From 38089ca5c8f4c06092324099fc38494f8491b53c Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Thu, 29 Jul 2021 19:35:02 +0100 Subject: Update comments in expample config file to match current default for TLS --- src/src/configure.default | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) (limited to 'src') diff --git a/src/src/configure.default b/src/src/configure.default index fd27d6b45..3761dafbf 100644 --- a/src/src/configure.default +++ b/src/src/configure.default @@ -147,15 +147,15 @@ acl_smtp_data = acl_check_data # spamd_address = 127.0.0.1 783 -# If Exim is compiled with support for TLS, you may want to enable the -# following options so that Exim allows clients to make encrypted -# connections. In the authenticators section below, there are template -# configurations for plaintext username/password authentication. This kind -# of authentication is only safe when used within a TLS connection, so the -# authenticators will only work if the following TLS settings are turned on -# as well. - -# Allow any client to use TLS. +# If Exim is compiled with support for TLS, you may want to change the +# following option so that Exim disallows certain clients from makeing encrypted +# connections. The default is to allow all. +# In the authenticators section below, there are template configurations for +# plaintext username/password authentication. This kind of authentication is +# only safe when used within a TLS connection, so the authenticators will only +# work if TLS is allowed here. + +# This is equivalent to the default. # tls_advertise_hosts = * -- cgit v1.2.3 From 2357aa78ccd7182cad14307eb89cb1065f078356 Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Sun, 1 Aug 2021 18:15:39 +0100 Subject: ACL: "seen" condition --- doc/doc-docbook/spec.xfpt | 61 ++++++++++++++++++ doc/doc-txt/NewStuff | 6 ++ src/src/acl.c | 143 +++++++++++++++++++++++++++++++++++++++++++ src/src/dbstuff.h | 6 ++ src/src/exim_dbutil.c | 12 +++- test/confs/0626 | 31 ++++++++++ test/scripts/0000-Basic/0626 | 82 +++++++++++++++++++++++++ test/stderr/0626 | 142 ++++++++++++++++++++++++++++++++++++++++++ test/stdout/0626 | 99 ++++++++++++++++++++++++++++++ 9 files changed, 581 insertions(+), 1 deletion(-) create mode 100644 test/confs/0626 create mode 100644 test/scripts/0000-Basic/0626 create mode 100644 test/stderr/0626 create mode 100644 test/stdout/0626 (limited to 'src') diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index cea21a18f..397096dff 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -32315,6 +32315,14 @@ content-scanning extension, and is available only in the DATA, MIME, and non-SMTP ACLs. It causes the incoming message to be scanned for a match with any of the regular expressions. For details, see chapter &<>&. +.new +.vitem &*seen&~=&~*&<&'parameters'&> +.cindex "&%sseen%& ACL condition" +This condition can be used to test if a situation has been previously met, +for example for greylisting. +Details are given in section &<>&. +.wen + .vitem &*sender_domains&~=&~*&<&'domain&~list'&> .cindex "&%sender_domains%& ACL condition" .cindex "sender" "ACL checking" @@ -33039,6 +33047,59 @@ address you should specify alternate list separators for both the outer dnslists = <; dnsbl.example.com/<|$acl_m_addrslist .endd + +.new +.section "Previously seen user and hosts" "SECTseen" +.cindex "&%sseen%& ACL condition" +.cindex greylisting +The &%seen%& ACL condition can be used to test whether a +situation has been previously met. +It uses a hints database to record a timestamp against a key. +host. The syntax of the condition is: +.display +&`seen =`& <&'time interval'&> &`/`& <&'options'&> +.endd + +For example, +.code +defer seen = -5m / key=${sender_host_address}_$local_part@$domain +.endd +in a RCPT ACL will implement simple greylisting. + +The parameters for the condition +are an interval followed, slash-separated, by a list of options. +The interval is taken as an offset before the current time, +and used for the test. +If the interval is preceded by a minus sign then the condition returns +whether a record is found which is before the test time. +Otherwise, the condition returns whether one is found which is since the +test time. + +Options are read in order with later ones overriding earlier ones. + +The default key is &$sender_host_address$&. +An explicit key can be set using a &%key=value%& option. + +If a &%readonly%& option is given then +no record create or update is done. +If a &%write%& option is given then +a record create or update is always done. +An update is done if the test is for &"since"&. + +Creates and updates are marked with the current time. + +Finally, a &"before"& test which succeeds, and for which the record +is old enough, will be refreshed with a timstamp of the test time. +This can prevent tidying of the database from removing the entry. +The interval for this is, by default, 10 days. +An explicit interval can be set using a +&%refresh=value%& option. + +Note that &"seen"& should be added to the list of hints databases +for maintenance if this ACL condition is used. +.wen + + .section "Rate limiting incoming messages" "SECTratelimiting" .cindex "rate limiting" "client sending" .cindex "limiting client sending rates" diff --git a/doc/doc-txt/NewStuff b/doc/doc-txt/NewStuff index 6f3d4b31c..478446b41 100644 --- a/doc/doc-txt/NewStuff +++ b/doc/doc-txt/NewStuff @@ -6,6 +6,12 @@ Before a formal release, there may be quite a lot of detail so that people can test from the snapshots or the Git before the documentation is updated. Once the documentation is updated, this file is reduced to a short list. +Version 4.96 +------------ + + 1. A new ACL condition: seen. Records/tests a timestamp against a key. + + Version 4.95 ------------ diff --git a/src/src/acl.c b/src/src/acl.c index f47259ca0..be17b5768 100644 --- a/src/src/acl.c +++ b/src/src/acl.c @@ -103,6 +103,7 @@ enum { ACLC_ACL, ACLC_REGEX, #endif ACLC_REMOVE_HEADER, + ACLC_SEEN, ACLC_SENDER_DOMAINS, ACLC_SENDERS, ACLC_SET, @@ -288,6 +289,7 @@ static condition_def conditions[] = { ACL_BIT_MIME | ACL_BIT_NOTSMTP | ACL_BIT_NOTSMTP_START), }, + [ACLC_SEEN] = { US"seen", TRUE, FALSE, 0 }, [ACLC_SENDER_DOMAINS] = { US"sender_domains", FALSE, FALSE, ACL_BIT_AUTH | ACL_BIT_CONNECT | ACL_BIT_HELO | @@ -2815,6 +2817,143 @@ return rc; +/************************************************* +* Handle a check for previously-seen * +*************************************************/ + +/* +ACL clauses like: seen = -5m / key=$foo / readonly + +Return is true for condition-true - but the semantics +depend heavily on the actual use-case. + +Negative times test for seen-before, positive for seen-more-recently-than +(the given interval before current time). + +All are subject to history not having been cleaned from the DB. + +Default for seen-before is to create if not present, and to +update if older than 10d (with the seen-test time). +Default for seen-since is to always create or update. + +Options: + key=value. Default key is $sender_host_address + readonly + write + refresh=: update an existing DB entry older than given + amount. Default refresh lacking this option is 10d. + The update sets the record timestamp to the seen-test time. + +XXX do we need separate nocreate, noupdate controls? + +Arguments: + arg the option string for seen= + where ACL_WHERE_xxxx indicating which ACL this is + log_msgptr for error messages + +Returns: OK - Condition is true + FAIL - Condition is false + DEFER - Problem opening history database + ERROR - Syntax error in options +*/ + +static int +acl_seen(const uschar * arg, int where, uschar ** log_msgptr) +{ +enum { SEEN_DEFAULT, SEEN_READONLY, SEEN_WRITE }; + +const uschar * list = arg; +int slash = '/', equal = '=', interval, mode = SEEN_DEFAULT, yield = FAIL; +BOOL before; +int refresh = 10 * 24 * 60 * 60; /* 10 days */ +const uschar * ele, * key = sender_host_address; +open_db dbblock, * dbm; +dbdata_seen * dbd; +time_t now; + +/* Parse the first element, the time-relation. */ + +if (!(ele = string_nextinlist(&list, &slash, NULL, 0))) + goto badparse; +if ((before = *ele == '-')) + ele++; +if ((interval = readconf_readtime(ele, 0, FALSE)) < 0) + goto badparse; + +/* Remaining elements are options */ + +while ((ele = string_nextinlist(&list, &slash, NULL, 0))) + if (Ustrncmp(ele, "key=", 4) == 0) + key = ele + 4; + else if (Ustrcmp(ele, "readonly") == 0) + mode = SEEN_READONLY; + else if (Ustrcmp(ele, "write") == 0) + mode = SEEN_WRITE; + else if (Ustrncmp(ele, "refresh=", 8) == 0) + { + if ((refresh = readconf_readtime(ele + 8, 0, FALSE)) < 0) + goto badparse; + } + else + goto badopt; + +if (!(dbm = dbfn_open(US"seen", O_RDWR, &dbblock, TRUE, TRUE))) + { + HDEBUG(D_acl) debug_printf_indent("database for 'seen' not available\n"); + *log_msgptr = US"database for 'seen' not available"; + return DEFER; + } + +dbd = dbfn_read_with_length(dbm, key, NULL); +now = time(NULL); +if (dbd) /* an existing record */ + { + time_t diff = now - dbd->time_stamp; /* time since the record was written */ + + if (before ? diff >= interval : diff < interval) + yield = OK; + + if (mode == SEEN_READONLY) + { HDEBUG(D_acl) debug_printf_indent("seen db not written (readonly)\n"); } + else if (mode == SEEN_WRITE || !before) + { + dbd->time_stamp = now; + dbfn_write(dbm, key, dbd, sizeof(*dbd)); + HDEBUG(D_acl) debug_printf_indent("seen db written (update)\n"); + } + else if (diff >= refresh) + { + dbd->time_stamp = now - interval; + dbfn_write(dbm, key, dbd, sizeof(*dbd)); + HDEBUG(D_acl) debug_printf_indent("seen db written (refresh)\n"); + } + } +else + { /* No record found, yield always FAIL */ + if (mode != SEEN_READONLY) + { + dbdata_seen d = {.time_stamp = now}; + dbfn_write(dbm, key, &d, sizeof(*dbd)); + HDEBUG(D_acl) debug_printf_indent("seen db written (create)\n"); + } + else + HDEBUG(D_acl) debug_printf_indent("seen db not written (readonly)\n"); + } + +dbfn_close(dbm); +return yield; + + +badparse: + *log_msgptr = string_sprintf("failed to parse '%s'", arg); + return ERROR; +badopt: + *log_msgptr = string_sprintf("unrecognised option '%s' in '%s'", ele, arg); + return ERROR; +} + + + /************************************************* * The udpsend ACL modifier * *************************************************/ @@ -3740,6 +3879,10 @@ for (; cb; cb = cb->next) setup_remove_header(arg); break; + case ACLC_SEEN: + rc = acl_seen(arg, where, log_msgptr); + break; + case ACLC_SENDER_DOMAINS: { uschar *sdomain; diff --git a/src/src/dbstuff.h b/src/src/dbstuff.h index 2f00dffb4..94db7f7fd 100644 --- a/src/src/dbstuff.h +++ b/src/src/dbstuff.h @@ -788,6 +788,12 @@ typedef struct { uschar bloom[40]; /* Bloom filter which may be larger than this */ } dbdata_ratelimit_unique; + +/* For "seen" ACL condition */ +typedef struct { + time_t time_stamp; +} dbdata_seen; + #ifndef DISABLE_PIPE_CONNECT /* This structure records the EHLO responses, cleartext and crypted, for an IP, as bitmasks (cf. OPTION_TLS). For LIMITS, also values diff --git a/src/src/exim_dbutil.c b/src/src/exim_dbutil.c index 13f74540e..45b778fc0 100644 --- a/src/src/exim_dbutil.c +++ b/src/src/exim_dbutil.c @@ -21,7 +21,9 @@ argument is the name of the database file. The available names are: misc: miscellaneous hints data wait-: message waiting information; is a transport name callout: callout verification cache + ratelimit: ACL 'ratelimit' condition tls: TLS session resumption cache + seen: ACL 'seen' condition There are a number of common subroutines, followed by three main programs, whose inclusion is controlled by -D on the compilation command. */ @@ -38,6 +40,7 @@ whose inclusion is controlled by -D on the compilation command. */ #define type_callout 4 #define type_ratelimit 5 #define type_tls 6 +#define type_seen 7 /* This is used by our cut-down dbfn_open(). */ @@ -126,7 +129,7 @@ static void usage(uschar *name, uschar *options) { printf("Usage: exim_%s%s \n", name, options); -printf(" = retry | misc | wait- | callout | ratelimit | tls\n"); +printf(" = retry | misc | wait- | callout | ratelimit | tls | seen\n"); exit(1); } @@ -150,6 +153,7 @@ if (argc == 3) if (Ustrcmp(argv[2], "callout") == 0) return type_callout; if (Ustrcmp(argv[2], "ratelimit") == 0) return type_ratelimit; if (Ustrcmp(argv[2], "tls") == 0) return type_tls; + if (Ustrcmp(argv[2], "seen") == 0) return type_seen; } usage(name, options); return -1; /* Never obeyed */ @@ -581,6 +585,7 @@ for (uschar * key = dbfn_scan(dbm, TRUE, &cursor); dbdata_ratelimit *ratelimit; dbdata_ratelimit_unique *rate_unique; dbdata_tls_session *session; + dbdata_seen *seen; int count_bad = 0; int length; uschar *t; @@ -720,6 +725,11 @@ for (uschar * key = dbfn_scan(dbm, TRUE, &cursor); session = (dbdata_tls_session *)value; printf(" %s %.*s\n", keybuffer, length, session->session); break; + + case type_seen: + seen = (dbdata_seen *)value; + printf("%s\t%s\n", keybuffer, print_time(seen->time_stamp)); + break; } } store_reset(reset_point); diff --git a/test/confs/0626 b/test/confs/0626 new file mode 100644 index 000000000..872c4b20a --- /dev/null +++ b/test/confs/0626 @@ -0,0 +1,31 @@ +# Exim test configuration 0626 +# ACL seen condition + +.include DIR/aux-var/std_conf_prefix + + +# ----- Main settings ----- + +primary_hostname = test.ex +queue_only + +acl_smtp_rcpt = chk_rcpt + +# ----- ACL ----- + +begin acl + +chk_rcpt: + accept seen = OPT + +# seen = never / $sender_host_addreee / per_call +# seen = before=10s +# seen = before=10s / write +# seen = since / readonly +# +# seen = -10s +# seen = -10s / readonly +# seen = 2s +# seen = 0s / update=20d +# +# End diff --git a/test/scripts/0000-Basic/0626 b/test/scripts/0000-Basic/0626 new file mode 100644 index 000000000..6da58ee48 --- /dev/null +++ b/test/scripts/0000-Basic/0626 @@ -0,0 +1,82 @@ +# ACL 'seen' condition +# +exim -DOPT='-1s' -bh 127.0.0.1 +HELO test +MAIL FROM: +RCPT TO: +QUIT +**** +# Check that a hints DB was created. +# Only the key is useful thanks to munging; should match the IP used above. +dump seen +# +sleep 1 +# should now see old-enough record +exim -DOPT='-1s' -bh 127.0.0.1 +HELO test +MAIL FROM: +RCPT TO: +QUIT +**** +# force an update (visible via debug output in stdout for -bh) +exim -DOPT='-1s / write' -bh 127.0.0.1 +HELO test +MAIL FROM: +RCPT TO: +QUIT +**** +# default key should change with ip +exim -DOPT='-1s' -bh HOSTIPV4 +HELO test +MAIL FROM: +RCPT TO: +QUIT +**** +dump seen +# explicit key (also checking expansion) +exim -DOPT='-1s / key=${sender_host_address}_foo' -bh 127.0.0.1 +HELO test +MAIL FROM: +RCPT TO: +QUIT +**** +dump seen +# check refresh +sleep 1 +exim -DOPT='-1s / refresh=1s' -bh 127.0.0.1 +HELO test +MAIL FROM: +RCPT TO: +QUIT +**** +# +# +# +# +# +# test for seen-more-recently-than +# that previous one should be no older than 5s, so this should pass +# do not update +# check list-parsing spaceless while we're here +exim -DOPT='5s/key=${sender_host_address}_foo/readonly' -bh 127.0.0.1 +HELO test +MAIL FROM: +RCPT TO: +QUIT +**** +# check the above no-update by waiting longer than the later-than interval; should fail +# should update +sleep 2 +exim -DOPT='1s / key=${sender_host_address}_foo' -bh 127.0.0.1 +HELO test +MAIL FROM: +RCPT TO: +QUIT +**** +# having updated, should pass +exim -DOPT='1s / key=${sender_host_address}_foo' -bh 127.0.0.1 +HELO test +MAIL FROM: +RCPT TO: +QUIT +**** diff --git a/test/stderr/0626 b/test/stderr/0626 new file mode 100644 index 000000000..25e96bc4e --- /dev/null +++ b/test/stderr/0626 @@ -0,0 +1,142 @@ +>>> host in hosts_connection_nolog? no (option unset) +>>> host in host_lookup? no (option unset) +>>> host in host_reject_connection? no (option unset) +>>> host in sender_unqualified_hosts? no (option unset) +>>> host in recipient_unqualified_hosts? no (option unset) +>>> host in helo_verify_hosts? no (option unset) +>>> host in helo_try_verify_hosts? no (option unset) +>>> host in helo_accept_junk_hosts? no (option unset) +>>> test in helo_lookup_domains? no (end of list) +>>> using ACL "chk_rcpt" +>>> processing "accept" (TESTSUITE/test-config 19) +>>> check seen = -1s +>>> seen db written (create) +>>> accept: condition test failed in ACL "chk_rcpt" +>>> end of ACL "chk_rcpt": implicit DENY +LOG: H=(test) [127.0.0.1] F= rejected RCPT +>>> host in hosts_connection_nolog? no (option unset) +>>> host in host_lookup? no (option unset) +>>> host in host_reject_connection? no (option unset) +>>> host in sender_unqualified_hosts? no (option unset) +>>> host in recipient_unqualified_hosts? no (option unset) +>>> host in helo_verify_hosts? no (option unset) +>>> host in helo_try_verify_hosts? no (option unset) +>>> host in helo_accept_junk_hosts? no (option unset) +>>> test in helo_lookup_domains? no (end of list) +>>> using ACL "chk_rcpt" +>>> processing "accept" (TESTSUITE/test-config 19) +>>> check seen = -1s +>>> accept: condition test succeeded in ACL "chk_rcpt" +>>> end of ACL "chk_rcpt": ACCEPT +>>> host in hosts_connection_nolog? no (option unset) +>>> host in host_lookup? no (option unset) +>>> host in host_reject_connection? no (option unset) +>>> host in sender_unqualified_hosts? no (option unset) +>>> host in recipient_unqualified_hosts? no (option unset) +>>> host in helo_verify_hosts? no (option unset) +>>> host in helo_try_verify_hosts? no (option unset) +>>> host in helo_accept_junk_hosts? no (option unset) +>>> test in helo_lookup_domains? no (end of list) +>>> using ACL "chk_rcpt" +>>> processing "accept" (TESTSUITE/test-config 19) +>>> check seen = -1s / write +>>> seen db written (update) +>>> accept: condition test succeeded in ACL "chk_rcpt" +>>> end of ACL "chk_rcpt": ACCEPT +>>> host in hosts_connection_nolog? no (option unset) +>>> host in host_lookup? no (option unset) +>>> host in host_reject_connection? no (option unset) +>>> host in sender_unqualified_hosts? no (option unset) +>>> host in recipient_unqualified_hosts? no (option unset) +>>> host in helo_verify_hosts? no (option unset) +>>> host in helo_try_verify_hosts? no (option unset) +>>> host in helo_accept_junk_hosts? no (option unset) +>>> test in helo_lookup_domains? no (end of list) +>>> using ACL "chk_rcpt" +>>> processing "accept" (TESTSUITE/test-config 19) +>>> check seen = -1s +>>> seen db written (create) +>>> accept: condition test failed in ACL "chk_rcpt" +>>> end of ACL "chk_rcpt": implicit DENY +LOG: H=(test) [ip4.ip4.ip4.ip4] F= rejected RCPT +>>> host in hosts_connection_nolog? no (option unset) +>>> host in host_lookup? no (option unset) +>>> host in host_reject_connection? no (option unset) +>>> host in sender_unqualified_hosts? no (option unset) +>>> host in recipient_unqualified_hosts? no (option unset) +>>> host in helo_verify_hosts? no (option unset) +>>> host in helo_try_verify_hosts? no (option unset) +>>> host in helo_accept_junk_hosts? no (option unset) +>>> test in helo_lookup_domains? no (end of list) +>>> using ACL "chk_rcpt" +>>> processing "accept" (TESTSUITE/test-config 19) +>>> check seen = -1s / key=${sender_host_address}_foo +>>> = -1s / key=127.0.0.1_foo +>>> seen db written (create) +>>> accept: condition test failed in ACL "chk_rcpt" +>>> end of ACL "chk_rcpt": implicit DENY +LOG: H=(test) [127.0.0.1] F= rejected RCPT +>>> host in hosts_connection_nolog? no (option unset) +>>> host in host_lookup? no (option unset) +>>> host in host_reject_connection? no (option unset) +>>> host in sender_unqualified_hosts? no (option unset) +>>> host in recipient_unqualified_hosts? no (option unset) +>>> host in helo_verify_hosts? no (option unset) +>>> host in helo_try_verify_hosts? no (option unset) +>>> host in helo_accept_junk_hosts? no (option unset) +>>> test in helo_lookup_domains? no (end of list) +>>> using ACL "chk_rcpt" +>>> processing "accept" (TESTSUITE/test-config 19) +>>> check seen = -1s / refresh=1s +>>> seen db written (refresh) +>>> accept: condition test succeeded in ACL "chk_rcpt" +>>> end of ACL "chk_rcpt": ACCEPT +>>> host in hosts_connection_nolog? no (option unset) +>>> host in host_lookup? no (option unset) +>>> host in host_reject_connection? no (option unset) +>>> host in sender_unqualified_hosts? no (option unset) +>>> host in recipient_unqualified_hosts? no (option unset) +>>> host in helo_verify_hosts? no (option unset) +>>> host in helo_try_verify_hosts? no (option unset) +>>> host in helo_accept_junk_hosts? no (option unset) +>>> test in helo_lookup_domains? no (end of list) +>>> using ACL "chk_rcpt" +>>> processing "accept" (TESTSUITE/test-config 19) +>>> check seen = 5s/key=${sender_host_address}_foo/readonly +>>> = 5s/key=127.0.0.1_foo/readonly +>>> seen db not written (readonly) +>>> accept: condition test succeeded in ACL "chk_rcpt" +>>> end of ACL "chk_rcpt": ACCEPT +>>> host in hosts_connection_nolog? no (option unset) +>>> host in host_lookup? no (option unset) +>>> host in host_reject_connection? no (option unset) +>>> host in sender_unqualified_hosts? no (option unset) +>>> host in recipient_unqualified_hosts? no (option unset) +>>> host in helo_verify_hosts? no (option unset) +>>> host in helo_try_verify_hosts? no (option unset) +>>> host in helo_accept_junk_hosts? no (option unset) +>>> test in helo_lookup_domains? no (end of list) +>>> using ACL "chk_rcpt" +>>> processing "accept" (TESTSUITE/test-config 19) +>>> check seen = 1s / key=${sender_host_address}_foo +>>> = 1s / key=127.0.0.1_foo +>>> seen db written (update) +>>> accept: condition test failed in ACL "chk_rcpt" +>>> end of ACL "chk_rcpt": implicit DENY +LOG: H=(test) [127.0.0.1] F= rejected RCPT +>>> host in hosts_connection_nolog? no (option unset) +>>> host in host_lookup? no (option unset) +>>> host in host_reject_connection? no (option unset) +>>> host in sender_unqualified_hosts? no (option unset) +>>> host in recipient_unqualified_hosts? no (option unset) +>>> host in helo_verify_hosts? no (option unset) +>>> host in helo_try_verify_hosts? no (option unset) +>>> host in helo_accept_junk_hosts? no (option unset) +>>> test in helo_lookup_domains? no (end of list) +>>> using ACL "chk_rcpt" +>>> processing "accept" (TESTSUITE/test-config 19) +>>> check seen = 1s / key=${sender_host_address}_foo +>>> = 1s / key=127.0.0.1_foo +>>> seen db written (update) +>>> accept: condition test succeeded in ACL "chk_rcpt" +>>> end of ACL "chk_rcpt": ACCEPT diff --git a/test/stdout/0626 b/test/stdout/0626 new file mode 100644 index 000000000..44b481f31 --- /dev/null +++ b/test/stdout/0626 @@ -0,0 +1,99 @@ + +**** SMTP testing session as if from host 127.0.0.1 +**** but without any ident (RFC 1413) callback. +**** This is not for real! + +220 test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 +250 test.ex Hello test [127.0.0.1] +250 OK +550 Administrative prohibition +221 test.ex closing connection ++++++++++++++++++++++++++++ +127.0.0.1 07-Mar-2000 12:21:52 + +**** SMTP testing session as if from host 127.0.0.1 +**** but without any ident (RFC 1413) callback. +**** This is not for real! + +220 test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 +250 test.ex Hello test [127.0.0.1] +250 OK +250 Accepted +221 test.ex closing connection + +**** SMTP testing session as if from host 127.0.0.1 +**** but without any ident (RFC 1413) callback. +**** This is not for real! + +220 test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 +250 test.ex Hello test [127.0.0.1] +250 OK +250 Accepted +221 test.ex closing connection + +**** SMTP testing session as if from host ip4.ip4.ip4.ip4 +**** but without any ident (RFC 1413) callback. +**** This is not for real! + +220 test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 +250 test.ex Hello test [ip4.ip4.ip4.ip4] +250 OK +550 Administrative prohibition +221 test.ex closing connection ++++++++++++++++++++++++++++ +ip4.ip4.ip4.ip4 07-Mar-2000 12:21:52 +127.0.0.1 07-Mar-2000 12:21:52 + +**** SMTP testing session as if from host 127.0.0.1 +**** but without any ident (RFC 1413) callback. +**** This is not for real! + +220 test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 +250 test.ex Hello test [127.0.0.1] +250 OK +550 Administrative prohibition +221 test.ex closing connection ++++++++++++++++++++++++++++ +127.0.0.1_foo 07-Mar-2000 12:21:52 +ip4.ip4.ip4.ip4 07-Mar-2000 12:21:52 +127.0.0.1 07-Mar-2000 12:21:52 + +**** SMTP testing session as if from host 127.0.0.1 +**** but without any ident (RFC 1413) callback. +**** This is not for real! + +220 test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 +250 test.ex Hello test [127.0.0.1] +250 OK +250 Accepted +221 test.ex closing connection + +**** SMTP testing session as if from host 127.0.0.1 +**** but without any ident (RFC 1413) callback. +**** This is not for real! + +220 test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 +250 test.ex Hello test [127.0.0.1] +250 OK +250 Accepted +221 test.ex closing connection + +**** SMTP testing session as if from host 127.0.0.1 +**** but without any ident (RFC 1413) callback. +**** This is not for real! + +220 test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 +250 test.ex Hello test [127.0.0.1] +250 OK +550 Administrative prohibition +221 test.ex closing connection + +**** SMTP testing session as if from host 127.0.0.1 +**** but without any ident (RFC 1413) callback. +**** This is not for real! + +220 test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 +250 test.ex Hello test [127.0.0.1] +250 OK +250 Accepted +221 test.ex closing connection -- cgit v1.2.3 From c51f713eebe21071f22d0830fdaeb274b1a77059 Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Sun, 8 Aug 2021 17:34:49 +0100 Subject: Expansions: mask_n operator --- doc/doc-docbook/spec.xfpt | 17 ++++++++++++++--- doc/doc-txt/NewStuff | 2 ++ src/src/expand.c | 23 +++++++++++++++++------ test/scripts/0000-Basic/0002 | 2 ++ test/stdout/0002 | 2 ++ 5 files changed, 37 insertions(+), 9 deletions(-) (limited to 'src') diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index 0385de6db..e766b69e2 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -11228,7 +11228,8 @@ empty. The parsing correctly handles SMTPUTF8 Unicode in the string. -.vitem &*${mask:*&<&'IP&~address'&>&*/*&<&'bit&~count'&>&*}*& +.vitem &*${mask:*&<&'IP&~address'&>&*/*&<&'bit&~count'&>&*}*& &&& + &*${mask_n:*&<&'IP&~address'&>&*/*&<&'bit&~count'&>&*}*& .cindex "masked IP address" .cindex "IP address" "masking" .cindex "CIDR notation" @@ -11242,8 +11243,14 @@ the result back to text, with mask appended. For example, .code ${mask:10.111.131.206/28} .endd -returns the string &"10.111.131.192/28"&. Since this operation is expected to -be mostly used for looking up masked addresses in files, the result for an IPv6 +returns the string &"10.111.131.192/28"&. + +Since this operation is expected to +be mostly used for looking up masked addresses in files, the +.new +normal +.wen +result for an IPv6 address uses dots to separate components instead of colons, because colon terminates a key string in lsearch files. So, for example, .code @@ -11253,6 +11260,10 @@ returns the string .code 3ffe.ffff.836f.0a00.000a.0800.2000.0000/99 .endd +.new +If the optional form &*mask_n*& is used, IPv6 address result are instead +returned in normailsed form, using colons and with zero-compression. +.wen Letters in IPv6 addresses are always output in lower case. diff --git a/doc/doc-txt/NewStuff b/doc/doc-txt/NewStuff index 478446b41..1d6190b29 100644 --- a/doc/doc-txt/NewStuff +++ b/doc/doc-txt/NewStuff @@ -11,6 +11,8 @@ Version 4.96 1. A new ACL condition: seen. Records/tests a timestamp against a key. + 2. A variant of the "mask" expansion operator to give normalised IPv6. + Version 4.95 ------------ diff --git a/src/src/expand.c b/src/src/expand.c index 4fb935528..83c0ad051 100644 --- a/src/src/expand.c +++ b/src/src/expand.c @@ -7333,11 +7333,11 @@ while (*s) int count; uschar *endptr; int binary[4]; - int mask, maskoffset; - int type = string_is_ip_address(sub, &maskoffset); + int type, mask, maskoffset; + BOOL normalised; uschar buffer[64]; - if (type == 0) + if ((type = string_is_ip_address(sub, &maskoffset)) == 0) { expand_string_message = string_sprintf("\"%s\" is not an IP address", sub); @@ -7353,13 +7353,18 @@ while (*s) mask = Ustrtol(sub + maskoffset + 1, &endptr, 10); - if (*endptr != 0 || mask < 0 || mask > ((type == 4)? 32 : 128)) + if (*endptr || mask < 0 || mask > (type == 4 ? 32 : 128)) { expand_string_message = string_sprintf("mask value too big in \"%s\"", sub); goto EXPAND_FAILED; } + /* If an optional 'n' was given, ipv6 gets normalised output: + colons rather than dots, and zero-compressed. */ + + normalised = arg && *arg == 'n'; + /* Convert the address to binary integer(s) and apply the mask */ sub[maskoffset] = 0; @@ -7368,8 +7373,14 @@ while (*s) /* Convert to masked textual format and add to output. */ - yield = string_catn(yield, buffer, - host_nmtoa(count, binary, mask, buffer, '.')); + if (type == 4 || !normalised) + yield = string_catn(yield, buffer, + host_nmtoa(count, binary, mask, buffer, '.')); + else + { + ipv6_nmtoa(binary, buffer); + yield = string_fmt_append(yield, "%s/%d", buffer, mask); + } continue; } diff --git a/test/scripts/0000-Basic/0002 b/test/scripts/0000-Basic/0002 index cc289e04e..db3eae6be 100644 --- a/test/scripts/0000-Basic/0002 +++ b/test/scripts/0000-Basic/0002 @@ -248,6 +248,8 @@ mask: ${mask:192.168.10.206/33} mask: ${mask:192.168.10.206/0} mask: ${mask:192.168.10.206} mask: ${mask:a.b.c.d} +mask: ${mask:2a00:2:3:4:5:6:7:8/79} +mask_n: ${mask_n:2a00:2:3:4:5:6:7:8/79} ipv6denorm: ${ipv6denorm:::1} ipv6denorm: ${ipv6denorm:fe00::1} ipv6denorm: ${ipv6denorm:192.168.0.1} diff --git a/test/stdout/0002 b/test/stdout/0002 index 0b9a95cd5..5c8c2520c 100644 --- a/test/stdout/0002 +++ b/test/stdout/0002 @@ -230,6 +230,8 @@ newline tab\134backslash ~tilde\177DEL\200\201. > mask: 0.0.0.0/0 > Failed: missing mask value in "192.168.10.206" > Failed: "a.b.c.d" is not an IP address +> mask: 2a00.0002.0003.0004.0004.0000.0000.0000/79 +> mask_n: 2a00:2:3:4:4::/79 > ipv6denorm: 0000:0000:0000:0000:0000:0000:0000:0001 > ipv6denorm: fe00:0000:0000:0000:0000:0000:0000:0001 > ipv6denorm: 0000:0000:0000:0000:0000:ffff:c0a8:0001 -- cgit v1.2.3 From 44226149c4c467c9d109ead4b3c7bbe15b634997 Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Sun, 15 Aug 2021 10:40:02 +0100 Subject: UTC output option for exim_dumpdb, exim_fixdb --- doc/doc-docbook/spec.xfpt | 17 +++++++-- doc/doc-txt/NewStuff | 2 ++ src/src/exim_dbutil.c | 88 +++++++++++++++++++++++++++++++---------------- 3 files changed, 74 insertions(+), 33 deletions(-) (limited to 'src') diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index e766b69e2..3691b8ba6 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -39936,8 +39936,13 @@ in a transport) .section "exim_dumpdb" "SECTdumpdb" .cindex "&'exim_dumpdb'&" The entire contents of a database are written to the standard output by the -&'exim_dumpdb'& program, which has no options or arguments other than the -spool and database names. For example, to dump the retry database: +&'exim_dumpdb'& program, +.new +taking as arguments the spool and database names. +An option &'-z'& may be given to regest times in UTC; +otherwise times are in the local timezone. +.wen +For example, to dump the retry database: .code exim_dumpdb /var/spool/exim retry .endd @@ -40023,7 +40028,7 @@ databases is likely to keep on increasing. .cindex "&'exim_fixdb'&" The &'exim_fixdb'& program is a utility for interactively modifying databases. Its main use is for testing Exim, but it might also be occasionally useful for -getting round problems in a live system. It has no options, and its interface +getting round problems in a live system. Its interface is somewhat crude. On entry, it prompts for input with a right angle-bracket. A key of a database record can then be entered, and the data for that record is displayed. @@ -40040,6 +40045,12 @@ resets the time of the next delivery attempt. Time values are given as a sequence of digit pairs for year, month, day, hour, and minute. Colons can be used as optional separators. +.new +Both displayed and input times are in the local timezone by default. +If an option &'-z'& is used on the command line, displayed times +are in UTC. +.wen + diff --git a/doc/doc-txt/NewStuff b/doc/doc-txt/NewStuff index 1d6190b29..99c630324 100644 --- a/doc/doc-txt/NewStuff +++ b/doc/doc-txt/NewStuff @@ -13,6 +13,8 @@ Version 4.96 2. A variant of the "mask" expansion operator to give normalised IPv6. + 3. UTC output option for exim_dumpdb, exim_fixdb + Version 4.95 ------------ diff --git a/src/src/exim_dbutil.c b/src/src/exim_dbutil.c index 45b778fc0..697b87500 100644 --- a/src/src/exim_dbutil.c +++ b/src/src/exim_dbutil.c @@ -17,13 +17,13 @@ maintaining Exim hints databases. In all cases, the first argument is the name of the spool directory. The second argument is the name of the database file. The available names are: - retry: retry delivery information - misc: miscellaneous hints data - wait-: message waiting information; is a transport name - callout: callout verification cache - ratelimit: ACL 'ratelimit' condition - tls: TLS session resumption cache - seen: ACL 'seen' condition + callout: callout verification cache + misc: miscellaneous hints data + ratelimit: record for ACL "ratelimit" condition + retry: etry delivery information + seen: imestamp records for ACL "seen" condition + tls: TLS session resumption cache + wait-: message waiting information; is a transport name There are a number of common subroutines, followed by three main programs, whose inclusion is controlled by -D on the compilation command. */ @@ -47,6 +47,8 @@ whose inclusion is controlled by -D on the compilation command. */ uschar *spool_directory; +BOOL utc = FALSE; + /******************************************************************************/ /* dummies needed by Solaris build */ @@ -130,7 +132,7 @@ usage(uschar *name, uschar *options) { printf("Usage: exim_%s%s \n", name, options); printf(" = retry | misc | wait- | callout | ratelimit | tls | seen\n"); -exit(1); +exit(EXIT_FAILURE); } @@ -145,21 +147,38 @@ second of them to be sure it is a known database name. */ static int check_args(int argc, uschar **argv, uschar *name, uschar *options) { -if (argc == 3) +uschar * aname = argv[optind + 1]; +if (argc - optind == 2) { - if (Ustrcmp(argv[2], "retry") == 0) return type_retry; - if (Ustrcmp(argv[2], "misc") == 0) return type_misc; - if (Ustrncmp(argv[2], "wait-", 5) == 0) return type_wait; - if (Ustrcmp(argv[2], "callout") == 0) return type_callout; - if (Ustrcmp(argv[2], "ratelimit") == 0) return type_ratelimit; - if (Ustrcmp(argv[2], "tls") == 0) return type_tls; - if (Ustrcmp(argv[2], "seen") == 0) return type_seen; + if (Ustrcmp(aname, "retry") == 0) return type_retry; + if (Ustrcmp(aname, "misc") == 0) return type_misc; + if (Ustrncmp(aname, "wait-", 5) == 0) return type_wait; + if (Ustrcmp(aname, "callout") == 0) return type_callout; + if (Ustrcmp(aname, "ratelimit") == 0) return type_ratelimit; + if (Ustrcmp(aname, "tls") == 0) return type_tls; + if (Ustrcmp(aname, "seen") == 0) return type_seen; } usage(name, options); return -1; /* Never obeyed */ } +static void +options(int argc, uschar * argv[], uschar * name) +{ +int opt; + +opterr = 0; +while ((opt = getopt(argc, (char * const *)argv, "z")) != -1) + switch (opt) + { + case 'z': utc = TRUE; break; + default: usage(name, US" [-z]"); + } +} + + + /************************************************* * Handle attempts to write the log * @@ -200,7 +219,7 @@ static uschar time_buffer[sizeof("09-xxx-1999 hh:mm:ss ")]; uschar * print_time(time_t t) { -struct tm *tmstr = localtime(&t); +struct tm *tmstr = utc ? gmtime(&t) : localtime(&t); Ustrftime(time_buffer, sizeof(time_buffer), "%d-%b-%Y %H:%M:%S", tmstr); return time_buffer; } @@ -214,8 +233,8 @@ return time_buffer; uschar * print_cache(int value) { -return (value == ccache_accept)? US"accept" : - (value == ccache_reject)? US"reject" : +return value == ccache_accept ? US"accept" : + value == ccache_reject ? US"reject" : US"unknown"; } @@ -563,12 +582,15 @@ uschar **argv = USS cargv; uschar keybuffer[1024]; store_init(); +options(argc, argv, US"dumpdb"); /* Check the arguments, and open the database */ -dbdata_type = check_args(argc, argv, US"dumpdb", US""); -spool_directory = argv[1]; -if (!(dbm = dbfn_open(argv[2], O_RDONLY, &dbblock, FALSE, TRUE))) +dbdata_type = check_args(argc, argv, US"dumpdb", US" [-z]"); +argc -= optind; argv += optind; +spool_directory = argv[0]; + +if (!(dbm = dbfn_open(argv[1], O_RDONLY, &dbblock, FALSE, TRUE))) exit(1); /* Scan the file, formatting the information for each entry. Note @@ -776,22 +798,29 @@ If the record name is omitted from (2) or (3), the previously used record name is re-used. */ -int main(int argc, char **cargv) +int +main(int argc, char **cargv) { int dbdata_type; uschar **argv = USS cargv; uschar buffer[256]; uschar name[256]; rmark reset_point; +uschar * aname; store_init(); +options(argc, argv, US"fixdb"); name[0] = 0; /* No name set */ /* Sort out the database type, verify what we are working on and then process user requests */ -dbdata_type = check_args(argc, argv, US"fixdb", US""); -printf("Modifying Exim hints database %s/db/%s\n", argv[1], argv[2]); +dbdata_type = check_args(argc, argv, US"fixdb", US" [-z]"); +argc -= optind; argv += optind; +spool_directory = argv[0]; +aname = argv[1]; + +printf("Modifying Exim hints database %s/db/%s\n", spool_directory, aname); for(; (reset_point = store_mark()); store_reset(reset_point)) { @@ -838,9 +867,8 @@ for(; (reset_point = store_mark()); store_reset(reset_point)) if (field[0] != 0) { int verify = 1; - spool_directory = argv[1]; - if (!(dbm = dbfn_open(argv[2], O_RDWR, &dbblock, FALSE, TRUE))) + if (!(dbm = dbfn_open(aname, O_RDWR, &dbblock, FALSE, TRUE))) continue; if (Ustrcmp(field, "d") == 0) @@ -1009,8 +1037,7 @@ for(; (reset_point = store_mark()); store_reset(reset_point)) /* Handle a read request, or verify after an update. */ - spool_directory = argv[1]; - if (!(dbm = dbfn_open(argv[2], O_RDONLY, &dbblock, FALSE, TRUE))) + if (!(dbm = dbfn_open(aname, O_RDONLY, &dbblock, FALSE, TRUE))) continue; if (!(record = dbfn_read_with_length(dbm, name, &oldlength))) @@ -1140,7 +1167,8 @@ typedef struct key_item { } key_item; -int main(int argc, char **cargv) +int +main(int argc, char **cargv) { struct stat statbuf; int maxkeep = 30 * 24 * 60 * 60; -- cgit v1.2.3 From ce15be78166725f6f802231dc8e0c0e4ec615009 Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Wed, 1 Sep 2021 15:25:18 +0100 Subject: Generalise "send failed" message in smtp transport --- src/src/transports/smtp.c | 6 +++--- test/log/4520 | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) (limited to 'src') diff --git a/src/src/transports/smtp.c b/src/src/transports/smtp.c index a121e34ae..7bb1249cc 100644 --- a/src/src/transports/smtp.c +++ b/src/src/transports/smtp.c @@ -3079,7 +3079,7 @@ return OK; SEND_FAILED: code = '4'; - message = US string_sprintf("send() to %s [%s] failed: %s", + message = US string_sprintf("smtp send to %s [%s] failed: %s", sx->conn_args.host->name, sx->conn_args.host->address, strerror(errno)); sx->send_quit = FALSE; yield = DEFER; @@ -4400,7 +4400,7 @@ if (!sx->ok) { save_errno = errno; code = '4'; - message = string_sprintf("send() to %s [%s] failed: %s", + message = string_sprintf("smtp send to %s [%s] failed: %s", host->name, host->address, message ? message : US strerror(save_errno)); sx->send_quit = FALSE; goto FAILED; @@ -4584,7 +4584,7 @@ if (sx->completed_addr && sx->ok && sx->send_quit) if (sx->send_rset) if (! (sx->ok = smtp_write_command(sx, SCMD_FLUSH, "RSET\r\n") >= 0)) { - msg = US string_sprintf("send() to %s [%s] failed: %s", host->name, + msg = US string_sprintf("smtp send to %s [%s] failed: %s", host->name, host->address, strerror(errno)); sx->send_quit = FALSE; } diff --git a/test/log/4520 b/test/log/4520 index 234624cc0..9d5e645aa 100644 --- a/test/log/4520 +++ b/test/log/4520 @@ -22,8 +22,8 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 <= <> U=CALLER P=local S=sss for e0@test.ex 1999-03-02 09:44:33 10HmaX-0005vi-00 failed to expand dkim_timestamps: unknown variable in "${bogus}" 1999-03-02 09:44:33 10HmaX-0005vi-00 DKIM: message could not be signed, and dkim_strict is set. Deferring message delivery. -1999-03-02 09:44:33 10HmaX-0005vi-00 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4]: send() to ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] failed: failed to expand dkim_timestamps: unknown variable in "${bogus}": Permission denied -1999-03-02 09:44:33 10HmaX-0005vi-00 == e0@test.ex R=client T=send_to_server defer (EEE): Permission denied H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4]: send() to ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] failed: failed to expand dkim_timestamps: unknown variable in "${bogus}" +1999-03-02 09:44:33 10HmaX-0005vi-00 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4]: smtp send to ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] failed: failed to expand dkim_timestamps: unknown variable in "${bogus}": Permission denied +1999-03-02 09:44:33 10HmaX-0005vi-00 == e0@test.ex R=client T=send_to_server defer (EEE): Permission denied H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4]: smtp send to ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] failed: failed to expand dkim_timestamps: unknown variable in "${bogus}" 1999-03-02 09:44:33 10HmaX-0005vi-00 ** e0@test.ex: retry timeout exceeded 1999-03-02 09:44:33 10HmaX-0005vi-00 e0@test.ex: error ignored 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed -- cgit v1.2.3 From ad5a1b1110e4c35a7ffee765e1811ab124814c82 Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Tue, 31 Aug 2021 21:55:00 +0100 Subject: Avoid using CLOCK_MONOTONIC for $received_time. Bug 2615 (cherry picked from commit 8dcd5efb1f89d17b0b214e1face4146d3a1edd28) --- src/src/receive.c | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) (limited to 'src') diff --git a/src/src/receive.c b/src/src/receive.c index 2223d4645..c2b313c63 100644 --- a/src/src/receive.c +++ b/src/src/receive.c @@ -1788,15 +1788,19 @@ if (sender_host_address) dmarc_init(); /* initialize libopendmarc */ /* Remember the time of reception. Exim uses time+pid for uniqueness of message ids, and fractions of a second are required. See the comments that precede the -message id creation below. */ +message id creation below. +We use a routine that if possible uses a monotonic clock, and can be used again +after reception for the tick-wait even under the Linux non-Posix behaviour. */ exim_gettime(&message_id_tv); /* For other uses of the received time we can operate with granularity of one second, and for that we use the global variable received_time. This is for -things like ultimate message timeouts. */ +things like ultimate message timeouts. +For this we do not care about the Linux suspend/resume problem, so rather than +use exim_gettime() everywhere we use a plain gettimeofday() here. */ -received_time = message_id_tv; +gettimeofday(&received_time, NULL); /* If SMTP input, set the special handler for timeouts. The alarm() calls happen in the smtp_getc() function when it refills its buffer. */ @@ -4326,7 +4330,10 @@ pid can be re-used within our time interval. We can't shorten the interval without re-designing the message-id. See comments above where the message id is created. This is Something For The Future. Do this wait any time we have created a message-id, even if we rejected the -message. This gives unique IDs for logging done by ACLs. */ +message. This gives unique IDs for logging done by ACLs. +The initial timestamp must have been obtained via exim_gettime() to avoid +issues on Linux with suspend/resume. +It would be Nicer to only pause before a follow-on message. */ if (id_resolution != 0) { -- cgit v1.2.3 From da2e4883f3efa4d86f35c15d110877e95c7d77d9 Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Thu, 2 Sep 2021 15:16:46 +0100 Subject: tidying --- src/src/exim.c | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) (limited to 'src') diff --git a/src/src/exim.c b/src/src/exim.c index a42c48b2c..37e1b756a 100644 --- a/src/src/exim.c +++ b/src/src/exim.c @@ -1644,7 +1644,6 @@ BOOL list_queue = FALSE; BOOL list_options = FALSE; BOOL list_config = FALSE; BOOL local_queue_only; -BOOL more = TRUE; BOOL one_msg_action = FALSE; BOOL opt_D_used = FALSE; BOOL queue_only_set = FALSE; @@ -5498,7 +5497,7 @@ real_sender_address = sender_address; messages to be read (SMTP input), or FALSE otherwise (not SMTP, or SMTP channel collapsed). */ -while (more) +for (BOOL more = TRUE; more; ) { rmark reset_point = store_mark(); message_id[0] = 0; @@ -5540,10 +5539,10 @@ while (more) /* Now get the data for the message */ more = receive_msg(extract_recipients); - if (message_id[0] == 0) + if (!message_id[0]) { cancel_cutthrough_connection(TRUE, US"receive dropped"); - if (more) goto moreloop; + if (more) goto MORELOOP; smtp_log_no_mail(); /* Log no mail if configured */ exim_exit(EXIT_FAILURE); } @@ -5709,7 +5708,7 @@ while (more) for real; when reading the headers of a message for filter testing, it is TRUE if the headers were terminated by '.' and FALSE otherwise. */ - if (message_id[0] == 0) exim_exit(EXIT_FAILURE); + if (!message_id[0]) exim_exit(EXIT_FAILURE); } /* Non-SMTP message reception */ /* If this is a filter testing run, there are headers in store, but @@ -5902,11 +5901,11 @@ while (more) finished subprocesses here, in case there are lots of messages coming in from the same source. */ - #ifndef SIG_IGN_WORKS +#ifndef SIG_IGN_WORKS while (waitpid(-1, NULL, WNOHANG) > 0); - #endif +#endif -moreloop: +MORELOOP: return_path = sender_address = NULL; authenticated_sender = NULL; deliver_localpart_orig = NULL; -- cgit v1.2.3 From 8271f864edaf7fb2db0eb3aaa0c4789f55125978 Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Thu, 2 Sep 2021 17:08:20 +0100 Subject: Avoid wait-for-tick on single-message connections --- doc/doc-txt/ChangeLog | 8 ++++++++ src/src/exim.c | 14 +++++++------ src/src/globals.c | 1 - src/src/globals.h | 1 - src/src/receive.c | 57 +++++++++++++++++++++++---------------------------- 5 files changed, 42 insertions(+), 39 deletions(-) (limited to 'src') diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 89df37585..8e7749bba 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -2,6 +2,14 @@ This document describes *changes* to previous versions, that might affect Exim's operation, with an unchanged configuration file. For new options, and new features, see the NewStuff file next to this ChangeLog. +Since 4.95 +---------- + +JH/01 Move the wait-for-next-tick (needed for unique messmage IDs) from + after reception to before a subsequence reception. This should + mean slightly faster delivery, and also confirmation of reception + to senders. + Exim version 4.95 ----------------- diff --git a/src/src/exim.c b/src/src/exim.c index 37e1b756a..e15d5e476 100644 --- a/src/src/exim.c +++ b/src/src/exim.c @@ -444,9 +444,10 @@ function prepares for the time when things are faster - and it also copes with clocks that go backwards. Arguments: - tgt_tv A timeval which was used to create uniqueness; its usec field + prev_tv A timeval which was used to create uniqueness; its usec field has been rounded down to the value of the resolution. We want to be sure the current time is greater than this. + On return, updated to current (rounded down). resolution The resolution that was used to divide the microseconds (1 for maildir, larger for message ids) @@ -454,7 +455,7 @@ Returns: nothing */ void -exim_wait_tick(struct timeval * tgt_tv, int resolution) +exim_wait_tick(struct timeval * prev_tv, int resolution) { struct timeval now_tv; long int now_true_usec; @@ -463,13 +464,13 @@ exim_gettime(&now_tv); now_true_usec = now_tv.tv_usec; now_tv.tv_usec = (now_true_usec/resolution) * resolution; -while (exim_tvcmp(&now_tv, tgt_tv) <= 0) +while (exim_tvcmp(&now_tv, prev_tv) <= 0) { struct itimerval itval; itval.it_interval.tv_sec = 0; itval.it_interval.tv_usec = 0; - itval.it_value.tv_sec = tgt_tv->tv_sec - now_tv.tv_sec; - itval.it_value.tv_usec = tgt_tv->tv_usec + resolution - now_true_usec; + itval.it_value.tv_sec = prev_tv->tv_sec - now_tv.tv_sec; + itval.it_value.tv_usec = prev_tv->tv_usec + resolution - now_true_usec; /* We know that, overall, "now" is less than or equal to "then". Therefore, a negative value for the microseconds is possible only in the case when "now" @@ -487,7 +488,7 @@ while (exim_tvcmp(&now_tv, tgt_tv) <= 0) if (!f.running_in_test_harness) { debug_printf("tick check: " TIME_T_FMT ".%06lu " TIME_T_FMT ".%06lu\n", - tgt_tv->tv_sec, (long) tgt_tv->tv_usec, + prev_tv->tv_sec, (long) prev_tv->tv_usec, now_tv.tv_sec, (long) now_tv.tv_usec); debug_printf("waiting " TIME_T_FMT ".%06lu sec\n", itval.it_value.tv_sec, (long) itval.it_value.tv_usec); @@ -503,6 +504,7 @@ while (exim_tvcmp(&now_tv, tgt_tv) <= 0) now_true_usec = now_tv.tv_usec; now_tv.tv_usec = (now_true_usec/resolution) * resolution; } +*prev_tv = now_tv; } diff --git a/src/src/globals.c b/src/src/globals.c index c3e8a16cf..50b9c2f2a 100644 --- a/src/src/globals.c +++ b/src/src/globals.c @@ -1167,7 +1167,6 @@ uschar *message_headers = NULL; uschar *message_id; uschar *message_id_domain = NULL; uschar *message_id_text = NULL; -struct timeval message_id_tv = { 0, 0 }; uschar message_id_option[MESSAGE_ID_LENGTH + 3]; uschar *message_id_external; int message_linecount = 0; diff --git a/src/src/globals.h b/src/src/globals.h index d5d93148f..731408bd6 100644 --- a/src/src/globals.h +++ b/src/src/globals.h @@ -724,7 +724,6 @@ extern uschar message_id_option[]; /* -E for use as option */ extern uschar *message_id_external; /* External form of following */ extern uschar *message_id_domain; /* Expanded to form domain-part of message_id */ extern uschar *message_id_text; /* Expanded to form message_id */ -extern struct timeval message_id_tv; /* Time used to create last message_id */ extern int message_linecount; /* As it says */ extern BOOL message_logs; /* TRUE to write message logs */ extern int message_size; /* Size of message */ diff --git a/src/src/receive.c b/src/src/receive.c index c2b313c63..47c5977ee 100644 --- a/src/src/receive.c +++ b/src/src/receive.c @@ -1664,9 +1664,9 @@ int error_rc = error_handling == ERRORS_SENDER ? errors_sender_rc : EXIT_FAILURE; int header_size = 256; int start, end, domain; -int id_resolution = 0; int had_zero = 0; int prevlines_length = 0; +const int id_resolution = BASE_62 == 62 ? 5000 : 10000; int ptr = 0; @@ -1720,6 +1720,10 @@ BOOL msgid_header_newly_created = FALSE; uschar *timestamp; int tslen; +/* Time of creation of message_id */ + +static struct timeval message_id_tv = { 0, 0 }; + /* Release any open files that might have been cached while preparing to accept the message - e.g. by verifying addresses - because reading a message @@ -1786,13 +1790,32 @@ if (smtp_input && !smtp_batched_input && !f.dkim_disable_verify) if (sender_host_address) dmarc_init(); /* initialize libopendmarc */ #endif +/* In SMTP sessions we may receive several messages in one connection. Before +each subsequent one, we wait for the clock to tick at the level of message-id +granularity. +This is so that the combination of time+pid is unique, even on systems where the +pid can be re-used within our time interval. We can't shorten the interval +without re-designing the message-id. See comments above where the message id is +created. This is Something For The Future. +Do this wait any time we have previously created a message-id, even if we +rejected the message. This gives unique IDs for logging done by ACLs. +The initial timestamp must have been obtained via exim_gettime() to avoid +issues on Linux with suspend/resume. */ + +if (message_id_tv.tv_sec) + { + message_id_tv.tv_usec = (message_id_tv.tv_usec/id_resolution) * id_resolution; + exim_wait_tick(&message_id_tv, id_resolution); + } + /* Remember the time of reception. Exim uses time+pid for uniqueness of message ids, and fractions of a second are required. See the comments that precede the message id creation below. We use a routine that if possible uses a monotonic clock, and can be used again after reception for the tick-wait even under the Linux non-Posix behaviour. */ -exim_gettime(&message_id_tv); +else + exim_gettime(&message_id_tv); /* For other uses of the received time we can operate with granularity of one second, and for that we use the global variable received_time. This is for @@ -2681,28 +2704,20 @@ message_id[6] = '-'; Ustrncpy(message_id + 7, string_base62((long int)getpid()), 6); /* Deal with the case where the host number is set. The value of the number was -checked when it was read, to ensure it isn't too big. The timing granularity is -left in id_resolution so that an appropriate wait can be done after receiving -the message, if necessary (we hope it won't be). */ +checked when it was read, to ensure it isn't too big. */ if (host_number_string) - { - id_resolution = BASE_62 == 62 ? 5000 : 10000; sprintf(CS(message_id + MESSAGE_ID_LENGTH - 3), "-%2s", string_base62((long int)( host_number * (1000000/id_resolution) + message_id_tv.tv_usec/id_resolution)) + 4); - } /* Host number not set: final field is just the fractional time at an appropriate resolution. */ else - { - id_resolution = BASE_62 == 62 ? 500 : 1000; sprintf(CS(message_id + MESSAGE_ID_LENGTH - 3), "-%2s", string_base62((long int)(message_id_tv.tv_usec/id_resolution)) + 4); - } /* Add the current message id onto the current process info string if it will fit. */ @@ -4323,26 +4338,6 @@ then we can think about properly declaring the message not-received. */ TIDYUP: -/* In SMTP sessions we may receive several messages in one connection. After -each one, we wait for the clock to tick at the level of message-id granularity. -This is so that the combination of time+pid is unique, even on systems where the -pid can be re-used within our time interval. We can't shorten the interval -without re-designing the message-id. See comments above where the message id is -created. This is Something For The Future. -Do this wait any time we have created a message-id, even if we rejected the -message. This gives unique IDs for logging done by ACLs. -The initial timestamp must have been obtained via exim_gettime() to avoid -issues on Linux with suspend/resume. -It would be Nicer to only pause before a follow-on message. */ - -if (id_resolution != 0) - { - message_id_tv.tv_usec = (message_id_tv.tv_usec/id_resolution) * id_resolution; - exim_wait_tick(&message_id_tv, id_resolution); - id_resolution = 0; - } - - process_info[process_info_len] = 0; /* Remove message id */ if (spool_data_file && cutthrough_done == NOT_TRIED) { -- cgit v1.2.3 From 22ed7a5295f196fce32563f6e9c669110dd36f4d Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Sun, 12 Sep 2021 15:42:51 +0100 Subject: pcre2 --- doc/doc-txt/ChangeLog | 3 + src/OS/Makefile-Default | 2 +- src/exim_monitor/em_globals.c | 4 +- src/exim_monitor/em_hdr.h | 7 +- src/exim_monitor/em_init.c | 26 ++++--- src/exim_monitor/em_log.c | 23 +++--- src/scripts/Configure-Makefile | 28 ++++++-- src/src/EDITME | 10 +-- src/src/dns.c | 5 +- src/src/drtables.c | 6 +- src/src/exim.c | 156 ++++++++++++++++++++++++++-------------- src/src/exim.h | 3 +- src/src/expand.c | 91 +++++++++++++---------- src/src/filter.c | 45 ++++++------ src/src/functions.h | 5 +- src/src/globals.c | 36 +++++----- src/src/globals.h | 36 +++++----- src/src/header.c | 16 ++--- src/src/macros.h | 3 +- src/src/malware.c | 94 ++++++++++++------------ src/src/match.c | 4 +- src/src/queue.c | 11 ++- src/src/regex.c | 34 +++++---- src/src/routers/iplookup.c | 2 +- src/src/routers/iplookup.h | 2 +- src/src/routers/redirect.c | 10 ++- src/src/smtp_in.c | 19 +++-- src/src/transports/appendfile.c | 56 ++++++++------- src/src/transports/appendfile.h | 2 +- src/src/transports/lmtp.c | 16 ++--- src/src/transports/smtp.c | 94 ++++++++++++------------ src/src/transports/tf_maildir.c | 25 +++---- src/src/transports/tf_maildir.h | 8 +-- 33 files changed, 498 insertions(+), 384 deletions(-) (limited to 'src') diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 8e7749bba..63f357885 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -10,6 +10,9 @@ JH/01 Move the wait-for-next-tick (needed for unique messmage IDs) from mean slightly faster delivery, and also confirmation of reception to senders. +JH/02 Move from using the pcre library to pcre2. The former is no longer + being developed or supported (by the original developer). + Exim version 4.95 ----------------- diff --git a/src/OS/Makefile-Default b/src/OS/Makefile-Default index 41a4dbbdf..6e42db471 100644 --- a/src/OS/Makefile-Default +++ b/src/OS/Makefile-Default @@ -89,7 +89,7 @@ CC=gcc # PCRE_LIBS contains the library to be linked for PCRE -PCRE_LIBS=-lpcre +PCRE_LIBS=-lpcre2-8 # LIBS and EXTRALIBS contain library settings that are used on linking diff --git a/src/exim_monitor/em_globals.c b/src/exim_monitor/em_globals.c index 88d5103fc..e311aef1c 100644 --- a/src/exim_monitor/em_globals.c +++ b/src/exim_monitor/em_globals.c @@ -81,7 +81,7 @@ uschar *queue_stripchart_name = NULL; int queue_update = 60; int queue_width = 600; -pcre *yyyymmdd_regex; +pcre2_code *yyyymmdd_regex; uschar *size_stripchart = NULL; uschar *size_stripchart_name = NULL; @@ -89,7 +89,7 @@ int spool_is_split = FALSE; int start_small = FALSE; int stripchart_height = 90; int stripchart_number = 1; -pcre **stripchart_regex; +pcre2_code **stripchart_regex; uschar **stripchart_title; int *stripchart_total; int stripchart_update = 60; diff --git a/src/exim_monitor/em_hdr.h b/src/exim_monitor/em_hdr.h index c45f9fca7..6d8b7e2ea 100644 --- a/src/exim_monitor/em_hdr.h +++ b/src/exim_monitor/em_hdr.h @@ -85,7 +85,8 @@ anything. */ /* Regular expression include */ -#include +#define PCRE2_CODE_UNIT_WIDTH 8 +#include /* Includes from the main source of Exim. One of these days I should tidy up this interface so that this kind of kludge isn't needed. */ @@ -273,7 +274,7 @@ extern uschar *queue_stripchart_name; /* sic */ extern int queue_update; /* update interval */ extern int queue_width; /* width of queue window */ -extern pcre *yyyymmdd_regex; /* for matching yyyy-mm-dd */ +extern pcre2_code *yyyymmdd_regex; /* for matching yyyy-mm-dd */ extern uschar *size_stripchart; /* path for size monitoring */ extern uschar *size_stripchart_name; /* name for size stripchart */ @@ -282,7 +283,7 @@ extern int spool_is_split; /* True if detected split spool */ extern int start_small; /* True to start with small window */ extern int stripchart_height; /* height of stripcharts */ extern int stripchart_number; /* number of stripcharts */ -extern pcre **stripchart_regex; /* vector of regexps */ +extern pcre2_code **stripchart_regex; /* vector of regexps */ extern uschar **stripchart_title; /* vector of titles */ extern int *stripchart_total; /* vector of accumulating values */ extern int stripchart_update; /* update interval */ diff --git a/src/exim_monitor/em_init.c b/src/exim_monitor/em_init.c index 56cb29886..f85f858d4 100644 --- a/src/exim_monitor/em_init.c +++ b/src/exim_monitor/em_init.c @@ -32,7 +32,6 @@ int i; work. */ for (i = 0; i <= 1; i++) - { int first = 1; int count = 0; @@ -69,13 +68,18 @@ for (i = 0; i <= 1; i++) buffer[p-pp] = 0; if (first) { - int offset; - const uschar *error; - if (!(stripchart_regex[indx] = pcre_compile(CS buffer, PCRE_COPT, - CCSS &error, &offset, NULL))) + size_t offset; + int err; + + if (!(stripchart_regex[indx] = + pcre2_compile((PCRE2_SPTR)buffer, + PCRE2_ZERO_TERMINATED, PCRE_COPT, + &err, &offset, NULL))) { - printf("regular expression error: %s at offset %d " - "while compiling %s\n", error, offset, buffer); + uschar errbuf[128]; + pcre2_get_error_message(err, errbuf, sizeof(errbuf)); + printf("regular expression error: %s at offset %l " + "while compiling %s\n", errbuf, (long)offset, buffer); exit(99); } } @@ -95,7 +99,7 @@ for (i = 0; i <= 1; i++) if (i == 0) { stripchart_number += count; - stripchart_regex = (pcre **)store_malloc(stripchart_number * sizeof(pcre *)); + stripchart_regex = (pcre2_code **)store_malloc(stripchart_number * sizeof(pcre2_code *)); stripchart_title = (uschar **)store_malloc(stripchart_number * sizeof(uschar *)); } } @@ -109,7 +113,7 @@ for (i = 0; i <= 1; i++) void init(int argc, uschar **argv) { int x; -int erroroffset; +size_t erroroffset; uschar *s; const uschar *error; @@ -230,8 +234,8 @@ queue_stripchart_name = (s != NULL)? string_copy(s) : US"queue"; /* Compile the regex for matching yyyy-mm-dd at the start of a string. */ -yyyymmdd_regex = pcre_compile("^\\d{4}-\\d\\d-\\d\\d\\s", PCRE_COPT, - CCSS &error, &erroroffset, NULL); +yyyymmdd_regex = pcre2_compile((PCRE2_SPTR)"^\\d{4}-\\d\\d-\\d\\d\\s", + PCRE2_ZERO_TERMINATED, PCRE_COPT, &x, &erroroffset, NULL); } /* End of em_init.c */ diff --git a/src/exim_monitor/em_log.c b/src/exim_monitor/em_log.c index 1e1dc7c04..662595b12 100644 --- a/src/exim_monitor/em_log.c +++ b/src/exim_monitor/em_log.c @@ -229,7 +229,7 @@ if (LOG != NULL) uschar *p = buffer; rmark reset_point; int length = Ustrlen(buffer); - int i; + pcre2_match_data * md = pcre2_match_data_create(1, NULL); /* Skip totally blank lines (paranoia: there shouldn't be any) */ @@ -246,27 +246,25 @@ if (LOG != NULL) stripchart is the queue length, which is handled elsewhere, and the 1st may the a size monitor. */ - for (i = stripchart_varstart; i < stripchart_number; i++) - { - if (pcre_exec(stripchart_regex[i], NULL, CS buffer, length, 0, PCRE_EOPT, - NULL, 0) >= 0) + for (int i = stripchart_varstart; i < stripchart_number; i++) + if (pcre2_match(stripchart_regex[i], (PCRE2_SPTR)buffer, length, + 0, PCRE_EOPT, md, NULL) >= 0) stripchart_total[i]++; - } /* Munge the log entry and display shortened form on one line. We omit the date and show only the time. Remove any time zone offset. Take note of the presence of [pid]. */ - if (pcre_exec(yyyymmdd_regex,NULL,CS buffer,length,0,PCRE_EOPT,NULL,0) >= 0) + if (pcre2_match(yyyymmdd_regex, (PCRE2_SPTR) buffer, length, 0, PCRE_EOPT, + md, NULL) >= 0) { int pidlength = 0; - if ((buffer[20] == '+' || buffer[20] == '-') && - isdigit(buffer[21]) && buffer[25] == ' ') + if ( (buffer[20] == '+' || buffer[20] == '-') + && isdigit(buffer[21]) && buffer[25] == ' ') memmove(buffer + 20, buffer + 26, Ustrlen(buffer + 26) + 1); if (buffer[20] == '[') - { - while (Ustrchr("[]0123456789", buffer[20+pidlength++]) != NULL); - } + while (Ustrchr("[]0123456789", buffer[20+pidlength++]) != NULL) + ; id = string_copyn(buffer + 20 + pidlength, MESSAGE_ID_LENGTH); show_log("%s", buffer+11); } @@ -275,6 +273,7 @@ if (LOG != NULL) id = US""; show_log("%s", buffer); } + pcre2_match_data_free(md); /* Deal with frozen and unfrozen messages */ diff --git a/src/scripts/Configure-Makefile b/src/scripts/Configure-Makefile index 61368ecb3..df597a864 100755 --- a/src/scripts/Configure-Makefile +++ b/src/scripts/Configure-Makefile @@ -150,7 +150,7 @@ rm -f ./$mftepcp ./$mftepcp2 egrep "^[$st]*(AUTH|LOOKUP)_[A-Z0-9_]*[$st]*=[$st]*" $mft | \ sed "s/[$st]*=/='/" | \ sed "s/\$/'/" > $mftt -egrep "^[$st]*((USE_(OPENSSL|GNUTLS)_PC)|SUPPORT_TLS|USE_GNUTLS|PCRE_CONFIG|AVOID_GNUTLS_PKCS11)[$st]*=[$st]*" $mft | \ +egrep "^[$st]*((USE_(OPENSSL|GNUTLS)_PC)|SUPPORT_TLS|USE_GNUTLS|PCRE2?_CONFIG|AVOID_GNUTLS_PKCS11)[$st]*=[$st]*" $mft | \ sed "s/[$st]*=/='/" | \ sed "s/\$/'/" >> $mftt if test -s $mftt @@ -233,12 +233,32 @@ then PCRE_CONFIG) case $PCRE_CONFIG in yes|YES|y|Y) - cflags=`pcre-config --cflags` + echo >&2 "pcre is no longer supported; migrate to pcre2" + exit 1 + +# cflags=`pcre-config --cflags` +# if [ $? -ne 0 ]; then +# echo >&2 "*** Missing pcre-config for regular expression support" +# exit 1 +# fi +# libs=`pcre-config --libs` +# if [ ".$cflags" != "." ]; then +# echo "INCLUDE += $cflags" +# fi +# echo "PCRE_LIBS=$libs" + ;; + esac + ;; + + PCRE2_CONFIG) + case $PCRE2_CONFIG in + yes|YES|y|Y) + cflags=`pcre2-config --cflags` if [ $? -ne 0 ]; then - echo >&2 "*** Missing pcre-config for regular expression support" + echo >&2 "*** Missing pcre2-config for regular expression support" exit 1 fi - libs=`pcre-config --libs` + libs=`pcre2-config --libs8` if [ ".$cflags" != "." ]; then echo "INCLUDE += $cflags" fi diff --git a/src/src/EDITME b/src/src/EDITME index f4329fabf..44c30ce9b 100644 --- a/src/src/EDITME +++ b/src/src/EDITME @@ -457,19 +457,19 @@ LOOKUP_DNSDB=yes #------------------------------------------------------------------------------ -# The PCRE library is required for Exim. There is no longer an embedded +# The PCRE2 library is required for Exim. There is no longer an embedded # version of the PCRE library included with the source code, instead you -# must use a system library or build your own copy of PCRE. +# must use a system library or build your own copy of PCRE2. # In either case you must specify the library link info here. If the -# PCRE header files are not in the standard search path you must also +# PCRE2 header files are not in the standard search path you must also # modify the INCLUDE path (above) # # Use PCRE_CONFIG to query the pcre-config command (first found in $PATH) # to find the include files and libraries, else use PCRE_LIBS and set INCLUDE # too if needed. -PCRE_CONFIG=yes -# PCRE_LIBS=-lpcre +PCRE2_CONFIG=yes +# PCRE_LIBS=-lpcre2 #------------------------------------------------------------------------------ diff --git a/src/src/dns.c b/src/src/dns.c index 490eb883d..63856ead3 100644 --- a/src/src/dns.c +++ b/src/src/dns.c @@ -850,11 +850,8 @@ more.) */ if (check_dns_names_pattern[0] != 0 && type != T_PTR && type != T_TXT) { - int ovector[3*(EXPAND_MAXN+1)]; - dns_pattern_init(); - if (pcre_exec(regex_check_dns_names, NULL, CCS name, Ustrlen(name), - 0, PCRE_EOPT, ovector, nelem(ovector)) < 0) + if (!regex_match(regex_check_dns_names, name, -1, NULL)) { DEBUG(D_dns) debug_printf("DNS name syntax check failed: %s (%s)\n", name, diff --git a/src/src/drtables.c b/src/src/drtables.c index 72f47c1ea..02f014e87 100644 --- a/src/src/drtables.c +++ b/src/src/drtables.c @@ -728,15 +728,15 @@ if (!(dd = exim_opendir(LOOKUP_MODULE_DIR))) } else { - const pcre *regex_islookupmod = regex_must_compile( + const pcre2_code *regex_islookupmod = regex_must_compile( US"\\." DYNLIB_FN_EXT "$", FALSE, TRUE); DEBUG(D_lookup) debug_printf("Loading lookup modules from %s\n", LOOKUP_MODULE_DIR); while ((ent = readdir(dd))) { - char *name = ent->d_name; + char * name = ent->d_name; int len = (int)strlen(name); - if (pcre_exec(regex_islookupmod, NULL, name, len, 0, PCRE_EOPT, NULL, 0) >= 0) + if (regex_match(regex_islookupmod, US name, len, NUL)) { int pathnamelen = len + (int)strlen(LOOKUP_MODULE_DIR) + 2; void *dl; diff --git a/src/src/exim.c b/src/src/exim.c index e15d5e476..27f1e9b88 100644 --- a/src/src/exim.c +++ b/src/src/exim.c @@ -45,7 +45,7 @@ are two sets of functions; one for use when we want to retain the compiled regular expression for a long time; the other for short-term use. */ static void * -function_store_get(size_t size) +function_store_get(PCRE2_SIZE size, void * tag) { /* For now, regard all RE results as potentially tainted. We might need more intelligence on this point. */ @@ -53,16 +53,16 @@ return store_get((int)size, TRUE); } static void -function_dummy_free(void * block) {} +function_dummy_free(void * block, void * tag) {} static void * -function_store_malloc(size_t size) +function_store_malloc(PCRE2_SIZE size, void * tag) { return store_malloc((int)size); } static void -function_store_free(void * block) +function_store_free(void * block, void * tag) { store_free(block); } @@ -98,29 +98,51 @@ Argument: Returns: pointer to the compiled pattern */ -const pcre * -regex_must_compile(const uschar *pattern, BOOL caseless, BOOL use_malloc) +const pcre2_code * +regex_must_compile(const uschar * pattern, BOOL caseless, BOOL use_malloc) { -int offset; -int options = PCRE_COPT; -const pcre *yield; -const uschar *error; +size_t offset; +int options = caseless ? PCRE_COPT|PCRE2_CASELESS : PCRE_COPT; +const pcre2_code * yield; +int err; +pcre2_general_context * gctx; +pcre2_compile_context * cctx; + if (use_malloc) { - pcre_malloc = function_store_malloc; - pcre_free = function_store_free; + gctx = pcre2_general_context_create(function_store_malloc, function_store_free, NULL); + cctx = pcre2_compile_context_create(gctx); } -if (caseless) options |= PCRE_CASELESS; -yield = pcre_compile(CCS pattern, options, CCSS &error, &offset, NULL); -pcre_malloc = function_store_get; -pcre_free = function_dummy_free; -if (yield == NULL) +else + cctx = pcre_cmp_ctx; + +if (!(yield = pcre2_compile((PCRE2_SPTR)pattern, PCRE2_ZERO_TERMINATED, options, + &err, &offset, cctx))) + { + uschar errbuf[128]; + pcre2_get_error_message(err, errbuf, sizeof(errbuf)); log_write(0, LOG_MAIN|LOG_PANIC_DIE, "regular expression error: " - "%s at offset %d while compiling %s", error, offset, pattern); + "%s at offset %d while compiling %s", errbuf, (long)offset, pattern); + } + +if (use_malloc) + { + pcre2_compile_context_free(cctx); + pcre2_general_context_free(gctx); + } return yield; } +static void +pcre_init(void) +{ +pcre_gen_ctx = pcre2_general_context_create(function_store_malloc, function_store_free, NULL); +pcre_cmp_ctx = pcre2_compile_context_create(pcre_gen_ctx); +pcre_mtc_ctx = pcre2_match_context_create(pcre_gen_ctx); +} + + /************************************************* @@ -128,7 +150,12 @@ return yield; *************************************************/ /* This function runs a regular expression match, and sets up the pointers to -the matched substrings. +the matched substrings. The matched strings are copied. + +We might consider tracing the uses of expand_nstring to see if consitification +is viable, and save the copy cost by just using the pointers into the subject string. +Pre-pcre2 we did that without noticing, so it might just work - or might have been +a bug. It was certainly a risk in the implemenation. Arguments: re the compiled expression @@ -138,32 +165,67 @@ Arguments: if >= 0 setup from setup+1 onwards, excluding the full matched string -Returns: TRUE or FALSE +Returns: TRUE if matched, or FALSE */ BOOL -regex_match_and_setup(const pcre *re, const uschar *subject, int options, int setup) +regex_match_and_setup(const pcre2_code * re, const uschar * subject, int options, int setup) { -int ovector[3*(EXPAND_MAXN+1)]; -uschar * s = string_copy(subject); /* de-constifying */ -int n = pcre_exec(re, NULL, CS s, Ustrlen(s), 0, - PCRE_EOPT | options, ovector, nelem(ovector)); -BOOL yield = n >= 0; -if (n == 0) n = EXPAND_MAXN + 1; -if (yield) +pcre2_match_data * md = pcre2_match_data_create_from_pattern(re, pcre_gen_ctx); +int res = pcre2_match(re, (PCRE2_SPTR)subject, PCRE2_ZERO_TERMINATED, 0, + PCRE_EOPT | options, md, pcre_mtc_ctx); +BOOL yield; + +if ((yield = (res >= 0))) { + res = pcre2_get_ovector_count(md); expand_nmax = setup < 0 ? 0 : setup + 1; - for (int nn = setup < 0 ? 0 : 2; nn < n*2; nn += 2) + for (int matchnum = setup < 0 ? 0 : 1; matchnum < res; matchnum++) { - expand_nstring[expand_nmax] = s + ovector[nn]; - expand_nlength[expand_nmax++] = ovector[nn+1] - ovector[nn]; + PCRE2_SIZE len; + pcre2_substring_get_bynumber(md, matchnum, + (PCRE2_UCHAR **)&expand_nstring[expand_nmax], &len); + expand_nlength[expand_nmax++] = (int)len; } expand_nmax--; } +else if (res != PCRE2_ERROR_NOMATCH) DEBUG(D_any) + { + uschar errbuf[128]; + pcre2_get_error_message(res, errbuf, sizeof(errbuf)); + debug_printf_indent("pcre2: %s\n", errbuf); + } +pcre2_match_data_free(md); return yield; } +/* Check just for match with regex. Uses the common memory-handling. + +Arguments: + re compiled regex + subject string to be checked + slen length of subject; -1 for nul-terminated + rptr pointer for matched string, copied, or NULL + +Return: TRUE for a match. +*/ + +BOOL +regex_match(const pcre2_code * re, const uschar * subject, int slen, uschar ** rptr) +{ +pcre2_match_data * md = pcre2_match_data_create(1, pcre_gen_ctx); +int rc = pcre2_match(re, (PCRE2_SPTR)subject, + slen >= 0 ? slen : PCRE2_ZERO_TERMINATED, + 0, PCRE_EOPT, md, pcre_mtc_ctx); +PCRE2_SIZE * ovec = pcre2_get_ovector_pointer(md); +if (rc < 0) + return FALSE; +if (rptr) + *rptr = string_copyn(subject + ovec[0], ovec[1] - ovec[0]); +return TRUE; +} + /************************************************* @@ -1181,11 +1243,15 @@ show_db_version(fp); #endif #define QUOTE(X) #X #define EXPAND_AND_QUOTE(X) QUOTE(X) - fprintf(fp, "Library version: PCRE: Compile: %d.%d%s\n" + { + uschar buf[24]; + pcre2_config(PCRE2_CONFIG_VERSION, buf); + fprintf(fp, "Library version: PCRE2: Compile: %d.%d%s\n" " Runtime: %s\n", - PCRE_MAJOR, PCRE_MINOR, - EXPAND_AND_QUOTE(PCRE_PRERELEASE) "", - pcre_version()); + PCRE2_MAJOR, PCRE2_MINOR, + EXPAND_AND_QUOTE(PCRE2_PRERELEASE) "", + buf); + } #undef QUOTE #undef EXPAND_AND_QUOTE @@ -1538,14 +1604,8 @@ for (macro_item * m = macros_user; m; m = m->next) if (m->command_line) continue; if ((len = m->replen) == 0) continue; - n = pcre_exec(regex_whitelisted_macro, NULL, CS m->replacement, len, - 0, PCRE_EOPT, NULL, 0); - if (n < 0) - { - if (n != PCRE_ERROR_NOMATCH) - debug_printf("macros_trusted checking %s returned %d\n", m->name, n); + if (!regex_match(regex_whitelisted_macro, m->replacement, len, NULL)) return FALSE; - } } DEBUG(D_any) debug_printf("macros_trusted overridden to true by whitelisting\n"); return TRUE; @@ -1700,6 +1760,7 @@ extern char **environ; #endif store_init(); /* Initialise the memory allocation susbsystem */ +pcre_init(); /* Set up memory handling for pcre */ /* If the Exim user and/or group and/or the configuration file owner/group were defined by ref:name at build time, we must now find the actual uid/gid values. @@ -1800,15 +1861,6 @@ indirection, because some systems don't allow writing to the variable "stderr". if (fstat(fileno(stderr), &statbuf) >= 0) log_stderr = stderr; -/* Arrange for the PCRE regex library to use our store functions. Note that -the normal calls are actually macros that add additional arguments for -debugging purposes so we have to assign specially constructed functions here. -The default is to use store in the stacking pool, but this is overridden in the -regex_must_compile() function. */ - -pcre_malloc = function_store_get; -pcre_free = function_dummy_free; - /* Ensure there is a big buffer for temporary use in several places. It is put in malloc store so that it can be freed for enlargement if necessary. */ @@ -4845,7 +4897,7 @@ for (i = 0;;) if (gecos_pattern && gecos_name) { - const pcre *re; + const pcre2_code *re; re = regex_must_compile(gecos_pattern, FALSE, TRUE); /* Use malloc */ if (regex_match_and_setup(re, name, 0, -1)) diff --git a/src/src/exim.h b/src/src/exim.h index 484276bb2..b0906d34a 100644 --- a/src/src/exim.h +++ b/src/src/exim.h @@ -522,7 +522,8 @@ extern int ferror(FILE *); /* The header from the PCRE regex package */ -#include +#define PCRE2_CODE_UNIT_WIDTH 8 +#include /* Exim includes are in several files. Note that local_scan.h #includes config.h, mytypes.h, and store.h, so we don't need to mention them explicitly. diff --git a/src/src/expand.c b/src/src/expand.c index 83c0ad051..4e1ffbb24 100644 --- a/src/src/expand.c +++ b/src/src/expand.c @@ -2543,16 +2543,13 @@ BOOL tempcond, combined_cond; BOOL *subcondptr; BOOL sub2_honour_dollar = TRUE; BOOL is_forany, is_json, is_jsons; -int rc, cond_type, roffset; +int rc, cond_type; int_eximarith_t num[2]; struct stat statbuf; uschar * opname; uschar name[256]; const uschar *sub[10]; -const pcre *re; -const uschar *rerror; - for (;;) if (Uskip_whitespace(&s) == '!') { testfor = !testfor; s++; } else break; @@ -2974,15 +2971,24 @@ switch(cond_type = identify_operator(&s, &opname)) break; case ECOND_MATCH: /* Regular expression match */ - if (!(re = pcre_compile(CS sub[1], PCRE_COPT, CCSS &rerror, - &roffset, NULL))) { - expand_string_message = string_sprintf("regular expression error in " - "\"%s\": %s at offset %d", sub[1], rerror, roffset); - return NULL; + const pcre2_code * re; + PCRE2_SIZE offset; + int err; + + if (!(re = pcre2_compile((PCRE2_SPTR)sub[1], PCRE2_ZERO_TERMINATED, + PCRE_COPT, &err, &offset, pcre_cmp_ctx))) + { + uschar errbuf[128]; + pcre2_get_error_message(err, errbuf, sizeof(errbuf)); + expand_string_message = string_sprintf("regular expression error in " + "\"%s\": %s at offset %d", sub[1], errbuf, offset); + return NULL; + } + + tempcond = regex_match_and_setup(re, sub[0], 0, -1); + break; } - tempcond = regex_match_and_setup(re, sub[0], 0, -1); - break; case ECOND_MATCH_ADDRESS: /* Match in an address list */ rc = match_address_list(sub[0], TRUE, FALSE, &(sub[1]), NULL, -1, 0, NULL); @@ -3448,9 +3454,10 @@ switch(cond_type = identify_operator(&s, &opname)) /* ${if inbound_srs {local_part}{secret} {yes}{no}} */ { uschar * sub[2]; - const pcre * re; - int ovec[3*(4+1)]; - int n, quoting = 0; + const pcre2_code * re; + pcre2_match_data * md; + PCRE2_SIZE * ovec; + int quoting = 0; uschar cksum[4]; BOOL boolvalue = FALSE; @@ -3466,12 +3473,14 @@ switch(cond_type = identify_operator(&s, &opname)) re = regex_must_compile(US"^(?i)SRS0=([^=]+)=([A-Z2-7]+)=([^=]*)=(.*)$", TRUE, FALSE); - if (pcre_exec(re, NULL, CS sub[0], Ustrlen(sub[0]), 0, PCRE_EOPT, - ovec, nelem(ovec)) < 0) + md = pcre2_match_data_create(4+1, pcre_gen_ctx); + if (pcre2_match(re, sub[0], PCRE2_ZERO_TERMINATED, 0, PCRE_EOPT, + md, pcre_mtc_ctx) < 0) { DEBUG(D_expand) debug_printf("no match for SRS'd local-part pattern\n"); goto srs_result; } + ovec = pcre2_get_ovector_pointer(md); if (sub[0][0] == '"') quoting = 1; @@ -3503,6 +3512,7 @@ switch(cond_type = identify_operator(&s, &opname)) struct timeval now; uschar * ss = sub[0] + ovec[4]; /* substring 2, the timestamp */ long d; + int n; gettimeofday(&now, NULL); now.tv_sec /= 86400; /* days since epoch */ @@ -5189,7 +5199,7 @@ while (*s) { uschar *sub_arg[3]; gstring * g; - const pcre *re; + const pcre2_code *re; uschar *p; /* TF: Ugliness: We want to expand parameter 1 first, then set @@ -5829,11 +5839,11 @@ while (*s) case EITEM_SG: { - const pcre *re; + const pcre2_code * re; int moffset, moffsetextra, slen; - int roffset; - int emptyopt; - const uschar *rerror; + PCRE2_SIZE roffset; + pcre2_match_data * md; + int err, emptyopt; uschar *subject; uschar *sub[3]; int save_expand_nmax = @@ -5848,13 +5858,16 @@ while (*s) /* Compile the regular expression */ - if (!(re = pcre_compile(CS sub[1], PCRE_COPT, CCSS &rerror, - &roffset, NULL))) + if (!(re = pcre2_compile((PCRE2_SPTR)sub[1], PCRE2_ZERO_TERMINATED, + PCRE_COPT, &err, &roffset, pcre_cmp_ctx))) { + uschar errbuf[128]; + pcre2_get_error_message(err, errbuf, sizeof(errbuf)); expand_string_message = string_sprintf("regular expression error in " - "\"%s\": %s at offset %d", sub[1], rerror, roffset); + "\"%s\": %s at offset %l", sub[1], errbuf, (long)roffset); goto EXPAND_FAILED; } + md = pcre2_match_data_create(EXPAND_MAXN + 1, pcre_gen_ctx); /* Now run a loop to do the substitutions as often as necessary. It ends when there are no more matches. Take care over matches of the null string; @@ -5867,9 +5880,9 @@ while (*s) for (;;) { - int ovector[3*(EXPAND_MAXN+1)]; - int n = pcre_exec(re, NULL, CS subject, slen, moffset + moffsetextra, - PCRE_EOPT | emptyopt, ovector, nelem(ovector)); + PCRE2_SIZE * ovec = pcre2_get_ovector_pointer(md); + int n = pcre2_match(re, (PCRE2_SPTR)subject, slen, moffset + moffsetextra, + PCRE_EOPT | emptyopt, md, pcre_mtc_ctx); uschar *insert; /* No match - if we previously set PCRE_NOTEMPTY after a null match, this @@ -5897,19 +5910,19 @@ while (*s) expand_nmax = 0; for (int nn = 0; nn < n*2; nn += 2) { - expand_nstring[expand_nmax] = subject + ovector[nn]; - expand_nlength[expand_nmax++] = ovector[nn+1] - ovector[nn]; + expand_nstring[expand_nmax] = subject + ovec[nn]; + expand_nlength[expand_nmax++] = ovec[nn+1] - ovec[nn]; } expand_nmax--; /* Copy the characters before the match, plus the expanded insertion. */ - yield = string_catn(yield, subject + moffset, ovector[0] - moffset); + yield = string_catn(yield, subject + moffset, ovec[0] - moffset); if (!(insert = expand_string(sub[2]))) goto EXPAND_FAILED; yield = string_cat(yield, insert); - moffset = ovector[1]; + moffset = ovec[1]; moffsetextra = 0; emptyopt = 0; @@ -5920,10 +5933,10 @@ while (*s) string at the same point. If this fails (picked up above) we advance to the next character. */ - if (ovector[0] == ovector[1]) + if (ovec[0] == ovec[1]) { - if (ovector[0] == slen) break; - emptyopt = PCRE_NOTEMPTY | PCRE_ANCHORED; + if (ovec[0] == slen) break; + emptyopt = PCRE2_NOTEMPTY | PCRE2_ANCHORED; } } @@ -8608,11 +8621,11 @@ if (e.var_name) BOOL -regex_match_and_setup(const pcre *re, uschar *subject, int options, int setup) +regex_match_and_setup(const pcre2_code *re, uschar *subject, int options, int setup) { -int ovector[3*(EXPAND_MAXN+1)]; +int ovec[3*(EXPAND_MAXN+1)]; int n = pcre_exec(re, NULL, subject, Ustrlen(subject), 0, PCRE_EOPT|options, - ovector, nelem(ovector)); + ovec, nelem(ovec)); BOOL yield = n >= 0; if (n == 0) n = EXPAND_MAXN + 1; if (yield) @@ -8620,8 +8633,8 @@ if (yield) expand_nmax = setup < 0 ? 0 : setup + 1; for (int nn = setup < 0 ? 0 : 2; nn < n*2; nn += 2) { - expand_nstring[expand_nmax] = subject + ovector[nn]; - expand_nlength[expand_nmax++] = ovector[nn+1] - ovector[nn]; + expand_nstring[expand_nmax] = subject + ovec[nn]; + expand_nlength[expand_nmax++] = ovec[nn+1] - ovec[nn]; } expand_nmax--; } diff --git a/src/src/filter.c b/src/src/filter.c index 3f9f750b6..7c9e963a4 100644 --- a/src/src/filter.c +++ b/src/src/filter.c @@ -1425,10 +1425,7 @@ static BOOL test_condition(condition_block *c, BOOL toplevel) { BOOL yield = FALSE; -const pcre *re; uschar *exp[2], *p, *pp; -const uschar *regcomp_error = NULL; -int regcomp_error_offset; int val[2]; int i; @@ -1588,26 +1585,34 @@ switch (c->type) case cond_matches: case cond_MATCHES: - if ((filter_test != FTEST_NONE && debug_selector != 0) || - (debug_selector & D_filter) != 0) { - debug_printf_indent("Match expanded arguments:\n"); - debug_printf_indent(" Subject = %s\n", exp[0]); - debug_printf_indent(" Pattern = %s\n", exp[1]); - } + const pcre2_code *re; + int err; + PCRE2_SIZE offset; - if (!(re = pcre_compile(CS exp[1], - PCRE_COPT | ((c->type == cond_matches)? PCRE_CASELESS : 0), - CCSS ®comp_error, ®comp_error_offset, NULL))) - { - *error_pointer = string_sprintf("error while compiling " - "regular expression \"%s\": %s at offset %d", - exp[1], regcomp_error, regcomp_error_offset); - return FALSE; - } + if ((filter_test != FTEST_NONE && debug_selector != 0) || + (debug_selector & D_filter) != 0) + { + debug_printf_indent("Match expanded arguments:\n"); + debug_printf_indent(" Subject = %s\n", exp[0]); + debug_printf_indent(" Pattern = %s\n", exp[1]); + } - yield = regex_match_and_setup(re, exp[0], PCRE_EOPT, -1); - break; + if (!(re = pcre2_compile((PCRE2_SPTR)exp[1], PCRE2_ZERO_TERMINATED, + PCRE_COPT | (c->type == cond_matches ? PCRE2_CASELESS : 0), + &err, &offset, pcre_cmp_ctx))) + { + uschar errbuf[128]; + pcre2_get_error_message(err, errbuf, sizeof(errbuf)); + *error_pointer = string_sprintf("error while compiling " + "regular expression \"%s\": %s at offset %l", + exp[1], errbuf, (long)offset); + return FALSE; + } + + yield = regex_match_and_setup(re, exp[0], PCRE_EOPT, -1); + break; + } /* For above and below, convert the strings to numbers */ diff --git a/src/src/functions.h b/src/src/functions.h index 0744697f9..a51998864 100644 --- a/src/src/functions.h +++ b/src/src/functions.h @@ -426,8 +426,9 @@ extern void receive_swallow_smtp(void); #ifdef WITH_CONTENT_SCAN extern int regex(const uschar **); #endif -extern BOOL regex_match_and_setup(const pcre *, const uschar *, int, int); -extern const pcre *regex_must_compile(const uschar *, BOOL, BOOL); +extern BOOL regex_match(const pcre2_code *, const uschar *, int, uschar **); +extern BOOL regex_match_and_setup(const pcre2_code *, const uschar *, int, int); +extern const pcre2_code *regex_must_compile(const uschar *, BOOL, BOOL); extern void retry_add_item(address_item *, uschar *, int); extern BOOL retry_check_address(const uschar *, host_item *, uschar *, BOOL, uschar **, uschar **); diff --git a/src/src/globals.c b/src/src/globals.c index 50b9c2f2a..f54a25227 100644 --- a/src/src/globals.c +++ b/src/src/globals.c @@ -118,7 +118,7 @@ tls_support tls_out = { uschar *dsn_envid = NULL; int dsn_ret = 0; -const pcre *regex_DSN = NULL; +const pcre2_code *regex_DSN = NULL; uschar *dsn_advertise_hosts = NULL; #ifndef DISABLE_TLS @@ -126,7 +126,7 @@ BOOL gnutls_compat_mode = FALSE; BOOL gnutls_allow_auto_pkcs11 = FALSE; uschar *hosts_require_alpn = NULL; uschar *openssl_options = NULL; -const pcre *regex_STARTTLS = NULL; +const pcre2_code *regex_STARTTLS = NULL; uschar *tls_advertise_hosts = US"*"; uschar *tls_alpn = US"smtp:esmtp"; uschar *tls_certificate = NULL; @@ -159,11 +159,11 @@ uschar *tls_advertise_hosts = NULL; /* Per Recipient Data Response variables */ BOOL prdr_enable = FALSE; BOOL prdr_requested = FALSE; -const pcre *regex_PRDR = NULL; +const pcre2_code *regex_PRDR = NULL; #endif #ifdef SUPPORT_I18N -const pcre *regex_UTF8 = NULL; +const pcre2_code *regex_UTF8 = NULL; #endif /* Input-reading functions for messages, so we can use special ones for @@ -711,10 +711,10 @@ uschar *chunking_advertise_hosts = US"*"; unsigned chunking_datasize = 0; unsigned chunking_data_left = 0; chunking_state_t chunking_state= CHUNKING_NOT_OFFERED; -const pcre *regex_CHUNKING = NULL; +const pcre2_code *regex_CHUNKING = NULL; #ifdef EXPERIMENTAL_ESMTP_LIMITS -const pcre *regex_LIMITS = NULL; +const pcre2_code *regex_LIMITS = NULL; #endif uschar *client_authenticator = NULL; @@ -1212,6 +1212,10 @@ uid_t originator_uid; uschar *override_local_interfaces = NULL; uschar *override_pid_file_path = NULL; +pcre2_general_context * pcre_gen_ctx = NULL; +pcre2_compile_context * pcre_cmp_ctx = NULL; +pcre2_match_context * pcre_mtc_ctx = NULL; + uschar *percent_hack_domains = NULL; uschar *pid_file_path = US PID_FILE_PATH "\0<--------------Space to patch pid_file_path->"; @@ -1305,20 +1309,20 @@ int recipients_count = 0; recipient_item *recipients_list = NULL; int recipients_list_max = 0; int recipients_max = 50000; -const pcre *regex_AUTH = NULL; -const pcre *regex_check_dns_names = NULL; -const pcre *regex_From = NULL; -const pcre *regex_IGNOREQUOTA = NULL; -const pcre *regex_PIPELINING = NULL; -const pcre *regex_SIZE = NULL; +const pcre2_code *regex_AUTH = NULL; +const pcre2_code *regex_check_dns_names = NULL; +const pcre2_code *regex_From = NULL; +const pcre2_code *regex_IGNOREQUOTA = NULL; +const pcre2_code *regex_PIPELINING = NULL; +const pcre2_code *regex_SIZE = NULL; #ifndef DISABLE_PIPE_CONNECT -const pcre *regex_EARLY_PIPE = NULL; +const pcre2_code *regex_EARLY_PIPE = NULL; #endif -const pcre *regex_ismsgid = NULL; -const pcre *regex_smtp_code = NULL; +const pcre2_code *regex_ismsgid = NULL; +const pcre2_code *regex_smtp_code = NULL; uschar *regex_vars[REGEX_VARS]; #ifdef WHITELIST_D_MACROS -const pcre *regex_whitelisted_macro = NULL; +const pcre2_code *regex_whitelisted_macro = NULL; #endif #ifdef WITH_CONTENT_SCAN uschar *regex_match_string = NULL; diff --git a/src/src/globals.h b/src/src/globals.h index 731408bd6..193eed6c5 100644 --- a/src/src/globals.h +++ b/src/src/globals.h @@ -127,7 +127,7 @@ extern BOOL gnutls_compat_mode; /* Less security, more compatibility */ extern BOOL gnutls_allow_auto_pkcs11; /* Let GnuTLS autoload PKCS11 modules */ extern uschar *hosts_require_alpn; /* Mandatory ALPN successful nogitiation */ extern uschar *openssl_options; /* OpenSSL compatibility options */ -extern const pcre *regex_STARTTLS; /* For recognizing STARTTLS settings */ +extern const pcre2_code *regex_STARTTLS; /* For recognizing STARTTLS settings */ extern uschar *tls_alpn; /* ALPN names acceptable */ extern uschar *tls_certificate; /* Certificate file */ extern uschar *tls_crl; /* CRL File */ @@ -153,7 +153,7 @@ extern uschar *tls_advertise_hosts; /* host for which TLS is advertised */ extern uschar *dsn_envid; /* DSN envid string */ extern int dsn_ret; /* DSN ret type*/ -extern const pcre *regex_DSN; /* For recognizing DSN settings */ +extern const pcre2_code *regex_DSN; /* For recognizing DSN settings */ extern uschar *dsn_advertise_hosts; /* host for which TLS is advertised */ /* Input-reading functions for messages, so we can use special ones for @@ -320,7 +320,7 @@ extern uschar *acl_smtp_connect; /* ACL run on SMTP connection */ extern uschar *acl_smtp_data; /* ACL run after DATA received */ #ifndef DISABLE_PRDR extern uschar *acl_smtp_data_prdr; /* ACL run after DATA received if in PRDR mode*/ -const extern pcre *regex_PRDR; /* For recognizing PRDR settings */ +const extern pcre2_code *regex_PRDR; /* For recognizing PRDR settings */ #endif #ifndef DISABLE_DKIM extern uschar *acl_smtp_dkim; /* ACL run for DKIM signatures / domains */ @@ -731,7 +731,7 @@ extern uschar *message_size_limit; /* As it says */ #ifdef SUPPORT_I18N extern BOOL message_smtputf8; /* Internationalized mail handling */ extern int message_utf8_downconvert; /* convert from utf8 */ -const extern pcre *regex_UTF8; /* For recognizing SMTPUTF8 settings */ +const extern pcre2_code *regex_UTF8; /* For recognizing SMTPUTF8 settings */ #endif extern uschar message_subdir[]; /* Subdirectory for messages */ extern uschar *message_reference; /* Reference for error messages */ @@ -779,6 +779,10 @@ extern uid_t originator_uid; /* Uid of ditto */ extern uschar *override_local_interfaces; /* Value of -oX argument */ extern uschar *override_pid_file_path; /* Value of -oP argument */ +extern pcre2_general_context * pcre_gen_ctx; /* pcre memory management */ +extern pcre2_compile_context * pcre_cmp_ctx; +extern pcre2_match_context * pcre_mtc_ctx; + extern uschar *percent_hack_domains; /* Local domains for which '% operates */ extern uschar *pid_file_path; /* For writing daemon pids */ #ifndef DISABLE_PIPE_CONNECT @@ -865,24 +869,24 @@ extern uschar *recipient_verify_failure; /* What went wrong */ extern int recipients_list_max; /* Maximum number fitting in list */ extern int recipients_max; /* Max permitted */ extern BOOL recipients_max_reject; /* If TRUE, reject whole message */ -extern const pcre *regex_AUTH; /* For recognizing AUTH settings */ -extern const pcre *regex_check_dns_names; /* For DNS name checking */ -extern const pcre *regex_From; /* For recognizing "From_" lines */ -extern const pcre *regex_CHUNKING; /* For recognizing CHUNKING (RFC 3030) */ -extern const pcre *regex_IGNOREQUOTA; /* For recognizing IGNOREQUOTA (LMTP) */ +extern const pcre2_code *regex_AUTH; /* For recognizing AUTH settings */ +extern const pcre2_code *regex_check_dns_names; /* For DNS name checking */ +extern const pcre2_code *regex_From; /* For recognizing "From_" lines */ +extern const pcre2_code *regex_CHUNKING; /* For recognizing CHUNKING (RFC 3030) */ +extern const pcre2_code *regex_IGNOREQUOTA; /* For recognizing IGNOREQUOTA (LMTP) */ #ifdef EXPERIMENTAL_ESMTP_LIMITS -extern const pcre *regex_LIMITS; /* For recognizing LIMITS */ +extern const pcre2_code *regex_LIMITS; /* For recognizing LIMITS */ #endif -extern const pcre *regex_PIPELINING; /* For recognizing PIPELINING */ -extern const pcre *regex_SIZE; /* For recognizing SIZE settings */ +extern const pcre2_code *regex_PIPELINING; /* For recognizing PIPELINING */ +extern const pcre2_code *regex_SIZE; /* For recognizing SIZE settings */ #ifndef DISABLE_PIPE_CONNECT -extern const pcre *regex_EARLY_PIPE; /* For recognizing PIPE_CONNCT */ +extern const pcre2_code *regex_EARLY_PIPE; /* For recognizing PIPE_CONNCT */ #endif -extern const pcre *regex_ismsgid; /* Compiled r.e. for message it */ -extern const pcre *regex_smtp_code; /* For recognizing SMTP codes */ +extern const pcre2_code *regex_ismsgid; /* Compiled r.e. for message it */ +extern const pcre2_code *regex_smtp_code; /* For recognizing SMTP codes */ extern uschar *regex_vars[]; /* $regexN variables */ #ifdef WHITELIST_D_MACROS -extern const pcre *regex_whitelisted_macro; /* For -D macro values */ +extern const pcre2_code *regex_whitelisted_macro; /* For -D macro values */ #endif #ifdef WITH_CONTENT_SCAN extern uschar *regex_match_string; /* regex that matched a line (regex ACL condition) */ diff --git a/src/src/header.c b/src/src/header.c index 720446bff..e334c69bf 100644 --- a/src/src/header.c +++ b/src/src/header.c @@ -371,7 +371,7 @@ static BOOL one_pattern_match(uschar *name, int slen, BOOL has_addresses, uschar *pattern) { BOOL yield = FALSE; -const pcre *re = NULL; +const pcre2_code *re = NULL; /* If the pattern is a regex, compile it. Bomb out if compiling fails; these patterns are all constructed internally and should be valid. */ @@ -419,10 +419,9 @@ for (header_line * h = header_list; !yield && h; h = h->next) /* Otherwise, test for the pattern; a non-regex must be an exact match */ - yield = !re - ? (strcmpic(next, pattern) == 0) - : (pcre_exec(re, NULL, CS next, Ustrlen(next), 0, PCRE_EOPT, NULL, 0) - >= 0); + yield = re + ? regex_match(re, next, -1, NULL) + : (strcmpic(next, pattern) == 0); } } @@ -431,10 +430,9 @@ for (header_line * h = header_list; !yield && h; h = h->next) else { - yield = (re == NULL)? - (strstric(h->text, pattern, FALSE) != NULL) - : - (pcre_exec(re, NULL, CS h->text, h->slen, 0, PCRE_EOPT, NULL, 0) >= 0); + yield = re + ? regex_match(re, h->text, h->slen, NULL) + : (strstric(h->text, pattern, FALSE) != NULL); } } diff --git a/src/src/macros.h b/src/src/macros.h index ccdcc451f..4263bc444 100644 --- a/src/src/macros.h +++ b/src/src/macros.h @@ -202,8 +202,7 @@ record, and the max number of continuation records allowed. */ /* Macros for trivial functions */ -#define mac_ismsgid(s) \ - (pcre_exec(regex_ismsgid,NULL,CS s,Ustrlen(s),0,PCRE_EOPT,NULL,0) >= 0) +#define mac_ismsgid(s) (regex_match(regex_ismsgid, (s), -1, NULL)) /* Options for dns_next_rr */ diff --git a/src/src/malware.c b/src/src/malware.c index a6e354bc4..cd80cd4b2 100644 --- a/src/src/malware.c +++ b/src/src/malware.c @@ -129,7 +129,7 @@ for (const struct scan * sc = m_scans; sc->scancode != -1; sc++) #define MALWARE_TIMEOUT 120 /* default timeout, seconds */ static const uschar * malware_regex_default = US ".+"; -static const pcre * malware_default_re = NULL; +static const pcre2_code * malware_default_re = NULL; #ifndef DISABLE_MAL_CLAM @@ -156,35 +156,35 @@ typedef struct clamd_address { # define DERR_BAD_CALL (1<<15) /* wrong command */ static const uschar * drweb_re_str = US "infected\\swith\\s*(.+?)$"; -static const pcre * drweb_re = NULL; +static const pcre2_code * drweb_re = NULL; #endif #ifndef DISABLE_MAL_FSECURE static const uschar * fsec_re_str = US "\\S{0,5}INFECTED\\t[^\\t]*\\t([^\\t]+)\\t\\S*$"; -static const pcre * fsec_re = NULL; +static const pcre2_code * fsec_re = NULL; #endif #ifndef DISABLE_MAL_KAV static const uschar * kav_re_sus_str = US "suspicion:\\s*(.+?)\\s*$"; static const uschar * kav_re_inf_str = US "infected:\\s*(.+?)\\s*$"; -static const pcre * kav_re_sus = NULL; -static const pcre * kav_re_inf = NULL; +static const pcre2_code * kav_re_sus = NULL; +static const pcre2_code * kav_re_inf = NULL; #endif #ifndef DISABLE_MAL_AVAST static const uschar * ava_re_clean_str = US "(?!\\\\)\\t\\[\\+\\]"; static const uschar * ava_re_virus_str = US "(?!\\\\)\\t\\[L\\]\\d+\\.0\\t0\\s(.*)"; static const uschar * ava_re_error_str = US "(?!\\\\)\\t\\[E\\]\\d+\\.0\\tError\\s\\d+\\s(.*)"; -static const pcre * ava_re_clean = NULL; -static const pcre * ava_re_virus = NULL; -static const pcre * ava_re_error = NULL; +static const pcre2_code * ava_re_clean = NULL; +static const pcre2_code * ava_re_virus = NULL; +static const pcre2_code * ava_re_error = NULL; #endif #ifndef DISABLE_MAL_FFROT6D static const uschar * fprot6d_re_error_str = US "^\\d+\\s<(.+?)>$"; static const uschar * fprot6d_re_virus_str = US "^\\d+\\s\\s+.+$"; -static const pcre * fprot6d_re_error = NULL; -static const pcre * fprot6d_re_virus = NULL; +static const pcre2_code * fprot6d_re_error = NULL; +static const pcre2_code * fprot6d_re_virus = NULL; #endif @@ -301,37 +301,43 @@ if (send(sock, buf, cnt, 0) < 0) return sock; } -static const pcre * +static const pcre2_code * m_pcre_compile(const uschar * re, uschar ** errstr) { -const uschar * rerror; -int roffset; -const pcre * cre; +int err; +PCRE2_SIZE roffset; +const pcre2_code * cre; -if (!(cre = pcre_compile(CS re, PCRE_COPT, CCSS &rerror, &roffset, NULL))) - *errstr= string_sprintf("regular expression error in '%s': %s at offset %d", - re, rerror, roffset); +if (!(cre = pcre2_compile((PCRE2_SPTR)re, PCRE2_ZERO_TERMINATED, + PCRE_COPT, &err, &roffset, pcre_cmp_ctx))) + { + uschar errbuf[128]; + pcre2_get_error_message(err, errbuf, sizeof(errbuf)); + *errstr= string_sprintf("regular expression error in '%s': %s at offset %l", + re, errbuf, (long)roffset); + } return cre; } uschar * -m_pcre_exec(const pcre * cre, uschar * text) +m_pcre_exec(const pcre2_code * cre, uschar * text) { -int ovector[10*3]; -int i = pcre_exec(cre, NULL, CS text, Ustrlen(text), 0, 0, - ovector, nelem(ovector)); -uschar * substr = NULL; +pcre2_match_data * md = pcre2_match_data_create(2, pcre_gen_ctx); +int i = pcre2_match(cre, text, PCRE2_ZERO_TERMINATED, 0, 0, md, pcre_mtc_ctx); +PCRE2_UCHAR * substr = NULL; +PCRE2_SIZE slen; + if (i >= 2) /* Got it */ - pcre_get_substring(CS text, ovector, i, 1, CCSS &substr); -return substr; + pcre2_substring_get_bynumber(md, 1, &substr, &slen); +return US substr; } -static const pcre * +static const pcre2_code * m_pcre_nextinlist(const uschar ** list, int * sep, char * listerr, uschar ** errstr) { const uschar * list_ele; -const pcre * cre = NULL; +const pcre2_code * cre = NULL; if (!(list_ele = string_nextinlist(list, sep, NULL, 0))) *errstr = US listerr; @@ -581,7 +587,7 @@ const uschar *av_scanner_work = av_scanner; uschar *scanner_name; unsigned long mbox_size; FILE *mbox_file; -const pcre *re; +const pcre2_code *re; uschar * errstr; struct scan * scanent; const uschar * scanner_options; @@ -923,7 +929,7 @@ badseek: err = errno; /* read and concatenate virus names into one string */ for (int i = 0; i < drweb_vnum; i++) { - int ovector[10*3]; + pcre2_match_data * md = pcre2_match_data_create(2, pcre_gen_ctx); /* read the size of report */ if (!recv_len(malware_daemon_ctx.sock, &drweb_slen, sizeof(drweb_slen), tmo)) @@ -941,22 +947,20 @@ badseek: err = errno; tmpbuf[drweb_slen] = '\0'; /* try matcher on the line, grab substring */ - result = pcre_exec(drweb_re, NULL, CS tmpbuf, Ustrlen(tmpbuf), 0, 0, - ovector, nelem(ovector)); + result = pcre2_match(drweb_re, (PCRE2_SPTR)tmpbuf, PCRE2_ZERO_TERMINATED, + 0, 0, md, pcre_mtc_ctx); if (result >= 2) { - const char * pre_malware_nb; - - pcre_get_substring(CS tmpbuf, ovector, result, 1, &pre_malware_nb); + PCRE2_SIZE * ovec = pcre2_get_ovector_pointer(md); if (i==0) /* the first name we just copy to malware_name */ - g = string_cat(NULL, US pre_malware_nb); + g = string_catn(NULL, US ovec[2], ovec[3] - ovec[2]); - /*XXX could be string_append_listele? */ else /* concatenate each new virus name to previous */ - g = string_append(g, 2, "/", pre_malware_nb); - - pcre_free_substring(pre_malware_nb); + { + g = string_catn(g, US"/", 1); + g = string_catn(g, US ovec[2], ovec[3] - ovec[2]); + } } } malware_name = string_from_gstring(g); @@ -1149,7 +1153,7 @@ badseek: err = errno; int kav_rc; unsigned long kav_reportlen; int bread; - const pcre *kav_re; + const pcre2_code *kav_re; uschar *p; /* get current date and time, build scan request */ @@ -1258,8 +1262,8 @@ badseek: err = errno; case M_CMDL: /* "cmdline" scanner type ---------------------------------- */ { const uschar *cmdline_scanner = scanner_options; - const pcre *cmdline_trigger_re; - const pcre *cmdline_regex_re; + const pcre2_code *cmdline_trigger_re; + const pcre2_code *cmdline_regex_re; uschar * file_name; uschar * commandline; void (*eximsigchld)(int); @@ -1880,8 +1884,8 @@ badseek: err = errno; uschar * linebuffer; uschar * sockline_scanner; uschar sockline_scanner_default[] = "%s\n"; - const pcre *sockline_trig_re; - const pcre *sockline_name_re; + const pcre2_code *sockline_trig_re; + const pcre2_code *sockline_name_re; /* find scanner command line */ if ( (sockline_scanner = string_nextinlist(&av_scanner_work, &sep, @@ -2120,7 +2124,7 @@ badseek: err = errno; if (malware_name) /* Nothing else matters, just read on */ break; - if (pcre_exec(ava_re_clean, NULL, CS buf, slen, 0, 0, NULL, 0) == 0) + if (regex_match(ava_re_clean, buf, slen, NULL)) break; if ((malware_name = m_pcre_exec(ava_re_virus, buf))) @@ -2141,7 +2145,7 @@ badseek: err = errno; break; } } - else if (pcre_exec(ava_re_error, NULL, CS buf, slen, 0, 0, NULL, 0) == 0) + else if (regex_match(ava_re_error, buf, slen, NULL)) { log_write(0, LOG_MAIN, "internal scanner error (ignored): %s", buf); break; diff --git a/src/src/match.c b/src/src/match.c index 5f6c1fb01..46dd2eec8 100644 --- a/src/src/match.c +++ b/src/src/match.c @@ -128,9 +128,9 @@ required. */ if (pattern[0] == '^') { - const pcre * re = regex_must_compile(pattern, cb->caseless, FALSE); + const pcre2_code * re = regex_must_compile(pattern, cb->caseless, FALSE); if (expand_setup < 0 - ? pcre_exec(re, NULL, CCS s, Ustrlen(s), 0, PCRE_EOPT, NULL, 0) < 0 + ? !regex_match(re, s, -1, NULL) : !regex_match_and_setup(re, s, 0, expand_setup) ) return FAIL; diff --git a/src/src/queue.c b/src/src/queue.c index 567784575..8fb82b4fc 100644 --- a/src/src/queue.c +++ b/src/src/queue.c @@ -350,8 +350,8 @@ queue_run(uschar *start_id, uschar *stop_id, BOOL recurse) { BOOL force_delivery = f.queue_run_force || deliver_selectstring != NULL || deliver_selectstring_sender != NULL; -const pcre *selectstring_regex = NULL; -const pcre *selectstring_regex_sender = NULL; +const pcre2_code *selectstring_regex = NULL; +const pcre2_code *selectstring_regex_sender = NULL; uschar *log_detail = NULL; int subcount = 0; uschar subdirs[64]; @@ -569,9 +569,7 @@ for (int i = queue_run_in_order ? -1 : 0; else if ( deliver_selectstring_sender && !(f.deliver_selectstring_sender_regex - ? (pcre_exec(selectstring_regex_sender, NULL, - CS sender_address, Ustrlen(sender_address), 0, PCRE_EOPT, - NULL, 0) >= 0) + ? regex_match(selectstring_regex_sender, sender_address, -1, NULL) : (strstric(sender_address, deliver_selectstring_sender, FALSE) != NULL) ) ) @@ -590,8 +588,7 @@ for (int i = queue_run_in_order ? -1 : 0; { uschar *address = recipients_list[i].address; if ( (f.deliver_selectstring_regex - ? (pcre_exec(selectstring_regex, NULL, CS address, - Ustrlen(address), 0, PCRE_EOPT, NULL, 0) >= 0) + ? regex_match(selectstring_regex, address, -1, NULL) : (strstric(address, deliver_selectstring, FALSE) != NULL) ) && tree_search(tree_nonrecipients, address) == NULL diff --git a/src/src/regex.c b/src/src/regex.c index f9c06b9e3..35af5e1b5 100644 --- a/src/src/regex.c +++ b/src/src/regex.c @@ -17,7 +17,7 @@ /* Structure to hold a list of Regular expressions */ typedef struct pcre_list { - pcre *re; + pcre2_code *re; uschar *pcre_text; struct pcre_list *next; } pcre_list; @@ -32,8 +32,6 @@ compile(const uschar * list) { int sep = 0; uschar *regex_string; -const char *pcre_error; -int pcre_erroffset; pcre_list *re_list_head = NULL; pcre_list *ri; @@ -41,15 +39,19 @@ pcre_list *ri; while ((regex_string = string_nextinlist(&list, &sep, NULL, 0))) if (strcmpic(regex_string, US"false") != 0 && Ustrcmp(regex_string, "0") != 0) { - pcre *re; + pcre2_code * re; + int err; + PCRE2_SIZE pcre_erroffset; /* compile our regular expression */ - if (!(re = pcre_compile( CS regex_string, - 0, &pcre_error, &pcre_erroffset, NULL ))) + if (!(re = pcre2_compile( (PCRE2_SPTR) regex_string, PCRE2_ZERO_TERMINATED, + 0, &err, &pcre_erroffset, pcre_cmp_ctx))) { + uschar errbuf[128]; + pcre2_get_error_message(err, errbuf, sizeof(errbuf)); log_write(0, LOG_MAIN, - "regex acl condition warning - error in regex '%s': %s at offset %d, skipped.", - regex_string, pcre_error, pcre_erroffset); + "regex acl condition warning - error in regex '%s': %s at offset %l, skipped.", + regex_string, errbuf, (long)pcre_erroffset); continue; } @@ -65,25 +67,31 @@ return re_list_head; static int matcher(pcre_list * re_list_head, uschar * linebuffer, int len) { -for(pcre_list * ri = re_list_head; ri; ri = ri->next) +pcre2_match_data * md = pcre2_match_data_create(REGEX_VARS + 1, pcre_gen_ctx); + +for (pcre_list * ri = re_list_head; ri; ri = ri->next) { - int ovec[3*(REGEX_VARS+1)]; int n; /* try matcher on the line */ - if ((n = pcre_exec(ri->re, NULL, CS linebuffer, len, 0, 0, ovec, nelem(ovec))) > 0) + if ((n = pcre2_match(ri->re, (PCRE2_SPTR)linebuffer, len, 0, 0, md, pcre_mtc_ctx)) > 0) { Ustrncpy(regex_match_string_buffer, ri->pcre_text, sizeof(regex_match_string_buffer)-1); regex_match_string = regex_match_string_buffer; for (int nn = 1; nn < n; nn++) - regex_vars[nn-1] = - string_copyn(linebuffer + ovec[nn*2], ovec[nn*2+1] - ovec[nn*2]); + { + PCRE2_UCHAR * cstr; + PCRE2_SIZE cslen; + pcre2_substring_get_bynumber(md, nn, &cstr, &cslen); + regex_vars[nn-1] = US cstr; + } return OK; } } +pcre2_match_data_free(md); return FAIL; } diff --git a/src/src/routers/iplookup.c b/src/src/routers/iplookup.c index 3035b8863..04bc8e26f 100644 --- a/src/src/routers/iplookup.c +++ b/src/src/routers/iplookup.c @@ -165,7 +165,7 @@ host_item *host = store_get(sizeof(host_item), FALSE); address_item *new_addr; iplookup_router_options_block *ob = (iplookup_router_options_block *)(rblock->options_block); -const pcre *re = ob->re_response_pattern; +const pcre2_code *re = ob->re_response_pattern; int count, query_len, rc; int sep = 0; diff --git a/src/src/routers/iplookup.h b/src/src/routers/iplookup.h index d5217ef0f..9b2bf0f41 100644 --- a/src/src/routers/iplookup.h +++ b/src/src/routers/iplookup.h @@ -17,7 +17,7 @@ typedef struct { uschar *query; uschar *response_pattern; uschar *reroute; - const pcre *re_response_pattern; + const pcre2_code *re_response_pattern; BOOL optional; } iplookup_router_options_block; diff --git a/src/src/routers/redirect.c b/src/src/routers/redirect.c index 0090ddaed..71769dbc3 100644 --- a/src/src/routers/redirect.c +++ b/src/src/routers/redirect.c @@ -734,15 +734,13 @@ switch (frc) addr->message = yield == FAIL ? US"forced rejection" : US"forced defer"; else { - int ovector[3]; - if (ob->forbid_smtp_code && - pcre_exec(regex_smtp_code, NULL, CS addr->message, - Ustrlen(addr->message), 0, PCRE_EOPT, - ovector, sizeof(ovector)/sizeof(int)) >= 0) + uschar * matched; + if ( ob->forbid_smtp_code + && regex_match(regex_smtp_code, addr->message, -1, &matched)) { DEBUG(D_route) debug_printf("SMTP code at start of error message " "is ignored because forbid_smtp_code is set\n"); - addr->message += ovector[1]; + addr->message += Ustrlen(matched); } addr->user_message = addr->message; setflag(addr, af_pass_message); diff --git a/src/src/smtp_in.c b/src/src/smtp_in.c index ee248c517..5e75e2c16 100644 --- a/src/src/smtp_in.c +++ b/src/src/smtp_in.c @@ -3266,27 +3266,26 @@ void smtp_message_code(uschar **code, int *codelen, uschar **msg, uschar **log_msg, BOOL check_valid) { -int n; -int ovector[3]; +uschar * match; +int len; -if (!msg || !*msg) return; - -if ((n = pcre_exec(regex_smtp_code, NULL, CS *msg, Ustrlen(*msg), 0, - PCRE_EOPT, ovector, sizeof(ovector)/sizeof(int))) < 0) return; +if (!msg || !*msg || !regex_match(regex_smtp_code, *msg, -1, &match)) + return; +len = Ustrlen(match); if (check_valid && (*msg)[0] != (*code)[0]) { log_write(0, LOG_MAIN|LOG_PANIC, "configured error code starts with " "incorrect digit (expected %c) in \"%s\"", (*code)[0], *msg); - if (log_msg != NULL && *log_msg == *msg) - *log_msg = string_sprintf("%s %s", *code, *log_msg + ovector[1]); + if (log_msg && *log_msg == *msg) + *log_msg = string_sprintf("%s %s", *code, *log_msg + len); } else { *code = *msg; - *codelen = ovector[1]; /* Includes final space */ + *codelen = len; /* Includes final space */ } -*msg += ovector[1]; /* Chop the code off the message */ +*msg += len; /* Chop the code off the message */ return; } diff --git a/src/src/transports/appendfile.c b/src/src/transports/appendfile.c index 2d008d97d..bbd4a161f 100644 --- a/src/src/transports/appendfile.c +++ b/src/src/transports/appendfile.c @@ -662,14 +662,14 @@ the log, because we are running as an unprivileged user here. Arguments: dirname the name of the directory countptr where to add the file count (because this function recurses) - regex a compiled regex to get the size from a name + re a compiled regex to get the size from a name Returns: the sum of the sizes of the stattable files zero if the directory cannot be opened */ off_t -check_dir_size(const uschar * dirname, int *countptr, const pcre *regex) +check_dir_size(const uschar * dirname, int * countptr, const pcre2_code * re) { DIR *dir; off_t sum = 0; @@ -688,14 +688,18 @@ for (struct dirent *ent; ent = readdir(dir); ) /* If there's a regex, try to find the size using it */ - if (regex) + if (re) { - int ovector[6]; - if (pcre_exec(regex, NULL, CS name, Ustrlen(name), 0, 0, ovector,6) >= 2) + pcre2_match_data * md = pcre2_match_data_create(2, pcre_gen_ctx); + int rc = pcre2_match(re, (PCRE2_SPTR)name, PCRE2_ZERO_TERMINATED, + 0, 0, md, pcre_mtc_ctx); + PCRE2_SIZE * ovec = pcre2_get_ovector_pointer(md); + if ( rc >= 0 + && (rc = pcre2_get_ovector_count(md)) >= 2) { uschar *endptr; - off_t size = (off_t)Ustrtod(name + ovector[2], &endptr); - if (endptr == name + ovector[3]) + off_t size = (off_t)Ustrtod(name + ovec[2], &endptr); + if (endptr == name + ovec[3]) { sum += size; DEBUG(D_transport) @@ -722,7 +726,7 @@ for (struct dirent *ent; ent = readdir(dir); ) if ((statbuf.st_mode & S_IFMT) == S_IFREG) sum += statbuf.st_size / statbuf.st_nlink; else if ((statbuf.st_mode & S_IFMT) == S_IFDIR) - sum += check_dir_size(path, &count, regex); + sum += check_dir_size(path, &count, re); } closedir(dir); @@ -2175,7 +2179,7 @@ scanning is expensive; for maildirs some fudges have been invented: else { uschar *check_path; /* Default quota check path */ - const pcre *regex = NULL; /* Regex for file size from file name */ + const pcre2_code * re = NULL; /* Regex for file size from file name */ if (!check_creation(string_sprintf("%s/any", path), ob->create_file, deliver_dir)) @@ -2218,18 +2222,20 @@ else if (ob->quota_value > 0 || THRESHOLD_CHECK || ob->maildir_use_size_file) { - const uschar *error; - int offset; + PCRE2_SIZE offset; + int err; /* Compile the regex if there is one. */ if (ob->quota_size_regex) { - if (!(regex = pcre_compile(CS ob->quota_size_regex, PCRE_COPT, - CCSS &error, &offset, NULL))) + if (!(re = pcre2_compile((PCRE2_SPTR)ob->quota_size_regex, + PCRE2_ZERO_TERMINATED, PCRE_COPT, &err, &offset, pcre_cmp_ctx))) { + uschar errbuf[128]; + pcre2_get_error_message(err, errbuf, sizeof(errbuf)); addr->message = string_sprintf("appendfile: regular expression " - "error: %s at offset %d while compiling %s", error, offset, + "error: %s at offset %l while compiling %s", errbuf, (long)offset, ob->quota_size_regex); return FALSE; } @@ -2304,19 +2310,21 @@ else #ifdef SUPPORT_MAILDIR if (ob->maildir_use_size_file) { - const pcre *dir_regex = NULL; - const uschar *error; - int offset; + const pcre2_code * dir_regex = NULL; + PCRE2_SIZE offset; + int err; if (ob->maildir_dir_regex) { int check_path_len = Ustrlen(check_path); - if (!(dir_regex = pcre_compile(CS ob->maildir_dir_regex, PCRE_COPT, - CCSS &error, &offset, NULL))) + if (!(dir_regex = pcre2_compile((PCRE2_SPTR)ob->maildir_dir_regex, + PCRE2_ZERO_TERMINATED, PCRE_COPT, &err, &offset, pcre_cmp_ctx))) { + uschar errbuf[128]; + pcre2_get_error_message(err, errbuf, sizeof(errbuf)); addr->message = string_sprintf("appendfile: regular expression " - "error: %s at offset %d while compiling %s", error, offset, + "error: %s at offset %l while compiling %s", errbuf, (long)offset, ob->maildir_dir_regex); return FALSE; } @@ -2335,7 +2343,7 @@ else uschar *s = path + check_path_len; while (*s == '/') s++; s = *s ? string_sprintf("%s/new", s) : US"new"; - if (pcre_exec(dir_regex, NULL, CS s, Ustrlen(s), 0, 0, NULL, 0) < 0) + if (!regex_match(dir_regex, s, -1, NULL)) { disable_quota = TRUE; DEBUG(D_transport) debug_printf("delivery directory does not match " @@ -2356,7 +2364,7 @@ else off_t size; int filecount; - if ((maildirsize_fd = maildir_ensure_sizefile(check_path, ob, regex, dir_regex, + if ((maildirsize_fd = maildir_ensure_sizefile(check_path, ob, re, dir_regex, &size, &filecount)) == -1) { addr->basic_errno = errno; @@ -2381,7 +2389,7 @@ else * (void)unlink(CS string_sprintf("%s/maildirsize", check_path)); * if (THRESHOLD_CHECK) * mailbox_size = maildir_compute_size(check_path, &mailbox_filecount, &old_latest, - * regex, dir_regex, FALSE); + * re, dir_regex, FALSE); * } */ @@ -2403,7 +2411,7 @@ else int filecount = 0; DEBUG(D_transport) debug_printf("quota checks on directory %s\n", check_path); - size = check_dir_size(check_path, &filecount, regex); + size = check_dir_size(check_path, &filecount, re); if (mailbox_size < 0) mailbox_size = size; if (mailbox_filecount < 0) mailbox_filecount = filecount; } diff --git a/src/src/transports/appendfile.h b/src/src/transports/appendfile.h index 4f0f126bc..0f5740ef8 100644 --- a/src/src/transports/appendfile.h +++ b/src/src/transports/appendfile.h @@ -94,6 +94,6 @@ extern void appendfile_transport_init(transport_instance *); /* Function that is shared with tf_maildir.c */ -extern off_t check_dir_size(const uschar *, int *, const pcre *); +extern off_t check_dir_size(const uschar *, int *, const pcre2_code *); /* End of transports/appendfile.h */ diff --git a/src/src/transports/lmtp.c b/src/src/transports/lmtp.c index 5a1b7c9b0..e3b3639ad 100644 --- a/src/src/transports/lmtp.c +++ b/src/src/transports/lmtp.c @@ -558,23 +558,23 @@ allows for message+recipient checks after the message has been received. */ /* First thing is to wait for an initial greeting. */ Ustrcpy(big_buffer, US"initial connection"); -if (!lmtp_read_response(out, buffer, sizeof(buffer), '2', - timeout)) goto RESPONSE_FAILED; +if (!lmtp_read_response(out, buffer, sizeof(buffer), '2', timeout)) + goto RESPONSE_FAILED; /* Next, we send a LHLO command, and expect a positive response */ -if (!lmtp_write_command(fd_in, "%s %s\r\n", "LHLO", - primary_hostname)) goto WRITE_FAILED; +if (!lmtp_write_command(fd_in, "%s %s\r\n", "LHLO", primary_hostname)) + goto WRITE_FAILED; -if (!lmtp_read_response(out, buffer, sizeof(buffer), '2', - timeout)) goto RESPONSE_FAILED; +if (!lmtp_read_response(out, buffer, sizeof(buffer), '2', timeout)) + goto RESPONSE_FAILED; /* If the ignore_quota option is set, note whether the server supports the IGNOREQUOTA option, and if so, set an appropriate addition for RCPT. */ if (ob->ignore_quota) - igquotstr = (pcre_exec(regex_IGNOREQUOTA, NULL, CS buffer, - Ustrlen(CS buffer), 0, PCRE_EOPT, NULL, 0) >= 0)? US" IGNOREQUOTA" : US""; + igquotstr = regex_match(regex_IGNOREQUOTA, buffer, -1, NULL) + ? US" IGNOREQUOTA" : US""; /* Now the envelope sender */ diff --git a/src/src/transports/smtp.c b/src/src/transports/smtp.c index 7bb1249cc..0db157a66 100644 --- a/src/src/transports/smtp.c +++ b/src/src/transports/smtp.c @@ -237,48 +237,39 @@ static unsigned ehlo_response(uschar * buf, unsigned checks); void smtp_deliver_init(void) { -if (!regex_PIPELINING) regex_PIPELINING = - regex_must_compile(US"\\n250[\\s\\-]PIPELINING(\\s|\\n|$)", FALSE, TRUE); - -if (!regex_SIZE) regex_SIZE = - regex_must_compile(US"\\n250[\\s\\-]SIZE(\\s|\\n|$)", FALSE, TRUE); - -if (!regex_AUTH) regex_AUTH = - regex_must_compile(AUTHS_REGEX, FALSE, TRUE); +struct list + { + const pcre2_code ** re; + const uschar * string; + } list[] = + { + { ®ex_AUTH, AUTHS_REGEX }, + { ®ex_CHUNKING, US"\\n250[\\s\\-]CHUNKING(\\s|\\n|$)" }, + { ®ex_DSN, US"\\n250[\\s\\-]DSN(\\s|\\n|$)" }, + { ®ex_IGNOREQUOTA, US"\\n250[\\s\\-]IGNOREQUOTA(\\s|\\n|$)" }, + { ®ex_PIPELINING, US"\\n250[\\s\\-]PIPELINING(\\s|\\n|$)" }, + { ®ex_SIZE, US"\\n250[\\s\\-]SIZE(\\s|\\n|$)" }, #ifndef DISABLE_TLS -if (!regex_STARTTLS) regex_STARTTLS = - regex_must_compile(US"\\n250[\\s\\-]STARTTLS(\\s|\\n|$)", FALSE, TRUE); + { ®ex_STARTTLS, US"\\n250[\\s\\-]STARTTLS(\\s|\\n|$)" }, #endif - -if (!regex_CHUNKING) regex_CHUNKING = - regex_must_compile(US"\\n250[\\s\\-]CHUNKING(\\s|\\n|$)", FALSE, TRUE); - #ifndef DISABLE_PRDR -if (!regex_PRDR) regex_PRDR = - regex_must_compile(US"\\n250[\\s\\-]PRDR(\\s|\\n|$)", FALSE, TRUE); + { ®ex_PRDR, US"\\n250[\\s\\-]PRDR(\\s|\\n|$)" }, #endif - #ifdef SUPPORT_I18N -if (!regex_UTF8) regex_UTF8 = - regex_must_compile(US"\\n250[\\s\\-]SMTPUTF8(\\s|\\n|$)", FALSE, TRUE); + { ®ex_UTF8, US"\\n250[\\s\\-]SMTPUTF8(\\s|\\n|$)" }, #endif - -if (!regex_DSN) regex_DSN = - regex_must_compile(US"\\n250[\\s\\-]DSN(\\s|\\n|$)", FALSE, TRUE); - -if (!regex_IGNOREQUOTA) regex_IGNOREQUOTA = - regex_must_compile(US"\\n250[\\s\\-]IGNOREQUOTA(\\s|\\n|$)", FALSE, TRUE); - #ifndef DISABLE_PIPE_CONNECT -if (!regex_EARLY_PIPE) regex_EARLY_PIPE = - regex_must_compile(US"\\n250[\\s\\-]" EARLY_PIPE_FEATURE_NAME "(\\s|\\n|$)", FALSE, TRUE); + { ®ex_EARLY_PIPE, US"\\n250[\\s\\-]" EARLY_PIPE_FEATURE_NAME "(\\s|\\n|$)" }, #endif - #ifdef EXPERIMENTAL_ESMTP_LIMITS -if (!regex_LIMITS) regex_LIMITS = - regex_must_compile(US"\\n250[\\s\\-]LIMITS\\s", FALSE, TRUE); + { ®ex_LIMITS, US"\\n250[\\s\\-]LIMITS\\s" }, #endif + }; + +for (struct list * l = list; l < list + nelem(list); l++) + if (!*l->re) + *l->re = regex_must_compile(l->string, FALSE, TRUE); } @@ -777,13 +768,12 @@ This saves us dealing with a duplicate set of values. */ static void ehlo_response_limits_read(smtp_context * sx) { -int ovec[3]; /* results vector for a main-match only */ +uschar * match; /* matches up to just after the first space after the keyword */ -if (pcre_exec(regex_LIMITS, NULL, CS sx->buffer, Ustrlen(sx->buffer), - 0, PCRE_EOPT, ovec, nelem(ovec)) >= 0) - for (const uschar * s = sx->buffer + ovec[1]; *s; ) +if (regex_match(regex_LIMITS, sx->buffer, -1, &match)) + for (const uschar * s = sx->buffer + Ustrlen(match); *s; ) { while (isspace(*s)) s++; if (*s == '\n') break; @@ -1809,57 +1799,65 @@ return Ustrcmp(current_local_identity, message_local_identity) == 0; static unsigned ehlo_response(uschar * buf, unsigned checks) { -size_t bsize = Ustrlen(buf); +PCRE2_SIZE bsize = Ustrlen(buf); +pcre2_match_data * md = pcre2_match_data_create(1, pcre_gen_ctx); /* debug_printf("%s: check for 0x%04x\n", __FUNCTION__, checks); */ #ifndef DISABLE_TLS if ( checks & OPTION_TLS - && pcre_exec(regex_STARTTLS, NULL, CS buf, bsize, 0, PCRE_EOPT, NULL, 0) < 0) + && pcre2_match(regex_STARTTLS, + (PCRE2_SPTR)buf, bsize, 0, PCRE_EOPT, md, pcre_mtc_ctx) < 0) #endif checks &= ~OPTION_TLS; if ( checks & OPTION_IGNQ - && pcre_exec(regex_IGNOREQUOTA, NULL, CS buf, bsize, 0, - PCRE_EOPT, NULL, 0) < 0) + && pcre2_match(regex_IGNOREQUOTA, + (PCRE2_SPTR)buf, bsize, 0, PCRE_EOPT, md, pcre_mtc_ctx) < 0) checks &= ~OPTION_IGNQ; if ( checks & OPTION_CHUNKING - && pcre_exec(regex_CHUNKING, NULL, CS buf, bsize, 0, PCRE_EOPT, NULL, 0) < 0) + && pcre2_match(regex_CHUNKING, + (PCRE2_SPTR)buf, bsize, 0, PCRE_EOPT, md, pcre_mtc_ctx) < 0) checks &= ~OPTION_CHUNKING; #ifndef DISABLE_PRDR if ( checks & OPTION_PRDR - && pcre_exec(regex_PRDR, NULL, CS buf, bsize, 0, PCRE_EOPT, NULL, 0) < 0) + && pcre2_match(regex_PRDR, + (PCRE2_SPTR)buf, bsize, 0, PCRE_EOPT, md, pcre_mtc_ctx) < 0) #endif checks &= ~OPTION_PRDR; #ifdef SUPPORT_I18N if ( checks & OPTION_UTF8 - && pcre_exec(regex_UTF8, NULL, CS buf, bsize, 0, PCRE_EOPT, NULL, 0) < 0) + && pcre2_match(regex_UTF8, + (PCRE2_SPTR)buf, bsize, 0, PCRE_EOPT, md, pcre_mtc_ctx) < 0) #endif checks &= ~OPTION_UTF8; if ( checks & OPTION_DSN - && pcre_exec(regex_DSN, NULL, CS buf, bsize, 0, PCRE_EOPT, NULL, 0) < 0) + && pcre2_match(regex_DSN, + (PCRE2_SPTR)buf, bsize, 0, PCRE_EOPT, md, pcre_mtc_ctx) < 0) checks &= ~OPTION_DSN; if ( checks & OPTION_PIPE - && pcre_exec(regex_PIPELINING, NULL, CS buf, bsize, 0, - PCRE_EOPT, NULL, 0) < 0) + && pcre2_match(regex_PIPELINING, + (PCRE2_SPTR)buf, bsize, 0, PCRE_EOPT, md, pcre_mtc_ctx) < 0) checks &= ~OPTION_PIPE; if ( checks & OPTION_SIZE - && pcre_exec(regex_SIZE, NULL, CS buf, bsize, 0, PCRE_EOPT, NULL, 0) < 0) + && pcre2_match(regex_SIZE, + (PCRE2_SPTR)buf, bsize, 0, PCRE_EOPT, md, pcre_mtc_ctx) < 0) checks &= ~OPTION_SIZE; #ifndef DISABLE_PIPE_CONNECT if ( checks & OPTION_EARLY_PIPE - && pcre_exec(regex_EARLY_PIPE, NULL, CS buf, bsize, 0, - PCRE_EOPT, NULL, 0) < 0) + && pcre2_match(regex_EARLY_PIPE, + (PCRE2_SPTR)buf, bsize, 0, PCRE_EOPT, md, pcre_mtc_ctx) < 0) #endif checks &= ~OPTION_EARLY_PIPE; +pcre2_match_data_free(md); /* debug_printf("%s: found 0x%04x\n", __FUNCTION__, checks); */ return checks; } diff --git a/src/src/transports/tf_maildir.c b/src/src/transports/tf_maildir.c index cd1964aa7..2d7d01f11 100644 --- a/src/src/transports/tf_maildir.c +++ b/src/src/transports/tf_maildir.c @@ -140,24 +140,26 @@ for (i = 0; i < 4; i++) /* If the basic path matches maildirfolder_create_regex, we are dealing with a subfolder, and should ensure that a maildirfolder file exists. */ -if (maildirfolder_create_regex != NULL) +if (maildirfolder_create_regex) { - const uschar *error; - int offset; - const pcre *regex; + int err; + PCRE2_SIZE offset; + const pcre2_code * re; DEBUG(D_transport) debug_printf("checking for maildirfolder requirement\n"); - if (!(regex = pcre_compile(CS maildirfolder_create_regex, PCRE_COPT, - CCSS &error, &offset, NULL))) + if (!(re = pcre2_compile((PCRE2_SPTR)maildirfolder_create_regex, + PCRE2_ZERO_TERMINATED, PCRE_COPT, &err, &offset, pcre_cmp_ctx))) { + uschar errbuf[128]; + pcre2_get_error_message(err, errbuf, sizeof(errbuf)); addr->message = string_sprintf("appendfile: regular expression " - "error: %s at offset %d while compiling %s", error, offset, + "error: %s at offset %l while compiling %s", errbuf, (long)offset, maildirfolder_create_regex); return FALSE; } - if (pcre_exec(regex, NULL, CS path, Ustrlen(path), 0, 0, NULL, 0) >= 0) + if (regex_match(re, path, -1, NULL)) { uschar *fname = string_sprintf("%s/maildirfolder", path); if (Ustat(fname, &statbuf) == 0) @@ -250,7 +252,7 @@ Returns: the sum of the sizes of the messages off_t maildir_compute_size(uschar *path, int *filecount, time_t *latest, - const pcre *regex, const pcre *dir_regex, BOOL timestamp_only) + const pcre2_code *regex, const pcre2_code *dir_regex, BOOL timestamp_only) { DIR *dir; off_t sum = 0; @@ -269,8 +271,7 @@ for (struct dirent *ent; ent = readdir(dir); ) scan. We do the regex match first, because that avoids a stat() for names we aren't interested in. */ - if (dir_regex != NULL && - pcre_exec(dir_regex, NULL, CS name, Ustrlen(name), 0, 0, NULL, 0) < 0) + if (dir_regex && !regex_match(dir_regex, name, -1, NULL)) { DEBUG(D_transport) debug_printf("skipping %s/%s: dir_regex does not match\n", path, name); @@ -358,7 +359,7 @@ Returns: >=0 a file descriptor for an open maildirsize file int maildir_ensure_sizefile(uschar *path, appendfile_transport_options_block *ob, - const pcre *regex, const pcre *dir_regex, off_t *returned_size, + const pcre2_code *regex, const pcre2_code *dir_regex, off_t *returned_size, int *returned_filecount) { int count, fd; diff --git a/src/src/transports/tf_maildir.h b/src/src/transports/tf_maildir.h index 0be6bc481..8c26b32c0 100644 --- a/src/src/transports/tf_maildir.h +++ b/src/src/transports/tf_maildir.h @@ -8,13 +8,13 @@ /* Header file for the functions that are used to support the use of maildirsize files for quota handling in maildir directories. */ -extern off_t maildir_compute_size(uschar *, int *, time_t *, const pcre *, - const pcre *, BOOL); +extern off_t maildir_compute_size(uschar *, int *, time_t *, const pcre2_code *, + const pcre2_code *, BOOL); extern BOOL maildir_ensure_directories(uschar *, address_item *, BOOL, int, uschar *); extern int maildir_ensure_sizefile(uschar *, - appendfile_transport_options_block *, const pcre *, - const pcre *, off_t *, int *); + appendfile_transport_options_block *, const pcre2_code *, + const pcre2_code *, off_t *, int *); extern void maildir_record_length(int, int); /* End of tf_maildir.h */ -- cgit v1.2.3 From 4a852e8c97fa4de42c443107121c7717e1f0c9b2 Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Sun, 12 Sep 2021 18:01:09 +0100 Subject: Use %ld not %l --- src/exim_monitor/em_init.c | 2 +- src/src/exim.c | 2 +- src/src/expand.c | 2 +- src/src/filter.c | 2 +- src/src/malware.c | 2 +- src/src/regex.c | 2 +- src/src/tls-gnu.c | 4 ++-- src/src/transports/appendfile.c | 4 ++-- src/src/transports/tf_maildir.c | 2 +- 9 files changed, 11 insertions(+), 11 deletions(-) (limited to 'src') diff --git a/src/exim_monitor/em_init.c b/src/exim_monitor/em_init.c index f85f858d4..ee27c2052 100644 --- a/src/exim_monitor/em_init.c +++ b/src/exim_monitor/em_init.c @@ -78,7 +78,7 @@ for (i = 0; i <= 1; i++) { uschar errbuf[128]; pcre2_get_error_message(err, errbuf, sizeof(errbuf)); - printf("regular expression error: %s at offset %l " + printf("regular expression error: %s at offset %ld " "while compiling %s\n", errbuf, (long)offset, buffer); exit(99); } diff --git a/src/src/exim.c b/src/src/exim.c index 27f1e9b88..ff1aa49db 100644 --- a/src/src/exim.c +++ b/src/src/exim.c @@ -1247,7 +1247,7 @@ show_db_version(fp); uschar buf[24]; pcre2_config(PCRE2_CONFIG_VERSION, buf); fprintf(fp, "Library version: PCRE2: Compile: %d.%d%s\n" - " Runtime: %s\n", + " Runtime: %s\n", PCRE2_MAJOR, PCRE2_MINOR, EXPAND_AND_QUOTE(PCRE2_PRERELEASE) "", buf); diff --git a/src/src/expand.c b/src/src/expand.c index 4e1ffbb24..2bd78aac6 100644 --- a/src/src/expand.c +++ b/src/src/expand.c @@ -5864,7 +5864,7 @@ while (*s) uschar errbuf[128]; pcre2_get_error_message(err, errbuf, sizeof(errbuf)); expand_string_message = string_sprintf("regular expression error in " - "\"%s\": %s at offset %l", sub[1], errbuf, (long)roffset); + "\"%s\": %s at offset %ld", sub[1], errbuf, (long)roffset); goto EXPAND_FAILED; } md = pcre2_match_data_create(EXPAND_MAXN + 1, pcre_gen_ctx); diff --git a/src/src/filter.c b/src/src/filter.c index 7c9e963a4..dfcc80271 100644 --- a/src/src/filter.c +++ b/src/src/filter.c @@ -1605,7 +1605,7 @@ switch (c->type) uschar errbuf[128]; pcre2_get_error_message(err, errbuf, sizeof(errbuf)); *error_pointer = string_sprintf("error while compiling " - "regular expression \"%s\": %s at offset %l", + "regular expression \"%s\": %s at offset %ld", exp[1], errbuf, (long)offset); return FALSE; } diff --git a/src/src/malware.c b/src/src/malware.c index cd80cd4b2..b34ca5794 100644 --- a/src/src/malware.c +++ b/src/src/malware.c @@ -313,7 +313,7 @@ if (!(cre = pcre2_compile((PCRE2_SPTR)re, PCRE2_ZERO_TERMINATED, { uschar errbuf[128]; pcre2_get_error_message(err, errbuf, sizeof(errbuf)); - *errstr= string_sprintf("regular expression error in '%s': %s at offset %l", + *errstr= string_sprintf("regular expression error in '%s': %s at offset %ld", re, errbuf, (long)roffset); } return cre; diff --git a/src/src/regex.c b/src/src/regex.c index 35af5e1b5..2c14eb2d9 100644 --- a/src/src/regex.c +++ b/src/src/regex.c @@ -50,7 +50,7 @@ while ((regex_string = string_nextinlist(&list, &sep, NULL, 0))) uschar errbuf[128]; pcre2_get_error_message(err, errbuf, sizeof(errbuf)); log_write(0, LOG_MAIN, - "regex acl condition warning - error in regex '%s': %s at offset %l, skipped.", + "regex acl condition warning - error in regex '%s': %s at offset %ld, skipped.", regex_string, errbuf, (long)pcre_erroffset); continue; } diff --git a/src/src/tls-gnu.c b/src/src/tls-gnu.c index 7d434f6af..618caf6a2 100644 --- a/src/src/tls-gnu.c +++ b/src/src/tls-gnu.c @@ -2112,7 +2112,7 @@ if (!state->lib_state.pri_string) if ((rc = creds_load_pristring(state, p, &errpos))) return tls_error_gnu(state, string_sprintf( "gnutls_priority_init(%s) failed at offset %ld, \"%.6s..\"", - p, errpos - CS p, errpos), + p, (long)(errpos - CS p), errpos), rc, errstr); } else @@ -4197,7 +4197,7 @@ DEBUG(D_tls) rc = gnutls_priority_init(&priority_cache, CS expciphers, &errpos); validate_check_rc(string_sprintf( "gnutls_priority_init(%s) failed at offset %ld, \"%.8s..\"", - expciphers, errpos - CS expciphers, errpos)); + expciphers, (long)(errpos - CS expciphers), errpos)); #undef return_deinit #undef validate_check_rc diff --git a/src/src/transports/appendfile.c b/src/src/transports/appendfile.c index bbd4a161f..5451416c9 100644 --- a/src/src/transports/appendfile.c +++ b/src/src/transports/appendfile.c @@ -2235,7 +2235,7 @@ else uschar errbuf[128]; pcre2_get_error_message(err, errbuf, sizeof(errbuf)); addr->message = string_sprintf("appendfile: regular expression " - "error: %s at offset %l while compiling %s", errbuf, (long)offset, + "error: %s at offset %ld while compiling %s", errbuf, (long)offset, ob->quota_size_regex); return FALSE; } @@ -2324,7 +2324,7 @@ else uschar errbuf[128]; pcre2_get_error_message(err, errbuf, sizeof(errbuf)); addr->message = string_sprintf("appendfile: regular expression " - "error: %s at offset %l while compiling %s", errbuf, (long)offset, + "error: %s at offset %ld while compiling %s", errbuf, (long)offset, ob->maildir_dir_regex); return FALSE; } diff --git a/src/src/transports/tf_maildir.c b/src/src/transports/tf_maildir.c index 2d7d01f11..2673b1443 100644 --- a/src/src/transports/tf_maildir.c +++ b/src/src/transports/tf_maildir.c @@ -154,7 +154,7 @@ if (maildirfolder_create_regex) uschar errbuf[128]; pcre2_get_error_message(err, errbuf, sizeof(errbuf)); addr->message = string_sprintf("appendfile: regular expression " - "error: %s at offset %l while compiling %s", errbuf, (long)offset, + "error: %s at offset %ld while compiling %s", errbuf, (long)offset, maildirfolder_create_regex); return FALSE; } -- cgit v1.2.3 From e2e0f812212b81ac029f90b57c63ee88455f6a12 Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Mon, 13 Sep 2021 12:37:35 +0100 Subject: constification --- src/src/exim.c | 8 ++------ src/src/expand.c | 37 ++++++++++++++++++++----------------- src/src/globals.c | 6 +++--- src/src/globals.h | 8 ++++---- src/src/regex.c | 2 +- 5 files changed, 30 insertions(+), 31 deletions(-) (limited to 'src') diff --git a/src/src/exim.c b/src/src/exim.c index ff1aa49db..833045018 100644 --- a/src/src/exim.c +++ b/src/src/exim.c @@ -150,12 +150,8 @@ pcre_mtc_ctx = pcre2_match_context_create(pcre_gen_ctx); *************************************************/ /* This function runs a regular expression match, and sets up the pointers to -the matched substrings. The matched strings are copied. - -We might consider tracing the uses of expand_nstring to see if consitification -is viable, and save the copy cost by just using the pointers into the subject string. -Pre-pcre2 we did that without noticing, so it might just work - or might have been -a bug. It was certainly a risk in the implemenation. +the matched substrings. The matched strings are copied so the lifetime of +the subject is not a problem. Arguments: re the compiled expression diff --git a/src/src/expand.c b/src/src/expand.c index 2bd78aac6..88d4e756f 100644 --- a/src/src/expand.c +++ b/src/src/expand.c @@ -1854,7 +1854,7 @@ Returns: NULL if the variable does not exist, or something non-NULL if exists_only is TRUE */ -static uschar * +static const uschar * find_variable(uschar *name, BOOL exists_only, BOOL skipping, int *newsize) { var_entry * vp; @@ -1892,15 +1892,15 @@ if (Ustrncmp(name, "auth", 4) == 0) { uschar *endptr; int n = Ustrtoul(name + 4, &endptr, 10); - if (*endptr == 0 && n != 0 && n <= AUTH_VARS) - return !auth_vars[n-1] ? US"" : auth_vars[n-1]; + if (!*endptr && n != 0 && n <= AUTH_VARS) + return auth_vars[n-1] ? auth_vars[n-1] : US""; } else if (Ustrncmp(name, "regex", 5) == 0) { uschar *endptr; int n = Ustrtoul(name + 5, &endptr, 10); - if (*endptr == 0 && n != 0 && n <= REGEX_VARS) - return !regex_vars[n-1] ? US"" : regex_vars[n-1]; + if (!*endptr && n != 0 && n <= REGEX_VARS) + return regex_vars[n-1] ? regex_vars[n-1] : US""; } /* For all other variables, search the table */ @@ -2560,7 +2560,7 @@ switch(cond_type = identify_operator(&s, &opname)) case ECOND_DEF: { - uschar * t; + const uschar * t; if (*s != ':') { @@ -3606,7 +3606,7 @@ Returns: the value of expand max to save */ static int -save_expand_strings(uschar **save_expand_nstring, int *save_expand_nlength) +save_expand_strings(const uschar **save_expand_nstring, int *save_expand_nlength) { for (int i = 0; i <= expand_nmax; i++) { @@ -3633,7 +3633,7 @@ Returns: nothing */ static void -restore_expand_strings(int save_expand_nmax, uschar **save_expand_nstring, +restore_expand_strings(int save_expand_nmax, const uschar **save_expand_nstring, int *save_expand_nlength) { expand_nmax = save_expand_nmax; @@ -4474,7 +4474,7 @@ rmark reset_point = store_mark(); gstring * yield = string_get(Ustrlen(string) + 64); int item_type; const uschar *s = string; -uschar *save_expand_nstring[EXPAND_MAXN+1]; +const uschar *save_expand_nstring[EXPAND_MAXN+1]; int save_expand_nlength[EXPAND_MAXN+1]; BOOL resetok = TRUE; @@ -4503,7 +4503,6 @@ if ((m = is_tainted2(string, LOG_MAIN|LOG_PANIC, "Tainted string '%s' in expansi while (*s) { - uschar *value; uschar name[256]; /* \ escapes the next character, which must exist, or else @@ -4561,6 +4560,7 @@ while (*s) if (isalpha((*(++s)))) { + const uschar * value; int len; int newsize = 0; gstring * g = NULL; @@ -4603,7 +4603,7 @@ while (*s) But there is no error here - nothing gets inserted. */ if (!value) - { + { /*{*/ if (Ustrchr(name, '}')) malformed_header = TRUE; continue; } @@ -4633,7 +4633,7 @@ while (*s) yield = g; yield->size = newsize; yield->ptr = len; - yield->s = value; + yield->s = US value; /* known to be in new store i.e. a copy, so deconst safe */ } else yield = string_catn(yield, value, len); @@ -8114,6 +8114,7 @@ while (*s) /*{*/ if (*s++ == '}') { + const uschar * value; int len; int newsize = 0; gstring * g = NULL; @@ -8140,7 +8141,7 @@ while (*s) yield = g; yield->size = newsize; yield->ptr = len; - yield->s = value; + yield->s = US value; /* known to be in new store i.e. a copy, so deconst safe */ } else yield = string_catn(yield, value, len); @@ -8563,6 +8564,7 @@ typedef struct { const uschar *var_data; } err_ctx; +/* Called via tree_walk, which allows nonconst name/data. Our usage is const. */ static void assert_variable_notin(uschar * var_name, uschar * var_data, void * ctx) { @@ -8584,13 +8586,14 @@ err_ctx e = { .region_start = ptr, .region_end = US ptr + len, tree_walk(acl_var_c, assert_variable_notin, &e); tree_walk(acl_var_m, assert_variable_notin, &e); -/* check auth variables */ +/* check auth variables. +assert_variable_notin() treats as const, so deconst is safe. */ for (int i = 0; i < AUTH_VARS; i++) if (auth_vars[i]) - assert_variable_notin(US"auth", auth_vars[i], &e); + assert_variable_notin(US"auth", US auth_vars[i], &e); -/* check regex variables */ +/* check regex variables. assert_variable_notin() treats as const. */ for (int i = 0; i < REGEX_VARS; i++) if (regex_vars[i]) - assert_variable_notin(US"regex", regex_vars[i], &e); + assert_variable_notin(US"regex", US regex_vars[i], &e); /* check known-name variables */ for (var_entry * v = var_table; v < var_table + var_table_size; v++) diff --git a/src/src/globals.c b/src/src/globals.c index f54a25227..7dfbc7608 100644 --- a/src/src/globals.c +++ b/src/src/globals.c @@ -658,7 +658,7 @@ auth_instance auth_defaults = { uschar *auth_defer_msg = US"reason not recorded"; uschar *auth_defer_user_msg = US""; -uschar *auth_vars[AUTH_VARS]; +const uschar *auth_vars[AUTH_VARS]; int auto_thaw = 0; #ifdef WITH_CONTENT_SCAN int av_failed = FALSE; /* boolean but accessed as vtype_int*/ @@ -924,7 +924,7 @@ int expand_level = 0; /* Nesting depth, indent for debug */ int expand_forbid = 0; int expand_nlength[EXPAND_MAXN+1]; int expand_nmax = -1; -uschar *expand_nstring[EXPAND_MAXN+1]; +const uschar *expand_nstring[EXPAND_MAXN+1]; uschar *expand_string_message; uschar *extra_local_interfaces = NULL; @@ -1320,7 +1320,7 @@ const pcre2_code *regex_EARLY_PIPE = NULL; #endif const pcre2_code *regex_ismsgid = NULL; const pcre2_code *regex_smtp_code = NULL; -uschar *regex_vars[REGEX_VARS]; +const uschar *regex_vars[REGEX_VARS]; #ifdef WHITELIST_D_MACROS const pcre2_code *regex_whitelisted_macro = NULL; #endif diff --git a/src/src/globals.h b/src/src/globals.h index 193eed6c5..95b8a08dc 100644 --- a/src/src/globals.h +++ b/src/src/globals.h @@ -372,7 +372,7 @@ extern auth_instance *auths; /* Chain of instantiated auths */ extern auth_instance auth_defaults; /* Default values */ extern uschar *auth_defer_msg; /* Error message for log */ extern uschar *auth_defer_user_msg; /* Error message for user */ -extern uschar *auth_vars[]; /* $authn variables */ +extern const uschar *auth_vars[]; /* $authn variables */ extern int auto_thaw; /* Auto-thaw interval */ #ifdef WITH_CONTENT_SCAN extern int av_failed; /* TRUE if the AV process failed */ @@ -600,7 +600,7 @@ extern int expand_level; /* Nesting depth; indent for debug */ extern int expand_forbid; /* RDO flags for forbidding things */ extern int expand_nlength[]; /* Lengths of numbered strings */ extern int expand_nmax; /* Max numerical value */ -extern uschar *expand_nstring[]; /* Numbered strings */ +extern const uschar *expand_nstring[]; /* Numbered strings */ extern BOOL extract_addresses_remove_arguments; /* Controls -t behaviour */ extern uschar *extra_local_interfaces; /* Local, non-listen interfaces */ @@ -882,9 +882,9 @@ extern const pcre2_code *regex_SIZE; /* For recognizing SIZE settings */ #ifndef DISABLE_PIPE_CONNECT extern const pcre2_code *regex_EARLY_PIPE; /* For recognizing PIPE_CONNCT */ #endif -extern const pcre2_code *regex_ismsgid; /* Compiled r.e. for message it */ +extern const pcre2_code *regex_ismsgid; /* Compiled r.e. for message ID */ extern const pcre2_code *regex_smtp_code; /* For recognizing SMTP codes */ -extern uschar *regex_vars[]; /* $regexN variables */ +extern const uschar *regex_vars[]; /* $regexN variables */ #ifdef WHITELIST_D_MACROS extern const pcre2_code *regex_whitelisted_macro; /* For -D macro values */ #endif diff --git a/src/src/regex.c b/src/src/regex.c index 2c14eb2d9..a3d6659a6 100644 --- a/src/src/regex.c +++ b/src/src/regex.c @@ -85,7 +85,7 @@ for (pcre_list * ri = re_list_head; ri; ri = ri->next) PCRE2_UCHAR * cstr; PCRE2_SIZE cslen; pcre2_substring_get_bynumber(md, nn, &cstr, &cslen); - regex_vars[nn-1] = US cstr; + regex_vars[nn-1] = CUS cstr; } return OK; -- cgit v1.2.3 From a19b9248eb5ec0414ccc4d214055e2c99debaba5 Mon Sep 17 00:00:00 2001 From: Renaud Allard Date: Tue, 14 Sep 2021 10:47:52 +0100 Subject: TLS: build dependency for LibreSSL (cherry picked from commit 48505c2b8095289f1226fe9a9fc63d4bcb387c87) --- src/src/tls-openssl.c | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'src') diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c index 89f11ce37..4d9baf952 100644 --- a/src/src/tls-openssl.c +++ b/src/src/tls-openssl.c @@ -90,6 +90,10 @@ change this guard and punt the issue for a while longer. */ # endif #endif +#if LIBRESSL_VERSION_NUMBER >= 0x3040000fL +# define EXIM_HAVE_OPENSSL_CIPHER_GET_ID +#endif + #if !defined(LIBRESSL_VERSION_NUMBER) \ || LIBRESSL_VERSION_NUMBER >= 0x20010000L # if !defined(OPENSSL_NO_ECDH) -- cgit v1.2.3 From ecb371298ce4ab016d055de06cff252098e6e603 Mon Sep 17 00:00:00 2001 From: Thomas Noll Date: Wed, 15 Sep 2021 16:29:41 +0100 Subject: Constification --- doc/doc-txt/ChangeLog | 5 +++++ src/src/expand.c | 4 ++-- src/src/filter.c | 53 +++++++++++++++++++++++++++------------------------ src/src/functions.h | 7 ++++--- src/src/globals.c | 2 +- src/src/local_scan.h | 7 ++++--- src/src/parse.c | 3 ++- src/src/rfc2047.c | 6 +++--- 8 files changed, 49 insertions(+), 38 deletions(-) (limited to 'src') diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 63f357885..62156137e 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -13,6 +13,11 @@ JH/01 Move the wait-for-next-tick (needed for unique messmage IDs) from JH/02 Move from using the pcre library to pcre2. The former is no longer being developed or supported (by the original developer). +JH/03 Constification work in the filters module required a major version + bump for the local-scan API. Specifically, the "headers_charset" + global which is visible via the API is now const and may therefore + not be modified by local-scan code. + Exim version 4.95 ----------------- diff --git a/src/src/expand.c b/src/src/expand.c index 88d4e756f..3d48301a1 100644 --- a/src/src/expand.c +++ b/src/src/expand.c @@ -1593,7 +1593,7 @@ Returns: NULL if the header does not exist, else a pointer to a new */ static uschar * -find_header(uschar *name, int *newsize, unsigned flags, uschar *charset) +find_header(uschar *name, int *newsize, unsigned flags, const uschar *charset) { BOOL found = !name; int len = name ? Ustrlen(name) : 0; @@ -4592,7 +4592,7 @@ while (*s) unsigned flags = *name == 'r' ? FH_WANT_RAW : *name == 'l' ? FH_WANT_RAW|FH_WANT_LIST : 0; - uschar * charset = *name == 'b' ? NULL : headers_charset; + const uschar * charset = *name == 'b' ? NULL : headers_charset; s = read_header_name(name, sizeof(name), s); value = find_header(name, &newsize, flags, charset); diff --git a/src/src/filter.c b/src/src/filter.c index dfcc80271..1dbae43e9 100644 --- a/src/src/filter.c +++ b/src/src/filter.c @@ -1993,16 +1993,19 @@ while (commands) s = expargs[0]; if (filter_test != FTEST_NONE) - printf("Headers %s \"%s\"\n", (subtype == TRUE)? "add" : - (subtype == FALSE)? "remove" : "charset", string_printing(s)); + printf("Headers %s \"%s\"\n", + subtype == TRUE ? "add" + : subtype == FALSE ? "remove" + : "charset", + string_printing(s)); if (subtype == TRUE) { while (isspace(*s)) s++; - if (s[0] != 0) + if (*s) { - header_add(htype_other, "%s%s", s, (s[Ustrlen(s)-1] == '\n')? - "" : "\n"); + header_add(htype_other, "%s%s", s, + s[Ustrlen(s)-1] == '\n' ? "" : "\n"); header_last->type = header_checkname(header_last, FALSE); if (header_last->type >= 'a') header_last->type = htype_other; } @@ -2020,7 +2023,7 @@ while (commands) /* This setting lasts only while the filter is running; on exit, the variable is reset to the previous value. */ - else headers_charset = s; /*XXX loses track of const */ + else headers_charset = s; } break; @@ -2043,18 +2046,18 @@ while (commands) ff_name = US"freeze"; ff_ret = FF_FREEZE; - DEFERFREEZEFAIL: - fmsg = expargs[0]; /*XXX loses track of const */ - if (Ustrlen(fmsg) > 1024) Ustrcpy(fmsg + 1000, US" ... (truncated)"); - fmsg = US string_printing(fmsg); - *error_pointer = fmsg; + DEFERFREEZEFAIL: + *error_pointer = fmsg = US string_printing(Ustrlen(expargs[0]) > 1024 + ? string_sprintf("%.1000s ... (truncated)", expargs[0]) + : string_copy(expargs[0])); if (filter_test != FTEST_NONE) { indent(); printf("%c%s text \"%s\"\n", toupper(ff_name[0]), ff_name+1, fmsg); } - else DEBUG(D_filter) debug_printf_indent("Filter: %s \"%s\"\n", ff_name, fmsg); + else + DEBUG(D_filter) debug_printf_indent("Filter: %s \"%s\"\n", ff_name, fmsg); return ff_ret; case finish_command: @@ -2064,19 +2067,19 @@ while (commands) printf("%sinish\n", (commands->seen)? "Seen f" : "F"); } else - { DEBUG(D_filter) debug_printf_indent("Filter: %sfinish\n", - (commands->seen)? " Seen " : ""); - } + commands->seen ? " Seen " : ""); finish_obeyed = TRUE; - return filter_delivered? FF_DELIVERED : FF_NOTDELIVERED; + return filter_delivered ? FF_DELIVERED : FF_NOTDELIVERED; case if_command: { uschar *save_address = filter_thisaddress; int ok = FF_DELIVERED; condition_value = test_condition(commands->args[0].c, TRUE); - if (*error_pointer != NULL) ok = FF_ERROR; else + if (*error_pointer) + ok = FF_ERROR; + else { output_indent += 2; ok = interpret_commands(commands->args[condition_value? 1:2].f, @@ -2084,7 +2087,7 @@ while (commands) output_indent -= 2; } filter_thisaddress = save_address; - if (finish_obeyed || (ok != FF_DELIVERED && ok != FF_NOTDELIVERED)) + if (finish_obeyed || ok != FF_DELIVERED && ok != FF_NOTDELIVERED) return ok; } break; @@ -2096,7 +2099,7 @@ while (commands) case mail_command: case vacation_command: - if (return_path == NULL || return_path[0] == 0) + if (!return_path || !*return_path) { if (filter_test != FTEST_NONE) printf("%s command ignored because return_path is empty\n", @@ -2126,10 +2129,10 @@ while (commands) for (i = 0; i < MAILARGS_STRING_COUNT; i++) { - uschar *p; + const uschar *p; const uschar *s = expargs[i]; - if (s == NULL) continue; + if (!s) continue; if (i != mailarg_index_text) for (p = s; *p != 0; p++) { @@ -2161,12 +2164,12 @@ while (commands) else { - uschar *pp; + const uschar *pp; for (pp = p + 1;; pp++) { c = *pp; if (c == ':' && pp != p + 1) break; - if (c == 0 || c == ':' || isspace(*pp)) + if (!c || c == ':' || isspace(c)) { *error_pointer = string_sprintf("\\n not followed by space or " "valid header name in \"%.1024s\" in %s command", @@ -2196,7 +2199,7 @@ while (commands) commands->noerror ? " (noerror)" : ""); for (i = 1; i < MAILARGS_STRING_COUNT; i++) { - uschar *arg = commands->args[i].u; + const uschar *arg = commands->args[i].u; if (arg) { int len = Ustrlen(mailargs[i]); @@ -2505,7 +2508,7 @@ filter_interpret(uschar *filter, int options, address_item **generated, int i; int yield = FF_ERROR; uschar *ptr = filter; -uschar *save_headers_charset = headers_charset; +const uschar *save_headers_charset = headers_charset; filter_cmd *commands = NULL; filter_cmd **lastcmdptr = &commands; diff --git a/src/src/functions.h b/src/src/functions.h index a51998864..43424061a 100644 --- a/src/src/functions.h +++ b/src/src/functions.h @@ -378,7 +378,8 @@ extern uschar *parse_find_address_end(const uschar *, BOOL); extern const uschar *parse_find_at(const uschar *); extern const uschar *parse_fix_phrase(const uschar *, int); extern const uschar *parse_message_id(const uschar *, uschar **, uschar **); -extern const uschar *parse_quote_2047(const uschar *, int, uschar *, BOOL); +extern const uschar *parse_quote_2047(const uschar *, int, const uschar *, + BOOL); extern const uschar *parse_date_time(const uschar *str, time_t *t); extern void priv_drop_temp(const uid_t, const gid_t); extern void priv_restore(void); @@ -444,8 +445,8 @@ extern header_line *rewrite_header(header_line *, extern const uschar *rewrite_one(const uschar *, int, BOOL *, BOOL, uschar *, rewrite_rule *); extern void rewrite_test(const uschar *); -extern uschar *rfc2047_decode2(uschar *, BOOL, uschar *, int, int *, int *, - uschar **); +extern uschar *rfc2047_decode2(uschar *, BOOL, const uschar *, int, int *, + int *, uschar **); extern int route_address(address_item *, address_item **, address_item **, address_item **, address_item **, int); extern int route_check_prefix(const uschar *, const uschar *, unsigned *); diff --git a/src/src/globals.c b/src/src/globals.c index 7dfbc7608..19269138c 100644 --- a/src/src/globals.c +++ b/src/src/globals.c @@ -953,7 +953,7 @@ volatile sig_atomic_t had_command_timeout = 0; volatile sig_atomic_t had_command_sigterm = 0; volatile sig_atomic_t had_data_timeout = 0; volatile sig_atomic_t had_data_sigint = 0; -uschar *headers_charset = US HEADERS_CHARSET; +const uschar *headers_charset = US HEADERS_CHARSET; int header_insert_maxlen = 64 * 1024; header_line *header_last = NULL; header_line *header_list = NULL; diff --git a/src/src/local_scan.h b/src/src/local_scan.h index cb50a6809..3efe94941 100644 --- a/src/src/local_scan.h +++ b/src/src/local_scan.h @@ -40,7 +40,7 @@ ABI is changed in a non backward compatible way. The minor number is increased each time a new feature is added (in a way that doesn't break backward compatibility). */ -#define LOCAL_SCAN_ABI_VERSION_MAJOR 4 +#define LOCAL_SCAN_ABI_VERSION_MAJOR 5 #define LOCAL_SCAN_ABI_VERSION_MINOR 1 #define LOCAL_SCAN_ABI_VERSION \ LOCAL_SCAN_ABI_VERSION_MAJOR.LOCAL_SCAN_ABI_VERSION_MINOR @@ -160,7 +160,7 @@ extern unsigned int debug_selector; /* Debugging bits */ extern int body_linecount; /* Line count in body */ extern int body_zerocount; /* Binary zero count in body */ extern uschar *expand_string_message; /* Error info for failing expansion */ -extern uschar *headers_charset; /* Charset for RFC 2047 decoding */ +extern const uschar *headers_charset; /* Charset for RFC 2047 decoding */ extern header_line *header_last; /* Final header */ extern header_line *header_list; /* First header */ extern BOOL host_checking; /* Set when checking a host */ @@ -198,7 +198,8 @@ extern int lss_match_address(uschar *, uschar *, BOOL); extern int lss_match_host(uschar *, uschar *, uschar *); extern void receive_add_recipient(uschar *, int); extern BOOL receive_remove_recipient(uschar *); -extern uschar *rfc2047_decode(uschar *, BOOL, uschar *, int, int *, uschar **); +extern uschar *rfc2047_decode(uschar *, BOOL, const uschar *, int, int *, + uschar **); extern int smtp_fflush(void); extern void smtp_printf(const char *, BOOL, ...) PRINTF_FUNCTION(1,3); extern void smtp_vprintf(const char *, BOOL, va_list); diff --git a/src/src/parse.c b/src/src/parse.c index 58f894199..352f07d60 100644 --- a/src/src/parse.c +++ b/src/src/parse.c @@ -863,7 +863,8 @@ Returns: pointer to the original string, if no quoting needed, or */ const uschar * -parse_quote_2047(const uschar *string, int len, uschar *charset, BOOL fold) +parse_quote_2047(const uschar *string, int len, const uschar *charset, + BOOL fold) { const uschar * s = string; int hlen, l; diff --git a/src/src/rfc2047.c b/src/src/rfc2047.c index 6c461029b..c3cf4db11 100644 --- a/src/src/rfc2047.c +++ b/src/src/rfc2047.c @@ -186,8 +186,8 @@ Returns: the decoded, converted string, or NULL on error; if there are */ uschar * -rfc2047_decode2(uschar *string, BOOL lencheck, uschar *target, int zeroval, - int *lenptr, int *sizeptr, uschar **error) +rfc2047_decode2(uschar *string, BOOL lencheck, const uschar *target, + int zeroval, int *lenptr, int *sizeptr, uschar **error) { int size = Ustrlen(string); size_t dlen; @@ -336,7 +336,7 @@ return string_from_gstring(yield); argument. */ uschar * -rfc2047_decode(uschar *string, BOOL lencheck, uschar *target, int zeroval, +rfc2047_decode(uschar *string, BOOL lencheck, const uschar *target, int zeroval, int *lenptr, uschar **error) { return rfc2047_decode2(string, lencheck, target, zeroval, lenptr, NULL, error); -- cgit v1.2.3