summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJeremy Harris <jgh146exb@wizmail.org>2020-06-17 16:14:16 +0100
committerJeremy Harris <jgh146exb@wizmail.org>2020-06-17 16:23:58 +0100
commit16e85f16476e21b373881c8d00863d9248476fea (patch)
tree541fc48ff3ab0ac996af0210b83b54debce12901
parentf5fcf66cf3e995321ff69672ed9412e0bf60fb7c (diff)
Taint: treat $message_body & $message_body_end as tainted
-rw-r--r--src/src/expand.c8
-rw-r--r--src/src/smtp_in.c35
2 files changed, 14 insertions, 29 deletions
diff --git a/src/src/expand.c b/src/src/expand.c
index 34e32325e..f7e9e5c25 100644
--- a/src/src/expand.c
+++ b/src/src/expand.c
@@ -1984,11 +1984,12 @@ switch (vp->type)
ss = (uschar **)(val);
if (!*ss && deliver_datafile >= 0) /* Read body when needed */
{
- uschar *body;
+ uschar * body;
off_t start_offset = SPOOL_DATA_START_OFFSET;
int len = message_body_visible;
+
if (len > message_size) len = message_size;
- *ss = body = store_malloc(len+1);
+ *ss = body = store_get(len+1, TRUE);
body[0] = 0;
if (vp->type == vtype_msgbody_end)
{
@@ -2003,8 +2004,7 @@ switch (vp->type)
if (lseek(deliver_datafile, start_offset, SEEK_SET) < 0)
log_write(0, LOG_MAIN|LOG_PANIC_DIE, "deliver_datafile lseek: %s",
strerror(errno));
- len = read(deliver_datafile, body, len);
- if (len > 0)
+ if ((len = read(deliver_datafile, body, len)) > 0)
{
body[len] = 0;
if (message_body_newlines) /* Separate loops for efficiency */
diff --git a/src/src/smtp_in.c b/src/src/smtp_in.c
index 09586c335..39f519994 100644
--- a/src/src/smtp_in.c
+++ b/src/src/smtp_in.c
@@ -2045,22 +2045,23 @@ rcpt_count = rcpt_defer_count = rcpt_fail_count =
raw_recipients_count = recipients_count = recipients_list_max = 0;
message_linecount = 0;
message_size = -1;
+message_body = message_body_end = NULL;
acl_added_headers = NULL;
acl_removed_headers = NULL;
f.queue_only_policy = FALSE;
rcpt_smtp_response = NULL;
fl.rcpt_smtp_response_same = TRUE;
fl.rcpt_in_progress = FALSE;
-f.deliver_freeze = FALSE; /* Can be set by ACL */
-freeze_tell = freeze_tell_config; /* Can be set by ACL */
-fake_response = OK; /* Can be set by ACL */
+f.deliver_freeze = FALSE; /* Can be set by ACL */
+freeze_tell = freeze_tell_config; /* Can be set by ACL */
+fake_response = OK; /* Can be set by ACL */
#ifdef WITH_CONTENT_SCAN
-f.no_mbox_unspool = FALSE; /* Can be set by ACL */
+f.no_mbox_unspool = FALSE; /* Can be set by ACL */
#endif
-f.submission_mode = FALSE; /* Can be set by ACL */
+f.submission_mode = FALSE; /* Can be set by ACL */
f.suppress_local_fixups = f.suppress_local_fixups_default; /* Can be set by ACL */
-f.active_local_from_check = local_from_check; /* Can be set by ACL */
-f.active_local_sender_retain = local_sender_retain; /* Can be set by ACL */
+f.active_local_from_check = local_from_check; /* Can be set by ACL */
+f.active_local_sender_retain = local_sender_retain; /* Can be set by ACL */
sending_ip_address = NULL;
return_path = sender_address = NULL;
deliver_localpart_data = deliver_domain_data =
@@ -2069,7 +2070,7 @@ recipient_verify_failure = NULL;
deliver_localpart_parent = deliver_localpart_orig = NULL;
deliver_domain_parent = deliver_domain_orig = NULL;
callout_address = NULL;
-submission_name = NULL; /* Can be set by ACL */
+submission_name = NULL; /* Can be set by ACL */
raw_sender = NULL; /* After SMTP rewrite, before qualifying */
sender_address_unrewritten = NULL; /* Set only after verify rewrite */
sender_verified_list = NULL; /* No senders verified */
@@ -2123,23 +2124,7 @@ ratelimiters_mail = NULL; /* Updated by ratelimit ACL condition */
acl_var_m = NULL;
-/* The message body variables use malloc store. They may be set if this is
-not the first message in an SMTP session and the previous message caused them
-to be referenced in an ACL. */
-
-if (message_body)
- {
- store_free(message_body);
- message_body = NULL;
- }
-
-if (message_body_end)
- {
- store_free(message_body_end);
- message_body_end = NULL;
- }
-
-/* Warning log messages are also saved in malloc store. They are saved to avoid
+/* Warning log messages are saved in malloc store. They are saved to avoid
repetition in the same message, but it seems right to repeat them for different
messages. */