[exim-cvs] Do RE compilations at daemon startup. Bug 1568

Páxina inicial
Borrar esta mensaxe
Responder a esta mensaxe
Autor: Exim Git Commits Mailing List
Data:  
Para: exim-cvs
Asunto: [exim-cvs] Do RE compilations at daemon startup. Bug 1568
Gitweb: http://git.exim.org/exim.git/commitdiff/476be7e27122963451a53c9693f09d6d8a068fd8
Commit:     476be7e27122963451a53c9693f09d6d8a068fd8
Parent:     0f0c8159c43045f4ad847a0129dca7eddd313285
Author:     Jeremy Harris <jgh146exb@???>
AuthorDate: Sun Jan 11 18:40:05 2015 +0000
Committer:  Jeremy Harris <jgh146exb@???>
CommitDate: Mon Jan 12 18:58:37 2015 +0000


    Do RE compilations at daemon startup.  Bug 1568
---
 src/src/daemon.c    |    9 ++++
 src/src/deliver.c   |   57 +++++++++++++++++-----------
 src/src/dns.c       |   14 +++++-
 src/src/exim.c      |    4 +-
 src/src/functions.h |    7 ++-
 src/src/malware.c   |  104 ++++++++++++++++++++++++++++++++++++++------------
 src/src/regex.c     |    2 +-
 7 files changed, 141 insertions(+), 56 deletions(-)


diff --git a/src/src/daemon.c b/src/src/daemon.c
index 5c64205..256cc9c 100644
--- a/src/src/daemon.c
+++ b/src/src/daemon.c
@@ -1700,6 +1700,15 @@ else
     readconf_printtime(queue_interval));
   }


+/* Do any work it might be useful to amortize over our children
+(eg: compile regex) */
+
+deliver_init();
+dns_pattern_init();
+
+#ifdef WITH_CONTENT_SCAN
+malware_init();
+#endif

/* Close the log so it can be renamed and moved. In the few cases below where
this long-running process writes to the log (always exceptional conditions), it
diff --git a/src/src/deliver.c b/src/src/deliver.c
index 462aaf4..a0c48d6 100644
--- a/src/src/deliver.c
+++ b/src/src/deliver.c
@@ -6518,29 +6518,7 @@ if (addr_remote != NULL)
/* Precompile some regex that are used to recognize parameters in response
to an EHLO command, if they aren't already compiled. */

-  if (regex_PIPELINING == NULL) regex_PIPELINING =
-    regex_must_compile(US"\\n250[\\s\\-]PIPELINING(\\s|\\n|$)", FALSE, TRUE);
-
-  if (regex_SIZE == NULL) regex_SIZE =
-    regex_must_compile(US"\\n250[\\s\\-]SIZE(\\s|\\n|$)", FALSE, TRUE);
-
-  if (regex_AUTH == NULL) regex_AUTH =
-    regex_must_compile(US"\\n250[\\s\\-]AUTH\\s+([\\-\\w\\s]+)(?:\\n|$)",
-      FALSE, TRUE);
-
-#ifdef SUPPORT_TLS
-  if (regex_STARTTLS == NULL) regex_STARTTLS =
-    regex_must_compile(US"\\n250[\\s\\-]STARTTLS(\\s|\\n|$)", FALSE, TRUE);
-#endif
-
-#ifndef DISABLE_PRDR
-  if (regex_PRDR == NULL) regex_PRDR =
-    regex_must_compile(US"\\n250[\\s\\-]PRDR(\\s|\\n|$)", FALSE, TRUE);
-#endif
-
-  /* Set the regex to check for DSN support on remote MTA */
-  if (regex_DSN == NULL) regex_DSN  =
-    regex_must_compile(US"\\n250[\\s\\-]DSN(\\s|\\n|$)", FALSE, TRUE);
+  deliver_init();


/* Now sort the addresses if required, and do the deliveries. The yield of
do_remote_deliveries is FALSE when mua_wrapper is set and all addresses
@@ -7836,6 +7814,39 @@ acl_where = ACL_WHERE_UNKNOWN;
return final_yield;
}

+
+
+void
+deliver_init(void)
+{
+if (!regex_PIPELINING) regex_PIPELINING =
+  regex_must_compile(US"\\n250[\\s\\-]PIPELINING(\\s|\\n|$)", FALSE, TRUE);
+
+if (!regex_SIZE) regex_SIZE =
+  regex_must_compile(US"\\n250[\\s\\-]SIZE(\\s|\\n|$)", FALSE, TRUE);
+
+if (!regex_AUTH) regex_AUTH =
+  regex_must_compile(US"\\n250[\\s\\-]AUTH\\s+([\\-\\w\\s]+)(?:\\n|$)",
+    FALSE, TRUE);
+
+#ifdef SUPPORT_TLS
+if (!regex_STARTTLS) regex_STARTTLS =
+  regex_must_compile(US"\\n250[\\s\\-]STARTTLS(\\s|\\n|$)", FALSE, TRUE);
+#endif
+
+#ifndef DISABLE_PRDR
+if (!regex_PRDR) regex_PRDR =
+  regex_must_compile(US"\\n250[\\s\\-]PRDR(\\s|\\n|$)", FALSE, TRUE);
+#endif
+
+if (!regex_DSN) regex_DSN  =
+  regex_must_compile(US"\\n250[\\s\\-]DSN(\\s|\\n|$)", FALSE, TRUE);
+
+if (!regex_IGNOREQUOTA) regex_IGNOREQUOTA =
+  regex_must_compile(US"\\n250[\\s\\-]IGNOREQUOTA(\\s|\\n|$)", FALSE, TRUE);
+}
+
+
 /* vi: aw ai sw=2
 */
 /* End of deliver.c */
diff --git a/src/src/dns.c b/src/src/dns.c
index f492613..61d2017 100644
--- a/src/src/dns.c
+++ b/src/src/dns.c
@@ -607,9 +607,7 @@ if (check_dns_names_pattern[0] != 0 && type != T_PTR && type != T_TXT)
   const uschar *checkname = name;
   int ovector[3*(EXPAND_MAXN+1)];


-  if (regex_check_dns_names == NULL)
-    regex_check_dns_names =
-      regex_must_compile(check_dns_names_pattern, FALSE, TRUE);
+  dns_pattern_init();


/* For an SRV lookup, skip over the first two components (the service and
protocol names, which both start with an underscore). */
@@ -1272,6 +1270,16 @@ else
return yield;
}

+
+
+void
+dns_pattern_init(void)
+{
+if (check_dns_names_pattern[0] != 0 && !regex_check_dns_names)
+  regex_check_dns_names =
+    regex_must_compile(check_dns_names_pattern, FALSE, TRUE);
+}
+
 /* vi: aw ai sw=2
 */
 /* End of dns.c */
diff --git a/src/src/exim.c b/src/src/exim.c
index 33c2a90..00c5974 100644
--- a/src/src/exim.c
+++ b/src/src/exim.c
@@ -88,7 +88,7 @@ Returns:      pointer to the compiled pattern
 */


 const pcre *
-regex_must_compile(uschar *pattern, BOOL caseless, BOOL use_malloc)
+regex_must_compile(const uschar *pattern, BOOL caseless, BOOL use_malloc)
 {
 int offset;
 int options = PCRE_COPT;
@@ -100,7 +100,7 @@ if (use_malloc)
   pcre_free = function_store_free;
   }
 if (caseless) options |= PCRE_CASELESS;
-yield = pcre_compile(CS pattern, options, (const char **)&error, &offset, NULL);
+yield = pcre_compile(CCS pattern, options, (const char **)&error, &offset, NULL);
 pcre_malloc = function_store_get;
 pcre_free = function_dummy_free;
 if (yield == NULL)
diff --git a/src/src/functions.h b/src/src/functions.h
index 3822b57..a906e92 100644
--- a/src/src/functions.h
+++ b/src/src/functions.h
@@ -126,6 +126,7 @@ extern void    debug_vprintf(const char *, va_list);
 extern void    decode_bits(unsigned int *, unsigned int *,
                   int, int, uschar *, bit_table *, int, uschar *, int);
 extern address_item *deliver_make_addr(uschar *, BOOL);
+extern void    deliver_init(void);
 extern void    delivery_log(int, address_item *, int, uschar *);
 extern int     deliver_message(uschar *, BOOL, BOOL);
 extern void    deliver_msglog(const char *, ...) PRINTF_FUNCTION(1,2);
@@ -142,11 +143,12 @@ extern BOOL    dkim_transport_write_message(address_item *, int, int,
                    int, uschar *, uschar *, uschar *, uschar *, uschar *, uschar *);
 #endif
 extern dns_address *dns_address_from_rr(dns_answer *, dns_record *);
+extern int     dns_basic_lookup(dns_answer *, const uschar *, int);
 extern void    dns_build_reverse(uschar *, uschar *);
 extern void    dns_init(BOOL, BOOL, BOOL);
-extern int     dns_basic_lookup(dns_answer *, const uschar *, int);
 extern BOOL    dns_is_secure(const dns_answer *);
 extern int     dns_lookup(dns_answer *, const uschar *, int, uschar **);
+extern void    dns_pattern_init(void);
 extern int     dns_special_lookup(dns_answer *, const uschar *, int, uschar **);
 extern dns_record *dns_next_rr(dns_answer *, dns_scan *, int);
 extern uschar *dns_text_type(int);
@@ -222,6 +224,7 @@ extern void    log_close_all(void);
 #ifdef WITH_CONTENT_SCAN
 extern int     malware(const uschar *, int);
 extern int     malware_in_file(uschar *);
+extern void    malware_init(void);
 #endif
 extern int     match_address_list(uschar *, BOOL, BOOL, uschar **,
                  unsigned int *, int, int, uschar **);
@@ -303,7 +306,7 @@ extern void    receive_swallow_smtp(void);
 extern int     regex(uschar **);
 #endif
 extern BOOL    regex_match_and_setup(const pcre *, const uschar *, int, int);
-extern const pcre *regex_must_compile(uschar *, BOOL, BOOL);
+extern const pcre *regex_must_compile(const uschar *, BOOL, BOOL);
 extern void    retry_add_item(address_item *, uschar *, int);
 extern BOOL    retry_check_address(uschar *, host_item *, uschar *, BOOL,
                  uschar **, uschar **);
diff --git a/src/src/malware.c b/src/src/malware.c
index 6593576..365ef03 100644
--- a/src/src/malware.c
+++ b/src/src/malware.c
@@ -64,6 +64,30 @@ typedef struct clamd_address_container {
 #define DERR_TIMEOUT                (1<<9)   /* scan timeout has run out */
 #define DERR_BAD_CALL               (1<<15)  /* wrong command */


+
+static const uschar * malware_regex_default = US ".+";
+static const pcre * malware_default_re = NULL;
+
+static const uschar * drweb_re_str = US "infected\\swith\\s*(.+?)$";
+static const pcre * drweb_re = NULL;
+
+static const uschar * fsec_re_str = US "\\S{0,5}INFECTED\\t[^\\t]*\\t([^\\t]+)\\t\\S*$";
+static const pcre * fsec_re = NULL;
+
+static const uschar * kav_re_sus_str = US "suspicion:\\s*(.+?)\\s*$";
+static const uschar * kav_re_inf_str = US "infected:\\s*(.+?)\\s*$";
+static const pcre * kav_re_sus = NULL;
+static const pcre * kav_re_inf = NULL;
+
+static const uschar * ava_re_clean_str = US "(?!\\\\)\\t\\[\\+\\]";
+static const uschar * ava_re_virus_str = US "(?!\\\\)\\t\\[L\\]\\d\\.\\d\\t\\d\\s(.*)";
+static const pcre * ava_re_clean = NULL;
+static const pcre * ava_re_virus = NULL;
+
+
+
+/******************************************************************************/
+
 /* Routine to check whether a system is big- or little-endian.
    Ripped from http://www.faqs.org/faqs/graphics/fileformats-faq/part4/section-7.html
    Needed for proper kavdaemon implementation. Sigh. */
@@ -425,7 +449,6 @@ malware_internal(const uschar * malware_re, const uschar * eml_filename,
 int sep = 0;
 uschar *av_scanner_work = av_scanner;
 uschar *scanner_name;
-uschar malware_regex_default[] = ".+";
 unsigned long mbox_size;
 FILE *mbox_file;
 const pcre *re;
@@ -452,18 +475,25 @@ if (!malware_re)
   return FAIL;        /* explicitly no matching */


 /* special cases (match anything except empty) */
-if ( (strcmpic(malware_re,US"true") == 0) ||
-     (Ustrcmp(malware_re,"*") == 0) ||
-     (Ustrcmp(malware_re,"1") == 0) )
+if (  strcmpic(malware_re,US"true") == 0
+   || Ustrcmp(malware_re,"*") == 0
+   || Ustrcmp(malware_re,"1") == 0
+   )
+  {
+  if (  !malware_default_re
+     && !(malware_default_re = m_pcre_compile(malware_regex_default, &errstr)))
+    return malware_errlog_defer(errstr);
   malware_re = malware_regex_default;
-
-/* Reset sep that is set by previous string_nextinlist() call */
-sep = 0;
+  re = malware_default_re;
+  }


/* compile the regex, see if it works */
-if (!(re = m_pcre_compile(malware_re, &errstr)))
+else if (!(re = m_pcre_compile(malware_re, &errstr)))
return malware_errlog_defer(errstr);

+/* Reset sep that is set by previous string_nextinlist() call */
+sep = 0;
+
 /* if av_scanner starts with a dollar, expand it first */
 if (*av_scanner == '$')
   {
@@ -577,7 +607,6 @@ if (!malware_ok)
       uschar * tmpbuf, *drweb_fbuf;
       int drweb_rc, drweb_cmd, drweb_flags = 0x0000, drweb_fd,
       drweb_vnum, drweb_slen, drweb_fin = 0x0000;
-      const pcre *drweb_re;


       /* prepare variables */
       drweb_cmd = htonl(DRWEBD_SCAN_CMD);
@@ -697,7 +726,8 @@ if (!malware_ok)
     malware_name = US"unknown";


     /* set up match regex */
-    drweb_re = m_pcre_compile(US"infected\\swith\\s*(.+?)$", &errstr);
+    if (!drweb_re)
+      drweb_re = m_pcre_compile(drweb_re_str, &errstr);


     /* read and concatenate virus names into one string */
     for (i = 0; i < drweb_vnum; i++)
@@ -833,7 +863,6 @@ if (!malware_ok)
       int i, j, bread = 0;
       uschar * file_name;
       uschar av_buffer[1024];
-      const pcre * fs_inf;
       static uschar *cmdopt[] = { US"CONFIGURE\tARCHIVE\t1\n",
                       US"CONFIGURE\tTIMEOUT\t0\n",
                       US"CONFIGURE\tMAXARCH\t5\n",
@@ -870,7 +899,8 @@ if (!malware_ok)


       /* set up match */
       /* todo also SUSPICION\t */
-      fs_inf = m_pcre_compile(US"\\S{0,5}INFECTED\\t[^\\t]*\\t([^\\t]+)\\t\\S*$", &errstr);
+      if (!fsec_re)
+    fsec_re = m_pcre_compile(fsec_re_str, &errstr);


       /* read report, linewise. Apply a timeout as the Fsecure daemon
       sometimes wants an answer to "PING" but they won't tell us what */
@@ -894,7 +924,7 @@ if (!malware_ok)
         /* Really search for virus again? */
         if (!malware_name)
           /* try matcher on the line, grab substring */
-          malware_name = m_pcre_exec(fs_inf, p);
+          malware_name = m_pcre_exec(fsec_re, p);


         if (Ustrstr(p, "OK\tScan ok."))
           goto fsec_found;
@@ -989,10 +1019,16 @@ if (!malware_ok)
       if (kav_reportlen > 0)
         {
         /* set up match regex, depends on retcode */
-        kav_re = m_pcre_compile( kav_rc == 3
-                     ? US"suspicion:\\s*(.+?)\\s*$"
-                     : US"infected:\\s*(.+?)\\s*$",
-                     &errstr );
+        if (kav_rc == 3)
+          {
+          if (!kav_re_sus) kav_re_sus = m_pcre_compile(kav_re_sus_str, &errstr);
+          kav_re = kav_re_sus;
+          }
+        else
+          {
+          if (!kav_re_inf) kav_re_inf = m_pcre_compile(kav_re_inf_str, &errstr);
+          kav_re = kav_re_inf;
+          }


         /* read report, linewise */
         while (kav_reportlen > 0)
@@ -1732,7 +1768,6 @@ if (!malware_ok)
       int ovector[1*3];
       uschar buf[1024];
       uschar * scanrequest;
-      const pcre * avast_clean_re, * avast_virus_re;
       enum {AVA_HELO, AVA_OPT, AVA_RSP, AVA_DONE} avast_stage;
       int nread;


@@ -1745,11 +1780,10 @@ if (!malware_ok)
       [L] - infected
       [E] - some error occured
       Such marker follows the first non-escaped TAB.  */
-      if (  !(avast_clean_re =
-        m_pcre_compile(US"(?!\\\\)\\t\\[\\+\\]", &errstr))
-     || !(avast_virus_re =
-        m_pcre_compile(US"(?!\\\\)\\t\\[L\\]\\d\\.\\d\\t\\d\\s(.*)",
-          &errstr))
+      if (  (  !ava_re_clean
+            && !(ava_re_clean = m_pcre_compile(ava_re_clean_str, &errstr)))
+     || (  !ava_re_virus
+        && !(ava_re_virus = m_pcre_compile(ava_re_virus_str, &errstr)))
      )
     return malware_errlog_defer(errstr);


@@ -1808,11 +1842,11 @@ if (!malware_ok)
           if (Ustrncmp(buf, "210", 3) == 0)
         break;  /* ignore the "210 SCAN DATA" message */


-          if (pcre_exec(avast_clean_re, NULL, CS buf, slen,
+          if (pcre_exec(ava_re_clean, NULL, CS buf, slen,
             0, 0, ovector, nelements(ovector)) > 0)
         break;


-          if ((malware_name = m_pcre_exec(avast_virus_re, buf)))
+          if ((malware_name = m_pcre_exec(ava_re_virus, buf)))
         { /* remove backslash in front of [whitespace|backslash] */
         uschar * p, * p0;
         for (p = malware_name; *p; ++p) 
@@ -1952,6 +1986,26 @@ malware_in_file(uschar *eml_filename)
   return ret;
 }


+
+void
+malware_init(void)
+{
+if (!malware_default_re)
+ malware_default_re = regex_must_compile(malware_regex_default, FALSE, TRUE);
+if (!drweb_re)
+ drweb_re = regex_must_compile(drweb_re_str, FALSE, TRUE);
+if (!fsec_re)
+ fsec_re = regex_must_compile(fsec_re_str, FALSE, TRUE);
+if (!kav_re_sus)
+ kav_re_sus = regex_must_compile(kav_re_sus_str, FALSE, TRUE);
+if (!kav_re_inf)
+ kav_re_inf = regex_must_compile(kav_re_inf_str, FALSE, TRUE);
+if (!ava_re_clean)
+ ava_re_clean = regex_must_compile(ava_re_clean_str, FALSE, TRUE);
+if (!ava_re_virus)
+ ava_re_virus = regex_must_compile(ava_re_virus_str, FALSE, TRUE);
+}
+
#endif /*WITH_CONTENT_SCAN*/
/*
* vi: aw ai sw=2
diff --git a/src/src/regex.c b/src/src/regex.c
index de8ec68..94a867c 100644
--- a/src/src/regex.c
+++ b/src/src/regex.c
@@ -242,4 +242,4 @@ int mime_regex(uschar **listptr) {
return FAIL;
}

-#endif
+#endif /* WITH_CONTENT_SCAN */