summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--doc/doc-docbook/spec.xfpt9
-rw-r--r--doc/doc-txt/NewStuff3
-rw-r--r--src/src/verify.c21
-rw-r--r--test/scripts/0000-Basic/04739
-rw-r--r--test/stdout/04739
5 files changed, 51 insertions, 0 deletions
diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index ef8fc6836..b6fd9e10f 100644
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -33620,6 +33620,15 @@ output before performing a callout in an ACL, to avoid unexpected timeouts in
clients when the SMTP PIPELINING extension is in use. The flushing can be
disabled by using a &%control%& modifier to set &%no_callout_flush%&.
+.new
+.cindex "tainted data" "de-tainting"
+.cindex "de-tainting" "using receipient verify"
+A recipient callout which gets a 2&'xx'& code
+will assign untainted values to the
+&$domain_data$& and &$local_part_data$& variables,
+corresponding to the domain and local parts of the recipient address.
+.wen
+
diff --git a/doc/doc-txt/NewStuff b/doc/doc-txt/NewStuff
index 11004e33a..2986b2cdd 100644
--- a/doc/doc-txt/NewStuff
+++ b/doc/doc-txt/NewStuff
@@ -27,6 +27,9 @@ Version 4.96
the expansion of the "true" result of the ${if}. With a static list, this
can be used for de-tainting.
+ 8. Recipient verify callouts now set $domain_data & $local_part_data, with
+ de-tainted values.
+
Version 4.95
------------
diff --git a/src/src/verify.c b/src/src/verify.c
index 82fae89c1..b4c2b9a8f 100644
--- a/src/src/verify.c
+++ b/src/src/verify.c
@@ -445,6 +445,21 @@ return done;
}
+
+
+/* A rcpt callout, or cached record of one, verified the address.
+Set $domain_data and $local_part_data to detainted versions.
+*/
+static void
+callout_verified_rcpt(const address_item * addr)
+{
+address_item a = {.address = addr->address};
+if (deliver_split_address(&a) != OK) return;
+deliver_localpart_data = string_copy_taint(a.local_part, GET_UNTAINTED);
+deliver_domain_data = string_copy_taint(a.domain, GET_UNTAINTED);
+}
+
+
/*************************************************
* Do callout verification for an address *
*************************************************/
@@ -1952,6 +1967,12 @@ while (addr_new)
#ifndef DISABLE_TLS
deliver_set_expansions(NULL);
#endif
+ if ( options & vopt_is_recipient
+ && rc == OK
+ /* set to "random", with OK, for an accepted random */
+ && !recipient_verify_failure
+ )
+ callout_verified_rcpt(addr);
}
}
else if (local_verify)
diff --git a/test/scripts/0000-Basic/0473 b/test/scripts/0000-Basic/0473
index df613c4b7..4392c7e33 100644
--- a/test/scripts/0000-Basic/0473
+++ b/test/scripts/0000-Basic/0473
@@ -94,6 +94,7 @@ RCPT TO
QUIT
250 OK
****
+# A rcpt refusal
exim -bs
ehlo xxxx
mail from:<x9@test.ex>
@@ -143,6 +144,7 @@ RCPT TO
QUIT
250 OK
****
+# an accepted random
exim -DUSE_SENDER=,defer_ok,random,use_postmaster -bs
ehlo xxxx
mail from: x11@two.test.ex
@@ -150,6 +152,13 @@ rcpt to: r11@two.test.ex
quit
****
dump callout
+# repeat from cache
+exim -DUSE_SENDER=,defer_ok,random,use_postmaster -bs
+ehlo xxxx
+mail from: x11@two.test.ex
+rcpt to: r11@two.test.ex
+quit
+****
#
# callout target dumps after random-reject
server PORT_S 2
diff --git a/test/stdout/0473 b/test/stdout/0473
index eda29bd92..7ac03f12a 100644
--- a/test/stdout/0473
+++ b/test/stdout/0473
@@ -110,6 +110,15 @@
250 OK
250 Accepted
221 the.local.host.name closing connection
+220 the.local.host.name ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
+250-the.local.host.name Hello CALLER at xxxx
+250-SIZE 52428800
+250-8BITMIME
+250-PIPELINING
+250 HELP
+250 OK
+250 Accepted
+221 the.local.host.name closing connection
+++++++++++++++++++++++++++
07-Mar-2000 12:21:52 other.ex callout=accept postmaster=unknown random=unknown
07-Mar-2000 12:21:52 r12@three.test.ex callout=accept