[exim-cvs] Add debug for content of file tainted due to fail…

Top Page
Delete this message
Reply to this message
Author: Exim Git Commits Mailing List
Date:  
To: exim-cvs
Subject: [exim-cvs] Add debug for content of file tainted due to faile name taint
Gitweb: https://git.exim.org/exim.git/commitdiff/f5bf7636988febc332349f2a1deb2a4329ff3243
Commit:     f5bf7636988febc332349f2a1deb2a4329ff3243
Parent:     b1c673ddfac7f322a62786cd4aae8b5b30ba69e8
Author:     Jeremy Harris <jgh146exb@???>
AuthorDate: Wed Jan 8 11:31:03 2020 +0000
Committer:  Jeremy Harris <jgh146exb@???>
CommitDate: Wed Jan 8 13:16:12 2020 +0000


    Add debug for content of file tainted due to faile name taint
---
 src/src/rda.c    | 45 ++++++++++++++++++---------------------------
 test/runtest     |  2 +-
 test/stderr/0084 |  2 +-
 3 files changed, 20 insertions(+), 29 deletions(-)


diff --git a/src/src/rda.c b/src/src/rda.c
index 42b7b14..5fa3d09 100644
--- a/src/src/rda.c
+++ b/src/src/rda.c
@@ -184,40 +184,35 @@ However, if the ignore_enotdir option is set (to ignore "something on the
path is not a directory" errors), the right behaviour seems to be not to do the
directory test. */

-fwd = Ufopen(filename, "rb");
-if (fwd == NULL)
+if (!(fwd = Ufopen(filename, "rb"))) switch(errno)
   {
-  switch(errno)
-    {
-    case ENOENT:          /* File does not exist */
+  case ENOENT:          /* File does not exist */
     DEBUG(D_route) debug_printf("%s does not exist\n%schecking parent directory\n",
-      filename,
-      ((options & RDO_ENOTDIR) != 0)? "ignore_enotdir set => skip " : "");
-    *yield = (((options & RDO_ENOTDIR) != 0) ||
-              rda_exists(filename, error) == FILE_NOT_EXIST)?
-      FF_NONEXIST : FF_ERROR;
+      filename, options & RDO_ENOTDIR ? "ignore_enotdir set => skip " : "");
+    *yield =
+    options & RDO_ENOTDIR || rda_exists(filename, error) == FILE_NOT_EXIST
+    ? FF_NONEXIST : FF_ERROR;
     return NULL;


-    case ENOTDIR:         /* Something on the path isn't a directory */
+  case ENOTDIR:         /* Something on the path isn't a directory */
     if ((options & RDO_ENOTDIR) == 0) goto DEFAULT_ERROR;
     DEBUG(D_route) debug_printf("non-directory on path %s: file assumed not to "
       "exist\n", filename);
     *yield = FF_NONEXIST;
     return NULL;


-    case EACCES:           /* Permission denied */
+  case EACCES:           /* Permission denied */
     if ((options & RDO_EACCES) == 0) goto DEFAULT_ERROR;
     DEBUG(D_route) debug_printf("permission denied for %s: file assumed not to "
       "exist\n", filename);
     *yield = FF_NONEXIST;
     return NULL;


-    DEFAULT_ERROR:
-    default:
+  DEFAULT_ERROR:
+  default:
     *error = string_open_failed(errno, "%s", filename);
     *yield = FF_ERROR;
     return NULL;
-    }
   }


/* Check that we have a regular file. */
@@ -246,22 +241,18 @@ if ((statbuf.st_mode & rdata->modemask) != 0)
/* Check the file owner and file group if required to do so. */

 if (!uid_ok)
-  {
-  if (rdata->pw != NULL && statbuf.st_uid == rdata->pw->pw_uid)
+  if (rdata->pw && statbuf.st_uid == rdata->pw->pw_uid)
     uid_ok = TRUE;
-  else if (rdata->owners != NULL)
+  else if (rdata->owners)
     for (int i = 1; i <= (int)(rdata->owners[0]); i++)
       if (rdata->owners[i] == statbuf.st_uid) { uid_ok = TRUE; break; }
-  }


 if (!gid_ok)
-  {
-  if (rdata->pw != NULL && statbuf.st_gid == rdata->pw->pw_gid)
+  if (rdata->pw && statbuf.st_gid == rdata->pw->pw_gid)
     gid_ok = TRUE;
-  else if (rdata->owngroups != NULL)
+  else if (rdata->owngroups)
     for (int i = 1; i <= (int)(rdata->owngroups[0]); i++)
       if (rdata->owngroups[i] == statbuf.st_gid) { gid_ok = TRUE; break; }
-  }


if (!uid_ok || !gid_ok)
{
@@ -291,8 +282,8 @@ if (fread(filebuf, 1, statbuf.st_size, fwd) != statbuf.st_size)
}
filebuf[statbuf.st_size] = 0;

-DEBUG(D_route)
- debug_printf(OFF_T_FMT " bytes read from %s\n", statbuf.st_size, filename);
+DEBUG(D_route) debug_printf(OFF_T_FMT " %sbytes read from %s\n",
+ statbuf.st_size, is_tainted(filename) ? "(tainted) " : "", filename);

 (void)fclose(fwd);
 return filebuf;
@@ -347,8 +338,8 @@ uschar *data;
 if (rdata->isfile)
   {
   int yield = 0;
-  data = rda_get_file_contents(rdata, options, error, &yield);
-  if (data == NULL) return yield;
+  if (!(data = rda_get_file_contents(rdata, options, error, &yield)))
+    return yield;
   }
 else data = rdata->string;


diff --git a/test/runtest b/test/runtest
index 3c16a1e..c590ffc 100755
--- a/test/runtest
+++ b/test/runtest
@@ -893,7 +893,7 @@ RESET_AFTER_EXTRA_LINE_READ:
# The sizes of filter files may vary because of the substitution of local
# filenames, logins, etc.

- s/^\d+(?= bytes read from )/ssss/;
+ s/^\d+(?= (\(tainted\) )?bytes read from )/ssss/;


# ======== OpenSSL error messages ========
diff --git a/test/stderr/0084 b/test/stderr/0084
index 2b2f396..02d86ce 100644
--- a/test/stderr/0084
+++ b/test/stderr/0084
@@ -19,7 +19,7 @@ stat() yielded 0
calling forward router
rda_interpret (file): 'TESTSUITE/aux-fixed/0084.$local_part'
expanded: 'TESTSUITE/aux-fixed/0084.yes'
-ssss bytes read from TESTSUITE/aux-fixed/0084.yes
+ssss (tainted) bytes read from TESTSUITE/aux-fixed/0084.yes
file is not a filter file
parse_forward_list: userx@???