diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/src/configure.default | 2 | ||||
-rw-r--r-- | src/src/deliver.c | 3 | ||||
-rw-r--r-- | src/src/expand.c | 36 | ||||
-rw-r--r-- | src/src/receive.c | 7 | ||||
-rw-r--r-- | src/src/route.c | 14 | ||||
-rw-r--r-- | src/src/tls-gnu.c | 3 | ||||
-rw-r--r-- | src/src/tls-openssl.c | 7 | ||||
-rw-r--r-- | src/src/tlscert-openssl.c | 13 | ||||
-rw-r--r-- | src/src/transports/smtp.c | 41 |
9 files changed, 68 insertions, 58 deletions
diff --git a/src/src/configure.default b/src/src/configure.default index b828ca20a..1dc9b913d 100644 --- a/src/src/configure.default +++ b/src/src/configure.default @@ -154,7 +154,7 @@ acl_smtp_data = acl_check_data # tls_privatekey = /etc/ssl/exim.pem # For OpenSSL, prefer EC- over RSA-authenticated ciphers -# tls_require_ciphers = ECDSA:RSA:!COMPLEMENTOFDEFAILT +# tls_require_ciphers = ECDSA:RSA:!COMPLEMENTOFDEFAULT # In order to support roaming users who wish to send email from anywhere, # you may want to make Exim listen on other ports as well as port 25, in diff --git a/src/src/deliver.c b/src/src/deliver.c index a7f561c9c..de552f4cc 100644 --- a/src/src/deliver.c +++ b/src/src/deliver.c @@ -8551,8 +8551,11 @@ if (cutthrough.fd >= 0 && cutthrough.callout_hold_only) goto fail; else if (pid == 0) /* child: fork again to totally disconnect */ + { + if (running_in_test_harness) millisleep(100); /* let parent debug out */ /* does not return */ smtp_proxy_tls(big_buffer, big_buffer_size, pfd, 5*60); + } DEBUG(D_transport) debug_printf("proxy-proc inter-pid %d\n", pid); close(pfd[0]); diff --git a/src/src/expand.c b/src/src/expand.c index f44ddf8b8..e754fbc8c 100644 --- a/src/src/expand.c +++ b/src/src/expand.c @@ -17,22 +17,22 @@ static uschar *expand_string_internal(const uschar *, BOOL, const uschar **, BOO static int_eximarith_t expanded_string_integer(const uschar *, BOOL); #ifdef STAND_ALONE -#ifndef SUPPORT_CRYPTEQ -#define SUPPORT_CRYPTEQ -#endif +# ifndef SUPPORT_CRYPTEQ +# define SUPPORT_CRYPTEQ +# endif #endif #ifdef LOOKUP_LDAP -#include "lookups/ldap.h" +# include "lookups/ldap.h" #endif #ifdef SUPPORT_CRYPTEQ -#ifdef CRYPT_H -#include <crypt.h> -#endif -#ifndef HAVE_CRYPT16 +# ifdef CRYPT_H +# include <crypt.h> +# endif +# ifndef HAVE_CRYPT16 extern char* crypt16(char*, char*); -#endif +# endif #endif /* The handling of crypt16() is a mess. I will record below the analysis of the @@ -4494,25 +4494,25 @@ while (*s != 0) if (skipping) continue; /* sub_arg[0] is the address */ - domain = Ustrrchr(sub_arg[0],'@'); - if ( (domain == NULL) || (domain == sub_arg[0]) || (Ustrlen(domain) == 1) ) + if ( !(domain = Ustrrchr(sub_arg[0],'@')) + || domain == sub_arg[0] || Ustrlen(domain) == 1) { expand_string_message = US"prvs first argument must be a qualified email address"; goto EXPAND_FAILED; } - /* Calculate the hash. The second argument must be a single-digit + /* Calculate the hash. The third argument must be a single-digit key number, or unset. */ - if (sub_arg[2] != NULL && - (!isdigit(sub_arg[2][0]) || sub_arg[2][1] != 0)) + if ( sub_arg[2] + && (!isdigit(sub_arg[2][0]) || sub_arg[2][1] != 0)) { - expand_string_message = US"prvs second argument must be a single digit"; + expand_string_message = US"prvs third argument must be a single digit"; goto EXPAND_FAILED; } - p = prvs_hmac_sha1(sub_arg[0],sub_arg[1],sub_arg[2],prvs_daystamp(7)); - if (p == NULL) + p = prvs_hmac_sha1(sub_arg[0], sub_arg[1], sub_arg[2], prvs_daystamp(7)); + if (!p) { expand_string_message = US"prvs hmac-sha1 conversion failed"; goto EXPAND_FAILED; @@ -4628,7 +4628,7 @@ while (*s != 0) prvscheck_result = US"1"; DEBUG(D_expand) debug_printf_indent("prvscheck: success, $pvrs_result set to 1\n"); } - else + else { prvscheck_result = NULL; DEBUG(D_expand) debug_printf_indent("prvscheck: signature expired, $pvrs_result unset\n"); diff --git a/src/src/receive.c b/src/src/receive.c index e7e518a92..d9b500102 100644 --- a/src/src/receive.c +++ b/src/src/receive.c @@ -1810,8 +1810,8 @@ for (;;) (and sometimes lunatic messages can have ones that are 100s of K long) we call store_release() for strings that have been copied - if the string is at the start of a block (and therefore the only thing in it, because we aren't - doing any other gets), the block gets freed. We can only do this because we - know there are no other calls to store_get() going on. */ + doing any other gets), the block gets freed. We can only do this release if + there were no allocations since the once that we want to free. */ if (ptr >= header_size - 4) { @@ -1820,9 +1820,10 @@ for (;;) header_size *= 2; if (!store_extend(next->text, oldsize, header_size)) { + BOOL release_ok = store_last_get[store_pool] == next->text; uschar *newtext = store_get(header_size); memcpy(newtext, next->text, ptr); - store_release(next->text); + if (release_ok) store_release(next->text); next->text = newtext; } } diff --git a/src/src/route.c b/src/src/route.c index c112169f7..83cf468b0 100644 --- a/src/src/route.c +++ b/src/src/route.c @@ -244,14 +244,12 @@ for (r = routers; r; r = r->next) /* Check for transport or no transport on certain routers */ - if ((r->info->ri_flags & ri_yestransport) != 0 && - r->transport_name == NULL && - !r->verify_only) + if ( (r->info->ri_flags & ri_yestransport) + && !r->transport_name && !r->verify_only) log_write(0, LOG_PANIC_DIE|LOG_CONFIG, "%s router:\n " "a transport is required for this router", r->name); - if ((r->info->ri_flags & ri_notransport) != 0 && - r->transport_name != NULL) + if ((r->info->ri_flags & ri_notransport) && r->transport_name) log_write(0, LOG_PANIC_DIE|LOG_CONFIG, "%s router:\n " "a transport must not be defined for this router", r->name); @@ -292,14 +290,16 @@ for (r = routers; r; r = r->next) /* Check redirect_router and pass_router are valid */ - if (r->redirect_router_name != NULL) + if (r->redirect_router_name) set_router(r, r->redirect_router_name, &(r->redirect_router), FALSE); - if (r->pass_router_name != NULL) + if (r->pass_router_name) set_router(r, r->pass_router_name, &(r->pass_router), TRUE); +#ifdef notdef DEBUG(D_route) debug_printf("DSN: %s %s\n", r->name, r->dsn_lasthop ? "lasthop set" : "propagating DSN"); +#endif } } diff --git a/src/src/tls-gnu.c b/src/src/tls-gnu.c index 898e37cd6..527ad28b2 100644 --- a/src/src/tls-gnu.c +++ b/src/src/tls-gnu.c @@ -221,7 +221,8 @@ static BOOL gnutls_buggy_ocsp = FALSE; /* Set this to control gnutls_global_set_log_level(); values 0 to 9 will setup the library logging; a value less than 0 disables the calls to set up logging -callbacks. */ +callbacks. Possibly GNuTLS also looks for an environment variable +"GNUTLS_DEBUG_LEVEL". */ #ifndef EXIM_GNUTLS_LIBRARY_LOG_LEVEL # define EXIM_GNUTLS_LIBRARY_LOG_LEVEL -1 #endif diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c index f1176a63e..9816f734f 100644 --- a/src/src/tls-openssl.c +++ b/src/src/tls-openssl.c @@ -228,14 +228,13 @@ return host ? FAIL : DEFER; -#ifdef EXIM_HAVE_EPHEM_RSA_KEX /************************************************* * Callback to generate RSA key * *************************************************/ /* Arguments: - s SSL connection + s SSL connection (not used) export not used keylength keylength @@ -270,7 +269,6 @@ if (!(rsa_key = RSA_generate_key(keylength, RSA_F4, NULL, NULL))) } return rsa_key; } -#endif @@ -977,8 +975,7 @@ if (!(x509 = X509_new())) goto err; where = US"generating pkey"; - /* deprecated, use RSA_generate_key_ex() */ -if (!(rsa = RSA_generate_key(1024, RSA_F4, NULL, NULL))) +if (!(rsa = rsa_callback(NULL, 0, 1024))) goto err; where = US"assigning pkey"; diff --git a/src/src/tlscert-openssl.c b/src/src/tlscert-openssl.c index 3f0767926..d3bb8f467 100644 --- a/src/src/tlscert-openssl.c +++ b/src/src/tlscert-openssl.c @@ -21,6 +21,9 @@ library. It is #included into the tls.c file when that library is used. # define EXIM_HAVE_ASN1_MACROS #endif +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) +# define ASN1_STRING_get0_data ASN1_STRING_data +#endif /***************************************************** * Export/import a certificate, binary/printable @@ -373,17 +376,17 @@ while (sk_GENERAL_NAME_num(san) > 0) { case GEN_DNS: tag = US"DNS"; - ele = ASN1_STRING_data(namePart->d.dNSName); + ele = US ASN1_STRING_get0_data(namePart->d.dNSName); len = ASN1_STRING_length(namePart->d.dNSName); break; case GEN_URI: tag = US"URI"; - ele = ASN1_STRING_data(namePart->d.uniformResourceIdentifier); + ele = US ASN1_STRING_get0_data(namePart->d.uniformResourceIdentifier); len = ASN1_STRING_length(namePart->d.uniformResourceIdentifier); break; case GEN_EMAIL: tag = US"MAIL"; - ele = ASN1_STRING_data(namePart->d.rfc822Name); + ele = US ASN1_STRING_get0_data(namePart->d.rfc822Name); len = ASN1_STRING_length(namePart->d.rfc822Name); break; default: @@ -420,7 +423,7 @@ for (i = 0; i < adsnum; i++) if (ad && OBJ_obj2nid(ad->method) == NID_ad_OCSP) list = string_append_listele_n(list, sep, - ASN1_STRING_data(ad->location->d.ia5), + US ASN1_STRING_get0_data(ad->location->d.ia5), ASN1_STRING_length(ad->location->d.ia5)); } sk_ACCESS_DESCRIPTION_free(ads); @@ -455,7 +458,7 @@ if (dps) for (i = 0; i < dpsnum; i++) && np->type == GEN_URI ) list = string_append_listele_n(list, sep, - ASN1_STRING_data(np->d.uniformResourceIdentifier), + US ASN1_STRING_get0_data(np->d.uniformResourceIdentifier), ASN1_STRING_length(np->d.uniformResourceIdentifier)); } sk_DIST_POINT_free(dps); diff --git a/src/src/transports/smtp.c b/src/src/transports/smtp.c index 9dc632e7f..ef9309c47 100644 --- a/src/src/transports/smtp.c +++ b/src/src/transports/smtp.c @@ -623,34 +623,34 @@ return FALSE; /* This writes to the main log and to the message log. Arguments: - addr the address item containing error information host the current host + detail the current message (addr_item->message) + basic_errno the errno (addr_item->basic_errno) Returns: nothing */ static void -write_logs(address_item *addr, host_item *host) +write_logs(const host_item *host, const uschar *suffix, int basic_errno) { -uschar * message = LOGGING(outgoing_port) + + +uschar *message = LOGGING(outgoing_port) ? string_sprintf("H=%s [%s]:%d", host->name, host->address, host->port == PORT_NONE ? 25 : host->port) : string_sprintf("H=%s [%s]", host->name, host->address); -if (addr->message) +if (suffix) { - message = string_sprintf("%s: %s", message, addr->message); - if (addr->basic_errno > 0) - message = string_sprintf("%s: %s", message, strerror(addr->basic_errno)); - log_write(0, LOG_MAIN, "%s", message); - deliver_msglog("%s %s\n", tod_stamp(tod_log), message); + message = string_sprintf("%s: %s", message, suffix); + if (basic_errno > 0) + message = string_sprintf("%s: %s", message, strerror(basic_errno)); } else - { - const uschar * s = exim_errstr(addr->basic_errno); - log_write(0, LOG_MAIN, "%s %s", message, s); - deliver_msglog("%s %s %s\n", tod_stamp(tod_log), message, s); - } + message = string_sprintf("%s %s", message, exim_errstr(basic_errno)); + +log_write(0, LOG_MAIN, "%s", message); +deliver_msglog("%s %s\n", tod_stamp(tod_log), message); } static void @@ -2607,6 +2607,7 @@ if ((rc = fork())) _exit(rc < 0 ? EXIT_FAILURE : EXIT_SUCCESS); } +if (running_in_test_harness) millisleep(100); /* let parent debug out */ set_process_info("proxying TLS connection for continued transport"); FD_ZERO(&rfds); FD_SET(tls_out.active, &rfds); @@ -3319,8 +3320,9 @@ if (!sx.ok) set_rc = DEFER; if (save_errno > 0) message = US string_sprintf("%s: %s", message, strerror(save_errno)); - if (host->next != NULL) log_write(0, LOG_MAIN, "%s", message); - msglog_line(host, message); + + write_logs(host, message, sx.first_addr ? sx.first_addr->basic_errno : 0); + *message_defer = TRUE; } } @@ -3507,9 +3509,12 @@ propagate it from the initial { int pid = fork(); if (pid == 0) /* child; fork again to disconnect totally */ + { + if (running_in_test_harness) millisleep(100); /* let parent debug out */ /* does not return */ smtp_proxy_tls(sx.buffer, sizeof(sx.buffer), pfd, sx.ob->command_timeout); + } if (pid > 0) /* parent */ { @@ -4325,7 +4330,7 @@ for (cutoff_retry = 0; if (rc == DEFER && first_addr->basic_errno != ERRNO_AUTHFAIL && first_addr->basic_errno != ERRNO_TLSFAILURE) - write_logs(first_addr, host); + write_logs(host, first_addr->message, first_addr->basic_errno); #ifndef DISABLE_EVENT if (rc == DEFER) @@ -4355,7 +4360,7 @@ for (cutoff_retry = 0; rc = smtp_deliver(addrlist, thost, host_af, defport, interface, tblock, &message_defer, TRUE); if (rc == DEFER && first_addr->basic_errno != ERRNO_AUTHFAIL) - write_logs(first_addr, host); + write_logs(host, first_addr->message, first_addr->basic_errno); # ifndef DISABLE_EVENT if (rc == DEFER) deferred_event_raise(first_addr, host); |