the saved widget to see if one of them	676	to search the parents of the saved widget to see if one of them
730	is what we have just destroyed. */	677	is what we have just destroyed. */
731		678
732	while (p != NULL)	679	for (pipe_item * p = pipe_chain; p; p = p->next)
733	{	680	for (Widget pp = p->widget; pp; pp = XtParent(pp))
734	Widget pp = p->widget;
735	while (pp != NULL)
736	{
737	if (pp == (Widget)client_data) { p->widget = NULL; return; }	681	if (pp == (Widget)client_data) { p->widget = NULL; return; }
738	pp = XtParent(pp);
739	}
740	p = p->next;
741	}
742	}	682	}
743		683
744		684
Lines 747-753 Link Here
747	* Set up popup text window *	687	* Set up popup text window *
748	*************************************************/	688	*************************************************/
749		689
750	static Widget text_create(uschar *name, int height)	690	static Widget
		691	text_create(uschar *name, int height)
751	{	692	{
752	Widget textshell, form, text, button;	693	Widget textshell, form, text, button;
753		694
Lines 798-806 Link Here
798	return text;	739	return text;
799	}	740	}
800		741
801
802
803
804	/*************************************************	742	/*************************************************
805	* Set up menu in queue window *	743	* Set up menu in queue window *
806	*************************************************/	744	*************************************************/
Lines 808-814 Link Here
808	/* We have added an action table that causes this function to	746	/* We have added an action table that causes this function to
809	be called, and set up button 2 in the text widgets to call it. */	747	be called, and set up button 2 in the text widgets to call it. */
810		748
811	void menu_create(Widget w, XEvent event, String actargs, Cardinal *count)	749	void
		750	menu_create(Widget w, XEvent event, String actargs, Cardinal *count)
812	{	751	{
813	int line;	752	int line;
814	int i;	753	int i;
Lines 824-832 Link Here
824	<BtnUp>: MenuPopdown()notify()unhighlight()\n\	763	<BtnUp>: MenuPopdown()notify()unhighlight()\n\
825	");	764	");
826		765
827	actargs = actargs; /* Keep picky compilers happy */
828	count = count;
829
830	/* Get the sink and source and the current text pointer */	766	/* Get the sink and source and the current text pointer */
831		767
832	queue_get_arg[0].value = (XtArgVal)(&queue_text_sink);	768	queue_get_arg[0].value = (XtArgVal)(&queue_text_sink);

Lines 1-4 Link Here

(-)exim.orig/exim_monitor/em_TextPop.c (-4 / +4 lines)
1	/***********************************************************	1	/***********************************************************
		2	Copyright (c) The Exim Maintainers 2022
2	Copyright 1989 by the Massachusetts Institute of Technology,	3	Copyright 1989 by the Massachusetts Institute of Technology,
3	Cambridge, Massachusetts.	4	Cambridge, Massachusetts.
4		5
Lines 246-252 Link Here
246	Arg args[1];	247	Arg args[1];
247		248
248	#ifdef notdef	249	#ifdef notdef
249	if (ctx->text.source->Search == NULL) {	250	if (!ctx->text.source->Search) {
250	XBell(XtDisplay(w), 0);	251	XBell(XtDisplay(w), 0);
251	return;	252	return;
252	}	253	}
Lines 279-294 Link Here
279	return;	280	return;
280	}	281	}
281		282
282	if (ctx->text.search== NULL) {	283	if (!ctx->text.search) {
283	ctx->text.search = XtNew(struct SearchAndReplace);	284	ctx->text.search = XtNew(struct SearchAndReplace);
284	ctx->text.search->search_popup = CreateDialog(w, ptr, "search",	285	ctx->text.search->search_popup = CreateDialog(w, ptr, "search",
285	AddSearchChildren);	286	AddSearchChildren);
286	XtRealizeWidget(ctx->text.search->search_popup);	287	XtRealizeWidget(ctx->text.search->search_popup);
287	SetWMProtocolTranslations(ctx->text.search->search_popup);	288	SetWMProtocolTranslations(ctx->text.search->search_popup);
288	}	289	}
289	else if (*num_params > 1) {	290	else if (*num_params > 1)
290	XtVaSetValues(ctx->text.search->search_text, XtNstring, ptr, NULL);	291	XtVaSetValues(ctx->text.search->search_text, XtNstring, ptr, NULL);
291	}
292		292
293	XtSetArg(args[0], XtNeditType,&edit_mode);	293	XtSetArg(args[0], XtNeditType,&edit_mode);
294	XtGetValues(ctx->text.source, args, ONE);	294	XtGetValues(ctx->text.source, args, ONE);

Lines 5-12 Link Here

(-)exim.orig/OS/Makefile-Base (-9 / +11 lines)
5	# optional, Local/* files at the front of this file, to create Makefile in the	5	# optional, Local/* files at the front of this file, to create Makefile in the
6	# build directory.	6	# build directory.
7	#	7	#
8	# Copyright (c) The Exim Maintainers 1995 - 2018	8	# Copyright (c) The Exim Maintainers 1995 - 2022
9	# Copyright (c) The Exim Maintainers 2020
10		9
11	SHELL = $(MAKE_SHELL)	10	SHELL = $(MAKE_SHELL)
12	SCRIPTS = ../scripts	11	SCRIPTS = ../scripts
Lines 81-87 Link Here
81	# Build (link) the os.h file	80	# Build (link) the os.h file
82		81
83	os.h: $(SCRIPTS)/Configure-os.h \	82	os.h: $(SCRIPTS)/Configure-os.h \
84	$(O)/os.h-Darwin \
85	$(O)/os.h-FreeBSD \	83	$(O)/os.h-FreeBSD \
86	$(O)/os.h-GNU \	84	$(O)/os.h-GNU \
87	$(O)/os.h-Linux \	85	$(O)/os.h-Linux \
Lines 113-119 Link Here
113		111
114	OBJ_MACRO = macro_predef.o \	112	OBJ_MACRO = macro_predef.o \
115	macro-globals.o macro-readconf.o macro-route.o macro-transport.o macro-drtables.o \	113	macro-globals.o macro-readconf.o macro-route.o macro-transport.o macro-drtables.o \
116	macro-tls.o \	114	macro-acl.o macro-tls.o \
117	macro-appendfile.o macro-autoreply.o macro-lmtp.o macro-pipe.o macro-queuefile.o \	115	macro-appendfile.o macro-autoreply.o macro-lmtp.o macro-pipe.o macro-queuefile.o \
118	macro-smtp.o macro-accept.o macro-dnslookup.o macro-ipliteral.o macro-iplookup.o \	116	macro-smtp.o macro-accept.o macro-dnslookup.o macro-ipliteral.o macro-iplookup.o \
119	macro-manualroute.o macro-queryprogram.o macro-redirect.o \	117	macro-manualroute.o macro-queryprogram.o macro-redirect.o \
Lines 141-146 Link Here
141	macro-drtables.o : drtables.c	139	macro-drtables.o : drtables.c
142	@echo "$(CC) -DMACRO_PREDEF drtables.c"	140	@echo "$(CC) -DMACRO_PREDEF drtables.c"
143	$(FE)$(CC) -c $(CFLAGS) -DMACRO_PREDEF $(INCLUDE) -o $@ drtables.c	141	$(FE)$(CC) -c $(CFLAGS) -DMACRO_PREDEF $(INCLUDE) -o $@ drtables.c
		142	macro-acl.o: acl.c
		143	@echo "$(CC) -DMACRO_PREDEF acl.c"
		144	$(FE)$(CC) -c $(CFLAGS) -DMACRO_PREDEF $(INCLUDE) -o $@ acl.c
144	macro-tls.o: tls.c tls-gnu.c tls-openssl.c	145	macro-tls.o: tls.c tls-gnu.c tls-openssl.c
145	@echo "$(CC) -DMACRO_PREDEF tls.c"	146	@echo "$(CC) -DMACRO_PREDEF tls.c"
146	$(FE)$(CC) -c $(CFLAGS) -DMACRO_PREDEF $(INCLUDE) -o $@ tls.c	147	$(FE)$(CC) -c $(CFLAGS) -DMACRO_PREDEF $(INCLUDE) -o $@ tls.c
Lines 474-480 Link Here
474	dmarc.o \	475	dmarc.o \
475	imap_utf7.o \	476	imap_utf7.o \
476	spf.o \	477	spf.o \
477	srs.o \
478	utf8.o	478	utf8.o
479		479
480	# Targets for final binaries; the main one has a build number which is	480	# Targets for final binaries; the main one has a build number which is
Lines 484-490 Link Here
484		484
485	OBJ_EXIM = acl.o base64.o child.o crypt16.o daemon.o dbfn.o debug.o deliver.o \	485	OBJ_EXIM = acl.o base64.o child.o crypt16.o daemon.o dbfn.o debug.o deliver.o \
486	directory.o dns.o drtables.o enq.o exim.o expand.o filter.o \	486	directory.o dns.o drtables.o enq.o exim.o expand.o filter.o \
487	filtertest.o globals.o dkim.o dkim_transport.o hash.o \	487	filtertest.o globals.o dkim.o dkim_transport.o dnsbl.o hash.o \
488	header.o host.o ip.o log.o lss.o match.o md5.o moan.o \	488	header.o host.o ip.o log.o lss.o match.o md5.o moan.o \
489	os.o parse.o priv.o queue.o \	489	os.o parse.o priv.o queue.o \
490	rda.o readconf.o receive.o retry.o rewrite.o rfc2047.o \	490	rda.o readconf.o receive.o retry.o rewrite.o rfc2047.o \
Lines 635-645 Link Here
635	HDRS = blob.h \	635	HDRS = blob.h \
636	config.h \	636	config.h \
637	dbfunctions.h \	637	dbfunctions.h \
638	dbstuff.h \
639	exim.h \	638	exim.h \
640	functions.h \	639	functions.h \
641	globals.h \	640	globals.h \
642	hash.h \	641	hash.h \
		642	hintsdb.h \
		643	hintsdb_structs.h \
643	local_scan.h \	644	local_scan.h \
644	macros.h \	645	macros.h \
645	mytypes.h \	646	mytypes.h \
Lines 648-657 Link Here
648	os.h	649	os.h
649	PHDRS = ../config.h \	650	PHDRS = ../config.h \
650	../dbfunctions.h \	651	../dbfunctions.h \
651	../dbstuff.h \
652	../exim.h \	652	../exim.h \
653	../functions.h \	653	../functions.h \
654	../globals.h \	654	../globals.h \
		655	../hintsdb.h \
		656	../hintsdb_structs.h \
655	../local_scan.h \	657	../local_scan.h \
656	../macros.h \	658	../macros.h \
657	../mytypes.h \	659	../mytypes.h \
Lines 774-779 Link Here
774	deliver.o: $(HDRS) transports/smtp.h deliver.c	776	deliver.o: $(HDRS) transports/smtp.h deliver.c
775	directory.o: $(HDRS) directory.c	777	directory.o: $(HDRS) directory.c
776	dns.o: $(HDRS) dns.c	778	dns.o: $(HDRS) dns.c
		779	dnsbl.o: $(HDRS) dnsbl.c
777	enq.o: $(HDRS) enq.c	780	enq.o: $(HDRS) enq.c
778	exim.o: $(HDRS) exim.c	781	exim.o: $(HDRS) exim.c
779	expand.o: $(HDRS) expand.c	782	expand.o: $(HDRS) expand.c
Lines 839-845 Link Here
839	dmarc.o: $(HDRS) pdkim/pdkim.h dmarc.h dmarc.c	842	dmarc.o: $(HDRS) pdkim/pdkim.h dmarc.h dmarc.c
840	imap_utf7.o: $(HDRS) imap_utf7.c	843	imap_utf7.o: $(HDRS) imap_utf7.c
841	spf.o: $(HDRS) spf.h spf.c	844	spf.o: $(HDRS) spf.h spf.c
842	srs.o: $(HDRS) srs.h srs.c
843	utf8.o: $(HDRS) utf8.c	845	utf8.o: $(HDRS) utf8.c
844		846
845	# The module containing tables of available lookups, routers, auths, and	847	# The module containing tables of available lookups, routers, auths, and

Lines 3-8 Link Here

(-)exim.orig/OS/os.c-FreeBSD (-2 / +4 lines)
3	*************************************************/	3	*************************************************/
4		4
5	/* Copyright (c) Jeremy Harris 1995 - 2020 */	5	/* Copyright (c) Jeremy Harris 1995 - 2020 */
		6	/* Copyright (c) The Exim Maintainers 2021 */
6	/* See the file NOTICE for conditions of use and distribution. */	7	/* See the file NOTICE for conditions of use and distribution. */
7		8
8	/* FreeBSD-specific code. This is concatenated onto the generic	9	/* FreeBSD-specific code. This is concatenated onto the generic
Lines 16-25 Link Here
16	ssize_t	17	ssize_t
17	os_sendfile(int out, int in, off_t * offp, size_t cnt)	18	os_sendfile(int out, int in, off_t * offp, size_t cnt)
18	{	19	{
19	off_t loff = *offp, written;	20	off_t loff = offp ? *offp : 0;
		21	off_t written;
20		22
21	if (sendfile(in, out, loff, cnt, NULL, &written, 0) < 0) return (ssize_t)-1;	23	if (sendfile(in, out, loff, cnt, NULL, &written, 0) < 0) return (ssize_t)-1;
22	*offp = loff + written;	24	if (offp) *offp = loff + written;
23	return (ssize_t)written;	25	return (ssize_t)written;
24	}	26	}
25		27

Lines 1-5 Link Here

(-)exim.orig/OS/os.h-Linux (-1 / +11 lines)
1	/* Exim: OS-specific C header file for Linux */	1	/* Exim: OS-specific C header file for Linux */
2	/* Copyright (c) University of Cambridge 1995 - 2020 */	2	/* Copyright (c) University of Cambridge 1995 - 2020 */
		3	/* Copyright (c) The Exim Maintainers 2021 */
3	/* See the file NOTICE for conditions of use and distribution. */	4	/* See the file NOTICE for conditions of use and distribution. */
4		5
5		6
Lines 16-21 Link Here
16	#define HAVE_MMAP	17	#define HAVE_MMAP
17	#define HAVE_BSD_GETLOADAVG	18	#define HAVE_BSD_GETLOADAVG
18	#define HAVE_SYS_STATVFS_H	19	#define HAVE_SYS_STATVFS_H
		20	#define HAVE_GETIFADDRS
19	#define NO_IP_VAR_H	21	#define NO_IP_VAR_H
20	#define SIG_IGN_WORKS	22	#define SIG_IGN_WORKS
21		23
Lines 71-78 Link Here
71	# define LLONG_MAX LONG_LONG_MAX	73	# define LLONG_MAX LONG_LONG_MAX
72	#endif	74	#endif
73		75
74	#if _POSIX_C_SOURCE >= 200809L \|\| _ATFILE_SOUCE	76	#if _POSIX_C_SOURCE >= 200809L \|\| _ATFILE_SOURCE
75	# define EXIM_HAVE_OPENAT	77	# define EXIM_HAVE_OPENAT
		78	# define EXIM_HAVE_FUTIMENS
76	#endif	79	#endif
77		80
78	/* TCP Fast Open support */	81	/* TCP Fast Open support */
Lines 90-94 Link Here
90	/* "Abstract" Unix-socket names */	93	/* "Abstract" Unix-socket names */
91	#define EXIM_HAVE_ABSTRACT_UNIX_SOCKETS	94	#define EXIM_HAVE_ABSTRACT_UNIX_SOCKETS
92		95
		96	/* inotify(7) etc syscalls */
		97	#define EXIM_HAVE_INOTIFY
		98
		99	/* Needed for uClibc */
		100	#ifndef NS_MAXMSG
		101	# define NS_MAXMSG 65535
		102	#endif
93		103
94	/* End */	104	/* End */

Lines 7-13 Link Here

(-)exim.orig/scripts/Configure-Makefile (-5 / +25 lines)
7	# just got too horrendous to get it right in "make", because of the optionally	7	# just got too horrendous to get it right in "make", because of the optionally
8	# existing configuration files.	8	# existing configuration files.
9	#	9	#
10	# Copyright (c) The Exim Maintainers 1995 - 2020	10	# Copyright (c) The Exim Maintainers 1995 - 2021
11		11
12		12
13	# First off, get the OS type, and check that there is a make file for it.	13	# First off, get the OS type, and check that there is a make file for it.
Lines 150-156 Link Here
150	egrep "^[$st](AUTH\|LOOKUP)_[A-Z0-9_][$st]=[$st]" $mft \| \	150	egrep "^[$st](AUTH\|LOOKUP)_[A-Z0-9_][$st]=[$st]" $mft \| \
151	sed "s/[$st]*=/='/" \| \	151	sed "s/[$st]*=/='/" \| \
152	sed "s/\$/'/" > $mftt	152	sed "s/\$/'/" > $mftt
153	egrep "^[$st]((USE_(OPENSSL\|GNUTLS)_PC)\|SUPPORT_TLS\|USE_GNUTLS\|PCRE_CONFIG\|AVOID_GNUTLS_PKCS11)[$st]=[$st]*" $mft \| \	153	egrep "^[$st]((USE_(OPENSSL\|GNUTLS)_PC)\|SUPPORT_TLS\|USE_GNUTLS\|PCRE2?_CONFIG\|AVOID_GNUTLS_PKCS11)[$st]=[$st]*" $mft \| \
154	sed "s/[$st]*=/='/" \| \	154	sed "s/[$st]*=/='/" \| \
155	sed "s/\$/'/" >> $mftt	155	sed "s/\$/'/" >> $mftt
156	if test -s $mftt	156	if test -s $mftt
Lines 233-244 Link Here
233	PCRE_CONFIG)	233	PCRE_CONFIG)
234	case $PCRE_CONFIG in	234	case $PCRE_CONFIG in
235	yes\|YES\|y\|Y)	235	yes\|YES\|y\|Y)
236	cflags=`pcre-config --cflags`	236	echo >&2 "pcre is no longer supported; migrate to pcre2"
		237	exit 1
		238
		239	# cflags=`pcre-config --cflags`
		240	# if [ $? -ne 0 ]; then
		241	# echo >&2 "*** Missing pcre-config for regular expression support"
		242	# exit 1
		243	# fi
		244	# libs=`pcre-config --libs`
		245	# if [ ".$cflags" != "." ]; then
		246	# echo "INCLUDE += $cflags"
		247	# fi
		248	# echo "PCRE_LIBS=$libs"
		249	;;
		250	esac
		251	;;
		252
		253	PCRE2_CONFIG)
		254	case $PCRE2_CONFIG in
		255	yes\|YES\|y\|Y)
		256	cflags=`pcre2-config --cflags`
237	if [ $? -ne 0 ]; then	257	if [ $? -ne 0 ]; then
238	echo >&2 "*** Missing pcre-config for regular expression support"	258	echo >&2 "*** Missing pcre2-config for regular expression support"
239	exit 1	259	exit 1
240	fi	260	fi
241	libs=`pcre-config --libs`	261	libs=`pcre2-config --libs8`
242	if [ ".$cflags" != "." ]; then	262	if [ ".$cflags" != "." ]; then
243	echo "INCLUDE += $cflags"	263	echo "INCLUDE += $cflags"
244	fi	264	fi

Lines 3-9 Link Here

(-)exim.orig/scripts/MakeLinks (-4 / +4 lines)
3	# Script to build links for all the exim source files from the system-	3	# Script to build links for all the exim source files from the system-
4	# specific build directory. It should be run from within that directory.	4	# specific build directory. It should be run from within that directory.
5	#	5	#
6	# Copyright (c) The Exim Maintainers 1995 - 2020	6	# Copyright (c) The Exim Maintainers 1995 - 2022
7		7
8	test ! -d ../src && \	8	test ! -d ../src && \
9	echo "*** $0 should be run in a system-specific subdirectory." && \	9	echo "*** $0 should be run in a system-specific subdirectory." && \
Lines 95-106 Link Here
95	# but local_scan.c does not, because its location is taken from the build-time	95	# but local_scan.c does not, because its location is taken from the build-time
96	# configuration. Likewise for the os.c file, which gets build dynamically.	96	# configuration. Likewise for the os.c file, which gets build dynamically.
97		97
98	for f in blob.h dbfunctions.h dbstuff.h exim.h functions.h globals.h \	98	for f in blob.h dbfunctions.h exim.h functions.h globals.h \
99	hash.h local_scan.h \	99	hash.h hintsdb.h hintsdb_structs.h local_scan.h \
100	macros.h mytypes.h osfunctions.h store.h structs.h lookupapi.h sha_ver.h \	100	macros.h mytypes.h osfunctions.h store.h structs.h lookupapi.h sha_ver.h \
101	\	101	\
102	acl.c buildconfig.c base64.c child.c crypt16.c daemon.c dbfn.c debug.c \	102	acl.c buildconfig.c base64.c child.c crypt16.c daemon.c dbfn.c debug.c \
103	deliver.c directory.c dns.c drtables.c dummies.c enq.c exim.c \	103	deliver.c directory.c dns.c dnsbl.c drtables.c dummies.c enq.c exim.c \
104	exim_dbmbuild.c exim_dbutil.c exim_lock.c expand.c filter.c filtertest.c \	104	exim_dbmbuild.c exim_dbutil.c exim_lock.c expand.c filter.c filtertest.c \
105	globals.c hash.c header.c host.c ip.c log.c lss.c match.c md5.c moan.c \	105	globals.c hash.c header.c host.c ip.c log.c lss.c match.c md5.c moan.c \
106	parse.c perl.c priv.c queue.c rda.c readconf.c receive.c retry.c rewrite.c \	106	parse.c perl.c priv.c queue.c rda.c readconf.c receive.c retry.c rewrite.c \

Lines 3-8 Link Here

(-)exim.orig/src/arc.c (-28 / +53 lines)
3	*************************************************/	3	*************************************************/
4	/* Experimental ARC support for Exim	4	/* Experimental ARC support for Exim
5	Copyright (c) Jeremy Harris 2018 - 2020	5	Copyright (c) Jeremy Harris 2018 - 2020
		6	Copyright (c) The Exim Maintainers 2021 - 2022
6	License: GPL	7	License: GPL
7	*/	8	*/
8		9
Lines 141-147 Link Here
141	}	142	}
142		143
143	DEBUG(D_acl) debug_printf("ARC: new instance %u\n", i);	144	DEBUG(D_acl) debug_printf("ARC: new instance %u\n", i);
144	*pas = as = store_get(sizeof(arc_set), FALSE);	145	*pas = as = store_get(sizeof(arc_set), GET_UNTAINTED);
145	memset(as, 0, sizeof(arc_set));	146	memset(as, 0, sizeof(arc_set));
146	as->next = next;	147	as->next = next;
147	as->prev = prev;	148	as->prev = prev;
Lines 199-205 Link Here
199		200
200	if (!instance_only)	201	if (!instance_only)
201	{	202	{
202	al->rawsig_no_b_val.data = store_get(h->slen + 1, TRUE); /* tainted */	203	al->rawsig_no_b_val.data = store_get(h->slen + 1, GET_TAINTED);
203	memcpy(al->rawsig_no_b_val.data, h->text, off); /* copy the header name blind */	204	memcpy(al->rawsig_no_b_val.data, h->text, off); /* copy the header name blind */
204	r = al->rawsig_no_b_val.data + off;	205	r = al->rawsig_no_b_val.data + off;
205	al->rawsig_no_b_val.len = off;	206	al->rawsig_no_b_val.len = off;
Lines 385-391 Link Here
385	{	386	{
386	unsigned i;	387	unsigned i;
387	arc_set * as;	388	arc_set * as;
388	arc_line * al = store_get(sizeof(arc_line), FALSE), ** alp;	389	arc_line * al = store_get(sizeof(arc_line), GET_UNTAINTED), ** alp;
389	uschar * e;	390	uschar * e;
390		391
391	memset(al, 0, sizeof(arc_line));	392	memset(al, 0, sizeof(arc_line));
Lines 496-502 Link Here
496	DEBUG(D_acl) debug_printf("ARC: collecting arc sets\n");	497	DEBUG(D_acl) debug_printf("ARC: collecting arc sets\n");
497	for (h = header_list; h; h = h->next)	498	for (h = header_list; h; h = h->next)
498	{	499	{
499	r = store_get(sizeof(hdr_rlist), FALSE);	500	r = store_get(sizeof(hdr_rlist), GET_UNTAINTED);
500	r->prev = rprev;	501	r->prev = rprev;
501	r->used = FALSE;	502	r->used = FALSE;
502	r->h = h;	503	r->h = h;
Lines 568-574 Link Here
568		569
569	len = Ustrlen(s);	570	len = Ustrlen(s);
570	DEBUG(D_acl) pdkim_quoteprint(s, len);	571	DEBUG(D_acl) pdkim_quoteprint(s, len);
571	exim_sha_update(&hhash_ctx, s, Ustrlen(s));	572	exim_sha_update_string(&hhash_ctx, s);
572	r->used = TRUE;	573	r->used = TRUE;
573	break;	574	break;
574	}	575	}
Lines 1102-1108 Link Here
1102	static hdr_rlist *	1103	static hdr_rlist *
1103	arc_rlist_entry(hdr_rlist * list, const uschar * s, int len)	1104	arc_rlist_entry(hdr_rlist * list, const uschar * s, int len)
1104	{	1105	{
1105	hdr_rlist * r = store_get(sizeof(hdr_rlist) + sizeof(header_line), FALSE);	1106	hdr_rlist * r = store_get(sizeof(hdr_rlist) + sizeof(header_line), GET_UNTAINTED);
1106	header_line * h = r->h = (header_line *)(r+1);	1107	header_line * h = r->h = (header_line *)(r+1);
1107		1108
1108	r->prev = list;	1109	r->prev = list;
Lines 1112-1122 Link Here
1112	h->slen = len;	1113	h->slen = len;
1113	h->text = US s;	1114	h->text = US s;
1114		1115
1115	/* This works for either NL or CRLF lines; also nul-termination */
1116	while (*++s)
1117	if (*s == '\n' && s[1] != '\t' && s[1] != ' ') break;
1118	s++; /* move past end of line */
1119
1120	return r;	1116	return r;
1121	}	1117	}
1122		1118
Lines 1194-1200 Link Here
1194	{	1190	{
1195	int aar_off = gstring_length(g);	1191	int aar_off = gstring_length(g);
1196	arc_set * as =	1192	arc_set * as =
1197	store_get(sizeof(arc_set) + sizeof(arc_line) + sizeof(header_line), FALSE);	1193	store_get(sizeof(arc_set) + sizeof(arc_line) + sizeof(header_line), GET_UNTAINTED);
1198	arc_line * al = (arc_line *)(as+1);	1194	arc_line * al = (arc_line *)(as+1);
1199	header_line * h = (header_line *)(al+1);	1195	header_line * h = (header_line *)(al+1);
1200		1196
Lines 1304-1310 Link Here
1304	int hashtype = pdkim_hashname_to_hashtype(US"sha256", 6); /XXX hardwired /	1300	int hashtype = pdkim_hashname_to_hashtype(US"sha256", 6); /XXX hardwired /
1305	blob sig;	1301	blob sig;
1306	int ams_off;	1302	int ams_off;
1307	arc_line * al = store_get(sizeof(header_line) + sizeof(arc_line), FALSE);	1303	arc_line * al = store_get(sizeof(header_line) + sizeof(arc_line), GET_UNTAINTED);
1308	header_line * h = (header_line *)(al+1);	1304	header_line * h = (header_line *)(al+1);
1309		1305
1310	/* debug_printf("%s\n", __FUNCTION__); */	1306	/* debug_printf("%s\n", __FUNCTION__); */
Lines 1419-1425 Link Here
1419	{	1415	{
1420	gstring * arcset;	1416	gstring * arcset;
1421	uschar * status = arc_ar_cv_status(ar);	1417	uschar * status = arc_ar_cv_status(ar);
1422	arc_line * al = store_get(sizeof(header_line) + sizeof(arc_line), FALSE);	1418	arc_line * al = store_get(sizeof(header_line) + sizeof(arc_line), GET_UNTAINTED);
1423	header_line * h = (header_line *)(al+1);	1419	header_line * h = (header_line *)(al+1);
1424	uschar * badline_str;	1420	uschar * badline_str;
1425		1421
Lines 1531-1536 Link Here
1531	arc_sign_init(void)	1527	arc_sign_init(void)
1532	{	1528	{
1533	memset(&arc_sign_ctx, 0, sizeof(arc_sign_ctx));	1529	memset(&arc_sign_ctx, 0, sizeof(arc_sign_ctx));
		1530	headers_rlist = NULL;
1534	}	1531	}
1535		1532
1536		1533
Lines 1557-1562 Link Here
1557		1554
1558		1555
1559		1556
		1557	/* Per RFCs 6376, 7489 the only allowed chars in either an ADMD id
		1558	or a selector are ALPHA/DIGGIT/'-'/'.'
		1559
		1560	Check, to help catch misconfigurations such as a missing selector
		1561	element in the arc_sign list.
		1562	*/
		1563
		1564	static BOOL
		1565	arc_valid_id(const uschar * s)
		1566	{
		1567	for (uschar c; c = *s++; )
		1568	if (!isalnum(c) && c != '-' && c != '.') return FALSE;
		1569	return TRUE;
		1570	}
		1571
		1572
		1573
1560	/* ARC signing. Called from the smtp transport, if the arc_sign option is set.	1574	/* ARC signing. Called from the smtp transport, if the arc_sign option is set.
1561	The dkim_exim_sign() function has already been called, so will have hashed the	1575	The dkim_exim_sign() function has already been called, so will have hashed the
1562	message body for us so long as we requested a hash previously.	1576	message body for us so long as we requested a hash previously.
Lines 1590-1606 Link Here
1590		1604
1591	/* Parse the signing specification */	1605	/* Parse the signing specification */
1592		1606
1593	identity = string_nextinlist(&signspec, &sep, NULL, 0);	1607	if (!(identity = string_nextinlist(&signspec, &sep, NULL, 0)) \|\| !*identity)
1594	selector = string_nextinlist(&signspec, &sep, NULL, 0);	1608	{ s = US"identity"; goto bad_arg_ret; }
1595	if ( !identity \|\| !selector	1609	if (!(selector = string_nextinlist(&signspec, &sep, NULL, 0)) \|\| !*selector)
1596	\|\| !(privkey = string_nextinlist(&signspec, &sep, NULL, 0)) \|\| !*privkey)	1610	{ s = US"selector"; goto bad_arg_ret; }
1597	{	1611	if (!(privkey = string_nextinlist(&signspec, &sep, NULL, 0)) \|\| !*privkey)
1598	log_write(0, LOG_MAIN, "ARC: bad signing-specification (%s)",	1612	{ s = US"privkey"; goto bad_arg_ret; }
1599	!identity ? "identity" : !selector ? "selector" : "private-key");	1613	if (!arc_valid_id(identity))
1600	return sigheaders ? sigheaders : string_get(0);	1614	{ s = US"identity"; goto bad_arg_ret; }
1601	}	1615	if (!arc_valid_id(selector))
		1616	{ s = US"selector"; goto bad_arg_ret; }
1602	if (*privkey == '/' && !(privkey = expand_file_big_buffer(privkey)))	1617	if (*privkey == '/' && !(privkey = expand_file_big_buffer(privkey)))
1603	return sigheaders ? sigheaders : string_get(0);	1618	goto ret_sigheaders;
1604		1619
1605	if ((opts = string_nextinlist(&signspec, &sep, NULL, 0)))	1620	if ((opts = string_nextinlist(&signspec, &sep, NULL, 0)))
1606	{	1621	{
Lines 1659-1665 Link Here
1659	if (!(arc_sign_find_ar(headers, identity, &ar)))	1674	if (!(arc_sign_find_ar(headers, identity, &ar)))
1660	{	1675	{
1661	log_write(0, LOG_MAIN, "ARC: no Authentication-Results header for signing");	1676	log_write(0, LOG_MAIN, "ARC: no Authentication-Results header for signing");
1662	return sigheaders ? sigheaders : string_get(0);	1677	goto ret_sigheaders;
1663	}	1678	}
1664		1679
1665	/* We previously built the data-struct for the existing ARC chain, if any, using a headers	1680	/* We previously built the data-struct for the existing ARC chain, if any, using a headers
Lines 1715-1723 Link Here
1715	/* Finally, append the dkim headers and return the lot. */	1730	/* Finally, append the dkim headers and return the lot. */
1716		1731
1717	if (sigheaders) g = string_catn(g, sigheaders->s, sigheaders->ptr);	1732	if (sigheaders) g = string_catn(g, sigheaders->s, sigheaders->ptr);
1718	(void) string_from_gstring(g);	1733
1719	gstring_release_unused(g);	1734	out:
1720	return g;	1735	if (!g) return string_get(1);
		1736	(void) string_from_gstring(g);
		1737	gstring_release_unused(g);
		1738	return g;
		1739
		1740
		1741	bad_arg_ret:
		1742	log_write(0, LOG_MAIN, "ARC: bad signing-specification (%s)", s);
		1743	ret_sigheaders:
		1744	g = sigheaders;
		1745	goto out;
1721	}	1746	}
1722		1747
1723		1748

Lines 2-24 Link Here

(-)exim.orig/src/auths/call_radius.c (-21 / +12 lines)
2	* Exim - an Internet mail transport agent *	2	* Exim - an Internet mail transport agent *
3	*************************************************/	3	*************************************************/
4		4
5	/* Copyright (c) The Exim Maintainers 2020 */	5	/* Copyright (c) The Exim Maintainers 2020 - 2022 */
6	/* Copyright (c) University of Cambridge 1995 - 2016 */	6	/* Copyright (c) University of Cambridge 1995 - 2016 */
7	/* See the file NOTICE for conditions of use and distribution. */	7	/* See the file NOTICE for conditions of use and distribution. */
8		8
9	/* This file was originally supplied by Ian Kirk. The libradius support came	9	/* This file was originally supplied by Ian Kirk. The libradius support came
10	from Alex Kiernan. */	10	from Alex Kiernan. */
11		11
12	/* ugly hack to work around redefinition of ENV by radiusclient.h and
13	* db.h: define _DB_H_ so the db.h include thinks it's already included,
14	* we can get away with it like this, since this file doesn't use any db
15	* functions. */
16	#ifndef _DB_H_
17	# define _DB_H_ 1
18	# define _DB_EXT_PROT_IN_ 1
19	# define DB void
20	#endif
21
22	#include "../exim.h"	12	#include "../exim.h"
23		13
24	/* This module contains functions that call the Radius authentication	14	/* This module contains functions that call the Radius authentication
Lines 44-60 Link Here
44	using its original API. At release 0.4.0 the API changed. */	34	using its original API. At release 0.4.0 the API changed. */
45		35
46	#ifdef RADIUS_LIB_RADLIB	36	#ifdef RADIUS_LIB_RADLIB
47	#include <radlib.h>	37	# include <radlib.h>
48	#else	38	#else
49	#if !defined(RADIUS_LIB_RADIUSCLIENT) && !defined(RADIUS_LIB_RADIUSCLIENTNEW)	39	# if !defined(RADIUS_LIB_RADIUSCLIENT) && !defined(RADIUS_LIB_RADIUSCLIENTNEW)
50	# define RADIUS_LIB_RADIUSCLIENT	40	# define RADIUS_LIB_RADIUSCLIENT
51	#endif	41	# endif
52		42
53	#ifdef RADIUS_LIB_RADIUSCLIENTNEW	43	# ifdef RADIUS_LIB_RADIUSCLIENTNEW
54	# include <freeradius-client.h>	44	# define ENV FREERADIUSCLIENT_ENV /* Avoid clash with Berkeley DB */
55	#else	45	# include <freeradius-client.h>
56	# include <radiusclient.h>	46	# else
57	#endif	47	# include <radiusclient.h>
		48	# endif
58	#endif	49	#endif
59		50
60		51

Lines 2-9 Link Here

(-)exim.orig/src/auths/cyrus_sasl.c (-11 / +13 lines)
2	* Exim - an Internet mail transport agent *	2	* Exim - an Internet mail transport agent *
3	*************************************************/	3	*************************************************/
4		4
		5	/* Copyright (c) The Exim Maintainers 2020 - 2022 */
5	/* Copyright (c) University of Cambridge 1995 - 2018 */	6	/* Copyright (c) University of Cambridge 1995 - 2018 */
6	/* Copyright (c) The Exim Maintainers 2020 */
7	/* See the file NOTICE for conditions of use and distribution. */	7	/* See the file NOTICE for conditions of use and distribution. */
8		8
9	/* This code was originally contributed by Matthew Byng-Maddick */	9	/* This code was originally contributed by Matthew Byng-Maddick */
Lines 71-77 Link Here
71	int auth_cyrus_sasl_server(auth_instance ablock, uschar data) {return 0;}	71	int auth_cyrus_sasl_server(auth_instance ablock, uschar data) {return 0;}
72	int auth_cyrus_sasl_client(auth_instance ablock, void sx,	72	int auth_cyrus_sasl_client(auth_instance ablock, void sx,
73	int timeout, uschar *buffer, int buffsize) {return 0;}	73	int timeout, uschar *buffer, int buffsize) {return 0;}
74	void auth_cyrus_sasl_version_report(FILE *f) {}	74	gstring * auth_cyrus_sasl_version_report(gstring * g) {return NULL;}
75		75
76	#else /!MACRO_PREDEF/	76	#else /!MACRO_PREDEF/
77		77
Lines 378-384 Link Here
378	HDEBUG(D_auth)	378	HDEBUG(D_auth)
379	debug_printf("Cyrus SASL library will not tell us the username: %s\n",	379	debug_printf("Cyrus SASL library will not tell us the username: %s\n",
380	sasl_errstring(rc, NULL, NULL));	380	sasl_errstring(rc, NULL, NULL));
381	log_write(0, LOG_REJECT, "%s authenticator (%s):\n "	381	log_write(0, LOG_REJECT, "%s authenticator (%s): "
382	"Cyrus SASL username fetch problem: %s", ablock->name, ob->server_mech,	382	"Cyrus SASL username fetch problem: %s", ablock->name, ob->server_mech,
383	sasl_errstring(rc, NULL, NULL));	383	sasl_errstring(rc, NULL, NULL));
384	sasl_dispose(&conn);	384	sasl_dispose(&conn);
Lines 397-403 Link Here
397	/* these are considered permanent failure codes */	397	/* these are considered permanent failure codes */
398	HDEBUG(D_auth)	398	HDEBUG(D_auth)
399	debug_printf("Cyrus SASL permanent failure %d (%s)\n", rc, sasl_errstring(rc, NULL, NULL));	399	debug_printf("Cyrus SASL permanent failure %d (%s)\n", rc, sasl_errstring(rc, NULL, NULL));
400	log_write(0, LOG_REJECT, "%s authenticator (%s):\n "	400	log_write(0, LOG_REJECT, "%s authenticator (%s): "
401	"Cyrus SASL permanent failure: %s", ablock->name, ob->server_mech,	401	"Cyrus SASL permanent failure: %s", ablock->name, ob->server_mech,
402	sasl_errstring(rc, NULL, NULL));	402	sasl_errstring(rc, NULL, NULL));
403	sasl_dispose(&conn);	403	sasl_dispose(&conn);
Lines 427-433 Link Here
427	HDEBUG(D_auth)	427	HDEBUG(D_auth)
428	debug_printf("Cyrus SASL library will not tell us the SSF: %s\n",	428	debug_printf("Cyrus SASL library will not tell us the SSF: %s\n",
429	sasl_errstring(rc, NULL, NULL));	429	sasl_errstring(rc, NULL, NULL));
430	log_write(0, LOG_REJECT, "%s authenticator (%s):\n "	430	log_write(0, LOG_REJECT, "%s authenticator (%s): "
431	"Cyrus SASL SSF value not available: %s", ablock->name, ob->server_mech,	431	"Cyrus SASL SSF value not available: %s", ablock->name, ob->server_mech,
432	sasl_errstring(rc, NULL, NULL));	432	sasl_errstring(rc, NULL, NULL));
433	sasl_dispose(&conn);	433	sasl_dispose(&conn);
Lines 441-447 Link Here
441	{	441	{
442	HDEBUG(D_auth)	442	HDEBUG(D_auth)
443	debug_printf("Exim does not implement SASL wrapping (needed for SSF %d).\n", negotiated_ssf);	443	debug_printf("Exim does not implement SASL wrapping (needed for SSF %d).\n", negotiated_ssf);
444	log_write(0, LOG_REJECT, "%s authenticator (%s):\n "	444	log_write(0, LOG_REJECT, "%s authenticator (%s): "
445	"Cyrus SASL SSF %d not supported by Exim", ablock->name, ob->server_mech, negotiated_ssf);	445	"Cyrus SASL SSF %d not supported by Exim", ablock->name, ob->server_mech, negotiated_ssf);
446	sasl_dispose(&conn);	446	sasl_dispose(&conn);
447	sasl_done();	447	sasl_done();
Lines 476-490 Link Here
476	* Diagnostic API *	476	* Diagnostic API *
477	*************************************************/	477	*************************************************/
478		478
479	void	479	gstring *
480	auth_cyrus_sasl_version_report(FILE *f)	480	auth_cyrus_sasl_version_report(gstring * g)
481	{	481	{
482	const char implementation, version;	482	const char * implementation, * version;
483	sasl_version_info(&implementation, &version, NULL, NULL, NULL, NULL);	483	sasl_version_info(&implementation, &version, NULL, NULL, NULL, NULL);
484	fprintf(f, "Library version: Cyrus SASL: Compile: %d.%d.%d\n"	484	g = string_fmt_append(g,
485	" Runtime: %s [%s]\n",	485	"Library version: Cyrus SASL: Compile: %d.%d.%d\n"
		486	" Runtime: %s [%s]\n",
486	SASL_VERSION_MAJOR, SASL_VERSION_MINOR, SASL_VERSION_STEP,	487	SASL_VERSION_MAJOR, SASL_VERSION_MINOR, SASL_VERSION_STEP,
487	version, implementation);	488	version, implementation);
		489	return g;
488	}	490	}
489		491
490	/*************************************************	492	/*************************************************

Lines 1-6 Link Here

(-)exim.orig/src/auths/dovecot.c (-3 / +12 lines)
1	/*	1	/*
		2	* Copyright (c) The Exim Maintainers 2006 - 2022
2	* Copyright (c) 2004 Andrey Panin <pazke@donpac.ru>	3	* Copyright (c) 2004 Andrey Panin <pazke@donpac.ru>
3	* Copyright (c) 2006-2020 The Exim Maintainers
4	*	4	*
5	* This program is free software; you can redistribute it and/or modify	5	* This program is free software; you can redistribute it and/or modify
6	* it under the terms of the GNU General Public License as published	6	* it under the terms of the GNU General Public License as published
Lines 275-285 Link Here
275	# ifndef DISABLE_TLS	275	# ifndef DISABLE_TLS
276	if (ob->server_tls)	276	if (ob->server_tls)
277	{	277	{
278	uschar * s;	278	union sockaddr_46 interface_sock;
		279	EXIM_SOCKLEN_T size = sizeof(interface_sock);
279	smtp_connect_args conn_args = { .host = &host };	280	smtp_connect_args conn_args = { .host = &host };
280	tls_support tls_dummy = {.sni=NULL};	281	tls_support tls_dummy = { .sni = NULL };
281	uschar * errstr;	282	uschar * errstr;
282		283
		284	if (getsockname(cctx->sock, (struct sockaddr *) &interface_sock, &size) == 0)
		285	conn_args.sending_ip_address = host_ntoa(-1, &interface_sock, NULL, NULL);
		286	else
		287	{
		288	*errmsg = string_sprintf("getsockname failed: %s", strerror(errno));
		289	goto bad;
		290	}
		291
283	if (!tls_client_start(&cctx, &conn_args, NULL, &tls_dummy, &errstr))	292	if (!tls_client_start(&cctx, &conn_args, NULL, &tls_dummy, &errstr))
284	{	293	{
285	auth_defer_msg = string_sprintf("TLS connect failed: %s", errstr);	294	auth_defer_msg = string_sprintf("TLS connect failed: %s", errstr);

Lines 2-8 Link Here

(-)exim.orig/src/auths/gsasl_exim.c (-98 / +140 lines)
2	* Exim - an Internet mail transport agent *	2	* Exim - an Internet mail transport agent *
3	*************************************************/	3	*************************************************/
4		4
5	/* Copyright (c) The Exim Maintainers 2019-2020 */	5	/* Copyright (c) The Exim Maintainers 2019 - 2022 */
6	/* Copyright (c) University of Cambridge 1995 - 2018 */	6	/* Copyright (c) University of Cambridge 1995 - 2018 */
7	/* See the file NOTICE for conditions of use and distribution. */	7	/* See the file NOTICE for conditions of use and distribution. */
8		8
Lines 27-33 Link Here
27	*/	27	*/
28		28
29	#include "../exim.h"	29	#include "../exim.h"
30	#define CHANNELBIND_HACK
31		30
32	#ifndef AUTH_GSASL	31	#ifndef AUTH_GSASL
33	/* dummy function to satisfy compilers when we link in an "empty" file. */	32	/* dummy function to satisfy compilers when we link in an "empty" file. */
Lines 40-53 Link Here
40	#include "gsasl_exim.h"	39	#include "gsasl_exim.h"
41		40
42		41
43	#if GSASL_VERSION_MINOR >= 9	42	#if GSASL_VERSION_MINOR >= 10
		43	# define EXIM_GSASL_HAVE_SCRAM_SHA_256
		44	# define EXIM_GSASL_SCRAM_S_KEY
		45
		46	#elif GSASL_VERSION_MINOR == 9
44	# define EXIM_GSASL_HAVE_SCRAM_SHA_256	47	# define EXIM_GSASL_HAVE_SCRAM_SHA_256
45		48
46	# if GSASL_VERSION_PATCH >= 1	49	# if GSASL_VERSION_PATCH >= 1
47	# define EXIM_GSASL_SCRAM_S_KEY	50	# define EXIM_GSASL_SCRAM_S_KEY
48	# endif	51	# endif
		52	# if GSASL_VERSION_PATCH < 2
		53	# define CHANNELBIND_HACK
		54	# endif
		55
		56	#else
		57	# define CHANNELBIND_HACK
49	#endif	58	#endif
50		59
		60	/* Convenience for testing strings */
		61
		62	#define STREQIC(Foo, Bar) (strcmpic((Foo), (Bar)) == 0)
		63
51		64
52	/* Authenticator-specific options. */	65	/* Authenticator-specific options. */
53	/* I did have server_*_condition options for various mechanisms, but since	66	/* I did have server_*_condition options for various mechanisms, but since
Lines 99-105 Link Here
99	int auth_gsasl_server(auth_instance ablock, uschar data) {return 0;}	112	int auth_gsasl_server(auth_instance ablock, uschar data) {return 0;}
100	int auth_gsasl_client(auth_instance ablock, void sx,	113	int auth_gsasl_client(auth_instance ablock, void sx,
101	int timeout, uschar *buffer, int buffsize) {return 0;}	114	int timeout, uschar *buffer, int buffsize) {return 0;}
102	void auth_gsasl_version_report(FILE *f) {}	115	gstring * auth_gsasl_version_report(gstring * g) {return NULL;}
103		116
104	void	117	void
105	auth_gsasl_macros(void)	118	auth_gsasl_macros(void)
Lines 191-205 Link Here
191	"GNU SASL does not support mechanism \"%s\"",	204	"GNU SASL does not support mechanism \"%s\"",
192	ablock->name, ob->server_mech);	205	ablock->name, ob->server_mech);
193		206
194	ablock->server = TRUE;	207	if (ablock->server_condition)
		208	ablock->server = TRUE;
		209	else if( ob->server_mech
		210	&& !STREQIC(ob->server_mech, US"EXTERNAL")
		211	&& !STREQIC(ob->server_mech, US"ANONYMOUS")
		212	&& !STREQIC(ob->server_mech, US"PLAIN")
		213	&& !STREQIC(ob->server_mech, US"LOGIN")
		214	)
		215	{
		216	/* At present, for mechanisms we don't panic on absence of server_condition;
		217	need to figure out the most generically correct approach to deciding when
		218	it's critical and when it isn't. Eg, for simple validation (PLAIN mechanism,
		219	etc) it clearly is critical.
		220	*/
195		221
196	if ( !ablock->server_condition
197	&& ( streqic(ob->server_mech, US"EXTERNAL")
198	\|\| streqic(ob->server_mech, US"ANONYMOUS")
199	\|\| streqic(ob->server_mech, US"PLAIN")
200	\|\| streqic(ob->server_mech, US"LOGIN")
201	) )
202	{
203	ablock->server = FALSE;	222	ablock->server = FALSE;
204	HDEBUG(D_auth) debug_printf("%s authenticator: "	223	HDEBUG(D_auth) debug_printf("%s authenticator: "
205	"Need server_condition for %s mechanism\n",	224	"Need server_condition for %s mechanism\n",
Lines 210-216 Link Here
210	which properties will be needed. */	229	which properties will be needed. */
211		230
212	if ( !ob->server_realm	231	if ( !ob->server_realm
213	&& streqic(ob->server_mech, US"DIGEST-MD5"))	232	&& STREQIC(ob->server_mech, US"DIGEST-MD5"))
214	{	233	{
215	ablock->server = FALSE;	234	ablock->server = FALSE;
216	HDEBUG(D_auth) debug_printf("%s authenticator: "	235	HDEBUG(D_auth) debug_printf("%s authenticator: "
Lines 218-229 Link Here
218	ablock->name, ob->server_mech);	237	ablock->name, ob->server_mech);
219	}	238	}
220		239
221	/* At present, for mechanisms we don't panic on absence of server_condition;
222	need to figure out the most generically correct approach to deciding when
223	it's critical and when it isn't. Eg, for simple validation (PLAIN mechanism,
224	etc) it clearly is critical.
225	*/
226
227	ablock->client = ob->client_username && ob->client_password;	240	ablock->client = ob->client_username && ob->client_password;
228	}	241	}
229		242
Lines 299-342 Link Here
299	{	312	{
300	switch (prop)	313	switch (prop)
301	{	314	{
302	case GSASL_AUTHID: return US"AUTHID";	315	case GSASL_AUTHID: return US"AUTHID";
303	case GSASL_AUTHZID: return US"AUTHZID";	316	case GSASL_AUTHZID: return US"AUTHZID";
304	case GSASL_PASSWORD: return US"PASSWORD";	317	case GSASL_PASSWORD: return US"PASSWORD";
305	case GSASL_ANONYMOUS_TOKEN: return US"ANONYMOUS_TOKEN";	318	case GSASL_ANONYMOUS_TOKEN: return US"ANONYMOUS_TOKEN";
306	case GSASL_SERVICE: return US"SERVICE";	319	case GSASL_SERVICE: return US"SERVICE";
307	case GSASL_HOSTNAME: return US"HOSTNAME";	320	case GSASL_HOSTNAME: return US"HOSTNAME";
308	case GSASL_GSSAPI_DISPLAY_NAME: return US"GSSAPI_DISPLAY_NAME";	321	case GSASL_GSSAPI_DISPLAY_NAME: return US"GSSAPI_DISPLAY_NAME";
309	case GSASL_PASSCODE: return US"PASSCODE";	322	case GSASL_PASSCODE: return US"PASSCODE";
310	case GSASL_SUGGESTED_PIN: return US"SUGGESTED_PIN";	323	case GSASL_SUGGESTED_PIN: return US"SUGGESTED_PIN";
311	case GSASL_PIN: return US"PIN";	324	case GSASL_PIN: return US"PIN";
312	case GSASL_REALM: return US"REALM";	325	case GSASL_REALM: return US"REALM";
313	case GSASL_DIGEST_MD5_HASHED_PASSWORD: return US"DIGEST_MD5_HASHED_PASSWORD";	326	case GSASL_DIGEST_MD5_HASHED_PASSWORD: return US"DIGEST_MD5_HASHED_PASSWORD";
314	case GSASL_QOPS: return US"QOPS";	327	case GSASL_QOPS: return US"QOPS";
315	case GSASL_QOP: return US"QOP";	328	case GSASL_QOP: return US"QOP";
316	case GSASL_SCRAM_ITER: return US"SCRAM_ITER";	329	case GSASL_SCRAM_ITER: return US"SCRAM_ITER";
317	case GSASL_SCRAM_SALT: return US"SCRAM_SALT";	330	case GSASL_SCRAM_SALT: return US"SCRAM_SALT";
318	case GSASL_SCRAM_SALTED_PASSWORD: return US"SCRAM_SALTED_PASSWORD";	331	case GSASL_SCRAM_SALTED_PASSWORD: return US"SCRAM_SALTED_PASSWORD";
319	#ifdef EXIM_GSASL_SCRAM_S_KEY
320	case GSASL_SCRAM_STOREDKEY: return US"SCRAM_STOREDKEY";
321	case GSASL_SCRAM_SERVERKEY: return US"SCRAM_SERVERKEY";
322	#endif
323	case GSASL_CB_TLS_UNIQUE: return US"CB_TLS_UNIQUE";
324	case GSASL_SAML20_IDP_IDENTIFIER: return US"SAML20_IDP_IDENTIFIER";
325	case GSASL_SAML20_REDIRECT_URL: return US"SAML20_REDIRECT_URL";
326	case GSASL_OPENID20_REDIRECT_URL: return US"OPENID20_REDIRECT_URL";
327	case GSASL_OPENID20_OUTCOME_DATA: return US"OPENID20_OUTCOME_DATA";
328	case GSASL_SAML20_AUTHENTICATE_IN_BROWSER: return US"SAML20_AUTHENTICATE_IN_BROWSER";
329	case GSASL_OPENID20_AUTHENTICATE_IN_BROWSER: return US"OPENID20_AUTHENTICATE_IN_BROWSER";
330	#ifdef EXIM_GSASL_SCRAM_S_KEY	332	#ifdef EXIM_GSASL_SCRAM_S_KEY
331	case GSASL_SCRAM_CLIENTKEY: return US"SCRAM_CLIENTKEY";	333	case GSASL_SCRAM_STOREDKEY: return US"SCRAM_STOREDKEY";
		334	case GSASL_SCRAM_SERVERKEY: return US"SCRAM_SERVERKEY";
332	#endif	335	#endif
333	case GSASL_VALIDATE_SIMPLE: return US"VALIDATE_SIMPLE";	336	case GSASL_CB_TLS_UNIQUE: return US"CB_TLS_UNIQUE";
334	case GSASL_VALIDATE_EXTERNAL: return US"VALIDATE_EXTERNAL";	337	case GSASL_SAML20_IDP_IDENTIFIER: return US"SAML20_IDP_IDENTIFIER";
335	case GSASL_VALIDATE_ANONYMOUS: return US"VALIDATE_ANONYMOUS";	338	case GSASL_SAML20_REDIRECT_URL: return US"SAML20_REDIRECT_URL";
336	case GSASL_VALIDATE_GSSAPI: return US"VALIDATE_GSSAPI";	339	case GSASL_OPENID20_REDIRECT_URL: return US"OPENID20_REDIRECT_URL";
337	case GSASL_VALIDATE_SECURID: return US"VALIDATE_SECURID";	340	case GSASL_OPENID20_OUTCOME_DATA: return US"OPENID20_OUTCOME_DATA";
338	case GSASL_VALIDATE_SAML20: return US"VALIDATE_SAML20";	341	case GSASL_SAML20_AUTHENTICATE_IN_BROWSER: return US"SAML20_AUTHENTICATE_IN_BROWSER";
339	case GSASL_VALIDATE_OPENID20: return US"VALIDATE_OPENID20";	342	case GSASL_OPENID20_AUTHENTICATE_IN_BROWSER: return US"OPENID20_AUTHENTICATE_IN_BROWSER";
		343	case GSASL_VALIDATE_SIMPLE: return US"VALIDATE_SIMPLE";
		344	case GSASL_VALIDATE_EXTERNAL: return US"VALIDATE_EXTERNAL";
		345	case GSASL_VALIDATE_ANONYMOUS: return US"VALIDATE_ANONYMOUS";
		346	case GSASL_VALIDATE_GSSAPI: return US"VALIDATE_GSSAPI";
		347	case GSASL_VALIDATE_SECURID: return US"VALIDATE_SECURID";
		348	case GSASL_VALIDATE_SAML20: return US"VALIDATE_SAML20";
		349	case GSASL_VALIDATE_OPENID20: return US"VALIDATE_OPENID20";
340	}	350	}
341	return CUS string_sprintf("(unknown prop: %d)", (int)prop);	351	return CUS string_sprintf("(unknown prop: %d)", (int)prop);
342	}	352	}
Lines 365-371 Link Here
365	#ifndef DISABLE_TLS	375	#ifndef DISABLE_TLS
366	if (tls_in.channelbinding && ob->server_channelbinding)	376	if (tls_in.channelbinding && ob->server_channelbinding)
367	{	377	{
368	# ifdef EXPERIMENTAL_TLS_RESUME	378	# ifndef DISABLE_TLS_RESUME
369	if (!tls_in.ext_master_secret && tls_in.resumption == RESUME_USED)	379	if (!tls_in.ext_master_secret && tls_in.resumption == RESUME_USED)
370	{ /* per RFC 7677 section 4 */	380	{ /* per RFC 7677 section 4 */
371	HDEBUG(D_auth) debug_printf(	381	HDEBUG(D_auth) debug_printf(
Lines 374-382 Link Here
374	}	384	}
375	# endif	385	# endif
376	# ifdef CHANNELBIND_HACK	386	# ifdef CHANNELBIND_HACK
377	/* This is a gross hack to get around the library a) requiring that	387	/* This is a gross hack to get around the library before 1.9.2
378	c-b was already set, at the _start() call, and b) caching a b64'd	388	a) requiring that c-b was already set, at the _start() call, and
379	version of the binding then which it never updates. */	389	b) caching a b64'd version of the binding then which it never updates. */
380		390
381	gsasl_callback_hook_set(gsasl_ctx, tls_in.channelbinding);	391	gsasl_callback_hook_set(gsasl_ctx, tls_in.channelbinding);
382	# endif	392	# endif
Lines 429-434 Link Here
429	would then result in mechanism name changes on a library update, we	439	would then result in mechanism name changes on a library update, we
430	have little choice but to default it off and let the admin choose to	440	have little choice but to default it off and let the admin choose to
431	enable it. sigh	441	enable it. sigh
		442
		443	Earlier library versions need this set early, during the _start() call,
		444	so we had to misuse gsasl_callback_hook_set/get() as a data transfer
		445	mech for the callback done at that time to get the bind-data. More recently
		446	the callback is done (if needed) during the first gsasl_stop(). We know
		447	the bind-data here so can set it (and should not get a callback).
432	*/	448	*/
433	if (ob->server_channelbinding)	449	if (ob->server_channelbinding)
434	{	450	{
Lines 570-583 Link Here
570	}	586	}
571		587
572		588
		589	/* Set the "next" $auth[n] and increment expand_nmax */
		590
573	static void	591	static void
574	set_exim_authvar_from_prop(Gsasl_session * sctx, Gsasl_property prop)	592	set_exim_authvar_from_prop(Gsasl_session * sctx, Gsasl_property prop)
575	{	593	{
576	uschar * propval = US gsasl_property_fast(sctx, prop);	594	uschar * propval = US gsasl_property_fast(sctx, prop);
577	int i = expand_nmax, j = i + 1;	595	int i = expand_nmax, j = i + 1;
578	propval = propval ? string_copy(propval) : US"";	596	propval = propval ? string_copy(propval) : US"";
579	auth_vars[i] = expand_nstring[j] = propval;	597	HDEBUG(D_auth) debug_printf("auth[%d] <= %s'%s'\n",
		598	j, gsasl_prop_code_to_name(prop), propval);
		599	expand_nstring[j] = propval;
580	expand_nlength[j] = Ustrlen(propval);	600	expand_nlength[j] = Ustrlen(propval);
		601	if (i < AUTH_VARS) auth_vars[i] = propval;
581	expand_nmax = j;	602	expand_nmax = j;
582	}	603	}
583		604
Lines 621-630 Link Here
621	server_callback(Gsasl ctx, Gsasl_session sctx, Gsasl_property prop,	642	server_callback(Gsasl ctx, Gsasl_session sctx, Gsasl_property prop,
622	auth_instance *ablock)	643	auth_instance *ablock)
623	{	644	{
624	char *tmps;	645	char * tmps;
625	uschar s, propval;	646	uschar * s;
626	int cbrc = GSASL_NO_CALLBACK;	647	int cbrc = GSASL_NO_CALLBACK;
627	auth_gsasl_options_block *ob =	648	auth_gsasl_options_block * ob =
628	(auth_gsasl_options_block *)(ablock->options_block);	649	(auth_gsasl_options_block *)(ablock->options_block);
629		650
630	HDEBUG(D_auth) debug_printf("GNU SASL callback %s for %s/%s as server\n",	651	HDEBUG(D_auth) debug_printf("GNU SASL callback %s for %s/%s as server\n",
Lines 740-746 Link Here
740	for memory wiping, so expanding strings will leave stuff laying around.	761	for memory wiping, so expanding strings will leave stuff laying around.
741	But no need to compound the problem, so get rid of the one we can. */	762	But no need to compound the problem, so get rid of the one we can. */
742		763
743	memset(tmps, '\0', strlen(tmps));	764	if (US tmps != s) memset(tmps, '\0', strlen(tmps));
744	cbrc = GSASL_OK;	765	cbrc = GSASL_OK;
745	break;	766	break;
746		767
Lines 765-771 Link Here
765	unsigned flags, uschar * buffer, int buffsize)	786	unsigned flags, uschar * buffer, int buffsize)
766	{	787	{
767	uschar * s;	788	uschar * s;
768	int rc;
769		789
770	if (!val) return !!(flags & PROP_OPTIONAL);	790	if (!val) return !!(flags & PROP_OPTIONAL);
771	if (!(s = expand_string(val)) \|\| !(flags & PROP_OPTIONAL) && !*s)	791	if (!(s = expand_string(val)) \|\| !(flags & PROP_OPTIONAL) && !*s)
Lines 814-831 Link Here
814	#ifndef DISABLE_TLS	834	#ifndef DISABLE_TLS
815	if (tls_out.channelbinding && ob->client_channelbinding)	835	if (tls_out.channelbinding && ob->client_channelbinding)
816	{	836	{
817	# ifdef EXPERIMENTAL_TLS_RESUME	837	# ifndef DISABLE_TLS_RESUME
818	if (!tls_out.ext_master_secret && tls_out.resumption == RESUME_USED)	838	if (!tls_out.ext_master_secret && tls_out.resumption == RESUME_USED)
819	{ /* per RFC 7677 section 4 */	839	{ /* Per RFC 7677 section 4. See also RFC 7627, "Triple Handshake"
		840	vulnerability, and https://www.mitls.org/pages/attacks/3SHAKE */
820	string_format(buffer, buffsize, "%s",	841	string_format(buffer, buffsize, "%s",
821	"channel binding not usable on resumed TLS without extended-master-secret");	842	"channel binding not usable on resumed TLS without extended-master-secret");
822	return FAIL;	843	return FAIL;
823	}	844	}
824	# endif	845	# endif
825	# ifdef CHANNELBIND_HACK	846	# ifdef CHANNELBIND_HACK
826	/* This is a gross hack to get around the library a) requiring that	847	/* This is a gross hack to get around the library before 1.9.2
827	c-b was already set, at the _start() call, and b) caching a b64'd	848	a) requiring that c-b was already set, at the _start() call, and
828	version of the binding then which it never updates. */	849	b) caching a b64'd version of the binding then which it never updates. */
829		850
830	gsasl_callback_hook_set(gsasl_ctx, tls_out.channelbinding);	851	gsasl_callback_hook_set(gsasl_ctx, tls_out.channelbinding);
831	# endif	852	# endif
Lines 846-855 Link Here
846		867
847	/* Set properties */	868	/* Set properties */
848		869
849	if ( !set_client_prop(sctx, GSASL_SCRAM_SALTED_PASSWORD, ob->client_spassword,	870	if ( !set_client_prop(sctx, GSASL_PASSWORD, ob->client_password,
850	0, buffer, buffsize)
851	&&
852	!set_client_prop(sctx, GSASL_PASSWORD, ob->client_password,
853	0, buffer, buffsize)	871	0, buffer, buffsize)
854	\|\| !set_client_prop(sctx, GSASL_AUTHID, ob->client_username,	872	\|\| !set_client_prop(sctx, GSASL_AUTHID, ob->client_username,
855	0, buffer, buffsize)	873	0, buffer, buffsize)
Lines 879-902 Link Here
879	for(s = NULL; ;)	897	for(s = NULL; ;)
880	{	898	{
881	uschar * outstr;	899	uschar * outstr;
882	BOOL fail;	900	BOOL fail = TRUE;
883		901
884	rc = gsasl_step64(sctx, CS s, CSS &outstr);	902	rc = gsasl_step64(sctx, CS s, CSS &outstr);
885		903
886	fail = initial	904	if (rc == GSASL_NEEDS_MORE \|\| rc == GSASL_OK)
887	? smtp_write_command(sx, SCMD_FLUSH,
888	outstr ? "AUTH %s %s\r\n" : "AUTH %s\r\n",
889	ablock->public_name, outstr) <= 0
890	: outstr
891	? smtp_write_command(sx, SCMD_FLUSH, "%s\r\n", outstr) <= 0
892	: FALSE;
893	if (outstr && *outstr) free(outstr);
894	if (fail)
895	{	905	{
896	yield = FAIL_SEND;	906	fail = initial
897	goto done;	907	? smtp_write_command(sx, SCMD_FLUSH,
		908	outstr ? "AUTH %s %s\r\n" : "AUTH %s\r\n",
		909	ablock->public_name, outstr) <= 0
		910	: outstr
		911	? smtp_write_command(sx, SCMD_FLUSH, "%s\r\n", outstr) <= 0
		912	: FALSE;
		913	free(outstr);
		914	if (fail)
		915	{
		916	yield = FAIL_SEND;
		917	goto done;
		918	}
		919	initial = FALSE;
898	}	920	}
899	initial = FALSE;
900		921
901	if (rc != GSASL_NEEDS_MORE)	922	if (rc != GSASL_NEEDS_MORE)
902	{	923	{
Lines 927-936 Link Here
927	}	948	}
928		949
929	done:	950	done:
930	HDEBUG(D_auth)	951	if (yield == OK)
931	{	952	{
932	const uschar * s = CUS gsasl_property_fast(sctx, GSASL_SCRAM_SALTED_PASSWORD);	953	expand_nmax = 0;
933	if (s) debug_printf(" - SaltedPassword: '%s'\n", s);	954	set_exim_authvar_from_prop(sctx, GSASL_AUTHID);
		955	set_exim_authvar_from_prop(sctx, GSASL_SCRAM_ITER);
		956	set_exim_authvar_from_prop(sctx, GSASL_SCRAM_SALT);
		957	set_exim_authvar_from_prop(sctx, GSASL_SCRAM_SALTED_PASSWORD);
934	}	958	}
935		959
936	gsasl_finish(sctx);	960	gsasl_finish(sctx);
Lines 944-954 Link Here
944	gsasl_prop_code_to_name(prop), ablock->name, ablock->public_name);	968	gsasl_prop_code_to_name(prop), ablock->name, ablock->public_name);
945	switch (prop)	969	switch (prop)
946	{	970	{
947	case GSASL_CB_TLS_UNIQUE:	971	case GSASL_CB_TLS_UNIQUE: /XXX should never get called for this /
948	HDEBUG(D_auth)	972	HDEBUG(D_auth)
949	debug_printf(" filling in\n");	973	debug_printf(" filling in\n");
950	gsasl_property_set(sctx, GSASL_CB_TLS_UNIQUE, CCS tls_out.channelbinding);	974	gsasl_property_set(sctx, GSASL_CB_TLS_UNIQUE, CCS tls_out.channelbinding);
		975	return GSASL_OK;
		976	case GSASL_SCRAM_SALTED_PASSWORD:
		977	{
		978	uschar * client_spassword =
		979	((auth_gsasl_options_block *) ablock->options_block)->client_spassword;
		980	uschar dummy[4];
		981	HDEBUG(D_auth) if (!client_spassword)
		982	debug_printf(" client_spassword option unset\n");
		983	if (client_spassword)
		984	{
		985	expand_nmax = 0;
		986	set_exim_authvar_from_prop(sctx, GSASL_AUTHID);
		987	set_exim_authvar_from_prop(sctx, GSASL_SCRAM_ITER);
		988	set_exim_authvar_from_prop(sctx, GSASL_SCRAM_SALT);
		989	set_client_prop(sctx, GSASL_SCRAM_SALTED_PASSWORD, client_spassword,
		990	0, dummy, sizeof(dummy));
		991	for (int i = 0; i < AUTH_VARS; i++) auth_vars[i] = NULL;
		992	expand_nmax = 0;
		993	}
951	break;	994	break;
		995	}
952	default:	996	default:
953	HDEBUG(D_auth)	997	HDEBUG(D_auth)
954	debug_printf(" not providing one\n");	998	debug_printf(" not providing one\n");
Lines 961-974 Link Here
961	* Diagnostic API *	1005	* Diagnostic API *
962	*************************************************/	1006	*************************************************/
963		1007
964	void	1008	gstring *
965	auth_gsasl_version_report(FILE *f)	1009	auth_gsasl_version_report(gstring * g)
966	{	1010	{
967	const char *runtime;	1011	return string_fmt_append(g, "Library version: GNU SASL: Compile: %s\n"
968	runtime = gsasl_check_version(NULL);	1012	" Runtime: %s\n",
969	fprintf(f, "Library version: GNU SASL: Compile: %s\n"	1013	GSASL_VERSION, gsasl_check_version(NULL));
970	" Runtime: %s\n",
971	GSASL_VERSION, runtime);
972	}	1014	}
973		1015
974		1016

Lines 2-9 Link Here

(-)exim.orig/src/auths/gsasl_exim.h (-2 / +2 lines)
2	* Exim - an Internet mail transport agent *	2	* Exim - an Internet mail transport agent *
3	*************************************************/	3	*************************************************/
4		4
		5	/* Copyright (c) The Exim Maintainers 2019 - 2022 */
5	/* Copyright (c) University of Cambridge 1995 - 2012 */	6	/* Copyright (c) University of Cambridge 1995 - 2012 */
6	/* Copyright (c) The Exim Maintainers 2019-2020 */
7	/* See the file NOTICE for conditions of use and distribution. */	7	/* See the file NOTICE for conditions of use and distribution. */
8		8
9	/* Copyright (c) Twitter Inc 2012 */	9	/* Copyright (c) Twitter Inc 2012 */
Lines 47-53 Link Here
47	extern int auth_gsasl_server(auth_instance , uschar );	47	extern int auth_gsasl_server(auth_instance , uschar );
48	extern int auth_gsasl_client(auth_instance , void ,	48	extern int auth_gsasl_client(auth_instance , void ,
49	int, uschar *, int);	49	int, uschar *, int);
50	extern void auth_gsasl_version_report(FILE *f);	50	extern gstring * auth_gsasl_version_report(gstring *);
51	extern void auth_gsasl_macros(void);	51	extern void auth_gsasl_macros(void);
52		52
53	/* End of gsasl_exim.h */	53	/* End of gsasl_exim.h */

Lines 2-9 Link Here

(-)exim.orig/src/auths/heimdal_gssapi.c (-7 / +8 lines)
2	* Exim - an Internet mail transport agent *	2	* Exim - an Internet mail transport agent *
3	*************************************************/	3	*************************************************/
4		4
		5	/* Copyright (c) The Exim Maintainers 2020 - 2022 */
5	/* Copyright (c) University of Cambridge 1995 - 2018 */	6	/* Copyright (c) University of Cambridge 1995 - 2018 */
6	/* Copyright (c) The Exim Maintainers 2020 */
7	/* See the file NOTICE for conditions of use and distribution. */	7	/* See the file NOTICE for conditions of use and distribution. */
8		8
9	/* Copyright (c) Twitter Inc 2012	9	/* Copyright (c) Twitter Inc 2012
Lines 85-91 Link Here
85	int auth_heimdal_gssapi_server(auth_instance ablock, uschar data) {return 0;}	85	int auth_heimdal_gssapi_server(auth_instance ablock, uschar data) {return 0;}
86	int auth_heimdal_gssapi_client(auth_instance ablock, void sx,	86	int auth_heimdal_gssapi_client(auth_instance ablock, void sx,
87	int timeout, uschar *buffer, int buffsize) {return 0;}	87	int timeout, uschar *buffer, int buffsize) {return 0;}
88	void auth_heimdal_gssapi_version_report(FILE *f) {}	88	gstring * auth_heimdal_gssapi_version_report(gstring * g) {}
89		89
90	#else /!MACRO_PREDEF/	90	#else /!MACRO_PREDEF/
91		91
Lines 601-614 Link Here
601	* Diagnostic API *	601	* Diagnostic API *
602	*************************************************/	602	*************************************************/
603		603
604	void	604	gstring *
605	auth_heimdal_gssapi_version_report(FILE *f)	605	auth_heimdal_gssapi_version_report(gstring * g)
606	{	606	{
607	/* No build-time constants available unless we link against libraries at	607	/* No build-time constants available unless we link against libraries at
608	build-time and export the result as a string into a header ourselves. */	608	build-time and export the result as a string into a header ourselves. */
609	fprintf(f, "Library version: Heimdal: Runtime: %s\n"	609
610	" Build Info: %s\n",	610	return string_fmt_append(g, "Library version: Heimdal: Runtime: %s\n"
611	heimdal_version, heimdal_long_version);	611	" Build Info: %s\n",
		612	heimdal_version, heimdal_long_version));
612	}	613	}
613		614
614	#endif /!MACRO_PREDEF/	615	#endif /!MACRO_PREDEF/

Lines 3-8 Link Here

(-)exim.orig/src/auths/pwcheck.c (-7 / +2 lines)
3	* Tim Martin	3	* Tim Martin
4	* $Id: checkpw.c,v 1.49 2002/03/07 19:14:04 ken3 Exp $	4	* $Id: checkpw.c,v 1.49 2002/03/07 19:14:04 ken3 Exp $
5	*/	5	*/
		6	/* Copyright (c) The Exim Maintainers 2021 - 2022 */
6	/*	7	/*
7	* Copyright (c) 2001 Carnegie Mellon University. All rights reserved.	8	* Copyright (c) 2001 Carnegie Mellon University. All rights reserved.
8	*	9	*
Lines 86-93 Link Here
86	const char *passwd,	87	const char *passwd,
87	const char **reply)	88	const char **reply)
88	{	89	{
89	userid = userid; /* Keep picky compilers happy */
90	passwd = passwd;
91	*reply = "pwcheck support is not included in this Exim binary";	90	*reply = "pwcheck support is not included in this Exim binary";
92	return PWCHECK_FAIL;	91	return PWCHECK_FAIL;
93	}	92	}
Lines 163-172 Link Here
163	const uschar *realm,	162	const uschar *realm,
164	const uschar **reply)	163	const uschar **reply)
165	{	164	{
166	userid = userid; /* Keep picky compilers happy */
167	passwd = passwd;
168	service = service;
169	realm = realm;
170	*reply = US"saslauthd support is not included in this Exim binary";	165	*reply = US"saslauthd support is not included in this Exim binary";
171	return PWCHECK_FAIL;	166	return PWCHECK_FAIL;
172	}	167	}
Lines 297-303 Link Here
297	return -1;	292	return -1;
298	} else {	293	} else {
299	/* Assume the file is trusted, so no tainting */	294	/* Assume the file is trusted, so no tainting */
300	*retval = store_get(count + 1, FALSE);	295	*retval = store_get(count + 1, GET_UNTAINTED);
301	rc = (retry_read(fd, *retval, count) < (int) count);	296	rc = (retry_read(fd, *retval, count) < (int) count);
302	(*retval)[count] = '\0';	297	(*retval)[count] = '\0';
303	return count;	298	return count;

Lines 6-12 Link Here

(-)exim.orig/src/base64.c (-8 / +9 lines)
6	/* License: GPL */	6	/* License: GPL */
7		7
8	/* Copyright (c) University of Cambridge 1995 - 2018 */	8	/* Copyright (c) University of Cambridge 1995 - 2018 */
9	/* Copyright (c) The Exim Maintainers 2020 */	9	/* Copyright (c) The Exim Maintainers 2020 - 2022 */
10	/* See the file NOTICE for conditions of use and distribution. */	10	/* See the file NOTICE for conditions of use and distribution. */
11		11
12		12
Lines 157-166 Link Here
157	int x, y;	157	int x, y;
158	uschar *result;	158	uschar *result;
159		159
160	{	160	{
161	int l = Ustrlen(code);	161	int l = Ustrlen(code);
162	ptr = result = store_get(1 + l/4 3 + l%4, is_tainted(code));	162	ptr = result = store_get(1 + l/4 3 + l%4, code);
163	}	163	}
164		164
165	/* Each cycle of the loop handles a quantum of 4 input bytes. For the last	165	/* Each cycle of the loop handles a quantum of 4 input bytes. For the last
166	quantum this may decode to 1, 2, or 3 output bytes. */	166	quantum this may decode to 1, 2, or 3 output bytes. */
Lines 234-239 Link Here
234	Arguments:	234	Arguments:
235	clear points to the clear text bytes	235	clear points to the clear text bytes
236	len the number of bytes to encode	236	len the number of bytes to encode
		237	proto_mem taint indicator
237		238
238	Returns: a pointer to the zero-terminated base 64 string, which	239	Returns: a pointer to the zero-terminated base 64 string, which
239	is in working store	240	is in working store
Lines 243-252 Link Here
243	US"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";	244	US"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
244		245
245	uschar *	246	uschar *
246	b64encode_taint(const uschar * clear, int len, BOOL tainted)	247	b64encode_taint(const uschar * clear, int len, const void * proto_mem)
247	{	248	{
248	uschar code = store_get(4((len+2)/3) + 1, tainted);	249	uschar * code = store_get(4*((len+2)/3) + 1, proto_mem);
249	uschar *p = code;	250	uschar * p = code;
250		251
251	while (len-- >0)	252	while (len-- >0)
252	{	253	{
Lines 287-293 Link Here
287	uschar *	288	uschar *
288	b64encode(const uschar * clear, int len)	289	b64encode(const uschar * clear, int len)
289	{	290	{
290	return b64encode_taint(clear, len, is_tainted(clear));	291	return b64encode_taint(clear, len, clear);
291	}	292	}
292		293
293		294

Lines 5-10 Link Here

(-)exim.orig/src/bmi_spam.c (-6 / +9 lines)
5	/* Code for calling Brightmail AntiSpam.	5	/* Code for calling Brightmail AntiSpam.
6	Copyright (c) Tom Kistner <tom@duncanthrax.net> 2004	6	Copyright (c) Tom Kistner <tom@duncanthrax.net> 2004
7	License: GPL */	7	License: GPL */
		8	/* Copyright (c) The Exim Maintainers 2021 - 2022 */
8		9
9	#include "exim.h"	10	#include "exim.h"
10	#ifdef EXPERIMENTAL_BRIGHTMAIL	11	#ifdef EXPERIMENTAL_BRIGHTMAIL
Lines 193-208 Link Here
193	/* Get store for the verdict string. Since we are processing message data, assume that	194	/* Get store for the verdict string. Since we are processing message data, assume that
194	the verdict is tainted. XXX this should use a growable-string */	195	the verdict is tainted. XXX this should use a growable-string */
195		196
196	verdicts = store_get(1, TRUE);	197	verdicts = store_get(1, GET_TAINTED);
197	*verdicts = '\0';	198	*verdicts = '\0';
198		199
199	for ( err = bmiAccessFirstVerdict(message, &verdict);	200	for ( err = bmiAccessFirstVerdict(message, &verdict);
200	verdict != NULL;	201	verdict;
201	err = bmiAccessNextVerdict(message, verdict, &verdict) ) {	202	err = bmiAccessNextVerdict(message, verdict, &verdict) ) {
202	char *verdict_str;	203	char *verdict_str;
203		204
204	err = bmiCreateStrFromVerdict(verdict,&verdict_str);	205	err = bmiCreateStrFromVerdict(verdict,&verdict_str);
205	if (!store_extend(verdicts, TRUE,	206	if (!store_extend(verdicts,
206	Ustrlen(verdicts)+1, Ustrlen(verdicts)+1+strlen(verdict_str)+1)) {	207	Ustrlen(verdicts)+1, Ustrlen(verdicts)+1+strlen(verdict_str)+1)) {
207	/* can't allocate more store */	208	/* can't allocate more store */
208	return NULL;	209	return NULL;
Lines 302-308 Link Here
302	}	303	}
303	else {	304	else {
304	/* deliver to alternate location */	305	/* deliver to alternate location */
305	rc = store_get(strlen(bmiVerdictAccessDestination(verdict))+1, TRUE);	306	rc = store_get(strlen(bmiVerdictAccessDestination(verdict))+1, GET_TAINTED);
306	Ustrcpy(rc, bmiVerdictAccessDestination(verdict));	307	Ustrcpy(rc, bmiVerdictAccessDestination(verdict));
307	rc[strlen(bmiVerdictAccessDestination(verdict))] = '\0';	308	rc[strlen(bmiVerdictAccessDestination(verdict))] = '\0';
308	};	309	};
Lines 327-333 Link Here
327	return NULL;	328	return NULL;
328		329
329	/* allocate room for the b64 verdict string */	330	/* allocate room for the b64 verdict string */
330	verdict_buffer = store_get(Ustrlen(bmi_verdicts)+1, TRUE);	331	verdict_buffer = store_get(Ustrlen(bmi_verdicts)+1, GET_TAINTED);
331		332
332	/* loop through verdicts */	333	/* loop through verdicts */
333	verdict_ptr = bmi_verdicts;	334	verdict_ptr = bmi_verdicts;
Lines 448-456 Link Here
448	}	449	}
449		450
450	/* loop through numbers */	451	/* loop through numbers */
		452	/* option_list doesn't seem to be expanded so cannot be tainted. If it ever is we
		453	will trap here */
451	rule_ptr = option_list;	454	rule_ptr = option_list;
452	while ((rule_num = string_nextinlist(&rule_ptr, &sep,	455	while ((rule_num = string_nextinlist(&rule_ptr, &sep,
453	rule_buffer, 32)) != NULL) {	456	rule_buffer, sizeof(rule_buffer)))) {
454	int rule_int = -1;	457	int rule_int = -1;
455		458
456	/* try to translate to int */	459	/* try to translate to int */

Lines 2-7 Link Here

(-)exim.orig/src/buildconfig.c (-5 / +3 lines)
2	* Exim - an Internet mail transport agent *	2	* Exim - an Internet mail transport agent *
3	*************************************************/	3	*************************************************/
4		4
		5	/* Copyright (c) The Exim Maintainers 2022 */
5	/* Copyright (c) University of Cambridge 1995 - 2018 */	6	/* Copyright (c) University of Cambridge 1995 - 2018 */
6	/* See the file NOTICE for conditions of use and distribution. */	7	/* See the file NOTICE for conditions of use and distribution. */
7		8
Lines 51-57 Link Here
51	char *data;	52	char *data;
52	} save_item;	53	} save_item;
53		54
54	static const char *db_opts[] = { "", "USE_DB", "USE_GDBM", "USE_TDB" };	55	static const char *db_opts[] = { "", "USE_DB", "USE_GDBM", "USE_TDB", "USE_NDBM" };
55		56
56	static int have_ipv6 = 0;	57	static int have_ipv6 = 0;
57	static int have_iconv = 0;	58	static int have_iconv = 0;
Lines 221-228 Link Here
221		222
222	/* Now search the makefile for certain settings */	223	/* Now search the makefile for certain settings */
223		224
224	base = fopen("Makefile", "rb");	225	if (!(base = fopen("Makefile", "rb")))
225	if (base == NULL)
226	{	226	{
227	printf("*** Buildconfig: failed to open Makefile\n");	227	printf("*** Buildconfig: failed to open Makefile\n");
228	(void)fclose(new);	228	(void)fclose(new);
Lines 387-393 Link Here
387	encountered. */	387	encountered. */
388		388
389	for (i = 1; i < sizeof(db_opts)/sizeof(char *); i++)	389	for (i = 1; i < sizeof(db_opts)/sizeof(char *); i++)
390	{
391	if (strcmp(name, db_opts[i]) == 0)	390	if (strcmp(name, db_opts[i]) == 0)
392	{	391	{
393	if (use_which_db == i)	392	if (use_which_db == i)
Lines 397-403 Link Here
397	fprintf(new, "/* %s not set */\n", name);	396	fprintf(new, "/* %s not set */\n", name);
398	break;	397	break;
399	}	398	}
400	}
401	if (i < sizeof(db_opts)/sizeof(char *)) continue;	399	if (i < sizeof(db_opts)/sizeof(char *)) continue;
402		400
403	/* EXIM_USER is a special case. We look in the environment for EXIM_USER or	401	/* EXIM_USER is a special case. We look in the environment for EXIM_USER or

Lines 2-9 Link Here

(-)exim.orig/src/child.c (-17 / +34 lines)
2	* Exim - an Internet mail transport agent *	2	* Exim - an Internet mail transport agent *
3	*************************************************/	3	*************************************************/
4		4
		5	/* Copyright (c) The Exim Maintainers 2020 - 2022 */
5	/* Copyright (c) University of Cambridge 1995 - 2015 */	6	/* Copyright (c) University of Cambridge 1995 - 2015 */
6	/* Copyright (c) The Exim Maintainers 2020 */
7	/* See the file NOTICE for conditions of use and distribution. */	7	/* See the file NOTICE for conditions of use and distribution. */
8		8
9		9
Lines 27-33 Link Here
27	Returns: nothing	27	Returns: nothing
28	*/	28	*/
29		29
30	static void	30	void
31	force_fd(int oldfd, int newfd)	31	force_fd(int oldfd, int newfd)
32	{	32	{
33	if (oldfd == newfd) return;	33	if (oldfd == newfd) return;
Lines 76-97 Link Here
76	int extra = pcount ? *pcount : 0;	76	int extra = pcount ? *pcount : 0;
77	uschar **argv;	77	uschar **argv;
78		78
79	argv = store_get((extra + acount + MAX_CLMACROS + 21) * sizeof(char *), FALSE);	79	argv = store_get((extra + acount + MAX_CLMACROS + 24) * sizeof(char *), GET_UNTAINTED);
80		80
81	/* In all case, the list starts out with the path, any macros, and a changed	81	/* In all case, the list starts out with the path, any macros, and a changed
82	config file. */	82	config file. */
83		83
84	argv[n++] = exim_path;	84	argv[n++] = exim_path; /* assume untainted */
85	if (clmacro_count > 0)	85	if (clmacro_count > 0)
86	{	86	{
87	memcpy(argv + n, clmacros, clmacro_count * sizeof(uschar *));	87	memcpy(argv + n, clmacros, clmacro_count * sizeof(uschar *));
88	n += clmacro_count;	88	n += clmacro_count;
89	}	89	}
90	if (f.config_changed)	90	if (f.config_changed)
91	{	91	{ argv[n++] = US"-C"; argv[n++] = config_main_filename; }
92	argv[n++] = US"-C";
93	argv[n++] = config_main_filename;
94	}
95		92
96	/* These values are added only for non-minimal cases. If debug_selector is	93	/* These values are added only for non-minimal cases. If debug_selector is
97	precisely D_v, we have to assume this was started by a non-admin user, and	94	precisely D_v, we have to assume this was started by a non-admin user, and
Lines 108-131 Link Here
108	else	105	else
109	{	106	{
110	if (debug_selector != 0)	107	if (debug_selector != 0)
		108	{
111	argv[n++] = string_sprintf("-d=0x%x", debug_selector);	109	argv[n++] = string_sprintf("-d=0x%x", debug_selector);
		110	if (debug_fd > 2)
		111	{
		112	int flags = fcntl(debug_fd, F_GETFD);
		113	if (flags != -1) (void)fcntl(debug_fd, F_SETFD, flags & ~FD_CLOEXEC);
		114	close(2);
		115	dup2(debug_fd, 2);
		116	close(debug_fd);
		117	}
		118	}
112	}	119	}
		120	if (debug_pretrigger_buf)
		121	{ argv[n++] = US"-dp"; argv[n++] = string_sprintf("0x%x", debug_pretrigger_bsize); }
		122	if (dtrigger_selector != 0)
		123	argv[n++] = string_sprintf("-dt=0x%x", dtrigger_selector);
113	DEBUG(D_any)	124	DEBUG(D_any)
114	{	125	{
115	argv[n++] = US"-MCd";	126	argv[n++] = US"-MCd";
116	argv[n++] = US process_purpose;	127	argv[n++] = US process_purpose;
117	}	128	}
118	if (!f.testsuite_delays) argv[n++] = US"-odd";	129	if (!f.testsuite_delays) argv[n++] = US"-odd";
119	if (f.dont_deliver) argv[n++] = US"-N";	130	if (f.dont_deliver) argv[n++] = US"-N";
120	if (f.queue_smtp) argv[n++] = US"-odqs";	131	if (f.queue_smtp) argv[n++] = US"-odqs";
121	if (f.synchronous_delivery) argv[n++] = US"-odi";	132	if (f.synchronous_delivery) argv[n++] = US"-odi";
122	if (connection_max_messages >= 0)	133	if (connection_max_messages >= 0)
123	argv[n++] = string_sprintf("-oB%d", connection_max_messages);	134	argv[n++] = string_sprintf("-oB%d", connection_max_messages);
124	if (*queue_name)	135	if (*queue_name)
125	{	136	{ argv[n++] = US"-MCG"; argv[n++] = queue_name; }
126	argv[n++] = US"-MCG";
127	argv[n++] = queue_name;
128	}
129	}	137	}
130		138
131	/* Now add in any others that are in the call. Remember which they were,	139	/* Now add in any others that are in the call. Remember which they were,
Lines 159-165 Link Here
159	execv(CS argv[0], (char const )argv);	167	execv(CS argv[0], (char const )argv);
160		168
161	log_write(0,	169	log_write(0,
162	LOG_MAIN \| ((exec_type == CEE_EXEC_EXIT)? LOG_PANIC : LOG_PANIC_DIE),	170	LOG_MAIN \| (exec_type == CEE_EXEC_EXIT ? LOG_PANIC : LOG_PANIC_DIE),
163	"re-exec of exim (%s) with %s failed: %s", exim_path, argv[first_special],	171	"re-exec of exim (%s) with %s failed: %s", exim_path, argv[first_special],
164	strerror(errno));	172	strerror(errno));
165		173
Lines 269-274 Link Here
269	}	277	}
270	}	278	}
271		279
		280	testharness_pause_ms(100); /* let child work even longer, for exec */
		281
272	/* Parent process. Save fork() errno and close the reading end of the stdin	282	/* Parent process. Save fork() errno and close the reading end of the stdin
273	pipe. */	283	pipe. */
274		284
Lines 333-338 Link Here
333	int inpfd[2], outpfd[2];	343	int inpfd[2], outpfd[2];
334	pid_t pid;	344	pid_t pid;
335		345
		346	if (is_tainted(argv[0]))
		347	{
		348	log_write(0, LOG_MAIN \| LOG_PANIC, "Attempt to exec tainted path: '%s'", argv[0]);
		349	errno = EPERM;
		350	return (pid_t)(-1);
		351	}
		352
336	/* Create the pipes. */	353	/* Create the pipes. */
337		354
338	if (pipe(inpfd) != 0) return (pid_t)(-1);	355	if (pipe(inpfd) != 0) return (pid_t)(-1);

Lines 147-161 Link Here

(-)exim.orig/src/configure.default (-24 / +29 lines)
147	# spamd_address = 127.0.0.1 783	147	# spamd_address = 127.0.0.1 783
148		148
149		149
150	# If Exim is compiled with support for TLS, you may want to enable the	150	# If Exim is compiled with support for TLS, you may want to change the
151	# following options so that Exim allows clients to make encrypted	151	# following option so that Exim disallows certain clients from makeing encrypted
152	# connections. In the authenticators section below, there are template	152	# connections. The default is to allow all.
153	# configurations for plaintext username/password authentication. This kind	153	# In the authenticators section below, there are template configurations for
154	# of authentication is only safe when used within a TLS connection, so the	154	# plaintext username/password authentication. This kind of authentication is
155	# authenticators will only work if the following TLS settings are turned on	155	# only safe when used within a TLS connection, so the authenticators will only
156	# as well.	156	# work if TLS is allowed here.
157		157
158	# Allow any client to use TLS.	158	# This is equivalent to the default.
159		159
160	# tls_advertise_hosts = *	160	# tls_advertise_hosts = *
161		161
Lines 169-175 Link Here
169	# tls_privatekey = /etc/ssl/exim.pem	169	# tls_privatekey = /etc/ssl/exim.pem
170		170
171	# For OpenSSL, prefer EC- over RSA-authenticated ciphers	171	# For OpenSSL, prefer EC- over RSA-authenticated ciphers
172	# tls_require_ciphers = ECDSA:RSA:!COMPLEMENTOFDEFAULT	172	.ifdef _HAVE_OPENSSL
		173	tls_require_ciphers = ECDSA:RSA:!COMPLEMENTOFDEFAULT
		174	.endif
		175
		176	# Don't offer resumption to (most) MUAs, who we don't want to reuse
		177	# tickets. Once the TLS extension for vended ticket numbers comes
		178	# though, re-examine since resumption on a single-use ticket is still a benefit.
		179	.ifdef _HAVE_TLS_RESUME
		180	tls_resumption_hosts = ${if inlist {$received_port}{587:465} {:}{*}}
		181	.endif
173		182
174	# In order to support roaming users who wish to send email from anywhere,	183	# In order to support roaming users who wish to send email from anywhere,
175	# you may want to make Exim listen on other ports as well as port 25, in	184	# you may want to make Exim listen on other ports as well as port 25, in
Lines 495-505 Link Here
495	control = submission	504	control = submission
496	control = dkim_disable_verify	505	control = dkim_disable_verify
497		506
498	# Insist that a HELO/EHLO was accepted.
499
500	require message = nice hosts say HELO first
501	condition = ${if def:sender_helo_name}
502
503	# Insist that any other recipient address that we accept is either in one of	507	# Insist that any other recipient address that we accept is either in one of
504	# our local domains, or is in a domain for which we explicitly allow	508	# our local domains, or is in a domain for which we explicitly allow
505	# relaying. Any other domain is rejected as being unacceptable for relaying.	509	# relaying. Any other domain is rejected as being unacceptable for relaying.
Lines 545-555 Link Here
545	# to the first recipient must be deferred unless the sender talks PRDR.	549	# to the first recipient must be deferred unless the sender talks PRDR.
546	#	550	#
547	# defer !condition = $prdr_requested	551	# defer !condition = $prdr_requested
548	# condition = ${if > {0}{$receipients_count}}	552	# condition = ${if > {0}{$recipients_count}}
549	# condition = ${if !eq {$acl_m_content_filter} \	553	# condition = ${if !eq {$acl_m_content_filter} \
550	# {${lookup PER_RCPT_CONTENT_FILTER}}}	554	# {${lookup PER_RCPT_CONTENT_FILTER}}}
551	# warn !condition = $prdr_requested	555	# warn !condition = $prdr_requested
552	# condition = ${if > {0}{$receipients_count}}	556	# condition = ${if > {0}{$recipients_count}}
553	# set acl_m_content_filter = ${lookup PER_RCPT_CONTENT_FILTER}	557	# set acl_m_content_filter = ${lookup PER_RCPT_CONTENT_FILTER}
554	#############################################################################	558	#############################################################################
555		559
Lines 815-827 Link Here
815		819
816		820
817	# This transport is used for delivering messages over SMTP connections.	821	# This transport is used for delivering messages over SMTP connections.
818	# Refuse to send any message with over-long lines, which could have
819	# been received other than via SMTP. The use of message_size_limit to
820	# enforce this is a red herring.
821		822
822	remote_smtp:	823	remote_smtp:
823	driver = smtp	824	driver = smtp
824	message_size_limit = ${if > {$max_received_linelength}{998} {1}{0}}	825	.ifdef _HAVE_TLS_RESUME
		826	tls_resumption_hosts = *
		827	.endif
825		828
826		829
827	# This transport is used for delivering messages to a smarthost, if the	830	# This transport is used for delivering messages to a smarthost, if the
Lines 833-839 Link Here
833		836
834	smarthost_smtp:	837	smarthost_smtp:
835	driver = smtp	838	driver = smtp
836	message_size_limit = ${if > {$max_received_linelength}{998} {1}{0}}
837	multi_domain	839	multi_domain
838	#	840	#
839	.ifdef _HAVE_TLS	841	.ifdef _HAVE_TLS
Lines 841-849 Link Here
841	# request with your smarthost provider to get things fixed:	843	# request with your smarthost provider to get things fixed:
842	hosts_require_tls = *	844	hosts_require_tls = *
843	tls_verify_hosts = *	845	tls_verify_hosts = *
844	# As long as tls_verify_hosts is enabled, this won't matter, but if you	846	# As long as tls_verify_hosts is enabled, this this will have no effect,
845	# have to comment it out then this will at least log whether you succeed	847	# but if you have to comment it out then this will at least log whether
846	# or not:	848	# you succeed or not:
847	tls_try_verify_hosts = *	849	tls_try_verify_hosts = *
848	#	850	#
849	# The SNI name should match the name which we'll expect to verify;	851	# The SNI name should match the name which we'll expect to verify;
Lines 859-864 Link Here
859	.ifdef _HAVE_GNUTLS	861	.ifdef _HAVE_GNUTLS
860	tls_require_ciphers = SECURE192:-VERS-SSL3.0:-VERS-TLS1.0:-VERS-TLS1.1	862	tls_require_ciphers = SECURE192:-VERS-SSL3.0:-VERS-TLS1.0:-VERS-TLS1.1
861	.endif	863	.endif
		864	.ifdef _HAVE_TLS_RESUME
		865	tls_resumption_hosts = *
		866	.endif
862	.endif	867	.endif
863		868
864		869

Lines 2-14 Link Here

(-)exim.orig/src/dbfn.c (-64 / +72 lines)
2	* Exim - an Internet mail transport agent *	2	* Exim - an Internet mail transport agent *
3	*************************************************/	3	*************************************************/
4		4
		5	/* Copyright (c) The Exim Maintainers 2020 - 2022 */
5	/* Copyright (c) University of Cambridge 1995 - 2018 */	6	/* Copyright (c) University of Cambridge 1995 - 2018 */
6	/* Copyright (c) The Exim Maintainers 2020 */
7	/* See the file NOTICE for conditions of use and distribution. */	7	/* See the file NOTICE for conditions of use and distribution. */
8		8
9		9
10	#include "exim.h"	10	#include "exim.h"
11		11
		12	/* We have buffers holding path names for database files.
		13	PATH_MAX could be used here, but would be wasting memory, as we deal
		14	with database files like $spooldirectory/db/<name> */
		15	#define PATHLEN 256
		16
12		17
13	/* Functions for accessing Exim's hints database, which consists of a number of	18	/* Functions for accessing Exim's hints database, which consists of a number of
14	different DBM files. This module does not contain code for reading DBM files	19	different DBM files. This module does not contain code for reading DBM files
Lines 34-64 Link Here
34		39
35		40
36	/*************************************************	41	/*************************************************
37	* Berkeley DB error callback *
38	*************************************************/
39
40	/* For Berkeley DB >= 2, we can define a function to be called in case of DB
41	errors. This should help with debugging strange DB problems, e.g. getting "File
42	exists" when you try to open a db file. The API for this function was changed
43	at DB release 4.3. */
44
45	#if defined(USE_DB) && defined(DB_VERSION_STRING)
46	void
47	#if DB_VERSION_MAJOR > 4 \|\| (DB_VERSION_MAJOR == 4 && DB_VERSION_MINOR >= 3)
48	dbfn_bdb_error_callback(const DB_ENV dbenv, const char pfx, const char *msg)
49	{
50	dbenv = dbenv;
51	#else
52	dbfn_bdb_error_callback(const char pfx, char msg)
53	{
54	#endif
55	pfx = pfx;
56	log_write(0, LOG_MAIN, "Berkeley DB error: %s", msg);
57	}
58	#endif
59
60
61	/*************************************************
62	* Open and lock a database file *	42	* Open and lock a database file *
63	*************************************************/	43	*************************************************/
64		44
Lines 90-96 Link Here
90	int rc, save_errno;	70	int rc, save_errno;
91	BOOL read_only = flags == O_RDONLY;	71	BOOL read_only = flags == O_RDONLY;
92	flock_t lock_data;	72	flock_t lock_data;
93	uschar dirname[256], filename[256];	73	uschar dirname[PATHLEN], filename[PATHLEN];
94		74
95	DEBUG(D_hints_lookup) acl_level++;	75	DEBUG(D_hints_lookup) acl_level++;
96		76
Lines 121-127 Link Here
121	if (dbblock->lockfd < 0)	101	if (dbblock->lockfd < 0)
122	{	102	{
123	log_write(0, LOG_MAIN, "%s",	103	log_write(0, LOG_MAIN, "%s",
124	string_open_failed(errno, "database lock file %s", filename));	104	string_open_failed("database lock file %s", filename));
125	errno = 0; /* Indicates locking failure */	105	errno = 0; /* Indicates locking failure */
126	DEBUG(D_hints_lookup) acl_level--;	106	DEBUG(D_hints_lookup) acl_level--;
127	return NULL;	107	return NULL;
Lines 167-178 Link Here
167	snprintf(CS filename, sizeof(filename), "%s/%s", dirname, name);	147	snprintf(CS filename, sizeof(filename), "%s/%s", dirname, name);
168		148
169	priv_drop_temp(exim_uid, exim_gid);	149	priv_drop_temp(exim_uid, exim_gid);
170	EXIM_DBOPEN(filename, dirname, flags, EXIMDB_MODE, &(dbblock->dbptr));	150	dbblock->dbptr = exim_dbopen(filename, dirname, flags, EXIMDB_MODE);
171	if (!dbblock->dbptr && errno == ENOENT && flags == O_RDWR)	151	if (!dbblock->dbptr && errno == ENOENT && flags == O_RDWR)
172	{	152	{
173	DEBUG(D_hints_lookup)	153	DEBUG(D_hints_lookup)
174	debug_printf_indent("%s appears not to exist: trying to create\n", filename);	154	debug_printf_indent("%s appears not to exist: trying to create\n", filename);
175	EXIM_DBOPEN(filename, dirname, flags\|O_CREAT, EXIMDB_MODE, &(dbblock->dbptr));	155	dbblock->dbptr = exim_dbopen(filename, dirname, flags\|O_CREAT, EXIMDB_MODE);
176	}	156	}
177	save_errno = errno;	157	save_errno = errno;
178	priv_restore();	158	priv_restore();
Lines 183-194 Link Here
183		163
184	if (!dbblock->dbptr)	164	if (!dbblock->dbptr)
185	{	165	{
		166	errno = save_errno;
186	if (lof && save_errno != ENOENT)	167	if (lof && save_errno != ENOENT)
187	log_write(0, LOG_MAIN, "%s", string_open_failed(save_errno, "DB file %s",	168	log_write(0, LOG_MAIN, "%s", string_open_failed("DB file %s",
188	filename));	169	filename));
189	else	170	else
190	DEBUG(D_hints_lookup)	171	DEBUG(D_hints_lookup)
191	debug_printf_indent("%s\n", CS string_open_failed(save_errno, "DB file %s",	172	debug_printf_indent("%s\n", CS string_open_failed("DB file %s",
192	filename));	173	filename));
193	(void)close(dbblock->lockfd);	174	(void)close(dbblock->lockfd);
194	errno = save_errno;	175	errno = save_errno;
Lines 226-232 Link Here
226	void	207	void
227	dbfn_close(open_db *dbblock)	208	dbfn_close(open_db *dbblock)
228	{	209	{
229	EXIM_DBCLOSE(dbblock->dbptr);	210	exim_dbclose(dbblock->dbptr);
230	(void)close(dbblock->lockfd);	211	(void)close(dbblock->lockfd);
231	DEBUG(D_hints_lookup)	212	DEBUG(D_hints_lookup)
232	{ debug_printf_indent("closed hints database and lockfile\n"); acl_level--; }	213	{ debug_printf_indent("closed hints database and lockfile\n"); acl_level--; }
Lines 262-292 Link Here
262	void *yield;	243	void *yield;
263	EXIM_DATUM key_datum, result_datum;	244	EXIM_DATUM key_datum, result_datum;
264	int klen = Ustrlen(key) + 1;	245	int klen = Ustrlen(key) + 1;
265	uschar * key_copy = store_get(klen, is_tainted(key));	246	uschar * key_copy = store_get(klen, key);
266		247
267	memcpy(key_copy, key, klen);	248	memcpy(key_copy, key, klen);
268		249
269	DEBUG(D_hints_lookup) debug_printf_indent("dbfn_read: key=%s\n", key);	250	DEBUG(D_hints_lookup) debug_printf_indent("dbfn_read: key=%s\n", key);
270		251
271	EXIM_DATUM_INIT(key_datum); /* Some DBM libraries require the datum */	252	exim_datum_init(&key_datum); /* Some DBM libraries require the datum */
272	EXIM_DATUM_INIT(result_datum); /* to be cleared before use. */	253	exim_datum_init(&result_datum); /* to be cleared before use. */
273	EXIM_DATUM_DATA(key_datum) = CS key_copy;	254	exim_datum_data_set(&key_datum, key_copy);
274	EXIM_DATUM_SIZE(key_datum) = klen;	255	exim_datum_size_set(&key_datum, klen);
275		256
276	if (!EXIM_DBGET(dbblock->dbptr, key_datum, result_datum)) return NULL;	257	if (!exim_dbget(dbblock->dbptr, &key_datum, &result_datum)) return NULL;
277		258
278	/* Assume the data store could have been tainted. Properly, we should	259	/* Assume the data store could have been tainted. Properly, we should
279	store the taint status with the data. */	260	store the taint status with the data. */
280		261
281	yield = store_get(EXIM_DATUM_SIZE(result_datum), TRUE);	262	yield = store_get(exim_datum_size_get(&result_datum), GET_TAINTED);
282	memcpy(yield, EXIM_DATUM_DATA(result_datum), EXIM_DATUM_SIZE(result_datum));	263	memcpy(yield, exim_datum_data_get(&result_datum), exim_datum_size_get(&result_datum));
283	if (length != NULL) *length = EXIM_DATUM_SIZE(result_datum);	264	if (length) *length = exim_datum_size_get(&result_datum);
284		265
285	EXIM_DATUM_FREE(result_datum); /* Some DBM libs require freeing */	266	exim_datum_free(&result_datum); /* Some DBM libs require freeing */
286	return yield;	267	return yield;
287	}	268	}
288		269
289		270
		271	/* Read a record. If the length is not as expected then delete it, write
		272	an error log line, delete the record and return NULL.
		273	Use this for fixed-size records (so not retry or wait records).
		274
		275	Arguments:
		276	dbblock a pointer to an open database block
		277	key the key of the record to be read
		278	length the expected record length
		279
		280	Returns: a pointer to the retrieved record, or
		281	NULL if the record is not found/bad
		282	*/
		283
		284	void *
		285	dbfn_read_enforce_length(open_db * dbblock, const uschar * key, size_t length)
		286	{
		287	int rlen;
		288	void * yield = dbfn_read_with_length(dbblock, key, &rlen);
		289
		290	if (yield)
		291	{
		292	if (rlen == length) return yield;
		293	log_write(0, LOG_MAIN\|LOG_PANIC, "Bad db record size for '%s'", key);
		294	dbfn_delete(dbblock, key);
		295	}
		296	return NULL;
		297	}
		298
290		299
291	/*************************************************	300	/*************************************************
292	* Write to database file *	301	* Write to database file *
Lines 309-328 Link Here
309	EXIM_DATUM key_datum, value_datum;	318	EXIM_DATUM key_datum, value_datum;
310	dbdata_generic gptr = (dbdata_generic )ptr;	319	dbdata_generic gptr = (dbdata_generic )ptr;
311	int klen = Ustrlen(key) + 1;	320	int klen = Ustrlen(key) + 1;
312	uschar * key_copy = store_get(klen, is_tainted(key));	321	uschar * key_copy = store_get(klen, key);
313		322
314	memcpy(key_copy, key, klen);	323	memcpy(key_copy, key, klen);
315	gptr->time_stamp = time(NULL);	324	gptr->time_stamp = time(NULL);
316		325
317	DEBUG(D_hints_lookup) debug_printf_indent("dbfn_write: key=%s\n", key);	326	DEBUG(D_hints_lookup) debug_printf_indent("dbfn_write: key=%s\n", key);
318		327
319	EXIM_DATUM_INIT(key_datum); /* Some DBM libraries require the datum */	328	exim_datum_init(&key_datum); /* Some DBM libraries require the datum */
320	EXIM_DATUM_INIT(value_datum); /* to be cleared before use. */	329	exim_datum_init(&value_datum); /* to be cleared before use. */
321	EXIM_DATUM_DATA(key_datum) = CS key_copy;	330	exim_datum_data_set(&key_datum, key_copy);
322	EXIM_DATUM_SIZE(key_datum) = klen;	331	exim_datum_size_set(&key_datum, klen);
323	EXIM_DATUM_DATA(value_datum) = CS ptr;	332	exim_datum_data_set(&value_datum, ptr);
324	EXIM_DATUM_SIZE(value_datum) = length;	333	exim_datum_size_set(&value_datum, length);
325	return EXIM_DBPUT(dbblock->dbptr, key_datum, value_datum);	334	return exim_dbput(dbblock->dbptr, &key_datum, &value_datum);
326	}	335	}
327		336
328		337
Lines 343-358 Link Here
343	dbfn_delete(open_db dbblock, const uschar key)	352	dbfn_delete(open_db dbblock, const uschar key)
344	{	353	{
345	int klen = Ustrlen(key) + 1;	354	int klen = Ustrlen(key) + 1;
346	uschar * key_copy = store_get(klen, is_tainted(key));	355	uschar * key_copy = store_get(klen, key);
		356	EXIM_DATUM key_datum;
347		357
348	DEBUG(D_hints_lookup) debug_printf_indent("dbfn_delete: key=%s\n", key);	358	DEBUG(D_hints_lookup) debug_printf_indent("dbfn_delete: key=%s\n", key);
349		359
350	memcpy(key_copy, key, klen);	360	memcpy(key_copy, key, klen);
351	EXIM_DATUM key_datum;	361	exim_datum_init(&key_datum); /* Some DBM libraries require clearing */
352	EXIM_DATUM_INIT(key_datum); /* Some DBM libraries require clearing */	362	exim_datum_data_set(&key_datum, key_copy);
353	EXIM_DATUM_DATA(key_datum) = CS key_copy;	363	exim_datum_size_set(&key_datum, klen);
354	EXIM_DATUM_SIZE(key_datum) = klen;	364	return exim_dbdel(dbblock->dbptr, &key_datum);
355	return EXIM_DBDEL(dbblock->dbptr, key_datum);
356	}	365	}
357		366
358		367
Lines 378-400 Link Here
378	{	387	{
379	EXIM_DATUM key_datum, value_datum;	388	EXIM_DATUM key_datum, value_datum;
380	uschar *yield;	389	uschar *yield;
381	value_datum = value_datum; /* dummy; not all db libraries use this */
382		390
383	DEBUG(D_hints_lookup) debug_printf_indent("dbfn_scan\n");	391	DEBUG(D_hints_lookup) debug_printf_indent("dbfn_scan\n");
384		392
385	/* Some dbm require an initialization */	393	/* Some dbm require an initialization */
386		394
387	if (start) EXIM_DBCREATE_CURSOR(dbblock->dbptr, cursor);	395	if (start) *cursor = exim_dbcreate_cursor(dbblock->dbptr);
388		396
389	EXIM_DATUM_INIT(key_datum); /* Some DBM libraries require the datum */	397	exim_datum_init(&key_datum); /* Some DBM libraries require the datum */
390	EXIM_DATUM_INIT(value_datum); /* to be cleared before use. */	398	exim_datum_init(&value_datum); /* to be cleared before use. */
391		399
392	yield = (EXIM_DBSCAN(dbblock->dbptr, key_datum, value_datum, start, *cursor))?	400	yield = exim_dbscan(dbblock->dbptr, &key_datum, &value_datum, start, *cursor)
393	US EXIM_DATUM_DATA(key_datum) : NULL;	401	? US exim_datum_data_get(&key_datum) : NULL;
394		402
395	/* Some dbm require a termination */	403	/* Some dbm require a termination */
396		404
397	if (!yield) EXIM_DBDELETE_CURSOR(*cursor);	405	if (!yield) exim_dbdelete_cursor(*cursor);
398	return yield;	406	return yield;
399	}	407	}
400		408

Lines 2-9 Link Here

(-)exim.orig/src/dkim.c (-19 / +23 lines)
2	* Exim - an Internet mail transport agent *	2	* Exim - an Internet mail transport agent *
3	*************************************************/	3	*************************************************/
4		4
		5	/* Copyright (c) The Exim Maintainers 2020 - 2022 */
5	/* Copyright (c) University of Cambridge, 1995 - 2018 */	6	/* Copyright (c) University of Cambridge, 1995 - 2018 */
6	/* Copyright (c) The Exim Maintainers 2020 */
7	/* See the file NOTICE for conditions of use and distribution. */	7	/* See the file NOTICE for conditions of use and distribution. */
8		8
9	/* Code for DKIM support. Other DKIM relevant code is in	9	/* Code for DKIM support. Other DKIM relevant code is in
Lines 50-60 Link Here
50	dns_answer * dnsa = store_get_dns_answer();	50	dns_answer * dnsa = store_get_dns_answer();
51	dns_scan dnss;	51	dns_scan dnss;
52	rmark reset_point = store_mark();	52	rmark reset_point = store_mark();
53	gstring * g = NULL;	53	gstring * g = string_get_tainted(256, GET_TAINTED);
54		54
55	lookup_dnssec_authenticated = NULL;	55	lookup_dnssec_authenticated = NULL;
56	if (dns_lookup(dnsa, name, T_TXT, NULL) != DNS_SUCCEED)	56	if (dns_lookup(dnsa, name, T_TXT, NULL) != DNS_SUCCEED)
57	return NULL; /XXX better error detail? logging? /	57	goto bad;
58		58
59	/* Search for TXT record */	59	/* Search for TXT record */
60		60
Lines 62-73 Link Here
62	rr;	62	rr;
63	rr = dns_next_rr(dnsa, &dnss, RESET_NEXT))	63	rr = dns_next_rr(dnsa, &dnss, RESET_NEXT))
64	if (rr->type == T_TXT)	64	if (rr->type == T_TXT)
65	{	65	{ /* Copy record content to the answer buffer */
66	int rr_offset = 0;	66	for (int rr_offset = 0; rr_offset < rr->size; )
67
68	/* Copy record content to the answer buffer */
69
70	while (rr_offset < rr->size)
71	{	67	{
72	uschar len = rr->data[rr_offset++];	68	uschar len = rr->data[rr_offset++];
73		69
Lines 78-95 Link Here
78	rr_offset += len;	74	rr_offset += len;
79	}	75	}
80		76
81	/* check if this looks like a DKIM record */	77	/* Check if this looks like a DKIM record */
82	if (Ustrncmp(g->s, "v=", 2) != 0 \|\| strncasecmp(CS g->s, "v=dkim", 6) == 0)	78	if (Ustrncmp(g->s, "v=", 2) != 0 \|\| strncasecmp(CS g->s, "v=dkim", 6) == 0)
83	{	79	{
		80	store_free_dns_answer(dnsa);
84	gstring_release_unused(g);	81	gstring_release_unused(g);
85	return string_from_gstring(g);	82	return string_from_gstring(g);
86	}	83	}
87		84
88	if (g) g->ptr = 0; /* overwrite previous record */	85	g->ptr = 0; /* overwrite previous record */
89	}	86	}
90		87
91	bad:	88	bad:
92	store_reset(reset_point);	89	store_reset(reset_point);
		90	store_free_dns_answer(dnsa);
93	return NULL; /XXX better error detail? logging? /	91	return NULL; /XXX better error detail? logging? /
94	}	92	}
95		93
Lines 109-120 Link Here
109	{	107	{
110	dkim_exim_init();	108	dkim_exim_init();
111		109
112	/* There is a store-reset between header & body reception	110	/* There is a store-reset between header & body reception for the main pool
113	so cannot use the main pool. Any allocs done by Exim	111	(actually, after every header line) so cannot use that as we need the data we
114	memory-handling must use the perm pool. */	112	store per-header, during header processing, at the end of body reception
		113	for evaluating the signature. Any allocs done for dkim verify
		114	memory-handling must use a different pool. We use a separate one that we
		115	can reset per message. */
115		116
116	dkim_verify_oldpool = store_pool;	117	dkim_verify_oldpool = store_pool;
117	store_pool = POOL_PERM;	118	store_pool = POOL_MESSAGE;
118		119
119	/* Free previous context if there is one */	120	/* Free previous context if there is one */
120		121
Lines 127-145 Link Here
127	dkim_collect_input = dkim_verify_ctx ? DKIM_MAX_SIGNATURES : 0;	128	dkim_collect_input = dkim_verify_ctx ? DKIM_MAX_SIGNATURES : 0;
128	dkim_collect_error = NULL;	129	dkim_collect_error = NULL;
129		130
130	/* Start feed up with any cached data */	131	/* Start feed up with any cached data, but limited to message data */
131	receive_get_cache();	132	receive_get_cache(chunking_state == CHUNKING_LAST
		133	? chunking_data_left : GETC_BUFFER_UNLIMITED);
132		134
133	store_pool = dkim_verify_oldpool;	135	store_pool = dkim_verify_oldpool;
134	}	136	}
135		137
136		138
		139	/* Submit a chunk of data for verification input.
		140	Only use the data when the feed is activated. */
137	void	141	void
138	dkim_exim_verify_feed(uschar * data, int len)	142	dkim_exim_verify_feed(uschar * data, int len)
139	{	143	{
140	int rc;	144	int rc;
141		145
142	store_pool = POOL_PERM;	146	store_pool = POOL_MESSAGE;
143	if ( dkim_collect_input	147	if ( dkim_collect_input
144	&& (rc = pdkim_feed(dkim_verify_ctx, data, len)) != PDKIM_OK)	148	&& (rc = pdkim_feed(dkim_verify_ctx, data, len)) != PDKIM_OK)
145	{	149	{
Lines 305-311 Link Here
305	gstring * g = NULL;	309	gstring * g = NULL;
306	const uschar * errstr = NULL;	310	const uschar * errstr = NULL;
307		311
308	store_pool = POOL_PERM;	312	store_pool = POOL_MESSAGE;
309		313
310	/* Delete eventual previous signature chain */	314	/* Delete eventual previous signature chain */
311		315

Lines 2-9 Link Here

(-)exim.orig/src/dmarc.c (-23 / +36 lines)
2	* Exim - an Internet mail transport agent *	2	* Exim - an Internet mail transport agent *
3	*************************************************/	3	*************************************************/
4	/* DMARC support.	4	/* DMARC support.
		5	Copyright (c) The Exim Maintainers 2019 - 2022
5	Copyright (c) Todd Lyons <tlyons@exim.org> 2012 - 2014	6	Copyright (c) Todd Lyons <tlyons@exim.org> 2012 - 2014
6	Copyright (c) The Exim Maintainers 2019
7	License: GPL */	7	License: GPL */
8		8
9	/* Portions Copyright (c) 2012, 2013, The Trusted Domain Project;	9	/* Portions Copyright (c) 2012, 2013, The Trusted Domain Project;
Lines 51-71 Link Here
51	{ US"reject", DMARC_RECORD_P_REJECT },	51	{ US"reject", DMARC_RECORD_P_REJECT },
52	{ NULL, 0 }	52	{ NULL, 0 }
53	};	53	};
		54
		55
		56	gstring *
		57	dmarc_version_report(gstring * g)
		58	{
		59	return string_fmt_append(g, "Library version: dmarc: Compile: %d.%d.%d.%d\n",
		60	(OPENDMARC_LIB_VERSION & 0xff000000) >> 24, (OPENDMARC_LIB_VERSION & 0x00ff0000) >> 16,
		61	(OPENDMARC_LIB_VERSION & 0x0000ff00) >> 8, OPENDMARC_LIB_VERSION & 0x000000ff);
		62	}
		63
		64
54	/* Accept an error_block struct, initialize if empty, parse to the	65	/* Accept an error_block struct, initialize if empty, parse to the
55	* end, and append the two strings passed to it. Used for adding	66	end, and append the two strings passed to it. Used for adding
56	* variable amounts of value:pair data to the forensic emails. */	67	variable amounts of value:pair data to the forensic emails. */
57		68
58	static error_block *	69	static error_block *
59	add_to_eblock(error_block eblock, uschar t1, uschar *t2)	70	add_to_eblock(error_block eblock, uschar t1, uschar *t2)
60	{	71	{
61	error_block *eb = store_malloc(sizeof(error_block));	72	error_block *eb = store_malloc(sizeof(error_block));
62	if (eblock == NULL)	73	if (!eblock)
63	eblock = eb;	74	eblock = eb;
64	else	75	else
65	{	76	{
66	/* Find the end of the eblock struct and point it at eb */	77	/* Find the end of the eblock struct and point it at eb */
67	error_block *tmp = eblock;	78	error_block *tmp = eblock;
68	while(tmp->next != NULL)	79	while(tmp->next)
69	tmp = tmp->next;	80	tmp = tmp->next;
70	tmp->next = eb;	81	tmp->next = eb;
71	}	82	}
Lines 76-83 Link Here
76	}	87	}
77		88
78	/* dmarc_init sets up a context that can be re-used for several	89	/* dmarc_init sets up a context that can be re-used for several
79	messages on the same SMTP connection (that come from the	90	messages on the same SMTP connection (that come from the
80	same host with the same HELO string) */	91	same host with the same HELO string) */
81		92
82	int	93	int
83	dmarc_init()	94	dmarc_init()
Lines 218-224 Link Here
218	for (dns_record * rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS); rr;	229	for (dns_record * rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS); rr;
219	rr = dns_next_rr(dnsa, &dnss, RESET_NEXT))	230	rr = dns_next_rr(dnsa, &dnss, RESET_NEXT))
220	if (rr->type == T_TXT && rr->size > 3)	231	if (rr->type == T_TXT && rr->size > 3)
221	return string_copyn(US rr->data, rr->size);	232	{
		233	store_free_dns_answer(dnsa);
		234	return string_copyn_taint(US rr->data, rr->size, GET_TAINTED);
		235	}
		236	store_free_dns_answer(dnsa);
222	return NULL;	237	return NULL;
223	}	238	}
224		239
Lines 226-231 Link Here
226	static int	241	static int
227	dmarc_write_history_file()	242	dmarc_write_history_file()
228	{	243	{
		244	int history_file_fd;
		245	ssize_t written_len;
229	int tmp_ans;	246	int tmp_ans;
230	u_char *rua; / aggregate report addressees */	247	u_char *rua; / aggregate report addressees */
231	uschar *history_buffer = NULL;	248	uschar *history_buffer = NULL;
Lines 235-240 Link Here
235	DEBUG(D_receive) debug_printf("DMARC history file not set\n");	252	DEBUG(D_receive) debug_printf("DMARC history file not set\n");
236	return DMARC_HIST_DISABLED;	253	return DMARC_HIST_DISABLED;
237	}	254	}
		255	history_file_fd = log_open_as_exim(dmarc_history_file);
		256
		257	if (history_file_fd < 0)
		258	{
		259	log_write(0, LOG_MAIN\|LOG_PANIC, "failure to create DMARC history file: %s",
		260	dmarc_history_file);
		261	return DMARC_HIST_FILE_ERR;
		262	}
238		263
239	/* Generate the contents of the history file */	264	/* Generate the contents of the history file */
240	history_buffer = string_sprintf(	265	history_buffer = string_sprintf(
Lines 286-313 Link Here
286	}	311	}
287	else	312	else
288	{	313	{
289	ssize_t written_len;
290	const int history_file_fd = log_open_as_exim(dmarc_history_file);
291
292	if (history_file_fd < 0)
293	{
294	log_write(0, LOG_MAIN\|LOG_PANIC, "failure to create DMARC history file: %s",
295	dmarc_history_file);
296	return DMARC_HIST_FILE_ERR;
297	}
298
299	written_len = write_to_fd_buf(history_file_fd,	314	written_len = write_to_fd_buf(history_file_fd,
300	history_buffer,	315	history_buffer,
301	Ustrlen(history_buffer));	316	Ustrlen(history_buffer));
302		317	if (written_len == 0)
303	(void)close(history_file_fd);
304
305	if (written_len <= 0)
306	{	318	{
307	log_write(0, LOG_MAIN\|LOG_PANIC, "failure to write to DMARC history file: %s",	319	log_write(0, LOG_MAIN\|LOG_PANIC, "failure to write to DMARC history file: %s",
308	dmarc_history_file);	320	dmarc_history_file);
309	return DMARC_HIST_WRITE_ERR;	321	return DMARC_HIST_WRITE_ERR;
310	}	322	}
		323	(void)close(history_file_fd);
311	}	324	}
312	return DMARC_HIST_OK;	325	return DMARC_HIST_OK;
313	}	326	}
Lines 517-523 Link Here
517	/* Can't use exim's string manipulation functions so allocate memory	530	/* Can't use exim's string manipulation functions so allocate memory
518	for libopendmarc using its max hostname length definition. */	531	for libopendmarc using its max hostname length definition. */
519		532
520	dmarc_domain = store_get(DMARC_MAXHOSTNAMELEN, TRUE);	533	dmarc_domain = store_get(DMARC_MAXHOSTNAMELEN, GET_TAINTED);
521	libdm_status = opendmarc_policy_fetch_utilized_domain(dmarc_pctx,	534	libdm_status = opendmarc_policy_fetch_utilized_domain(dmarc_pctx,
522	dmarc_domain, DMARC_MAXHOSTNAMELEN-1);	535	dmarc_domain, DMARC_MAXHOSTNAMELEN-1);
523	store_release_above(dmarc_domain + Ustrlen(dmarc_domain)+1);	536	store_release_above(dmarc_domain + Ustrlen(dmarc_domain)+1);

Lines 3-8 Link Here

(-)exim.orig/src/dmarc.h (-3 / +2 lines)
3	*************************************************/	3	*************************************************/
4		4
5	/* Experimental DMARC support.	5	/* Experimental DMARC support.
		6	Copyright (c) The Exim Maintainers 2021 - 2022
6	Copyright (c) Todd Lyons <tlyons@exim.org> 2012 - 2014	7	Copyright (c) Todd Lyons <tlyons@exim.org> 2012 - 2014
7	License: GPL */	8	License: GPL */
8		9
Lines 17-31 Link Here
17	# endif /* SUPPORT_SPF */	18	# endif /* SUPPORT_SPF */
18		19
19	/* prototypes */	20	/* prototypes */
		21	gstring * dmarc_version_report(gstring *);
20	int dmarc_init();	22	int dmarc_init();
21	int dmarc_store_data(header_line *);	23	int dmarc_store_data(header_line *);
22	int dmarc_process();	24	int dmarc_process();
23	uschar *dmarc_exim_expand_query(int);	25	uschar *dmarc_exim_expand_query(int);
24	uschar *dmarc_exim_expand_defaults(int);	26	uschar *dmarc_exim_expand_defaults(int);
25	uschar dmarc_auth_results_header(header_line ,uschar *);
26	static int dmarc_write_history_file();
27		27
28	#define DMARC_AR_HEADER US"Authentication-Results:"
29	#define DMARC_VERIFY_STATUS 1	28	#define DMARC_VERIFY_STATUS 1
30		29
31	#define DMARC_HIST_OK 1	30	#define DMARC_HIST_OK 1

Lines 2-9 Link Here

(-)exim.orig/src/dns.c (-61 / +49 lines)
2	* Exim - an Internet mail transport agent *	2	* Exim - an Internet mail transport agent *
3	*************************************************/	3	*************************************************/
4		4
		5	/* Copyright (c) The Exim Maintainers 2020 - 2022 */
5	/* Copyright (c) University of Cambridge 1995 - 2018 */	6	/* Copyright (c) University of Cambridge 1995 - 2018 */
6	/* Copyright (c) The Exim Maintainers 2020 */
7	/* See the file NOTICE for conditions of use and distribution. */	7	/* See the file NOTICE for conditions of use and distribution. */
8		8
9	/* Functions for interfacing with the DNS. */	9	/* Functions for interfacing with the DNS. */
Lines 258-264 Link Here
258	{	258	{
259	int v6[4];	259	int v6[4];
260		260
261	g = string_get_tainted(32, is_tainted(string));	261	g = string_get_tainted(32, string);
262	(void)host_aton(string, v6);	262	(void)host_aton(string, v6);
263		263
264	/* The original specification for IPv6 reverse lookup was to invert each	264	/* The original specification for IPv6 reverse lookup was to invert each
Lines 334-340 Link Here
334	#ifdef rr_trace	334	#ifdef rr_trace
335	# define TRACE DEBUG(D_dns)	335	# define TRACE DEBUG(D_dns)
336	#else	336	#else
337	trace = trace;
338	# define TRACE if (FALSE)	337	# define TRACE if (FALSE)
339	#endif	338	#endif
340		339
Lines 638-644 Link Here
638	e = previous->data.ptr;	637	e = previous->data.ptr;
639	else	638	else
640	{	639	{
641	e = store_get_perm(DNS_FAILNODE_SIZE, is_tainted(name));	640	e = store_get_perm(DNS_FAILNODE_SIZE, name);
642	new = (void *)(e+1);	641	new = (void *)(e+1);
643	dns_fail_tag(new->name, name, type);	642	dns_fail_tag(new->name, name, type);
644	new->data.ptr = e;	643	new->data.ptr = e;
Lines 672-684 Link Here
672	val = e->data.val;	671	val = e->data.val;
673	rc = e->expiry && e->expiry <= time(NULL) ? -1 : val;	672	rc = e->expiry && e->expiry <= time(NULL) ? -1 : val;
674		673
675	DEBUG(D_dns) debug_printf("DNS lookup of %.255s-%s: %scached value %s%s\n",	674	DEBUG(D_dns) debug_printf("DNS lookup of %.255s (%s): %scached value %s%s\n",
676	name, dns_text_type(type),	675	name, dns_text_type(type),
677	rc == -1 ? "" : "using ",	676	rc == -1 ? "" : "using ",
678	val == DNS_NOMATCH ? "DNS_NOMATCH" :	677	dns_rc_names[val],
679	val == DNS_NODATA ? "DNS_NODATA" :
680	val == DNS_AGAIN ? "DNS_AGAIN" :
681	val == DNS_FAIL ? "DNS_FAIL" : "??",
682	rc == -1 ? " past valid time" : "");	678	rc == -1 ? " past valid time" : "");
683		679
684	return rc;	680	return rc;
Lines 695-703 Link Here
695	replacement value. (The only way to fix this properly would be to	691	replacement value. (The only way to fix this properly would be to
696	re-implement res_search() and res_query() so that they don't muddle their	692	re-implement res_search() and res_query() so that they don't muddle their
697	success and packet length return values.) For added safety we only reset	693	success and packet length return values.) For added safety we only reset
698	the packet length if the packet header looks plausible. */	694	the packet length if the packet header looks plausible.
699		695
700	static void	696	Return TRUE iff it seemed ok */
		697
		698	static BOOL
701	fake_dnsa_len_for_fail(dns_answer * dnsa, int type)	699	fake_dnsa_len_for_fail(dns_answer * dnsa, int type)
702	{	700	{
703	const HEADER * h = (const HEADER *)dnsa->answer;	701	const HEADER * h = (const HEADER *)dnsa->answer;
Lines 714-720 Link Here
714	DEBUG(D_dns) debug_printf("faking res_search(%s) response length as %d\n",	712	DEBUG(D_dns) debug_printf("faking res_search(%s) response length as %d\n",
715	dns_text_type(type), (int)sizeof(dnsa->answer));	713	dns_text_type(type), (int)sizeof(dnsa->answer));
716	dnsa->answerlen = sizeof(dnsa->answer);	714	dnsa->answerlen = sizeof(dnsa->answer);
		715	return TRUE;
717	}	716	}
		717	DEBUG(D_dns) debug_printf("DNS: couldn't fake dnsa len\n");
		718	/* Maybe we should just do a second lookup for an SOA? */
		719	return FALSE;
718	}	720	}
719		721
720		722
Lines 728-764 Link Here
728	{	730	{
729	dns_scan dnss;	731	dns_scan dnss;
730		732
731	fake_dnsa_len_for_fail(dnsa, type);	733	if (fake_dnsa_len_for_fail(dnsa, type))
		734	for (dns_record * rr = dns_next_rr(dnsa, &dnss, RESET_AUTHORITY);
		735	rr; rr = dns_next_rr(dnsa, &dnss, RESET_NEXT)
		736	) if (rr->type == T_SOA)
		737	{
		738	const uschar * p = rr->data;
		739	uschar discard_buf[256];
		740	int len;
		741	unsigned long ttl;
		742
		743	/* Skip the mname & rname strings */
		744
		745	if ((len = dn_expand(dnsa->answer, dnsa->answer + dnsa->answerlen,
		746	p, (DN_EXPAND_ARG4_TYPE)discard_buf, 256)) < 0)
		747	break;
		748	p += len;
		749	if ((len = dn_expand(dnsa->answer, dnsa->answer + dnsa->answerlen,
		750	p, (DN_EXPAND_ARG4_TYPE)discard_buf, 256)) < 0)
		751	break;
		752	p += len;
		753
		754	/* Skip the SOA serial, refresh, retry & expire. Grab the TTL */
		755
		756	if (p > dnsa->answer + dnsa->answerlen - 5 * INT32SZ)
		757	break;
		758	p += 4 * INT32SZ;
		759	GETLONG(ttl, p);
732		760
733	for (dns_record * rr = dns_next_rr(dnsa, &dnss, RESET_AUTHORITY);	761	return time(NULL) + ttl;
734	rr; rr = dns_next_rr(dnsa, &dnss, RESET_NEXT)	762	}
735	) if (rr->type == T_SOA)
736	{
737	const uschar * p = rr->data;
738	uschar discard_buf[256];
739	int len;
740	unsigned long ttl;
741
742	/* Skip the mname & rname strings */
743
744	if ((len = dn_expand(dnsa->answer, dnsa->answer + dnsa->answerlen,
745	p, (DN_EXPAND_ARG4_TYPE)discard_buf, 256)) < 0)
746	break;
747	p += len;
748	if ((len = dn_expand(dnsa->answer, dnsa->answer + dnsa->answerlen,
749	p, (DN_EXPAND_ARG4_TYPE)discard_buf, 256)) < 0)
750	break;
751	p += len;
752
753	/* Skip the SOA serial, refresh, retry & expire. Grab the TTL */
754
755	if (p > dnsa->answer + dnsa->answerlen - 5 * INT32SZ)
756	break;
757	p += 4 * INT32SZ;
758	GETLONG(ttl, p);
759		763
760	return time(NULL) + ttl;
761	}
762	DEBUG(D_dns) debug_printf("DNS: no SOA record found for neg-TTL\n");	764	DEBUG(D_dns) debug_printf("DNS: no SOA record found for neg-TTL\n");
763	return 0;	765	return 0;
764	}	766	}
Lines 848-858 Link Here
848		850
849	if (check_dns_names_pattern[0] != 0 && type != T_PTR && type != T_TXT)	851	if (check_dns_names_pattern[0] != 0 && type != T_PTR && type != T_TXT)
850	{	852	{
851	int ovector[3*(EXPAND_MAXN+1)];
852
853	dns_pattern_init();	853	dns_pattern_init();
854	if (pcre_exec(regex_check_dns_names, NULL, CCS name, Ustrlen(name),	854	if (!regex_match(regex_check_dns_names, name, -1, NULL))
855	0, PCRE_EOPT, ovector, nelem(ovector)) < 0)
856	{	855	{
857	DEBUG(D_dns)	856	DEBUG(D_dns)
858	debug_printf("DNS name syntax check failed: %s (%s)\n", name,	857	debug_printf("DNS name syntax check failed: %s (%s)\n", name,
Lines 1066-1072 Link Here
1066	return DNS_FAIL;	1065	return DNS_FAIL;
1067		1066
1068	/* DNS data comes from the outside, hence tainted */	1067	/* DNS data comes from the outside, hence tainted */
1069	data = store_get(256, TRUE);	1068	data = store_get(256, GET_TAINTED);
1070	if (dn_expand(dnsa->answer, dnsa->answer + dnsa->answerlen,	1069	if (dn_expand(dnsa->answer, dnsa->answer + dnsa->answerlen,
1071	cname_rr.data, (DN_EXPAND_ARG4_TYPE)data, 256) < 0)	1070	cname_rr.data, (DN_EXPAND_ARG4_TYPE)data, 256) < 0)
1072	return DNS_FAIL;	1071	return DNS_FAIL;
Lines 1149-1155 Link Here
1149	case T_CSA:	1148	case T_CSA:
1150	{	1149	{
1151	uschar srvname, namesuff, *tld;	1150	uschar srvname, namesuff, *tld;
1152	int priority, weight, port;	1151	int priority, dummy_weight, port;
1153	int limit, rc, i;	1152	int limit, rc, i;
1154	BOOL ipv6;	1153	BOOL ipv6;
1155	dns_record *rr;	1154	dns_record *rr;
Lines 1203-1220 Link Here
1203	If the TLD and the 2LD exist but the explicit CSA record lookup failed, then	1202	If the TLD and the 2LD exist but the explicit CSA record lookup failed, then
1204	the AUTHORITY SOA will be the 2LD's or a subdomain thereof. */	1203	the AUTHORITY SOA will be the 2LD's or a subdomain thereof. */
1205		1204
1206	if (rc == DNS_NOMATCH)	1205	if (rc == DNS_NOMATCH) return DNS_NOMATCH;
1207	{
1208	fake_dnsa_len_for_fail(dnsa, T_CSA);
1209
1210	for (rr = dns_next_rr(dnsa, &dnss, RESET_AUTHORITY);
1211	rr; rr = dns_next_rr(dnsa, &dnss, RESET_NEXT)
1212	)
1213	if (rr->type != T_SOA) continue;
1214	else if (strcmpic(rr->name, US"") == 0 \|\|
1215	strcmpic(rr->name, tld) == 0) return DNS_NOMATCH;
1216	else break;
1217	}
1218		1206
1219	for (i = 0; i < limit; i++)	1207	for (i = 0; i < limit; i++)
1220	{	1208	{
Lines 1249-1255 Link Here
1249		1237
1250	/* Extract the numerical SRV fields (p is incremented) */	1238	/* Extract the numerical SRV fields (p is incremented) */
1251	GETSHORT(priority, p);	1239	GETSHORT(priority, p);
1252	GETSHORT(weight, p); weight = weight; /* compiler quietening */	1240	GETSHORT(dummy_weight, p);
1253	GETSHORT(port, p);	1241	GETSHORT(port, p);
1254		1242
1255	/* Check the CSA version number */	1243	/* Check the CSA version number */
Lines 1305-1311 Link Here
1305	if (p + 4 <= dnsa_lim)	1293	if (p + 4 <= dnsa_lim)
1306	{	1294	{
1307	/* the IP is not regarded as tainted */	1295	/* the IP is not regarded as tainted */
1308	yield = store_get(sizeof(dns_address) + 20, FALSE);	1296	yield = store_get(sizeof(dns_address) + 20, GET_UNTAINTED);
1309	(void)sprintf(CS yield->address, "%d.%d.%d.%d", p[0], p[1], p[2], p[3]);	1297	(void)sprintf(CS yield->address, "%d.%d.%d.%d", p[0], p[1], p[2], p[3]);
1310	yield->next = NULL;	1298	yield->next = NULL;
1311	}	1299	}
Lines 1319-1325 Link Here
1319	{	1307	{
1320	struct in6_addr in6;	1308	struct in6_addr in6;
1321	for (int i = 0; i < 16; i++) in6.s6_addr[i] = rr->data[i];	1309	for (int i = 0; i < 16; i++) in6.s6_addr[i] = rr->data[i];
1322	yield = store_get(sizeof(dns_address) + 50, FALSE);	1310	yield = store_get(sizeof(dns_address) + 50, GET_UNTAINTED);
1323	inet_ntop(AF_INET6, &in6, CS yield->address, 50);	1311	inet_ntop(AF_INET6, &in6, CS yield->address, 50);
1324	yield->next = NULL;	1312	yield->next = NULL;
1325	}	1313	}