summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/OS/Makefile-Base16
-rwxr-xr-xsrc/scripts/MakeLinks2
-rw-r--r--src/src/EDITME5
-rw-r--r--src/src/acl.c2
-rw-r--r--src/src/dane-gnu.c21
-rw-r--r--src/src/dane-openssl.c68
-rw-r--r--src/src/dane.c4
-rw-r--r--src/src/dbstuff.h94
-rw-r--r--src/src/dkim.c7
-rw-r--r--src/src/functions.h2
-rw-r--r--src/src/host.c4
-rw-r--r--src/src/parse.c8
-rw-r--r--src/src/receive.c8
-rw-r--r--src/src/sieve.c1
-rw-r--r--src/src/smtp_in.c297
-rw-r--r--src/src/store.c68
-rw-r--r--src/src/store.h18
-rw-r--r--src/src/string.c16
-rw-r--r--src/src/tls-gnu.c324
-rw-r--r--src/src/tls-openssl.c19
-rw-r--r--src/src/transports/smtp.c11
-rw-r--r--src/src/verify.c12
22 files changed, 586 insertions, 421 deletions
diff --git a/src/OS/Makefile-Base b/src/OS/Makefile-Base
index dcd87c29c..bb250ff91 100644
--- a/src/OS/Makefile-Base
+++ b/src/OS/Makefile-Base
@@ -471,13 +471,13 @@ convert4r4: config ../src/convert4r4.src
OBJ_WITH_CONTENT_SCAN = malware.o mime.o regex.o spam.o spool_mbox.o
OBJ_EXPERIMENTAL = bmi_spam.o \
- dane.o \
- dcc.o \
- dmarc.o \
- imap_utf7.o \
- spf.o \
- srs.o \
- utf8.o
+ dane.o \
+ dcc.o \
+ dmarc.o \
+ imap_utf7.o \
+ spf.o \
+ srs.o \
+ utf8.o
# Targets for final binaries; the main one has a build number which is
# updated each time. We don't bother with that for the auxiliaries.
@@ -821,7 +821,7 @@ spool_mbox.o: $(HDRS) spool_mbox.c
# Dependencies for EXPERIMENTAL_* modules
bmi_spam.o: $(HDRS) bmi_spam.c
-dane.o: $(HDRS) dane.c dane-gnu.c dane-openssl.c
+dane.o: $(HDRS) dane.c dane-openssl.c
dcc.o: $(HDRS) dcc.h dcc.c
dmarc.o: $(HDRS) pdkim/pdkim.h dmarc.h dmarc.c
imap_utf7.o: $(HDRS) imap_utf7.c
diff --git a/src/scripts/MakeLinks b/src/scripts/MakeLinks
index 770591dc8..7fc1d19b4 100755
--- a/src/scripts/MakeLinks
+++ b/src/scripts/MakeLinks
@@ -122,7 +122,7 @@ do
done
# EXPERIMENTAL_*
-for f in bmi_spam.c bmi_spam.h dcc.c dcc.h dane.c dane-gnu.c dane-openssl.c \
+for f in bmi_spam.c bmi_spam.h dcc.c dcc.h dane.c dane-openssl.c \
danessl.h imap_utf7.c spf.c spf.h srs.c srs.h utf8.c
do
ln -s ../src/$f $f
diff --git a/src/src/EDITME b/src/src/EDITME
index 72e26ce0e..35585d6bb 100644
--- a/src/src/EDITME
+++ b/src/src/EDITME
@@ -489,7 +489,7 @@ EXIM_MONITOR=eximon.bin
# Uncomment the following line to add DANE support
# Note: Enabling this unconditionally overrides DISABLE_DNSSEC
-# Note: DANE is only supported when using OpenSSL
+# For DANE under GnuTLS we need an additional library. See TLS_LIBS below.
# EXPERIMENTAL_DANE=yes
# Uncomment the following to include extra information in fail DSN message (bounces)
@@ -797,6 +797,9 @@ HEADERS_CHARSET="ISO-8859-1"
# or
# TLS_LIBS=-L/opt/gnu/lib -lgnutls -ltasn1 -lgcrypt
+# For DANE under GnuTLS we need an additional library.
+# TLS_LIBS += -lgnutls-dane
+
# TLS_LIBS is included only on the command for linking Exim itself, not on any
# auxiliary programs. If the include files are not in a standard place, you can
# set TLS_INCLUDE to specify where they are, for example:
diff --git a/src/src/acl.c b/src/src/acl.c
index 739cd91ae..477b059a5 100644
--- a/src/src/acl.c
+++ b/src/src/acl.c
@@ -1702,7 +1702,7 @@ switch(vp->value)
return csa_return_code[rc];
case VERIFY_HDR_SYNTAX:
- /* Check that all relevant header lines have the correct syntax. If there is
+ /* Check that all relevant header lines have the correct 5322-syntax. If there is
a syntax error, we return details of the error to the sender if configured to
send out full details. (But a "message" setting on the ACL can override, as
always). */
diff --git a/src/src/dane-gnu.c b/src/src/dane-gnu.c
deleted file mode 100644
index b98bffad6..000000000
--- a/src/src/dane-gnu.c
+++ /dev/null
@@ -1,21 +0,0 @@
-/*************************************************
-* Exim - an Internet mail transport agent *
-*************************************************/
-
-/* Copyright (c) University of Cambridge 1995 - 2013 */
-/* See the file NOTICE for conditions of use and distribution. */
-
-/* This file (will) provide DANE support for Exim using the GnuTLS library,
-but is not yet an available supported implementation. This file is #included
-into dane.c when USE_GNUTLS has been set. */
-
-/* As of March 2014, the reference implementation for DANE that we are
-using was written by Viktor Dukhovny and it supports OpenSSL only. At
-some point we will add GnuTLS support, but for right now just abort the
-build and explain why. */
-
-
-#error No support for DANE using GnuTLS yet.
-
-
-/* End of dane-gnu.c */
diff --git a/src/src/dane-openssl.c b/src/src/dane-openssl.c
index e48b0cb79..bb3763a48 100644
--- a/src/src/dane-openssl.c
+++ b/src/src/dane-openssl.c
@@ -409,7 +409,7 @@ return 0;
}
static int
-set_issuer_name(X509 *cert, AUTHORITY_KEYID *akid)
+set_issuer_name(X509 *cert, AUTHORITY_KEYID *akid, X509_NAME *subj)
{
X509_NAME *name = akid_issuer_name(akid);
@@ -418,7 +418,7 @@ X509_NAME *name = akid_issuer_name(akid);
* must use that.
*/
return X509_set_issuer_name(cert,
- name ? name : X509_get_subject_name(cert));
+ name ? name : subj);
}
static int
@@ -500,7 +500,7 @@ akid = X509_get_ext_d2i(subject, NID_authority_key_identifier, 0, 0);
*/
if ( !X509_set_version(cert, 2)
|| !set_serial(cert, akid, subject)
- || !set_issuer_name(cert, akid)
+ || !set_issuer_name(cert, akid, name)
|| !X509_gmtime_adj(X509_getm_notBefore(cert), -30 * 86400L)
|| !X509_gmtime_adj(X509_getm_notAfter(cert), 30 * 86400L)
|| !X509_set_subject_name(cert, name)
@@ -1370,38 +1370,38 @@ if (selector > DANESSL_SELECTOR_LAST)
return 0;
}
- /* Support built-in standard one-digit mtypes */
- if (mdname && *mdname && mdname[1] == '\0')
- switch (*mdname - '0')
- {
- case DANESSL_MATCHING_FULL: mdname = 0; break;
- case DANESSL_MATCHING_2256: mdname = "sha256"; break;
- case DANESSL_MATCHING_2512: mdname = "sha512"; break;
- }
- if (mdname && *mdname && (md = EVP_get_digestbyname(mdname)) == 0)
- {
- DANEerr(DANESSL_F_ADD_TLSA, DANESSL_R_BAD_DIGEST);
- return 0;
- }
- if (mdname && *mdname && dlen != EVP_MD_size(md))
- {
- DANEerr(DANESSL_F_ADD_TLSA, DANESSL_R_BAD_DATA_LENGTH);
- return 0;
- }
- if (!data)
- {
- DANEerr(DANESSL_F_ADD_TLSA, DANESSL_R_BAD_NULL_DATA);
- return 0;
- }
+/* Support built-in standard one-digit mtypes */
+if (mdname && *mdname && mdname[1] == '\0')
+ switch (*mdname - '0')
+ {
+ case DANESSL_MATCHING_FULL: mdname = 0; break;
+ case DANESSL_MATCHING_2256: mdname = "sha256"; break;
+ case DANESSL_MATCHING_2512: mdname = "sha512"; break;
+ }
+if (mdname && *mdname && !(md = EVP_get_digestbyname(mdname)))
+ {
+ DANEerr(DANESSL_F_ADD_TLSA, DANESSL_R_BAD_DIGEST);
+ return 0;
+ }
+if (mdname && *mdname && dlen != EVP_MD_size(md))
+ {
+ DANEerr(DANESSL_F_ADD_TLSA, DANESSL_R_BAD_DATA_LENGTH);
+ return 0;
+ }
+if (!data)
+ {
+ DANEerr(DANESSL_F_ADD_TLSA, DANESSL_R_BAD_NULL_DATA);
+ return 0;
+ }
- /*
- * Full Certificate or Public Key when NULL or empty digest name
- */
- if (!mdname || !*mdname)
- {
- X509 *x = 0;
- EVP_PKEY *k = 0;
- const unsigned char *p = data;
+/*
+ * Full Certificate or Public Key when NULL or empty digest name
+ */
+if (!mdname || !*mdname)
+ {
+ X509 *x = 0;
+ EVP_PKEY *k = 0;
+ const unsigned char *p = data;
#define xklistinit(lvar, ltype, var, freeFunc) do { \
(lvar) = (ltype) OPENSSL_malloc(sizeof(*(lvar))); \
diff --git a/src/src/dane.c b/src/src/dane.c
index 137c75418..b632d80dd 100644
--- a/src/src/dane.c
+++ b/src/src/dane.c
@@ -38,9 +38,7 @@ static void dummy(int x) { dummy(x-1); }
# error DANE support requires that the DNS resolver library supports DNSSEC
# endif
-# ifdef USE_GNUTLS
-# include "dane-gnu.c"
-# else
+# ifndef USE_GNUTLS
# include "dane-openssl.c"
# endif
diff --git a/src/src/dbstuff.h b/src/src/dbstuff.h
index adb362445..a18b288e6 100644
--- a/src/src/dbstuff.h
+++ b/src/src/dbstuff.h
@@ -106,6 +106,10 @@ definition of DB_VERSION_STRING, which is present in versions 2.x onwards. */
#ifdef DB_VERSION_STRING
+# if DB_VERSION_MAJOR >= 6
+# error Version 6 and later BDB API is not supported
+# endif
+
/* The API changed (again!) between the 2.x and 3.x versions */
#if DB_VERSION_MAJOR >= 3
@@ -113,21 +117,21 @@ definition of DB_VERSION_STRING, which is present in versions 2.x onwards. */
/***************** Berkeley db 3.x/4.x native definitions ******************/
/* Basic DB type */
-#if DB_VERSION_MAJOR > 4 || (DB_VERSION_MAJOR == 4 && DB_VERSION_MINOR >= 1)
-# define EXIM_DB DB_ENV
+# if DB_VERSION_MAJOR > 4 || (DB_VERSION_MAJOR == 4 && DB_VERSION_MINOR >= 1)
+# define EXIM_DB DB_ENV
/* Cursor type, for scanning */
-# define EXIM_CURSOR DBC
+# define EXIM_CURSOR DBC
/* The datum type used for queries */
-# define EXIM_DATUM DBT
+# define EXIM_DATUM DBT
/* Some text for messages */
-# define EXIM_DBTYPE "db (v4.1+)"
+# define EXIM_DBTYPE "db (v4.1+)"
/* Only more-recent versions. 5+ ? */
-# ifndef DB_FORCESYNC
-# define DB_FORCESYNC 0
-# endif
+# ifndef DB_FORCESYNC
+# define DB_FORCESYNC 0
+# endif
/* Access functions */
@@ -136,9 +140,9 @@ definition of DB_VERSION_STRING, which is present in versions 2.x onwards. */
API changed for DB 4.1. - and we also starting using the "env" with a
specified working dir, to avoid the DBCONFIG file trap. */
-# define ENV_TO_DB(env) ((DB *)((env)->app_private))
+# define ENV_TO_DB(env) ((DB *)((env)->app_private))
-# define EXIM_DBOPEN__(name, dirname, flags, mode, dbpp) \
+# define EXIM_DBOPEN__(name, dirname, flags, mode, dbpp) \
if ( db_env_create(dbpp, 0) != 0 \
|| ((*dbpp)->set_errcall(*dbpp, dbfn_bdb_error_callback), 0) \
|| (*dbpp)->open(*dbpp, CS dirname, DB_CREATE|DB_INIT_MPOOL|DB_PRIVATE, 0) != 0\
@@ -161,72 +165,72 @@ specified working dir, to avoid the DBCONFIG file trap. */
}
/* EXIM_DBGET - returns TRUE if successful, FALSE otherwise */
-# define EXIM_DBGET(db, key, data) \
+# define EXIM_DBGET(db, key, data) \
(ENV_TO_DB(db)->get(ENV_TO_DB(db), NULL, &key, &data, 0) == 0)
/* EXIM_DBPUT - returns nothing useful, assumes replace mode */
-# define EXIM_DBPUT(db, key, data) \
+# define EXIM_DBPUT(db, key, data) \
ENV_TO_DB(db)->put(ENV_TO_DB(db), NULL, &key, &data, 0)
/* EXIM_DBPUTB - non-overwriting for use by dbmbuild */
-# define EXIM_DBPUTB(db, key, data) \
+# define EXIM_DBPUTB(db, key, data) \
ENV_TO_DB(db)->put(ENV_TO_DB(db), NULL, &key, &data, DB_NOOVERWRITE)
/* Return values from EXIM_DBPUTB */
-# define EXIM_DBPUTB_OK 0
-# define EXIM_DBPUTB_DUP DB_KEYEXIST
+# define EXIM_DBPUTB_OK 0
+# define EXIM_DBPUTB_DUP DB_KEYEXIST
/* EXIM_DBDEL */
-# define EXIM_DBDEL(db, key) ENV_TO_DB(db)->del(ENV_TO_DB(db), NULL, &key, 0)
+# define EXIM_DBDEL(db, key) ENV_TO_DB(db)->del(ENV_TO_DB(db), NULL, &key, 0)
/* EXIM_DBCREATE_CURSOR - initialize for scanning operation */
-# define EXIM_DBCREATE_CURSOR(db, cursor) \
+# define EXIM_DBCREATE_CURSOR(db, cursor) \
ENV_TO_DB(db)->cursor(ENV_TO_DB(db), NULL, cursor, 0)
/* EXIM_DBSCAN - returns TRUE if data is returned, FALSE at end */
-# define EXIM_DBSCAN(db, key, data, first, cursor) \
+# define EXIM_DBSCAN(db, key, data, first, cursor) \
((cursor)->c_get(cursor, &key, &data, \
(first? DB_FIRST : DB_NEXT)) == 0)
/* EXIM_DBDELETE_CURSOR - terminate scanning operation */
-# define EXIM_DBDELETE_CURSOR(cursor) \
+# define EXIM_DBDELETE_CURSOR(cursor) \
(cursor)->c_close(cursor)
/* EXIM_DBCLOSE */
-# define EXIM_DBCLOSE__(db) \
+# define EXIM_DBCLOSE__(db) \
(ENV_TO_DB(db)->close(ENV_TO_DB(db), 0) , ((DB_ENV *)(db))->close((DB_ENV *)(db), DB_FORCESYNC))
/* Datum access types - these are intended to be assignable. */
-# define EXIM_DATUM_SIZE(datum) (datum).size
-# define EXIM_DATUM_DATA(datum) (datum).data
+# define EXIM_DATUM_SIZE(datum) (datum).size
+# define EXIM_DATUM_DATA(datum) (datum).data
/* The whole datum structure contains other fields that must be cleared
before use, but we don't have to free anything after reading data. */
-# define EXIM_DATUM_INIT(datum) memset(&datum, 0, sizeof(datum))
-# define EXIM_DATUM_FREE(datum)
+# define EXIM_DATUM_INIT(datum) memset(&datum, 0, sizeof(datum))
+# define EXIM_DATUM_FREE(datum)
-#else /* pre- 4.1 */
+# else /* pre- 4.1 */
-# define EXIM_DB DB
+# define EXIM_DB DB
/* Cursor type, for scanning */
-# define EXIM_CURSOR DBC
+# define EXIM_CURSOR DBC
/* The datum type used for queries */
-# define EXIM_DATUM DBT
+# define EXIM_DATUM DBT
/* Some text for messages */
-# define EXIM_DBTYPE "db (v3/4)"
+# define EXIM_DBTYPE "db (v3/4)"
/* Access functions */
/* EXIM_DBOPEN - sets *dbpp to point to an EXIM_DB, NULL if failed. */
-# define EXIM_DBOPEN__(name, dirname, flags, mode, dbpp) \
+# define EXIM_DBOPEN__(name, dirname, flags, mode, dbpp) \
if (db_create(dbpp, NULL, 0) != 0 || \
((*dbpp)->set_errcall(*dbpp, dbfn_bdb_error_callback), \
((*dbpp)->open)(*dbpp, CS name, NULL, \
@@ -235,54 +239,54 @@ before use, but we don't have to free anything after reading data. */
mode)) != 0) *(dbpp) = NULL
/* EXIM_DBGET - returns TRUE if successful, FALSE otherwise */
-# define EXIM_DBGET(db, key, data) \
+# define EXIM_DBGET(db, key, data) \
((db)->get(db, NULL, &key, &data, 0) == 0)
/* EXIM_DBPUT - returns nothing useful, assumes replace mode */
-# define EXIM_DBPUT(db, key, data) \
+# define EXIM_DBPUT(db, key, data) \
(db)->put(db, NULL, &key, &data, 0)
/* EXIM_DBPUTB - non-overwriting for use by dbmbuild */
-# define EXIM_DBPUTB(db, key, data) \
+# define EXIM_DBPUTB(db, key, data) \
(db)->put(db, NULL, &key, &data, DB_NOOVERWRITE)
/* Return values from EXIM_DBPUTB */
-# define EXIM_DBPUTB_OK 0
-# define EXIM_DBPUTB_DUP DB_KEYEXIST
+# define EXIM_DBPUTB_OK 0
+# define EXIM_DBPUTB_DUP DB_KEYEXIST
/* EXIM_DBDEL */
-# define EXIM_DBDEL(db, key) (db)->del(db, NULL, &key, 0)
+# define EXIM_DBDEL(db, key) (db)->del(db, NULL, &key, 0)
/* EXIM_DBCREATE_CURSOR - initialize for scanning operation */
-# define EXIM_DBCREATE_CURSOR(db, cursor) \
+# define EXIM_DBCREATE_CURSOR(db, cursor) \
(db)->cursor(db, NULL, cursor, 0)
/* EXIM_DBSCAN - returns TRUE if data is returned, FALSE at end */
-# define EXIM_DBSCAN(db, key, data, first, cursor) \
+# define EXIM_DBSCAN(db, key, data, first, cursor) \
((cursor)->c_get(cursor, &key, &data, \
(first? DB_FIRST : DB_NEXT)) == 0)
/* EXIM_DBDELETE_CURSOR - terminate scanning operation */
-# define EXIM_DBDELETE_CURSOR(cursor) \
+# define EXIM_DBDELETE_CURSOR(cursor) \
(cursor)->c_close(cursor)
/* EXIM_DBCLOSE */
-# define EXIM_DBCLOSE__(db) (db)->close(db, 0)
+# define EXIM_DBCLOSE__(db) (db)->close(db, 0)
/* Datum access types - these are intended to be assignable. */
-# define EXIM_DATUM_SIZE(datum) (datum).size
-# define EXIM_DATUM_DATA(datum) (datum).data
+# define EXIM_DATUM_SIZE(datum) (datum).size
+# define EXIM_DATUM_DATA(datum) (datum).data
/* The whole datum structure contains other fields that must be cleared
before use, but we don't have to free anything after reading data. */
-# define EXIM_DATUM_INIT(datum) memset(&datum, 0, sizeof(datum))
-# define EXIM_DATUM_FREE(datum)
+# define EXIM_DATUM_INIT(datum) memset(&datum, 0, sizeof(datum))
+# define EXIM_DATUM_FREE(datum)
-#endif
+# endif
#else /* DB_VERSION_MAJOR >= 3 */
diff --git a/src/src/dkim.c b/src/src/dkim.c
index 5e97c1b79..9731a63d9 100644
--- a/src/src/dkim.c
+++ b/src/src/dkim.c
@@ -73,6 +73,9 @@ for (rr = dns_next_rr(&dnsa, &dnss, RESET_ANSWERS);
if (answer_offset >= PDKIM_DNS_TXT_MAX_RECLEN)
return PDKIM_FAIL; /*XXX better error detail? logging? */
}
+
+ /* check if this looks like a DKIM record */
+ if (strncasecmp(answer, "v=dkim", 6) != 0) continue;
return PDKIM_OK;
}
@@ -148,7 +151,7 @@ if (!(s = sig->domain)) s = US"<UNSET>";
logmsg = string_append(logmsg, 2, "d=", s);
if (!(s = sig->selector)) s = US"<UNSET>";
logmsg = string_append(logmsg, 2, " s=", s);
-logmsg = string_append(logmsg, 7,
+logmsg = string_append(logmsg, 7,
" c=", sig->canon_headers == PDKIM_CANON_SIMPLE ? "simple" : "relaxed",
"/", sig->canon_body == PDKIM_CANON_SIMPLE ? "simple" : "relaxed",
" a=", dkim_sig_to_a_tag(sig),
@@ -371,7 +374,7 @@ for (sig = dkim_signatures; sig; sig = sig->next)
dkim_verify_status = dkim_exim_expand_query(DKIM_VERIFY_STATUS);
dkim_verify_reason = dkim_exim_expand_query(DKIM_VERIFY_REASON);
-
+
if ((rc = dkim_acl_call(id, res_ptr, user_msgptr, log_msgptr)) != OK)
return rc;
}
diff --git a/src/src/functions.h b/src/src/functions.h
index e50fa6f92..0c34113f8 100644
--- a/src/src/functions.h
+++ b/src/src/functions.h
@@ -205,8 +205,6 @@ extern BOOL filter_system_interpret(address_item **, uschar **);
extern uschar * fn_hdrs_added(void);
-extern void gstring_grow(gstring *, int, int);
-
extern void header_add(int, const char *, ...);
extern int header_checkname(header_line *, BOOL);
extern BOOL header_match(uschar *, BOOL, BOOL, string_item *, int, ...);
diff --git a/src/src/host.c b/src/src/host.c
index 05bde3fb2..1f0d91959 100644
--- a/src/src/host.c
+++ b/src/src/host.c
@@ -2612,8 +2612,8 @@ if ((whichrrs & HOST_FIND_BY_SRV) != 0)
DEBUG(D_dns)
if ((dnssec_request || dnssec_require)
- & !dns_is_secure(&dnsa)
- & dns_is_aa(&dnsa))
+ && !dns_is_secure(&dnsa)
+ && dns_is_aa(&dnsa))
debug_printf("DNS lookup of %.256s (SRV) requested AD, but got AA\n", host->name);
if (dnssec_request)
diff --git a/src/src/parse.c b/src/src/parse.c
index 1b44146c5..74817454e 100644
--- a/src/src/parse.c
+++ b/src/src/parse.c
@@ -421,10 +421,10 @@ for (;;)
if (*s == '\"')
{
*t++ = '\"';
- while ((c = *(++s)) != 0 && c != '\"')
+ while ((c = *++s) && c != '\"')
{
*t++ = c;
- if (c == '\\' && s[1] != 0) *t++ = *(++s);
+ if (c == '\\' && s[1]) *t++ = *++s;
}
if (c == '\"')
{
@@ -443,7 +443,7 @@ for (;;)
else while (!mac_iscntrl_or_special(*s) || *s == '\\')
{
c = *t++ = *s++;
- if (c == '\\' && *s != 0) *t++ = *s++;
+ if (c == '\\' && *s) *t++ = *s++;
}
/* Terminate the word and skip subsequent comment */
@@ -638,7 +638,7 @@ RESTART: /* Come back here after passing a group name */
s = skip_comment(s);
startptr = s; /* In case addr-spec */
s = read_local_part(s, t, errorptr, TRUE); /* Dot separated words */
-if (*errorptr != NULL) goto PARSE_FAILED;
+if (*errorptr) goto PARSE_FAILED;
/* If the terminator is neither < nor @ then the format of the address
must either be a bare local-part (we are now at the end), or a phrase
diff --git a/src/src/receive.c b/src/src/receive.c
index 1f1954c57..2b6143a32 100644
--- a/src/src/receive.c
+++ b/src/src/receive.c
@@ -1821,13 +1821,7 @@ for (;;)
/* header_size += 256; */
header_size *= 2;
if (!store_extend(next->text, oldsize, header_size))
- {
- BOOL release_ok = store_last_get[store_pool] == next->text;
- uschar *newtext = store_get(header_size);
- memcpy(newtext, next->text, ptr);
- if (release_ok) store_release(next->text);
- next->text = newtext;
- }
+ next->text = store_newblock(next->text, header_size, ptr);
}
/* Cope with receiving a binary zero. There is dispute about whether
diff --git a/src/src/sieve.c b/src/src/sieve.c
index 2373cfb8e..fcc00a6eb 100644
--- a/src/src/sieve.c
+++ b/src/src/sieve.c
@@ -3379,6 +3379,7 @@ while (*filter->pc)
{
uschar *mime_body,*reason_end;
static const uschar nlnl[]="\r\n\r\n";
+ gstring * g;
for
(
diff --git a/src/src/smtp_in.c b/src/src/smtp_in.c
index 0aabc5356..bf7a308db 100644
--- a/src/src/smtp_in.c
+++ b/src/src/smtp_in.c
@@ -187,7 +187,7 @@ static smtp_cmd_list cmd_list[] = {
{ "auth", sizeof("auth")-1, AUTH_CMD, TRUE, TRUE },
#ifdef SUPPORT_TLS
{ "starttls", sizeof("starttls")-1, STARTTLS_CMD, FALSE, FALSE },
- { "tls_auth", 0, TLS_AUTH_CMD, FALSE, TRUE },
+ { "tls_auth", 0, TLS_AUTH_CMD, FALSE, FALSE },
#endif
/* If you change anything above here, also fix the definitions below. */
@@ -682,10 +682,10 @@ void
bdat_flush_data(void)
{
while (chunking_data_left)
-{
+ {
unsigned n = chunking_data_left;
(void) bdat_getbuf(&n);
-}
+ }
receive_getc = lwr_receive_getc;
receive_getbuf = lwr_receive_getbuf;
@@ -1646,27 +1646,27 @@ Returns: nothing
void
smtp_closedown(uschar *message)
{
-if (smtp_in == NULL || smtp_batched_input) return;
+if (!smtp_in || smtp_batched_input) return;
receive_swallow_smtp();
smtp_printf("421 %s\r\n", FALSE, message);
for (;;) switch(smtp_read_command(FALSE, GETC_BUFFER_UNLIMITED))
{
case EOF_CMD:
- return;
+ return;
case QUIT_CMD:
- smtp_printf("221 %s closing connection\r\n", FALSE, smtp_active_hostname);
- mac_smtp_fflush();
- return;
+ smtp_printf("221 %s closing connection\r\n", FALSE, smtp_active_hostname);
+ mac_smtp_fflush();
+ return;
case RSET_CMD:
- smtp_printf("250 Reset OK\r\n", FALSE);
- break;
+ smtp_printf("250 Reset OK\r\n", FALSE);
+ break;
default:
- smtp_printf("421 %s\r\n", FALSE, message);
- break;
+ smtp_printf("421 %s\r\n", FALSE, message);
+ break;
}
}
@@ -1755,7 +1755,7 @@ gstring * g = NULL;
if (smtp_mailcmd_count > 0 || !LOGGING(smtp_no_mail))
return;
-if (sender_host_authenticated != NULL)
+if (sender_host_authenticated)
{
g = string_append(g, 2, US" A=", sender_host_authenticated);
if (authenticated_id) g = string_append(g, 2, US":", authenticated_id);
@@ -1847,7 +1847,7 @@ if (sender_helo_name != NULL)
/* Skip tests if junk is permitted. */
if (!yield)
- {
+
/* Allow the new standard form for IPv6 address literals, namely,
[IPv6:....], and because someone is bound to use it, allow an equivalent
IPv4 form. Allow plain addresses as well. */
@@ -1870,21 +1870,14 @@ if (!yield)
/* Non-literals must be alpha, dot, hyphen, plus any non-valid chars
that have been configured (usually underscore - sigh). */
- else if (*s != 0)
- {
- yield = TRUE;
- while (*s != 0)
- {
+ else if (*s)
+ for (yield = TRUE; *s; s++)
if (!isalnum(*s) && *s != '.' && *s != '-' &&
Ustrchr(helo_allow_chars, *s) == NULL)
{
yield = FALSE;
break;
}
- s++;
- }
- }
- }
/* Save argument if OK */
@@ -2117,14 +2110,14 @@ while (done <= 0)
case HELO_CMD:
case EHLO_CMD:
- check_helo(smtp_cmd_data);
- /* Fall through */
+ check_helo(smtp_cmd_data);
+ /* Fall through */
case RSET_CMD:
- cancel_cutthrough_connection(TRUE, US"RSET received");
- smtp_reset(reset_point);
- bsmtp_transaction_linecount = receive_linecount;
- break;
+ cancel_cutthrough_connection(TRUE, US"RSET received");
+ smtp_reset(reset_point);
+ bsmtp_transaction_linecount = receive_linecount;
+ break;
/* The MAIL FROM command requires an address as an operand. All we
@@ -2134,53 +2127,53 @@ while (done <= 0)
it is the canonical extracted address which is all that is kept. */
case MAIL_CMD:
- smtp_mailcmd_count++; /* Count for no-mail log */
- if (sender_address != NULL)
- /* The function moan_smtp_batch() does not return. */
- moan_smtp_batch(smtp_cmd_buffer, "503 Sender already given");
+ smtp_mailcmd_count++; /* Count for no-mail log */
+ if (sender_address != NULL)
+ /* The function moan_smtp_batch() does not return. */
+ moan_smtp_batch(smtp_cmd_buffer, "503 Sender already given");
- if (smtp_cmd_data[0] == 0)
- /* The function moan_smtp_batch() does not return. */
- moan_smtp_batch(smtp_cmd_buffer, "501 MAIL FROM must have an address operand");
+ if (smtp_cmd_data[0] == 0)
+ /* The function moan_smtp_batch() does not return. */
+ moan_smtp_batch(smtp_cmd_buffer, "501 MAIL FROM must have an address operand");
- /* Reset to start of message */
+ /* Reset to start of message */
- cancel_cutthrough_connection(TRUE, US"MAIL received");
- smtp_reset(reset_point);
+ cancel_cutthrough_connection(TRUE, US"MAIL received");
+ smtp_reset(reset_point);
- /* Apply SMTP rewrite */
+ /* Apply SMTP rewrite */
- raw_sender = ((rewrite_existflags & rewrite_smtp) != 0)?
- rewrite_one(smtp_cmd_data, rewrite_smtp|rewrite_smtp_sender, NULL, FALSE,
- US"", global_rewrite_rules) : smtp_cmd_data;
+ raw_sender = ((rewrite_existflags & rewrite_smtp) != 0)?
+ rewrite_one(smtp_cmd_data, rewrite_smtp|rewrite_smtp_sender, NULL, FALSE,
+ US"", global_rewrite_rules) : smtp_cmd_data;
- /* Extract the address; the TRUE flag allows <> as valid */
+ /* Extract the address; the TRUE flag allows <> as valid */
- raw_sender =
- parse_extract_address(raw_sender, &errmess, &start, &end, &sender_domain,
- TRUE);
+ raw_sender =
+ parse_extract_address(raw_sender, &errmess, &start, &end, &sender_domain,
+ TRUE);
- if (raw_sender == NULL)
- /* The function moan_smtp_batch() does not return. */
- moan_smtp_batch(smtp_cmd_buffer, "501 %s", errmess);
+ if (!raw_sender)
+ /* The function moan_smtp_batch() does not return. */
+ moan_smtp_batch(smtp_cmd_buffer, "501 %s", errmess);
- sender_address = string_copy(raw_sender);
+ sender_address = string_copy(raw_sender);
- /* Qualify unqualified sender addresses if permitted to do so. */
+ /* Qualify unqualified sender addresses if permitted to do so. */
- if (sender_domain == 0 && sender_address[0] != 0 && sender_address[0] != '@')
- {
- if (allow_unqualified_sender)
- {
- sender_address = rewrite_address_qualify(sender_address, FALSE);
- DEBUG(D_receive) debug_printf("unqualified address %s accepted "
- "and rewritten\n", raw_sender);
- }
- /* The function moan_smtp_batch() does not return. */
- else moan_smtp_batch(smtp_cmd_buffer, "501 sender address must contain "
- "a domain");
- }
- break;
+ if ( !sender_domain
+ && sender_address[0] != 0 && sender_address[0] != '@')
+ if (allow_unqualified_sender)
+ {
+ sender_address = rewrite_address_qualify(sender_address, FALSE);
+ DEBUG(D_receive) debug_printf("unqualified address %s accepted "
+ "and rewritten\n", raw_sender);
+ }
+ /* The function moan_smtp_batch() does not return. */
+ else
+ moan_smtp_batch(smtp_cmd_buffer, "501 sender address must contain "
+ "a domain");
+ break;
/* The RCPT TO command requires an address as an operand. All we do
@@ -2191,53 +2184,54 @@ while (done <= 0)
extracted address. */
case RCPT_CMD:
- if (sender_address == NULL)
- /* The function moan_smtp_batch() does not return. */
- moan_smtp_batch(smtp_cmd_buffer, "503 No sender yet given");
+ if (!sender_address)
+ /* The function moan_smtp_batch() does not return. */
+ moan_smtp_batch(smtp_cmd_buffer, "503 No sender yet given");
- if (smtp_cmd_data[0] == 0)
- /* The function moan_smtp_batch() does not return. */
- moan_smtp_batch(smtp_cmd_buffer, "501 RCPT TO must have an address operand");
+ if (smtp_cmd_data[0] == 0)
+ /* The function moan_smtp_batch() does not return. */
+ moan_smtp_batch(smtp_cmd_buffer,
+ "501 RCPT TO must have an address operand");
- /* Check maximum number allowed */
+ /* Check maximum number allowed */
- if (recipients_max > 0 && recipients_count + 1 > recipients_max)
- /* The function moan_smtp_batch() does not return. */
- moan_smtp_batch(smtp_cmd_buffer, "%s too many recipients",
- recipients_max_reject? "552": "452");
+ if (recipients_max > 0 && recipients_count + 1 > recipients_max)
+ /* The function moan_smtp_batch() does not return. */
+ moan_smtp_batch(smtp_cmd_buffer, "%s too many recipients",
+ recipients_max_reject? "552": "452");
- /* Apply SMTP rewrite, then extract address. Don't allow "<>" as a
- recipient address */
+ /* Apply SMTP rewrite, then extract address. Don't allow "<>" as a
+ recipient address */
- recipient = rewrite_existflags & rewrite_smtp
- ? rewrite_one(smtp_cmd_data, rewrite_smtp, NULL, FALSE, US"",
- global_rewrite_rules)
- : smtp_cmd_data;
+ recipient = rewrite_existflags & rewrite_smtp
+ ? rewrite_one(smtp_cmd_data, rewrite_smtp, NULL, FALSE, US"",
+ global_rewrite_rules)
+ : smtp_cmd_data;
- recipient = parse_extract_address(recipient, &errmess, &start, &end,
- &recipient_domain, FALSE);
+ recipient = parse_extract_address(recipient, &errmess, &start, &end,
+ &recipient_domain, FALSE);
- if (!recipient)
- /* The function moan_smtp_batch() does not return. */
- moan_smtp_batch(smtp_cmd_buffer, "501 %s", errmess);
+ if (!recipient)
+ /* The function moan_smtp_batch() does not return. */
+ moan_smtp_batch(smtp_cmd_buffer, "501 %s", errmess);
- /* If the recipient address is unqualified, qualify it if permitted. Then
- add it to the list of recipients. */
+ /* If the recipient address is unqualified, qualify it if permitted. Then
+ add it to the list of recipients. */
- if (recipient_domain == 0)
- {
- if (allow_unqualified_recipient)
- {
- DEBUG(D_receive) debug_printf("unqualified address %s accepted\n",
- recipient);
- recipient = rewrite_address_qualify(recipient, TRUE);
- }
- /* The function moan_smtp_batch() does not return. */
- else moan_smtp_batch(smtp_cmd_buffer, "501 recipient address must contain "
- "a domain");
- }
- receive_add_recipient(recipient, -1);
- break;
+ if (!recipient_domain)
+ if (allow_unqualified_recipient)
+ {
+ DEBUG(D_receive) debug_printf("unqualified address %s accepted\n",
+ recipient);
+ recipient = rewrite_address_qualify(recipient, TRUE);
+ }
+ /* The function moan_smtp_batch() does not return. */
+ else
+ moan_smtp_batch(smtp_cmd_buffer,
+ "501 recipient address must contain a domain");
+
+ receive_add_recipient(recipient, -1);
+ break;
/* The DATA command is legal only if it follows successful MAIL FROM
@@ -2245,22 +2239,20 @@ while (done <= 0)
command is encountered. */
case DATA_CMD:
- if (sender_address == NULL || recipients_count <= 0)
- {
- /* The function moan_smtp_batch() does not return. */
- if (sender_address == NULL)
- moan_smtp_batch(smtp_cmd_buffer,
- "503 MAIL FROM:<sender> command must precede DATA");
+ if (!sender_address || recipients_count <= 0)
+ /* The function moan_smtp_batch() does not return. */
+ if (!sender_address)
+ moan_smtp_batch(smtp_cmd_buffer,
+ "503 MAIL FROM:<sender> command must precede DATA");
+ else
+ moan_smtp_batch(smtp_cmd_buffer,
+ "503 RCPT TO:<recipient> must precede DATA");
else
- moan_smtp_batch(smtp_cmd_buffer,
- "503 RCPT TO:<recipient> must precede DATA");
- }
- else
- {
- done = 3; /* DATA successfully achieved */
- message_ended = END_NOTENDED; /* Indicate in middle of message */
- }
- break;
+ {
+ done = 3; /* DATA successfully achieved */
+ message_ended = END_NOTENDED; /* Indicate in middle of message */
+ }
+ break;
/* The VRFY, EXPN, HELP, ETRN, and NOOP commands are ignored. */
@@ -2270,32 +2262,32 @@ while (done <= 0)
case HELP_CMD:
case NOOP_CMD:
case ETRN_CMD:
- bsmtp_transaction_linecount = receive_linecount;
- break;
+ bsmtp_transaction_linecount = receive_linecount;
+ break;
case EOF_CMD:
case QUIT_CMD:
- done = 2;
- break;
+ done = 2;
+ break;
case BADARG_CMD:
- /* The function moan_smtp_batch() does not return. */
- moan_smtp_batch(smtp_cmd_buffer, "501 Unexpected argument data");
- break;
+ /* The function moan_smtp_batch() does not return. */
+ moan_smtp_batch(smtp_cmd_buffer, "501 Unexpected argument data");
+ break;
case BADCHAR_CMD:
- /* The function moan_smtp_batch() does not return. */
- moan_smtp_batch(smtp_cmd_buffer, "501 Unexpected NULL in SMTP command");
- break;
+ /* The function moan_smtp_batch() does not return. */
+ moan_smtp_batch(smtp_cmd_buffer, "501 Unexpected NULL in SMTP command");
+ break;
default:
- /* The function moan_smtp_batch() does not return. */
- moan_smtp_batch(smtp_cmd_buffer, "500 Command unrecognized");
- break;
+ /* The function moan_smtp_batch() does not return. */
+ moan_smtp_batch(smtp_cmd_buffer, "500 Command unrecognized");
+ break;
}
}
@@ -2445,7 +2437,7 @@ smtp_had_eof = smtp_had_error = 0;
/* Set up the message size limit; this may be host-specific */
thismessage_size_limit = expand_string_integer(message_size_limit, TRUE);
-if (expand_string_message != NULL)
+if (expand_string_message)
{
if (thismessage_size_limit == -1)
log_write(0, LOG_MAIN|LOG_PANIC, "unable to expand message_size_limit: "
@@ -2826,8 +2818,12 @@ if (check_proxy_protocol_host())
smtps port for use with older style SSL MTAs. */
#ifdef SUPPORT_TLS
- if (tls_in.on_connect && tls_server_start(tls_require_ciphers, &user_msg) != OK)
- return smtp_log_tls_fail(user_msg);
+ if (tls_in.on_connect)
+ {
+ if (tls_server_start(tls_require_ciphers, &user_msg) != OK)
+ return smtp_log_tls_fail(user_msg);
+ cmd_list[CMD_LIST_TLS_AUTH].is_mail_cmd = TRUE;
+ }
#endif
/* Run the connect ACL if it exists */
@@ -2892,7 +2888,7 @@ do /* At least once, in case we have an empty string */
int len;
uschar *linebreak = Ustrchr(p, '\n');
ss = string_catn(ss, code, 3);
- if (linebreak == NULL)
+ if (!linebreak)
{
len = Ustrlen(p);
ss = string_catn(ss, US" ", 1);
@@ -2906,9 +2902,9 @@ do /* At least once, in case we have an empty string */
ss = string_catn(ss, p, len);
ss = string_catn(ss, US"\r\n", 2);
p += len;
- if (linebreak != NULL) p++;
+ if (linebreak) p++;
}
-while (*p != 0);
+while (*p);
/* Before we write the banner, check that there is no input pending, unless
this synchronisation check is disabled. */
@@ -3800,7 +3796,6 @@ cmd_list[CMD_LIST_HELO].is_mail_cmd = TRUE;
cmd_list[CMD_LIST_EHLO].is_mail_cmd = TRUE;
#ifdef SUPPORT_TLS
cmd_list[CMD_LIST_STARTTLS].is_mail_cmd = TRUE;
-cmd_list[CMD_LIST_TLS_AUTH].is_mail_cmd = TRUE;
#endif
/* Set the local signal handler for SIGTERM - it tries to end off tidily */
@@ -3846,24 +3841,24 @@ while (done <= 0)
)
{
cmd_list[CMD_LIST_TLS_AUTH].is_mail_cmd = FALSE;
- if ( acl_smtp_auth
- && (rc = acl_check(ACL_WHERE_AUTH, NULL, acl_smtp_auth,
- &user_msg, &log_msg)) != OK
- )
- {
- done = smtp_handle_acl_fail(ACL_WHERE_AUTH, rc, user_msg, log_msg);
- continue;
- }
for (au = auths; au; au = au->next)
if (strcmpic(US"tls", au->driver_name) == 0)
{
- smtp_cmd_data = NULL;
-
- if (smtp_in_auth(au, &s, &ss) == OK)
- { DEBUG(D_auth) debug_printf("tls auth succeeded\n"); }
+ if ( acl_smtp_auth
+ && (rc = acl_check(ACL_WHERE_AUTH, NULL, acl_smtp_auth,
+ &user_msg, &log_msg)) != OK
+ )
+ done = smtp_handle_acl_fail(ACL_WHERE_AUTH, rc, user_msg, log_msg);
else
- { DEBUG(D_auth) debug_printf("tls auth not succeeded\n"); }
+ {
+ smtp_cmd_data = NULL;
+
+ if (smtp_in_auth(au, &s, &ss) == OK)
+ { DEBUG(D_auth) debug_printf("tls auth succeeded\n"); }
+ else
+ { DEBUG(D_auth) debug_printf("tls auth not succeeded\n"); }
+ }
break;
}
}
diff --git a/src/src/store.c b/src/src/store.c
index c7cf33c9a..8f5da3a5a 100644
--- a/src/src/store.c
+++ b/src/src/store.c
@@ -428,14 +428,8 @@ DEBUG(D_memory)
* Release store *
************************************************/
-/* This function is specifically provided for use when reading very
-long strings, e.g. header lines. When the string gets longer than a
-complete block, it gets copied to a new block. It is helpful to free
-the old block iff the previous copy of the string is at its start,
-and therefore the only thing in it. Otherwise, for very long strings,
-dead store can pile up somewhat disastrously. This function checks that
-the pointer it is given is the first thing in a block, and if so,
-releases that block.
+/* This function checks that the pointer it is given is the first thing in a
+block, and if so, releases that block.
Arguments:
block block of store to consider
@@ -445,17 +439,17 @@ Arguments:
Returns: nothing
*/
-void
-store_release_3(void *block, const char *filename, int linenumber)
+static void
+store_release_3(void * block, const char * filename, int linenumber)
{
-storeblock *b;
+storeblock * b;
/* It will never be the first block, so no need to check that. */
-for (b = chainbase[store_pool]; b != NULL; b = b->next)
+for (b = chainbase[store_pool]; b; b = b->next)
{
- storeblock *bb = b->next;
- if (bb != NULL && CS block == CS bb + ALIGNED_SIZEOF_STOREBLOCK)
+ storeblock * bb = b->next;
+ if (bb && CS block == CS bb + ALIGNED_SIZEOF_STOREBLOCK)
{
b->next = bb->next;
pool_malloc -= bb->length + ALIGNED_SIZEOF_STOREBLOCK;
@@ -463,21 +457,20 @@ for (b = chainbase[store_pool]; b != NULL; b = b->next)
/* Cut out the debugging stuff for utilities, but stop picky compilers
from giving warnings. */
- #ifdef COMPILE_UTILITY
+#ifdef COMPILE_UTILITY
filename = filename;
linenumber = linenumber;
- #else
+#else
DEBUG(D_memory)
- {
if (running_in_test_harness)
debug_printf("-Release %d\n", pool_malloc);
else
debug_printf("-Release %6p %-20s %4d %d\n", (void *)bb, filename,
linenumber, pool_malloc);
- }
+
if (running_in_test_harness)
memset(bb, 0xF0, bb->length+ALIGNED_SIZEOF_STOREBLOCK);
- #endif /* COMPILE_UTILITY */
+#endif /* COMPILE_UTILITY */
free(bb);
return;
@@ -486,6 +479,43 @@ for (b = chainbase[store_pool]; b != NULL; b = b->next)
}
+/************************************************
+* Move store *
+************************************************/
+
+/* Allocate a new block big enough to expend to the given size and
+copy the current data into it. Free the old one if possible.
+
+This function is specifically provided for use when reading very
+long strings, e.g. header lines. When the string gets longer than a
+complete block, it gets copied to a new block. It is helpful to free
+the old block iff the previous copy of the string is at its start,
+and therefore the only thing in it. Otherwise, for very long strings,
+dead store can pile up somewhat disastrously. This function checks that
+the pointer it is given is the first thing in a block, and that nothing
+has been allocated since. If so, releases that block.
+
+Arguments:
+ block
+ newsize
+ len
+
+Returns: new location of data
+*/
+
+void *
+store_newblock_3(void * block, int newsize, int len,
+ const char * filename, int linenumber)
+{
+BOOL release_ok = store_last_get[store_pool] == block;
+uschar * newtext = store_get(newsize);
+
+memcpy(newtext, block, len);
+if (release_ok) store_release_3(block, filename, linenumber);
+return (void *)newtext;
+}
+
+
/*************************************************
diff --git a/src/src/store.h b/src/src/store.h
index 7c860f154..cb0a3cae9 100644
--- a/src/src/store.h
+++ b/src/src/store.h
@@ -34,19 +34,21 @@ tracing information for debugging. */
#define store_get(size) store_get_3(size, __FILE__, __LINE__)
#define store_get_perm(size) store_get_perm_3(size, __FILE__, __LINE__)
#define store_malloc(size) store_malloc_3(size, __FILE__, __LINE__)
-#define store_release(addr) store_release_3(addr, __FILE__, __LINE__)
+#define store_newblock(addr,newsize,datalen) \
+ store_newblock_3(addr, newsize, datalen, __FILE__, __LINE__)
#define store_reset(addr) store_reset_3(addr, __FILE__, __LINE__)
/* The real functions */
-extern BOOL store_extend_3(void *, int, int, const char *, int); /* The */
-extern void store_free_3(void *, const char *, int); /* value of the */
-extern void *store_get_3(int, const char *, int); /* 2nd arg is */
-extern void *store_get_perm_3(int, const char *, int); /* __FILE__ in */
-extern void *store_malloc_3(int, const char *, int); /* every call, */
-extern void store_release_3(void *, const char *, int); /* so give its */
-extern void store_reset_3(void *, const char *, int); /* correct type */
+/* The value of the 2nd arg is __FILE__ in every call, so give its correct type */
+extern BOOL store_extend_3(void *, int, int, const char *, int);
+extern void store_free_3(void *, const char *, int);
+extern void *store_get_3(int, const char *, int);
+extern void *store_get_perm_3(int, const char *, int);
+extern void *store_malloc_3(int, const char *, int);
+extern void *store_newblock_3(void *, int, int, const char *, int);
+extern void store_reset_3(void *, const char *, int);
#endif /* STORE_H */
diff --git a/src/src/string.c b/src/src/string.c
index 2e919e6d9..63ea88eec 100644
--- a/src/src/string.c
+++ b/src/src/string.c
@@ -1077,7 +1077,13 @@ return g->s;
* Add chars to string *
*************************************************/
-void
+/* Arguments:
+ g the grawable-string
+ p current end of data
+ count amount to grow by
+*/
+
+static void
gstring_grow(gstring * g, int p, int count)
{
int oldsize = g->size;
@@ -1102,13 +1108,7 @@ was the last item on the dynamic memory stack. This is the case if it matches
store_last_get. */
if (!store_extend(g->s, oldsize, g->size))
- {
- BOOL release_ok = store_last_get[store_pool] == g->s;
- uschar *newstring = store_get(g->size);
- memcpy(newstring, g->s, p);
- if (release_ok) store_release(g->s);
- g->s = newstring;
- }
+ g->s = store_newblock(g->s, g->size, p);
}
diff --git a/src/src/tls-gnu.c b/src/src/tls-gnu.c
index 527ad28b2..9f166691a 100644
--- a/src/src/tls-gnu.c
+++ b/src/src/tls-gnu.c
@@ -63,10 +63,19 @@ require current GnuTLS, then we'll drop support for the ancient libraries).
#if GNUTLS_VERSION_NUMBER >= 0x030109
# define SUPPORT_CORK
#endif
+#if GNUTLS_VERSION_NUMBER >= 0x030506 && !defined(DISABLE_OCSP)
+# define SUPPORT_SRV_OCSP_STACK
+#endif
+#if GNUTLS_VERSION_NUMBER >= 0x030000 && defined(EXPERIMENTAL_DANE)
+# define SUPPORT_DANE
+#endif
#ifndef DISABLE_OCSP
# include <gnutls/ocsp.h>
#endif
+#ifdef SUPPORT_DANE
+# include <gnutls/dane.h>
+#endif
/* GnuTLS 2 vs 3
@@ -82,7 +91,7 @@ Changes:
/* Values for verify_requirement */
enum peer_verify_requirement
- { VERIFY_NONE, VERIFY_OPTIONAL, VERIFY_REQUIRED };
+ { VERIFY_NONE, VERIFY_OPTIONAL, VERIFY_REQUIRED, VERIFY_DANE };
/* This holds most state for server or client; with this, we can set up an
outbound TLS-enabled connection in an ACL callout, while not stomping all
@@ -103,6 +112,7 @@ typedef struct exim_gnutls_state {
int fd_in;
int fd_out;
BOOL peer_cert_verified;
+ BOOL peer_dane_verified;
BOOL trigger_sni_changes;
BOOL have_set_peerdn;
const struct host_item *host;
@@ -123,11 +133,14 @@ typedef struct exim_gnutls_state {
uschar *exp_tls_verify_certificates;
uschar *exp_tls_crl;
uschar *exp_tls_require_ciphers;
- uschar *exp_tls_ocsp_file;
const uschar *exp_tls_verify_cert_hostnames;
#ifndef DISABLE_EVENT
uschar *event_action;
#endif
+#ifdef SUPPORT_DANE
+ char * const * dane_data;
+ const int * dane_data_len;
+#endif
tls_support *tlsp; /* set in tls_init() */
@@ -146,6 +159,7 @@ static const exim_gnutls_state_st exim_gnutls_state_init = {
.fd_in = -1,
.fd_out = -1,
.peer_cert_verified = FALSE,
+ .peer_dane_verified = FALSE,
.trigger_sni_changes =FALSE,
.have_set_peerdn = FALSE,
.host = NULL,
@@ -166,7 +180,6 @@ static const exim_gnutls_state_st exim_gnutls_state_init = {
.exp_tls_verify_certificates = NULL,
.exp_tls_crl = NULL,
.exp_tls_require_ciphers = NULL,
- .exp_tls_ocsp_file = NULL,
.exp_tls_verify_cert_hostnames = NULL,
#ifndef DISABLE_EVENT
.event_action = NULL,
@@ -238,8 +251,8 @@ before, for now. */
# define EXIM_SERVER_DH_BITS_PRE2_12 1024
#endif
-#define exim_gnutls_err_check(Label) do { \
- if (rc != GNUTLS_E_SUCCESS) \
+#define exim_gnutls_err_check(rc, Label) do { \
+ if ((rc) != GNUTLS_E_SUCCESS) \
return tls_error((Label), gnutls_strerror(rc), host, errstr); \
} while (0)
@@ -437,6 +450,9 @@ tlsp->cipher = state->ciphersuite;
DEBUG(D_tls) debug_printf("cipher: %s\n", state->ciphersuite);
tlsp->certificate_verified = state->peer_cert_verified;
+#ifdef SUPPORT_DANE
+tlsp->dane_verified = state->peer_dane_verified;
+#endif
/* note that tls_channelbinding_b64 is not saved to the spool file, since it's
only available for use for authenticators while this TLS session is running. */
@@ -507,7 +523,7 @@ host_item *host = NULL; /* dummy for macros */
DEBUG(D_tls) debug_printf("Initialising GnuTLS server params.\n");
rc = gnutls_dh_params_init(&dh_server_params);
-exim_gnutls_err_check(US"gnutls_dh_params_init");
+exim_gnutls_err_check(rc, US"gnutls_dh_params_init");
m.data = NULL;
m.size = 0;
@@ -543,7 +559,7 @@ else
if (m.data)
{
rc = gnutls_dh_params_import_pkcs3(dh_server_params, &m, GNUTLS_X509_FMT_PEM);
- exim_gnutls_err_check(US"gnutls_dh_params_import_pkcs3");
+ exim_gnutls_err_check(rc, US"gnutls_dh_params_import_pkcs3");
DEBUG(D_tls) debug_printf("Loaded fixed standard D-H parameters\n");
return OK;
}
@@ -626,7 +642,7 @@ if ((fd = Uopen(filename, O_RDONLY, 0)) >= 0)
rc = gnutls_dh_params_import_pkcs3(dh_server_params, &m, GNUTLS_X509_FMT_PEM);
free(m.data);
- exim_gnutls_err_check(US"gnutls_dh_params_import_pkcs3");
+ exim_gnutls_err_check(rc, US"gnutls_dh_params_import_pkcs3");
DEBUG(D_tls) debug_printf("read D-H parameters from file \"%s\"\n", filename);
}
@@ -683,7 +699,7 @@ if (rc < 0)
debug_printf("requesting generation of %d bit Diffie-Hellman prime ...\n",
dh_bits_gen);
rc = gnutls_dh_params_generate2(dh_server_params, dh_bits_gen);
- exim_gnutls_err_check(US"gnutls_dh_params_generate2");
+ exim_gnutls_err_check(rc, US"gnutls_dh_params_generate2");
/* gnutls_dh_params_export_pkcs3() will tell us the exact size, every time,
and I confirmed that a NULL call to get the size first is how the GnuTLS
@@ -694,7 +710,7 @@ if (rc < 0)
rc = gnutls_dh_params_export_pkcs3(dh_server_params, GNUTLS_X509_FMT_PEM,
m.data, &sz);
if (rc != GNUTLS_E_SHORT_MEMORY_BUFFER)
- exim_gnutls_err_check(US"gnutls_dh_params_export_pkcs3(NULL) sizing");
+ exim_gnutls_err_check(rc, US"gnutls_dh_params_export_pkcs3(NULL) sizing");
m.size = sz;
if (!(m.data = malloc(m.size)))
return tls_error(US"memory allocation failed", strerror(errno), NULL, errstr);
@@ -705,7 +721,7 @@ if (rc < 0)
if (rc != GNUTLS_E_SUCCESS)
{
free(m.data);
- exim_gnutls_err_check(US"gnutls_dh_params_export_pkcs3() real");
+ exim_gnutls_err_check(rc, US"gnutls_dh_params_export_pkcs3() real");
}
m.size = sz; /* shrink by 1, probably */
@@ -805,15 +821,24 @@ err:
+/* Add certificate and key, from files.
+
+Return:
+ Zero or negative: good. Negate value for certificate index if < 0.
+ Greater than zero: FAIL or DEFER code.
+*/
+
static int
tls_add_certfile(exim_gnutls_state_st * state, const host_item * host,
uschar * certfile, uschar * keyfile, uschar ** errstr)
{
int rc = gnutls_certificate_set_x509_key_file(state->x509_cred,
CS certfile, CS keyfile, GNUTLS_X509_FMT_PEM);
-exim_gnutls_err_check(
- string_sprintf("cert/key setup: cert=%s key=%s", certfile, keyfile));
-return OK;
+if (rc < 0)
+ return tls_error(
+ string_sprintf("cert/key setup: cert=%s key=%s", certfile, keyfile),
+ gnutls_strerror(rc), host, errstr);
+return -rc;
}
@@ -872,7 +897,11 @@ if (!host) /* server */
}
rc = gnutls_certificate_allocate_credentials(&state->x509_cred);
-exim_gnutls_err_check(US"gnutls_certificate_allocate_credentials");
+exim_gnutls_err_check(rc, US"gnutls_certificate_allocate_credentials");
+
+#ifdef SUPPORT_SRV_OCSP_STACK
+gnutls_certificate_set_flags(state->x509_cred, GNUTLS_CERTIFICATE_API_V2);
+#endif
/* remember: expand_check_tlsvar() is expand_check() but fiddling with
state members, assuming consistent naming; and expand_check() returns
@@ -927,20 +956,71 @@ if (state->exp_tls_certificate && *state->exp_tls_certificate)
{
const uschar * clist = state->exp_tls_certificate;
const uschar * klist = state->exp_tls_privatekey;
- int csep = 0, ksep = 0;
- uschar * cfile, * kfile;
+ const uschar * olist;
+ int csep = 0, ksep = 0, osep = 0, cnt = 0;
+ uschar * cfile, * kfile, * ofile;
+
+#ifndef DISABLE_OCSP
+ if (!expand_check(tls_ocsp_file, US"tls_ocsp_file", &ofile, errstr))
+ return DEFER;
+ olist = ofile;
+#endif
while (cfile = string_nextinlist(&clist, &csep, NULL, 0))
+
if (!(kfile = string_nextinlist(&klist, &ksep, NULL, 0)))
return tls_error(US"cert/key setup: out of keys", NULL, host, errstr);
- else if ((rc = tls_add_certfile(state, host, cfile, kfile, errstr)))
+ else if (0 < (rc = tls_add_certfile(state, host, cfile, kfile, errstr)))
return rc;
else
+ {
+ int gnutls_cert_index = -rc;
DEBUG(D_tls) debug_printf("TLS: cert/key %s registered\n", cfile);
+
+ /* Set the OCSP stapling server info */
+
+#ifndef DISABLE_OCSP
+ if (tls_ocsp_file)
+ if (gnutls_buggy_ocsp)
+ {
+ DEBUG(D_tls)
+ debug_printf("GnuTLS library is buggy for OCSP; avoiding\n");
+ }
+ else if ((ofile = string_nextinlist(&olist, &osep, NULL, 0)))
+ {
+ /* Use the full callback method for stapling just to get
+ observability. More efficient would be to read the file once only,
+ if it never changed (due to SNI). Would need restart on file update,
+ or watch datestamp. */
+
+# ifdef SUPPORT_SRV_OCSP_STACK
+ rc = gnutls_certificate_set_ocsp_status_request_function2(
+ state->x509_cred, gnutls_cert_index,
+ server_ocsp_stapling_cb, ofile);
+
+ exim_gnutls_err_check(rc,
+ US"gnutls_certificate_set_ocsp_status_request_function2");
+# else
+ if (cnt++ > 0)
+ {
+ DEBUG(D_tls)
+ debug_printf("oops; multiple OCSP files not supported\n");
+ break;
+ }
+ gnutls_certificate_set_ocsp_status_request_function(
+ state->x509_cred, server_ocsp_stapling_cb, ofile);
+# endif
+
+ DEBUG(D_tls) debug_printf("OCSP response file = %s\n", ofile);
+ }
+ else
+ DEBUG(D_tls) debug_printf("ran out of OCSP response files in list\n");
+#endif
+ }
}
else
{
- if ((rc = tls_add_certfile(state, host,
+ if (0 < (rc = tls_add_certfile(state, host,
state->exp_tls_certificate, state->exp_tls_privatekey, errstr)))
return rc;
DEBUG(D_tls) debug_printf("TLS: cert/key registered\n");
@@ -949,36 +1029,6 @@ if (state->exp_tls_certificate && *state->exp_tls_certificate)
} /* tls_certificate */
-/* Set the OCSP stapling server info */
-
-#ifndef DISABLE_OCSP
-if ( !host /* server */
- && tls_ocsp_file
- )
- {
- if (gnutls_buggy_ocsp)
- {
- DEBUG(D_tls) debug_printf("GnuTLS library is buggy for OCSP; avoiding\n");
- }
- else
- {
- if (!expand_check(tls_ocsp_file, US"tls_ocsp_file",
- &state->exp_tls_ocsp_file, errstr))
- return DEFER;
-
- /* Use the full callback method for stapling just to get observability.
- More efficient would be to read the file once only, if it never changed
- (due to SNI). Would need restart on file update, or watch datestamp. */
-
- gnutls_certificate_set_ocsp_status_request_function(state->x509_cred,
- server_ocsp_stapling_cb, state->exp_tls_ocsp_file);
-
- DEBUG(D_tls) debug_printf("OCSP response file = %s\n", state->exp_tls_ocsp_file);
- }
- }
-#endif
-
-
/* Set the trusted CAs file if one is provided, and then add the CRL if one is
provided. Experiment shows that, if the certificate file is empty, an unhelpful
error message is provided. However, if we just refrain from setting anything up
@@ -1071,7 +1121,7 @@ else
if (cert_count < 0)
{
rc = cert_count;
- exim_gnutls_err_check(US"setting certificate trust");
+ exim_gnutls_err_check(rc, US"setting certificate trust");
}
DEBUG(D_tls) debug_printf("Added %d certificate authorities.\n", cert_count);
@@ -1084,7 +1134,7 @@ if (state->tls_crl && *state->tls_crl &&
if (cert_count < 0)
{
rc = cert_count;
- exim_gnutls_err_check(US"gnutls_certificate_set_x509_crl_file");
+ exim_gnutls_err_check(rc, US"gnutls_certificate_set_x509_crl_file");
}
DEBUG(D_tls) debug_printf("Processed %d CRLs.\n", cert_count);
}
@@ -1135,7 +1185,7 @@ if (!state->host)
/* Link the credentials to the session. */
rc = gnutls_credentials_set(state->session, GNUTLS_CRD_CERTIFICATE, state->x509_cred);
-exim_gnutls_err_check(US"gnutls_credentials_set");
+exim_gnutls_err_check(rc, US"gnutls_credentials_set");
return OK;
}
@@ -1225,12 +1275,12 @@ if (!exim_gnutls_base_init_done)
if (!gnutls_allow_auto_pkcs11)
{
rc = gnutls_pkcs11_init(GNUTLS_PKCS11_FLAG_MANUAL, NULL);
- exim_gnutls_err_check(US"gnutls_pkcs11_init");
+ exim_gnutls_err_check(rc, US"gnutls_pkcs11_init");
}
#endif
rc = gnutls_global_init();
- exim_gnutls_err_check(US"gnutls_global_init");
+ exim_gnutls_err_check(rc, US"gnutls_global_init");
#if EXIM_GNUTLS_LIBRARY_LOG_LEVEL >= 0
DEBUG(D_tls)
@@ -1265,7 +1315,7 @@ else
DEBUG(D_tls) debug_printf("initialising GnuTLS server session\n");
rc = gnutls_init(&state->session, GNUTLS_SERVER);
}
-exim_gnutls_err_check(US"gnutls_init");
+exim_gnutls_err_check(rc, US"gnutls_init");
state->host = host;
@@ -1300,7 +1350,7 @@ if (host)
sz = Ustrlen(state->tlsp->sni);
rc = gnutls_server_name_set(state->session,
GNUTLS_NAME_DNS, state->tlsp->sni, sz);
- exim_gnutls_err_check(US"gnutls_server_name_set");
+ exim_gnutls_err_check(rc, US"gnutls_server_name_set");
}
}
else if (state->tls_sni)
@@ -1340,12 +1390,12 @@ if (want_default_priorities)
p = US exim_default_gnutls_priority;
}
-exim_gnutls_err_check(string_sprintf(
+exim_gnutls_err_check(rc, string_sprintf(
"gnutls_priority_init(%s) failed at offset %ld, \"%.6s..\"",
p, errpos - CS p, errpos));
rc = gnutls_priority_set(state->session, state->priority_cache);
-exim_gnutls_err_check(US"gnutls_priority_set");
+exim_gnutls_err_check(rc, US"gnutls_priority_set");
gnutls_db_set_cache_expiration(state->session, ssl_session_timeout);
@@ -1514,8 +1564,8 @@ gnutls_certificate_set_verify_function() to fail the handshake if we dislike
the peer information, but that's too new for some OSes.
Arguments:
- state exim_gnutls_state_st *
- errstr where to put an error message
+ state exim_gnutls_state_st *
+ errstr where to put an error message
Returns:
FALSE if the session should be rejected
@@ -1526,7 +1576,10 @@ static BOOL
verify_certificate(exim_gnutls_state_st *state, uschar ** errstr)
{
int rc;
-unsigned int verify;
+uint verify;
+
+if (state->verify_requirement == VERIFY_NONE)
+ return TRUE;
*errstr = NULL;
@@ -1536,10 +1589,49 @@ if ((rc = peer_status(state, errstr)) != OK)
*errstr = US"certificate not supplied";
}
else
+
+ {
+#ifdef SUPPORT_DANE
+ if (state->verify_requirement == VERIFY_DANE && state->host)
+ {
+ /* Using dane_verify_session_crt() would be easy, as it does it all for us
+ including talking to a DNS resolver. But we want to do that bit ourselves
+ as the testsuite intercepts and fakes its own DNS environment. */
+
+ dane_state_t s;
+ dane_query_t r;
+ const gnutls_datum_t * certlist;
+ uint lsize;
+
+ certlist = gnutls_certificate_get_peers(state->session, &lsize);
+
+ if ( (rc = dane_state_init(&s, 0))
+ || (rc = dane_raw_tlsa(s, &r, state->dane_data, state->dane_data_len,
+ 1, 0))
+ || (rc = dane_verify_crt_raw(s, certlist, lsize,
+ gnutls_certificate_type_get(state->session),
+ r, 0, 0, &verify))
+ )
+
+ {
+ *errstr = string_sprintf("TLSA record problem: %s", dane_strerror(rc));
+ goto badcert;
+ }
+ if (verify != 0)
+ {
+ gnutls_datum_t str;
+ (void) dane_verification_status_print(verify, &str, 0);
+ *errstr = US str.data; /* don't bother to free */
+ goto badcert;
+ }
+ state->peer_dane_verified = TRUE;
+ }
+#endif
+
rc = gnutls_certificate_verify_peers2(state->session, &verify);
+ }
-/* Handle the result of verification. INVALID seems to be set as well
-as REVOKED, but leave the test for both. */
+/* Handle the result of verification. INVALID is set if any others are. */
if (rc < 0 ||
verify & (GNUTLS_CERT_INVALID|GNUTLS_CERT_REVOKED)
@@ -1555,11 +1647,7 @@ if (rc < 0 ||
*errstr, state->peerdn ? state->peerdn : US"<unset>");
if (state->verify_requirement >= VERIFY_REQUIRED)
- {
- gnutls_alert_send(state->session,
- GNUTLS_AL_FATAL, GNUTLS_A_BAD_CERTIFICATE);
- return FALSE;
- }
+ goto badcert;
DEBUG(D_tls)
debug_printf("TLS verify failure overridden (host in tls_try_verify_hosts)\n");
}
@@ -1579,11 +1667,7 @@ else
DEBUG(D_tls)
debug_printf("TLS certificate verification failed: cert name mismatch\n");
if (state->verify_requirement >= VERIFY_REQUIRED)
- {
- gnutls_alert_send(state->session,
- GNUTLS_AL_FATAL, GNUTLS_A_BAD_CERTIFICATE);
- return FALSE;
- }
+ goto badcert;
return TRUE;
}
}
@@ -1593,8 +1677,11 @@ else
}
state->tlsp->peerdn = state->peerdn;
-
return TRUE;
+
+badcert:
+ gnutls_alert_send(state->session, GNUTLS_AL_FATAL, GNUTLS_A_BAD_CERTIFICATE);
+ return FALSE;
}
@@ -1705,6 +1792,7 @@ server_ocsp_stapling_cb(gnutls_session_t session, void * ptr,
gnutls_datum_t * ocsp_response)
{
int ret;
+DEBUG(D_tls) debug_printf("OCSP stapling callback: %s\n", US ptr);
if ((ret = gnutls_load_file(ptr, ocsp_response)) < 0)
{
@@ -1919,8 +2007,7 @@ DEBUG(D_tls) debug_printf("gnutls_handshake was successful\n");
/* Verify after the fact */
-if ( state->verify_requirement != VERIFY_NONE
- && !verify_certificate(state, errstr))
+if (!verify_certificate(state, errstr))
{
if (state->verify_requirement != VERIFY_OPTIONAL)
{
@@ -1978,6 +2065,55 @@ if (verify_check_given_host(&ob->tls_verify_cert_hostnames, host) == OK)
}
+
+
+#ifdef SUPPORT_DANE
+/* Given our list of RRs from the TLSA lookup, build a lookup block in
+GnuTLS-DANE's preferred format. Hang it on the state str for later
+use in DANE verification.
+
+We point at the dnsa data not copy it, so it must remain valid until
+after verification is done.*/
+
+static void
+dane_tlsa_load(exim_gnutls_state_st * state, dns_answer * dnsa)
+{
+dns_record * rr;
+dns_scan dnss;
+int i;
+const char ** dane_data;
+int * dane_data_len;
+
+for (rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS), i = 1;
+ rr;
+ rr = dns_next_rr(dnsa, &dnss, RESET_NEXT)
+ ) if (rr->type == T_TLSA) i++;
+
+dane_data = store_get(i * sizeof(uschar *));
+dane_data_len = store_get(i * sizeof(int));
+
+for (rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS), i = 0;
+ rr;
+ rr = dns_next_rr(dnsa, &dnss, RESET_NEXT)
+ ) if (rr->type == T_TLSA)
+ {
+ const uschar * p = rr->data;
+ uint8_t usage = *p;
+
+ tls_out.tlsa_usage |= 1<<usage;
+ dane_data[i] = p;
+ dane_data_len[i++] = rr->size;
+ }
+dane_data[i] = NULL;
+dane_data_len[i] = 0;
+
+state->dane_data = (char * const *)dane_data;
+state->dane_data_len = dane_data_len;
+}
+#endif
+
+
+
/*************************************************
* Start a TLS session in a client *
*************************************************/
@@ -1989,7 +2125,11 @@ Arguments:
host connected host (for messages)
addr the first address (not used)
tb transport (always smtp)
-
+ tlsa_dnsa non-NULL, either request or require dane for this host, and
+ a TLSA record found. Therefore, dane verify required.
+ Which implies cert must be requested and supplied, dane
+ verify must pass, and cert verify irrelevant (incl.
+ hostnames), and (caller handled) require_tls
errstr error string pointer
Returns: OK/DEFER/FAIL (because using common functions),
@@ -2001,14 +2141,14 @@ tls_client_start(int fd, host_item *host,
address_item *addr ARG_UNUSED,
transport_instance * tb,
#ifdef EXPERIMENTAL_DANE
- dns_answer * tlsa_dnsa ARG_UNUSED,
+ dns_answer * tlsa_dnsa,
#endif
uschar ** errstr)
{
smtp_transport_options_block *ob =
(smtp_transport_options_block *)tb->options_block;
int rc;
-exim_gnutls_state_st *state = NULL;
+exim_gnutls_state_st * state = NULL;
#ifndef DISABLE_OCSP
BOOL require_ocsp =
verify_check_given_host(&ob->hosts_require_ocsp, host) == OK;
@@ -2044,12 +2184,23 @@ if ((rc = tls_init(host, ob->tls_certificate, ob->tls_privatekey,
set but both tls_verify_hosts and tls_try_verify_hosts are unset. Check only
the specified host patterns if one of them is defined */
-if ( ( state->exp_tls_verify_certificates
- && !ob->tls_verify_hosts
- && (!ob->tls_try_verify_hosts || !*ob->tls_try_verify_hosts)
- )
- || verify_check_given_host(&ob->tls_verify_hosts, host) == OK
- )
+#ifdef SUPPORT_DANE
+if (tlsa_dnsa)
+ {
+ DEBUG(D_tls)
+ debug_printf("TLS: server certificate DANE required.\n");
+ state->verify_requirement = VERIFY_DANE;
+ gnutls_certificate_server_set_request(state->session, GNUTLS_CERT_REQUIRE);
+ dane_tlsa_load(state, tlsa_dnsa);
+ }
+else
+#endif
+ if ( ( state->exp_tls_verify_certificates
+ && !ob->tls_verify_hosts
+ && (!ob->tls_try_verify_hosts || !*ob->tls_try_verify_hosts)
+ )
+ || verify_check_given_host(&ob->tls_verify_hosts, host) == OK
+ )
{
tls_client_setup_hostname_checks(host, state, ob);
DEBUG(D_tls)
@@ -2124,8 +2275,7 @@ DEBUG(D_tls) debug_printf("gnutls_handshake was successful\n");
/* Verify late */
-if (state->verify_requirement != VERIFY_NONE &&
- !verify_certificate(state, errstr))
+if (!verify_certificate(state, errstr))
return tls_error(US"certificate verification failed", *errstr, state->host, errstr);
#ifndef DISABLE_OCSP
diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c
index b225eb762..7735bd971 100644
--- a/src/src/tls-openssl.c
+++ b/src/src/tls-openssl.c
@@ -937,7 +937,7 @@ if (!OCSP_check_validity(thisupd, nextupd, EXIM_OCSP_SKEW_SECONDS, EXIM_OCSP_MAX
}
supply_response:
- cbinfo->u_ocsp.server.response = resp;
+ cbinfo->u_ocsp.server.response = resp; /*XXX stack?*/
return;
bad:
@@ -945,7 +945,7 @@ bad:
{
extern char ** environ;
uschar ** p;
- if (environ) for (p = USS environ; *p != NULL; p++)
+ if (environ) for (p = USS environ; *p; p++)
if (Ustrncmp(*p, "EXIM_TESTHARNESS_DISABLE_OCSPVALIDITYCHECK", 42) == 0)
{
DEBUG(D_tls) debug_printf("Supplying known bad OCSP response\n");
@@ -1134,6 +1134,7 @@ else
#ifndef DISABLE_OCSP
if (cbinfo->is_server && cbinfo->u_ocsp.server.file)
{
+ /*XXX stack*/
if (!expand_check(cbinfo->u_ocsp.server.file, US"tls_ocsp_file", &expanded, errstr))
return DEFER;
@@ -1271,9 +1272,15 @@ static int
tls_server_stapling_cb(SSL *s, void *arg)
{
const tls_ext_ctx_cb *cbinfo = (tls_ext_ctx_cb *) arg;
-uschar *response_der;
+uschar *response_der; /*XXX blob */
int response_der_len;
+/*XXX stack: use SSL_get_certificate() to see which cert; from that work
+out which ocsp blob to send. Unfortunately, SSL_get_certificate is known
+buggy in current OpenSSL; it returns the last cert loaded always rather than
+the one actually presented. So we can't support a stack of OCSP proofs at
+this time. */
+
DEBUG(D_tls)
debug_printf("Received TLS status request (OCSP stapling); %s response\n",
cbinfo->u_ocsp.server.response ? "have" : "lack");
@@ -1283,7 +1290,7 @@ if (!cbinfo->u_ocsp.server.response)
return SSL_TLSEXT_ERR_NOACK;
response_der = NULL;
-response_der_len = i2d_OCSP_RESPONSE(cbinfo->u_ocsp.server.response,
+response_der_len = i2d_OCSP_RESPONSE(cbinfo->u_ocsp.server.response, /*XXX stack*/
&response_der);
if (response_der_len <= 0)
return SSL_TLSEXT_ERR_NOACK;
@@ -1475,7 +1482,7 @@ static int
tls_init(SSL_CTX **ctxp, host_item *host, uschar *dhparam, uschar *certificate,
uschar *privatekey,
#ifndef DISABLE_OCSP
- uschar *ocsp_file,
+ uschar *ocsp_file, /*XXX stack, in server*/
#endif
address_item *addr, tls_ext_ctx_cb ** cbp, uschar ** errstr)
{
@@ -1946,7 +1953,7 @@ the error. */
rc = tls_init(&server_ctx, NULL, tls_dhparam, tls_certificate, tls_privatekey,
#ifndef DISABLE_OCSP
- tls_ocsp_file,
+ tls_ocsp_file, /*XXX stack*/
#endif
NULL, &server_static_cbinfo, errstr);
if (rc != OK) return rc;
diff --git a/src/src/transports/smtp.c b/src/src/transports/smtp.c
index 61e8d8a4f..a1b677e19 100644
--- a/src/src/transports/smtp.c
+++ b/src/src/transports/smtp.c
@@ -1217,14 +1217,15 @@ DEBUG(D_transport)
switch (rc)
{
- case DNS_SUCCEED:
- if (sec) return OK;
-
- log_write(0, LOG_MAIN, "DANE error: TLSA lookup not DNSSEC");
- /*FALLTHROUGH*/
case DNS_AGAIN:
return DEFER; /* just defer this TLS'd conn */
+ case DNS_SUCCEED:
+ if (sec) return OK;
+ log_write(0, LOG_MAIN,
+ "DANE error: TLSA lookup for %s not DNSSEC", host->name);
+ /*FALLTRHOUGH*/
+
case DNS_NODATA: /* no TLSA RR for this lookup */
case DNS_NOMATCH: /* no records at all for this lookup */
return dane_required ? FAIL : FAIL_FORCED;
diff --git a/src/src/verify.c b/src/src/verify.c
index b957c709b..e40a7fc27 100644
--- a/src/src/verify.c
+++ b/src/src/verify.c
@@ -2165,7 +2165,7 @@ return yield;
*************************************************/
/* This function checks those header lines that contain addresses, and verifies
-that all the addresses therein are syntactially correct.
+that all the addresses therein are 5322-syntactially correct.
Arguments:
msgptr where to put an error message
@@ -2181,7 +2181,7 @@ header_line *h;
uschar *colon, *s;
int yield = OK;
-for (h = header_list; h != NULL && yield == OK; h = h->next)
+for (h = header_list; h && yield == OK; h = h->next)
{
if (h->type != htype_from &&
h->type != htype_reply_to &&
@@ -2200,7 +2200,7 @@ for (h = header_list; h != NULL && yield == OK; h = h->next)
parse_allow_group = TRUE;
- while (*s != 0)
+ while (*s)
{
uschar *ss = parse_find_address_end(s, FALSE);
uschar *recipient, *errmess;
@@ -2217,7 +2217,7 @@ for (h = header_list; h != NULL && yield == OK; h = h->next)
/* Permit an unqualified address only if the message is local, or if the
sending host is configured to be permitted to send them. */
- if (recipient != NULL && domain == 0)
+ if (recipient && !domain)
{
if (h->type == htype_from || h->type == htype_sender)
{
@@ -2233,7 +2233,7 @@ for (h = header_list; h != NULL && yield == OK; h = h->next)
/* It's an error if no address could be extracted, except for the special
case of an empty address. */
- if (recipient == NULL && Ustrcmp(errmess, "empty address") != 0)
+ if (!recipient && Ustrcmp(errmess, "empty address") != 0)
{
uschar *verb = US"is";
uschar *t = ss;
@@ -2271,7 +2271,7 @@ for (h = header_list; h != NULL && yield == OK; h = h->next)
/* Advance to the next address */
- s = ss + (terminator? 1:0);
+ s = ss + (terminator ? 1 : 0);
while (isspace(*s)) s++;
} /* Next address */
generated by cgit v1.2.3 (git 2.39.1) at 2025-02-05 05:58:55 +0000