diff options
author | Philip Hazel <ph10@hermes.cam.ac.uk> | 2006-09-18 14:49:23 +0000 |
---|---|---|
committer | Philip Hazel <ph10@hermes.cam.ac.uk> | 2006-09-18 14:49:23 +0000 |
commit | d45b1de81aa47cef4ca098a4b2725d855b154162 (patch) | |
tree | f21b3801fc83f7cb8d058829b51e10bf1a8043c2 /src | |
parent | ddfcd446e8b9bdb55a17d6b950bf55c736505a9e (diff) |
Check for overflow in numeric expansion conditions; forbid negative
values for message_size_limit.
Diffstat (limited to 'src')
-rw-r--r-- | src/src/deliver.c | 6 | ||||
-rw-r--r-- | src/src/exim.c | 6 | ||||
-rw-r--r-- | src/src/expand.c | 38 | ||||
-rw-r--r-- | src/src/functions.h | 4 | ||||
-rw-r--r-- | src/src/smtp_in.c | 6 |
5 files changed, 26 insertions, 34 deletions
diff --git a/src/src/deliver.c b/src/src/deliver.c index fdff07414..33c8b85ae 100644 --- a/src/src/deliver.c +++ b/src/src/deliver.c @@ -1,4 +1,4 @@ -/* $Cambridge: exim/src/src/deliver.c,v 1.35 2006/07/04 09:07:20 ph10 Exp $ */ +/* $Cambridge: exim/src/src/deliver.c,v 1.36 2006/09/18 14:49:23 ph10 Exp $ */ /************************************************* * Exim - an Internet mail transport agent * @@ -1433,10 +1433,10 @@ int rc = OK; int size_limit; deliver_set_expansions(addr); -size_limit = expand_string_integer(tp->message_size_limit); +size_limit = expand_string_integer(tp->message_size_limit, TRUE); deliver_set_expansions(NULL); -if (size_limit < 0) +if (expand_string_message != NULL) { rc = DEFER; if (size_limit == -1) diff --git a/src/src/exim.c b/src/src/exim.c index 8c5c23eff..d209b767e 100644 --- a/src/src/exim.c +++ b/src/src/exim.c @@ -1,4 +1,4 @@ -/* $Cambridge: exim/src/src/exim.c,v 1.42 2006/07/27 10:13:52 ph10 Exp $ */ +/* $Cambridge: exim/src/src/exim.c,v 1.43 2006/09/18 14:49:23 ph10 Exp $ */ /************************************************* * Exim - an Internet mail transport agent * @@ -4444,8 +4444,8 @@ if (smtp_input) else { - thismessage_size_limit = expand_string_integer(message_size_limit); - if (thismessage_size_limit < 0) + thismessage_size_limit = expand_string_integer(message_size_limit, TRUE); + if (expand_string_message != NULL) { if (thismessage_size_limit == -1) log_write(0, LOG_MAIN|LOG_PANIC_DIE, "failed to expand " diff --git a/src/src/expand.c b/src/src/expand.c index 5da6f99b8..1517c0625 100644 --- a/src/src/expand.c +++ b/src/src/expand.c @@ -1,4 +1,4 @@ -/* $Cambridge: exim/src/src/expand.c,v 1.59 2006/09/05 14:05:43 ph10 Exp $ */ +/* $Cambridge: exim/src/src/expand.c,v 1.60 2006/09/18 14:49:23 ph10 Exp $ */ /************************************************* * Exim - an Internet mail transport agent * @@ -1893,25 +1893,8 @@ switch(cond_type) if (!isalpha(name[0])) { - uschar *endptr; - num[i] = (int)Ustrtol((const uschar *)sub[i], &endptr, 10); - if (tolower(*endptr) == 'k') - { - num[i] *= 1024; - endptr++; - } - else if (tolower(*endptr) == 'm') - { - num[i] *= 1024*1024; - endptr++; - } - while (isspace(*endptr)) endptr++; - if (*endptr != 0) - { - expand_string_message = string_sprintf("\"%s\" is not a number", - sub[i]); - return NULL; - } + num[i] = expand_string_integer(sub[i], FALSE); + if (expand_string_message != NULL) return NULL; } } @@ -5260,22 +5243,26 @@ return yield; /* Expand a string, and convert the result into an integer. -Argument: the string to be expanded +Arguments: + string the string to be expanded + isplus TRUE if a non-negative number is expected Returns: the integer value, or -1 for an expansion error ) in both cases, message in -2 for an integer interpretation error ) expand_string_message - + expand_string_message is set NULL for an OK integer */ int -expand_string_integer(uschar *string) +expand_string_integer(uschar *string, BOOL isplus) { long int value; uschar *s = expand_string(string); uschar *msg = US"invalid integer \"%s\""; uschar *endptr; +/* If expansion failed, expand_string_message will be set. */ + if (s == NULL) return -1; /* On an overflow, strtol() returns LONG_MAX or LONG_MIN, and sets errno @@ -5283,12 +5270,17 @@ to ERANGE. When there isn't an overflow, errno is not changed, at least on some systems, so we set it zero ourselves. */ errno = 0; +expand_string_message = NULL; /* Indicates no error */ value = strtol(CS s, CSS &endptr, 0); if (endptr == s) { msg = US"integer expected but \"%s\" found"; } +else if (value < 0 && isplus) + { + msg = US"non-negative integer expected but \"%s\" found"; + } else { /* Ensure we can cast this down to an int */ diff --git a/src/src/functions.h b/src/src/functions.h index 32b3d2d24..eb1a7a5b4 100644 --- a/src/src/functions.h +++ b/src/src/functions.h @@ -1,4 +1,4 @@ -/* $Cambridge: exim/src/src/functions.h,v 1.25 2006/07/13 13:53:33 ph10 Exp $ */ +/* $Cambridge: exim/src/src/functions.h,v 1.26 2006/09/18 14:49:23 ph10 Exp $ */ /************************************************* * Exim - an Internet mail transport agent * @@ -97,7 +97,7 @@ extern void exim_wait_tick(struct timeval *, int); extern BOOL expand_check_condition(uschar *, uschar *, uschar *); extern uschar *expand_string(uschar *); extern uschar *expand_string_copy(uschar *); -extern int expand_string_integer(uschar *); +extern int expand_string_integer(uschar *, BOOL); extern int filter_interpret(uschar *, int, address_item **, uschar **); extern BOOL filter_personal(string_item *, BOOL); diff --git a/src/src/smtp_in.c b/src/src/smtp_in.c index 3b1f6a33e..6c27c15de 100644 --- a/src/src/smtp_in.c +++ b/src/src/smtp_in.c @@ -1,4 +1,4 @@ -/* $Cambridge: exim/src/src/smtp_in.c,v 1.41 2006/07/27 11:29:32 ph10 Exp $ */ +/* $Cambridge: exim/src/src/smtp_in.c,v 1.42 2006/09/18 14:49:23 ph10 Exp $ */ /************************************************* * Exim - an Internet mail transport agent * @@ -1211,8 +1211,8 @@ smtp_had_eof = smtp_had_error = 0; /* Set up the message size limit; this may be host-specific */ -thismessage_size_limit = expand_string_integer(message_size_limit); -if (thismessage_size_limit < 0) +thismessage_size_limit = expand_string_integer(message_size_limit, TRUE); +if (expand_string_message != NULL) { if (thismessage_size_limit == -1) log_write(0, LOG_MAIN|LOG_PANIC, "unable to expand message_size_limit: " |