[exim-cvs] cvs commit: exim/exim-doc/doc-txt ChangeLog exim…

Top Page
Delete this message
Reply to this message
Author: Philip Hazel
Date:  
To: exim-cvs
Subject: [exim-cvs] cvs commit: exim/exim-doc/doc-txt ChangeLog exim/exim-src/src deliver.c exim.c expand.c functions.h smtp_in.c exim/exim-test/scripts/0000-Basic 0002 exim/exim-test/stdout 0002
ph10 2006/09/18 15:49:24 BST

  Modified files:
    exim-doc/doc-txt     ChangeLog 
    exim-src/src         deliver.c exim.c expand.c functions.h 
                         smtp_in.c 
    exim-test/scripts/0000-Basic 0002 
    exim-test/stdout     0002 
  Log:
  Check for overflow in numeric expansion conditions; forbid negative
  values for message_size_limit.


  Revision  Changes    Path
  1.392     +4 -0      exim/exim-doc/doc-txt/ChangeLog
  1.36      +2 -2      exim/exim-src/src/deliver.c
  1.43      +2 -2      exim/exim-src/src/exim.c
  1.60      +14 -22    exim/exim-src/src/expand.c
  1.26      +1 -1      exim/exim-src/src/functions.h
  1.42      +2 -2      exim/exim-src/src/smtp_in.c
  1.6       +7 -0      exim/exim-test/scripts/0000-Basic/0002
  1.6       +9 -2      exim/exim-test/stdout/0002


  Index: ChangeLog
  ===================================================================
  RCS file: /home/cvs/exim/exim-doc/doc-txt/ChangeLog,v
  retrieving revision 1.391
  retrieving revision 1.392
  diff -u -r1.391 -r1.392
  --- ChangeLog    18 Sep 2006 11:06:20 -0000    1.391
  +++ ChangeLog    18 Sep 2006 14:49:23 -0000    1.392
  @@ -1,4 +1,4 @@
  -$Cambridge: exim/exim-doc/doc-txt/ChangeLog,v 1.391 2006/09/18 11:06:20 ph10 Exp $
  +$Cambridge: exim/exim-doc/doc-txt/ChangeLog,v 1.392 2006/09/18 14:49:23 ph10 Exp $


Change log file for Exim from version 4.21
-------------------------------------------
@@ -37,6 +37,10 @@
PH/05 Applied Nico Efrurth's refactoring patch to tidy up spool_mbox.c.

PH/06 Installed the latest Cygwin Makefile from the Cygwin maintainer.
+
+PH/07 There was no check for overflow in expansions such as ${if >{1}{4096M}}.
+
+PH/08 An error is now given if message_size_limit is specified negative.


Exim version 4.63

  Index: deliver.c
  ===================================================================
  RCS file: /home/cvs/exim/exim-src/src/deliver.c,v
  retrieving revision 1.35
  retrieving revision 1.36
  diff -u -r1.35 -r1.36
  --- deliver.c    4 Jul 2006 09:07:20 -0000    1.35
  +++ deliver.c    18 Sep 2006 14:49:23 -0000    1.36
  @@ -1,4 +1,4 @@
  -/* $Cambridge: exim/exim-src/src/deliver.c,v 1.35 2006/07/04 09:07:20 ph10 Exp $ */
  +/* $Cambridge: exim/exim-src/src/deliver.c,v 1.36 2006/09/18 14:49:23 ph10 Exp $ */


   /*************************************************
   *     Exim - an Internet mail transport agent    *
  @@ -1433,10 +1433,10 @@
   int size_limit;


deliver_set_expansions(addr);
-size_limit = expand_string_integer(tp->message_size_limit);
+size_limit = expand_string_integer(tp->message_size_limit, TRUE);
deliver_set_expansions(NULL);

  -if (size_limit < 0)
  +if (expand_string_message != NULL)
     {
     rc = DEFER;
     if (size_limit == -1)


  Index: exim.c
  ===================================================================
  RCS file: /home/cvs/exim/exim-src/src/exim.c,v
  retrieving revision 1.42
  retrieving revision 1.43
  diff -u -r1.42 -r1.43
  --- exim.c    27 Jul 2006 10:13:52 -0000    1.42
  +++ exim.c    18 Sep 2006 14:49:23 -0000    1.43
  @@ -1,4 +1,4 @@
  -/* $Cambridge: exim/exim-src/src/exim.c,v 1.42 2006/07/27 10:13:52 ph10 Exp $ */
  +/* $Cambridge: exim/exim-src/src/exim.c,v 1.43 2006/09/18 14:49:23 ph10 Exp $ */


   /*************************************************
   *     Exim - an Internet mail transport agent    *
  @@ -4444,8 +4444,8 @@


   else
     {
  -  thismessage_size_limit = expand_string_integer(message_size_limit);
  -  if (thismessage_size_limit < 0)
  +  thismessage_size_limit = expand_string_integer(message_size_limit, TRUE);
  +  if (expand_string_message != NULL)
       {
       if (thismessage_size_limit == -1)
         log_write(0, LOG_MAIN|LOG_PANIC_DIE, "failed to expand "


  Index: expand.c
  ===================================================================
  RCS file: /home/cvs/exim/exim-src/src/expand.c,v
  retrieving revision 1.59
  retrieving revision 1.60
  diff -u -r1.59 -r1.60
  --- expand.c    5 Sep 2006 14:05:43 -0000    1.59
  +++ expand.c    18 Sep 2006 14:49:23 -0000    1.60
  @@ -1,4 +1,4 @@
  -/* $Cambridge: exim/exim-src/src/expand.c,v 1.59 2006/09/05 14:05:43 ph10 Exp $ */
  +/* $Cambridge: exim/exim-src/src/expand.c,v 1.60 2006/09/18 14:49:23 ph10 Exp $ */


   /*************************************************
   *     Exim - an Internet mail transport agent    *
  @@ -1893,25 +1893,8 @@


       if (!isalpha(name[0]))
         {
  -      uschar *endptr;
  -      num[i] = (int)Ustrtol((const uschar *)sub[i], &endptr, 10);
  -      if (tolower(*endptr) == 'k')
  -        {
  -        num[i] *= 1024;
  -        endptr++;
  -        }
  -      else if (tolower(*endptr) == 'm')
  -        {
  -        num[i] *= 1024*1024;
  -        endptr++;
  -        }
  -      while (isspace(*endptr)) endptr++;
  -      if (*endptr != 0)
  -        {
  -        expand_string_message = string_sprintf("\"%s\" is not a number",
  -          sub[i]);
  -        return NULL;
  -        }
  +      num[i] = expand_string_integer(sub[i], FALSE);
  +      if (expand_string_message != NULL) return NULL;
         }
       }


@@ -5260,22 +5243,26 @@

/* Expand a string, and convert the result into an integer.

-Argument: the string to be expanded
+Arguments:
+ string the string to be expanded
+ isplus TRUE if a non-negative number is expected

   Returns:  the integer value, or
             -1 for an expansion error               ) in both cases, message in
             -2 for an integer interpretation error  ) expand_string_message
  -
  +          expand_string_message is set NULL for an OK integer
   */


int
-expand_string_integer(uschar *string)
+expand_string_integer(uschar *string, BOOL isplus)
{
long int value;
uschar *s = expand_string(string);
uschar *msg = US"invalid integer \"%s\"";
uschar *endptr;

+/* If expansion failed, expand_string_message will be set. */
+
if (s == NULL) return -1;

/* On an overflow, strtol() returns LONG_MAX or LONG_MIN, and sets errno
@@ -5283,11 +5270,16 @@
systems, so we set it zero ourselves. */

   errno = 0;
  +expand_string_message = NULL;               /* Indicates no error */
   value = strtol(CS s, CSS &endptr, 0);


   if (endptr == s)
     {
     msg = US"integer expected but \"%s\" found";
  +  }
  +else if (value < 0 && isplus)
  +  {
  +  msg = US"non-negative integer expected but \"%s\" found";
     }
   else
     {


  Index: functions.h
  ===================================================================
  RCS file: /home/cvs/exim/exim-src/src/functions.h,v
  retrieving revision 1.25
  retrieving revision 1.26
  diff -u -r1.25 -r1.26
  --- functions.h    13 Jul 2006 13:53:33 -0000    1.25
  +++ functions.h    18 Sep 2006 14:49:23 -0000    1.26
  @@ -1,4 +1,4 @@
  -/* $Cambridge: exim/exim-src/src/functions.h,v 1.25 2006/07/13 13:53:33 ph10 Exp $ */
  +/* $Cambridge: exim/exim-src/src/functions.h,v 1.26 2006/09/18 14:49:23 ph10 Exp $ */


   /*************************************************
   *     Exim - an Internet mail transport agent    *
  @@ -97,7 +97,7 @@
   extern BOOL    expand_check_condition(uschar *, uschar *, uschar *);
   extern uschar *expand_string(uschar *);
   extern uschar *expand_string_copy(uschar *);
  -extern int     expand_string_integer(uschar *);
  +extern int     expand_string_integer(uschar *, BOOL);


   extern int     filter_interpret(uschar *, int, address_item **, uschar **);
   extern BOOL    filter_personal(string_item *, BOOL);


  Index: smtp_in.c
  ===================================================================
  RCS file: /home/cvs/exim/exim-src/src/smtp_in.c,v
  retrieving revision 1.41
  retrieving revision 1.42
  diff -u -r1.41 -r1.42
  --- smtp_in.c    27 Jul 2006 11:29:32 -0000    1.41
  +++ smtp_in.c    18 Sep 2006 14:49:23 -0000    1.42
  @@ -1,4 +1,4 @@
  -/* $Cambridge: exim/exim-src/src/smtp_in.c,v 1.41 2006/07/27 11:29:32 ph10 Exp $ */
  +/* $Cambridge: exim/exim-src/src/smtp_in.c,v 1.42 2006/09/18 14:49:23 ph10 Exp $ */


   /*************************************************
   *     Exim - an Internet mail transport agent    *
  @@ -1211,8 +1211,8 @@


/* Set up the message size limit; this may be host-specific */

  -thismessage_size_limit = expand_string_integer(message_size_limit);
  -if (thismessage_size_limit < 0)
  +thismessage_size_limit = expand_string_integer(message_size_limit, TRUE);
  +if (expand_string_message != NULL)
     {
     if (thismessage_size_limit == -1)
       log_write(0, LOG_MAIN|LOG_PANIC, "unable to expand message_size_limit: "


  Index: 0002
  ===================================================================
  RCS file: /home/cvs/exim/exim-test/scripts/0000-Basic/0002,v
  retrieving revision 1.5
  retrieving revision 1.6
  diff -u -r1.5 -r1.6
  --- 0002    27 Jul 2006 13:50:43 -0000    1.5
  +++ 0002    18 Sep 2006 14:49:24 -0000    1.6
  @@ -187,6 +187,11 @@
   md5:    ${if eq {1}{2}{${md5:invalid}}{NO}}
   mask:   ${if eq {1}{2}{${mask:invalid}}{NO}}


  +# Numeric overflow
  +
  +4096M      ${if >{1}{4096M}{y}{n}}
  +4096000000 ${if >{1}{4096000000}{y}{n}}
  +
   # Conditions


   2=2:    ${if ={2}{2}{y}{n}}
  @@ -200,6 +205,7 @@
   2>3:    ${if >{2}{3}{y}{n}}
   3>3:    ${if >{3}{3}{y}{n}}
   4>3:    ${if >{4}{3}{y}{n}}
  +1>-1:   ${if >{1}{-1}{y}{n}}
   2>=3:   ${if >={2}{3}{y}{n}}
   3>=3:   ${if >={3}{3}{y}{n}}
   4>=3:   ${if >={4}{3}{y}{n}}
  @@ -210,6 +216,7 @@
   3<=3:   ${if <={3}{3}{y}{n}}
   4<=3:   ${if <={4}{3}{y}{n}}
   5<=3:   ${if <={ 5 } { 3 } {y}{n}}
  +-3<=1:  ${if <={-3}{1}{y}{n}}


5>3k: ${if >{5 } {3k }{y}{n}}
5>3m: ${if >{5 } {3m }{y}{n}}

  Index: 0002
  ===================================================================
  RCS file: /home/cvs/exim/exim-test/stdout/0002,v
  retrieving revision 1.5
  retrieving revision 1.6
  diff -u -r1.5 -r1.6
  --- 0002    27 Jul 2006 13:50:43 -0000    1.5
  +++ 0002    18 Sep 2006 14:49:24 -0000    1.6
  @@ -168,6 +168,11 @@
   > md5:    NO
   > mask:   NO

>
+> # Numeric overflow
+>
+> Failed: absolute value of integer "4096M" is too large (overflow)
+> Failed: absolute value of integer "4096000000" is too large (overflow)
+>
> # Conditions
>
   > 2=2:    y
  @@ -181,6 +186,7 @@
   > 2>3:    n
   > 3>3:    n
   > 4>3:    y
  +> 1>-1:   y
   > 2>=3:   n
   > 3>=3:   y
   > 4>=3:   y
  @@ -191,11 +197,12 @@
   > 3<=3:   y
   > 4<=3:   n
   > 5<=3:   n
  +> -3<=1:  y

>
> 5>3k: n
> 5>3m: n
-> Failed: "3z " is not a number
-> Failed: "a" is not a number
+> Failed: invalid integer "3z "
+> Failed: integer expected but "a" found
>
> def:y y
> def:n n