summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/src/configure.default2
-rw-r--r--src/src/deliver.c3
-rw-r--r--src/src/expand.c36
-rw-r--r--src/src/receive.c7
-rw-r--r--src/src/route.c14
-rw-r--r--src/src/tls-gnu.c3
-rw-r--r--src/src/tls-openssl.c7
-rw-r--r--src/src/tlscert-openssl.c13
-rw-r--r--src/src/transports/smtp.c41
9 files changed, 68 insertions, 58 deletions
diff --git a/src/src/configure.default b/src/src/configure.default
index b828ca20a..1dc9b913d 100644
--- a/src/src/configure.default
+++ b/src/src/configure.default
@@ -154,7 +154,7 @@ acl_smtp_data = acl_check_data
# tls_privatekey = /etc/ssl/exim.pem
# For OpenSSL, prefer EC- over RSA-authenticated ciphers
-# tls_require_ciphers = ECDSA:RSA:!COMPLEMENTOFDEFAILT
+# tls_require_ciphers = ECDSA:RSA:!COMPLEMENTOFDEFAULT
# In order to support roaming users who wish to send email from anywhere,
# you may want to make Exim listen on other ports as well as port 25, in
diff --git a/src/src/deliver.c b/src/src/deliver.c
index a7f561c9c..de552f4cc 100644
--- a/src/src/deliver.c
+++ b/src/src/deliver.c
@@ -8551,8 +8551,11 @@ if (cutthrough.fd >= 0 && cutthrough.callout_hold_only)
goto fail;
else if (pid == 0) /* child: fork again to totally disconnect */
+ {
+ if (running_in_test_harness) millisleep(100); /* let parent debug out */
/* does not return */
smtp_proxy_tls(big_buffer, big_buffer_size, pfd, 5*60);
+ }
DEBUG(D_transport) debug_printf("proxy-proc inter-pid %d\n", pid);
close(pfd[0]);
diff --git a/src/src/expand.c b/src/src/expand.c
index f44ddf8b8..e754fbc8c 100644
--- a/src/src/expand.c
+++ b/src/src/expand.c
@@ -17,22 +17,22 @@ static uschar *expand_string_internal(const uschar *, BOOL, const uschar **, BOO
static int_eximarith_t expanded_string_integer(const uschar *, BOOL);
#ifdef STAND_ALONE
-#ifndef SUPPORT_CRYPTEQ
-#define SUPPORT_CRYPTEQ
-#endif
+# ifndef SUPPORT_CRYPTEQ
+# define SUPPORT_CRYPTEQ
+# endif
#endif
#ifdef LOOKUP_LDAP
-#include "lookups/ldap.h"
+# include "lookups/ldap.h"
#endif
#ifdef SUPPORT_CRYPTEQ
-#ifdef CRYPT_H
-#include <crypt.h>
-#endif
-#ifndef HAVE_CRYPT16
+# ifdef CRYPT_H
+# include <crypt.h>
+# endif
+# ifndef HAVE_CRYPT16
extern char* crypt16(char*, char*);
-#endif
+# endif
#endif
/* The handling of crypt16() is a mess. I will record below the analysis of the
@@ -4494,25 +4494,25 @@ while (*s != 0)
if (skipping) continue;
/* sub_arg[0] is the address */
- domain = Ustrrchr(sub_arg[0],'@');
- if ( (domain == NULL) || (domain == sub_arg[0]) || (Ustrlen(domain) == 1) )
+ if ( !(domain = Ustrrchr(sub_arg[0],'@'))
+ || domain == sub_arg[0] || Ustrlen(domain) == 1)
{
expand_string_message = US"prvs first argument must be a qualified email address";
goto EXPAND_FAILED;
}
- /* Calculate the hash. The second argument must be a single-digit
+ /* Calculate the hash. The third argument must be a single-digit
key number, or unset. */
- if (sub_arg[2] != NULL &&
- (!isdigit(sub_arg[2][0]) || sub_arg[2][1] != 0))
+ if ( sub_arg[2]
+ && (!isdigit(sub_arg[2][0]) || sub_arg[2][1] != 0))
{
- expand_string_message = US"prvs second argument must be a single digit";
+ expand_string_message = US"prvs third argument must be a single digit";
goto EXPAND_FAILED;
}
- p = prvs_hmac_sha1(sub_arg[0],sub_arg[1],sub_arg[2],prvs_daystamp(7));
- if (p == NULL)
+ p = prvs_hmac_sha1(sub_arg[0], sub_arg[1], sub_arg[2], prvs_daystamp(7));
+ if (!p)
{
expand_string_message = US"prvs hmac-sha1 conversion failed";
goto EXPAND_FAILED;
@@ -4628,7 +4628,7 @@ while (*s != 0)
prvscheck_result = US"1";
DEBUG(D_expand) debug_printf_indent("prvscheck: success, $pvrs_result set to 1\n");
}
- else
+ else
{
prvscheck_result = NULL;
DEBUG(D_expand) debug_printf_indent("prvscheck: signature expired, $pvrs_result unset\n");
diff --git a/src/src/receive.c b/src/src/receive.c
index e7e518a92..d9b500102 100644
--- a/src/src/receive.c
+++ b/src/src/receive.c
@@ -1810,8 +1810,8 @@ for (;;)
(and sometimes lunatic messages can have ones that are 100s of K long) we
call store_release() for strings that have been copied - if the string is at
the start of a block (and therefore the only thing in it, because we aren't
- doing any other gets), the block gets freed. We can only do this because we
- know there are no other calls to store_get() going on. */
+ doing any other gets), the block gets freed. We can only do this release if
+ there were no allocations since the once that we want to free. */
if (ptr >= header_size - 4)
{
@@ -1820,9 +1820,10 @@ for (;;)
header_size *= 2;
if (!store_extend(next->text, oldsize, header_size))
{
+ BOOL release_ok = store_last_get[store_pool] == next->text;
uschar *newtext = store_get(header_size);
memcpy(newtext, next->text, ptr);
- store_release(next->text);
+ if (release_ok) store_release(next->text);
next->text = newtext;
}
}
diff --git a/src/src/route.c b/src/src/route.c
index c112169f7..83cf468b0 100644
--- a/src/src/route.c
+++ b/src/src/route.c
@@ -244,14 +244,12 @@ for (r = routers; r; r = r->next)
/* Check for transport or no transport on certain routers */
- if ((r->info->ri_flags & ri_yestransport) != 0 &&
- r->transport_name == NULL &&
- !r->verify_only)
+ if ( (r->info->ri_flags & ri_yestransport)
+ && !r->transport_name && !r->verify_only)
log_write(0, LOG_PANIC_DIE|LOG_CONFIG, "%s router:\n "
"a transport is required for this router", r->name);
- if ((r->info->ri_flags & ri_notransport) != 0 &&
- r->transport_name != NULL)
+ if ((r->info->ri_flags & ri_notransport) && r->transport_name)
log_write(0, LOG_PANIC_DIE|LOG_CONFIG, "%s router:\n "
"a transport must not be defined for this router", r->name);
@@ -292,14 +290,16 @@ for (r = routers; r; r = r->next)
/* Check redirect_router and pass_router are valid */
- if (r->redirect_router_name != NULL)
+ if (r->redirect_router_name)
set_router(r, r->redirect_router_name, &(r->redirect_router), FALSE);
- if (r->pass_router_name != NULL)
+ if (r->pass_router_name)
set_router(r, r->pass_router_name, &(r->pass_router), TRUE);
+#ifdef notdef
DEBUG(D_route) debug_printf("DSN: %s %s\n", r->name,
r->dsn_lasthop ? "lasthop set" : "propagating DSN");
+#endif
}
}
diff --git a/src/src/tls-gnu.c b/src/src/tls-gnu.c
index 898e37cd6..527ad28b2 100644
--- a/src/src/tls-gnu.c
+++ b/src/src/tls-gnu.c
@@ -221,7 +221,8 @@ static BOOL gnutls_buggy_ocsp = FALSE;
/* Set this to control gnutls_global_set_log_level(); values 0 to 9 will setup
the library logging; a value less than 0 disables the calls to set up logging
-callbacks. */
+callbacks. Possibly GNuTLS also looks for an environment variable
+"GNUTLS_DEBUG_LEVEL". */
#ifndef EXIM_GNUTLS_LIBRARY_LOG_LEVEL
# define EXIM_GNUTLS_LIBRARY_LOG_LEVEL -1
#endif
diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c
index f1176a63e..9816f734f 100644
--- a/src/src/tls-openssl.c
+++ b/src/src/tls-openssl.c
@@ -228,14 +228,13 @@ return host ? FAIL : DEFER;
-#ifdef EXIM_HAVE_EPHEM_RSA_KEX
/*************************************************
* Callback to generate RSA key *
*************************************************/
/*
Arguments:
- s SSL connection
+ s SSL connection (not used)
export not used
keylength keylength
@@ -270,7 +269,6 @@ if (!(rsa_key = RSA_generate_key(keylength, RSA_F4, NULL, NULL)))
}
return rsa_key;
}
-#endif
@@ -977,8 +975,7 @@ if (!(x509 = X509_new()))
goto err;
where = US"generating pkey";
- /* deprecated, use RSA_generate_key_ex() */
-if (!(rsa = RSA_generate_key(1024, RSA_F4, NULL, NULL)))
+if (!(rsa = rsa_callback(NULL, 0, 1024)))
goto err;
where = US"assigning pkey";
diff --git a/src/src/tlscert-openssl.c b/src/src/tlscert-openssl.c
index 3f0767926..d3bb8f467 100644
--- a/src/src/tlscert-openssl.c
+++ b/src/src/tlscert-openssl.c
@@ -21,6 +21,9 @@ library. It is #included into the tls.c file when that library is used.
# define EXIM_HAVE_ASN1_MACROS
#endif
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+# define ASN1_STRING_get0_data ASN1_STRING_data
+#endif
/*****************************************************
* Export/import a certificate, binary/printable
@@ -373,17 +376,17 @@ while (sk_GENERAL_NAME_num(san) > 0)
{
case GEN_DNS:
tag = US"DNS";
- ele = ASN1_STRING_data(namePart->d.dNSName);
+ ele = US ASN1_STRING_get0_data(namePart->d.dNSName);
len = ASN1_STRING_length(namePart->d.dNSName);
break;
case GEN_URI:
tag = US"URI";
- ele = ASN1_STRING_data(namePart->d.uniformResourceIdentifier);
+ ele = US ASN1_STRING_get0_data(namePart->d.uniformResourceIdentifier);
len = ASN1_STRING_length(namePart->d.uniformResourceIdentifier);
break;
case GEN_EMAIL:
tag = US"MAIL";
- ele = ASN1_STRING_data(namePart->d.rfc822Name);
+ ele = US ASN1_STRING_get0_data(namePart->d.rfc822Name);
len = ASN1_STRING_length(namePart->d.rfc822Name);
break;
default:
@@ -420,7 +423,7 @@ for (i = 0; i < adsnum; i++)
if (ad && OBJ_obj2nid(ad->method) == NID_ad_OCSP)
list = string_append_listele_n(list, sep,
- ASN1_STRING_data(ad->location->d.ia5),
+ US ASN1_STRING_get0_data(ad->location->d.ia5),
ASN1_STRING_length(ad->location->d.ia5));
}
sk_ACCESS_DESCRIPTION_free(ads);
@@ -455,7 +458,7 @@ if (dps) for (i = 0; i < dpsnum; i++)
&& np->type == GEN_URI
)
list = string_append_listele_n(list, sep,
- ASN1_STRING_data(np->d.uniformResourceIdentifier),
+ US ASN1_STRING_get0_data(np->d.uniformResourceIdentifier),
ASN1_STRING_length(np->d.uniformResourceIdentifier));
}
sk_DIST_POINT_free(dps);
diff --git a/src/src/transports/smtp.c b/src/src/transports/smtp.c
index 9dc632e7f..ef9309c47 100644
--- a/src/src/transports/smtp.c
+++ b/src/src/transports/smtp.c
@@ -623,34 +623,34 @@ return FALSE;
/* This writes to the main log and to the message log.
Arguments:
- addr the address item containing error information
host the current host
+ detail the current message (addr_item->message)
+ basic_errno the errno (addr_item->basic_errno)
Returns: nothing
*/
static void
-write_logs(address_item *addr, host_item *host)
+write_logs(const host_item *host, const uschar *suffix, int basic_errno)
{
-uschar * message = LOGGING(outgoing_port)
+
+
+uschar *message = LOGGING(outgoing_port)
? string_sprintf("H=%s [%s]:%d", host->name, host->address,
host->port == PORT_NONE ? 25 : host->port)
: string_sprintf("H=%s [%s]", host->name, host->address);
-if (addr->message)
+if (suffix)
{
- message = string_sprintf("%s: %s", message, addr->message);
- if (addr->basic_errno > 0)
- message = string_sprintf("%s: %s", message, strerror(addr->basic_errno));
- log_write(0, LOG_MAIN, "%s", message);
- deliver_msglog("%s %s\n", tod_stamp(tod_log), message);
+ message = string_sprintf("%s: %s", message, suffix);
+ if (basic_errno > 0)
+ message = string_sprintf("%s: %s", message, strerror(basic_errno));
}
else
- {
- const uschar * s = exim_errstr(addr->basic_errno);
- log_write(0, LOG_MAIN, "%s %s", message, s);
- deliver_msglog("%s %s %s\n", tod_stamp(tod_log), message, s);
- }
+ message = string_sprintf("%s %s", message, exim_errstr(basic_errno));
+
+log_write(0, LOG_MAIN, "%s", message);
+deliver_msglog("%s %s\n", tod_stamp(tod_log), message);
}
static void
@@ -2607,6 +2607,7 @@ if ((rc = fork()))
_exit(rc < 0 ? EXIT_FAILURE : EXIT_SUCCESS);
}
+if (running_in_test_harness) millisleep(100); /* let parent debug out */
set_process_info("proxying TLS connection for continued transport");
FD_ZERO(&rfds);
FD_SET(tls_out.active, &rfds);
@@ -3319,8 +3320,9 @@ if (!sx.ok)
set_rc = DEFER;
if (save_errno > 0)
message = US string_sprintf("%s: %s", message, strerror(save_errno));
- if (host->next != NULL) log_write(0, LOG_MAIN, "%s", message);
- msglog_line(host, message);
+
+ write_logs(host, message, sx.first_addr ? sx.first_addr->basic_errno : 0);
+
*message_defer = TRUE;
}
}
@@ -3507,9 +3509,12 @@ propagate it from the initial
{
int pid = fork();
if (pid == 0) /* child; fork again to disconnect totally */
+ {
+ if (running_in_test_harness) millisleep(100); /* let parent debug out */
/* does not return */
smtp_proxy_tls(sx.buffer, sizeof(sx.buffer), pfd,
sx.ob->command_timeout);
+ }
if (pid > 0) /* parent */
{
@@ -4325,7 +4330,7 @@ for (cutoff_retry = 0;
if (rc == DEFER && first_addr->basic_errno != ERRNO_AUTHFAIL
&& first_addr->basic_errno != ERRNO_TLSFAILURE)
- write_logs(first_addr, host);
+ write_logs(host, first_addr->message, first_addr->basic_errno);
#ifndef DISABLE_EVENT
if (rc == DEFER)
@@ -4355,7 +4360,7 @@ for (cutoff_retry = 0;
rc = smtp_deliver(addrlist, thost, host_af, defport, interface, tblock,
&message_defer, TRUE);
if (rc == DEFER && first_addr->basic_errno != ERRNO_AUTHFAIL)
- write_logs(first_addr, host);
+ write_logs(host, first_addr->message, first_addr->basic_errno);
# ifndef DISABLE_EVENT
if (rc == DEFER)
deferred_event_raise(first_addr, host);