Gitweb:
https://git.exim.org/exim.git/commitdiff/f5bf7636988febc332349f2a1deb2a4329ff3243
Commit: f5bf7636988febc332349f2a1deb2a4329ff3243
Parent: b1c673ddfac7f322a62786cd4aae8b5b30ba69e8
Author: Jeremy Harris <jgh146exb@???>
AuthorDate: Wed Jan 8 11:31:03 2020 +0000
Committer: Jeremy Harris <jgh146exb@???>
CommitDate: Wed Jan 8 13:16:12 2020 +0000
Add debug for content of file tainted due to faile name taint
---
src/src/rda.c | 45 ++++++++++++++++++---------------------------
test/runtest | 2 +-
test/stderr/0084 | 2 +-
3 files changed, 20 insertions(+), 29 deletions(-)
diff --git a/src/src/rda.c b/src/src/rda.c
index 42b7b14..5fa3d09 100644
--- a/src/src/rda.c
+++ b/src/src/rda.c
@@ -184,40 +184,35 @@ However, if the ignore_enotdir option is set (to ignore "something on the
path is not a directory" errors), the right behaviour seems to be not to do the
directory test. */
-fwd = Ufopen(filename, "rb");
-if (fwd == NULL)
+if (!(fwd = Ufopen(filename, "rb"))) switch(errno)
{
- switch(errno)
- {
- case ENOENT: /* File does not exist */
+ case ENOENT: /* File does not exist */
DEBUG(D_route) debug_printf("%s does not exist\n%schecking parent directory\n",
- filename,
- ((options & RDO_ENOTDIR) != 0)? "ignore_enotdir set => skip " : "");
- *yield = (((options & RDO_ENOTDIR) != 0) ||
- rda_exists(filename, error) == FILE_NOT_EXIST)?
- FF_NONEXIST : FF_ERROR;
+ filename, options & RDO_ENOTDIR ? "ignore_enotdir set => skip " : "");
+ *yield =
+ options & RDO_ENOTDIR || rda_exists(filename, error) == FILE_NOT_EXIST
+ ? FF_NONEXIST : FF_ERROR;
return NULL;
- case ENOTDIR: /* Something on the path isn't a directory */
+ case ENOTDIR: /* Something on the path isn't a directory */
if ((options & RDO_ENOTDIR) == 0) goto DEFAULT_ERROR;
DEBUG(D_route) debug_printf("non-directory on path %s: file assumed not to "
"exist\n", filename);
*yield = FF_NONEXIST;
return NULL;
- case EACCES: /* Permission denied */
+ case EACCES: /* Permission denied */
if ((options & RDO_EACCES) == 0) goto DEFAULT_ERROR;
DEBUG(D_route) debug_printf("permission denied for %s: file assumed not to "
"exist\n", filename);
*yield = FF_NONEXIST;
return NULL;
- DEFAULT_ERROR:
- default:
+ DEFAULT_ERROR:
+ default:
*error = string_open_failed(errno, "%s", filename);
*yield = FF_ERROR;
return NULL;
- }
}
/* Check that we have a regular file. */
@@ -246,22 +241,18 @@ if ((statbuf.st_mode & rdata->modemask) != 0)
/* Check the file owner and file group if required to do so. */
if (!uid_ok)
- {
- if (rdata->pw != NULL && statbuf.st_uid == rdata->pw->pw_uid)
+ if (rdata->pw && statbuf.st_uid == rdata->pw->pw_uid)
uid_ok = TRUE;
- else if (rdata->owners != NULL)
+ else if (rdata->owners)
for (int i = 1; i <= (int)(rdata->owners[0]); i++)
if (rdata->owners[i] == statbuf.st_uid) { uid_ok = TRUE; break; }
- }
if (!gid_ok)
- {
- if (rdata->pw != NULL && statbuf.st_gid == rdata->pw->pw_gid)
+ if (rdata->pw && statbuf.st_gid == rdata->pw->pw_gid)
gid_ok = TRUE;
- else if (rdata->owngroups != NULL)
+ else if (rdata->owngroups)
for (int i = 1; i <= (int)(rdata->owngroups[0]); i++)
if (rdata->owngroups[i] == statbuf.st_gid) { gid_ok = TRUE; break; }
- }
if (!uid_ok || !gid_ok)
{
@@ -291,8 +282,8 @@ if (fread(filebuf, 1, statbuf.st_size, fwd) != statbuf.st_size)
}
filebuf[statbuf.st_size] = 0;
-DEBUG(D_route)
- debug_printf(OFF_T_FMT " bytes read from %s\n", statbuf.st_size, filename);
+DEBUG(D_route) debug_printf(OFF_T_FMT " %sbytes read from %s\n",
+ statbuf.st_size, is_tainted(filename) ? "(tainted) " : "", filename);
(void)fclose(fwd);
return filebuf;
@@ -347,8 +338,8 @@ uschar *data;
if (rdata->isfile)
{
int yield = 0;
- data = rda_get_file_contents(rdata, options, error, &yield);
- if (data == NULL) return yield;
+ if (!(data = rda_get_file_contents(rdata, options, error, &yield)))
+ return yield;
}
else data = rdata->string;
diff --git a/test/runtest b/test/runtest
index 3c16a1e..c590ffc 100755
--- a/test/runtest
+++ b/test/runtest
@@ -893,7 +893,7 @@ RESET_AFTER_EXTRA_LINE_READ:
# The sizes of filter files may vary because of the substitution of local
# filenames, logins, etc.
- s/^\d+(?= bytes read from )/ssss/;
+ s/^\d+(?= (\(tainted\) )?bytes read from )/ssss/;
# ======== OpenSSL error messages ========
diff --git a/test/stderr/0084 b/test/stderr/0084
index 2b2f396..02d86ce 100644
--- a/test/stderr/0084
+++ b/test/stderr/0084
@@ -19,7 +19,7 @@ stat() yielded 0
calling forward router
rda_interpret (file): 'TESTSUITE/aux-fixed/0084.$local_part'
expanded: 'TESTSUITE/aux-fixed/0084.yes'
-ssss bytes read from TESTSUITE/aux-fixed/0084.yes
+ssss (tainted) bytes read from TESTSUITE/aux-fixed/0084.yes
file is not a filter file
parse_forward_list: userx@???
