Gitweb:
https://git.exim.org/exim.git/commitdiff/e2be2df5c0760e2b6a7870c88ad486a23f5e4b01
Commit: e2be2df5c0760e2b6a7870c88ad486a23f5e4b01
Parent: f39bb672424423847bce771bc31f5c13f2eb4185
Author: Jeremy Harris <jgh146exb@???>
AuthorDate: Mon Feb 22 21:24:01 2021 +0000
Committer: Jeremy Harris <jgh146exb@???>
CommitDate: Mon Feb 22 21:24:01 2021 +0000
Fix list-expansion for various domainlists, having included sublist elements. Bug 2701
---
doc/doc-txt/ChangeLog | 6 ++++++
src/src/acl.c | 6 +++---
src/src/deliver.c | 2 +-
src/src/dns.c | 6 +++---
src/src/host.c | 46 +++++++++++++++++++++++-----------------------
src/src/readconf.c | 33 +++++++++++++++------------------
6 files changed, 51 insertions(+), 48 deletions(-)
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 2c17877..6993499 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -207,6 +207,12 @@ JH/43 Bug 2694: Fix weighted distribution of work to multiple spamd servers.
Previously the weighting was incorrectly applied. Similar fix for socks
proxies. Found and fixed by Heiko Schlichting.
+JH/44 Bug 2701: Fix list-expansion of dns_ipv4_lookup. Previously, it did
+ not handle sub-lists included using the +namedlist syntax. While
+ investigating, the same found for dns_trust_aa, dns_again_means_nonexist,
+ dnssec_require_domains, dnssec_request_domains, srv_fail_domains,
+ mx_fail_domains.
+
Exim version 4.94
-----------------
diff --git a/src/src/acl.c b/src/src/acl.c
index aaf0ce6..fff2ac0 100644
--- a/src/src/acl.c
+++ b/src/src/acl.c
@@ -3508,14 +3508,14 @@ for (; cb; cb = cb->next)
case ACLC_DKIM_SIGNER:
if (dkim_cur_signer)
rc = match_isinlist(dkim_cur_signer,
- &arg,0,NULL,NULL,MCL_STRING,TRUE,NULL);
+ &arg, 0, NULL, NULL, MCL_STRING, TRUE, NULL);
else
rc = FAIL;
break;
case ACLC_DKIM_STATUS:
rc = match_isinlist(dkim_verify_status,
- &arg,0,NULL,NULL,MCL_STRING,TRUE,NULL);
+ &arg, 0, NULL, NULL, MCL_STRING, TRUE, NULL);
break;
#endif
@@ -3527,7 +3527,7 @@ for (; cb; cb = cb->next)
/* used long way of dmarc_exim_expand_query() in case we need more
* view into the process in the future. */
rc = match_isinlist(dmarc_exim_expand_query(DMARC_VERIFY_STATUS),
- &arg,0,NULL,NULL,MCL_STRING,TRUE,NULL);
+ &arg, 0, NULL, NULL, MCL_STRING, TRUE, NULL);
break;
#endif
diff --git a/src/src/deliver.c b/src/src/deliver.c
index 238e33a..833970c 100644
--- a/src/src/deliver.c
+++ b/src/src/deliver.c
@@ -6814,7 +6814,7 @@ while (addr_new) /* Loop until all addresses dealt with */
addr_route = addr->next;
deliver_domain = addr->domain; /* set $domain */
- if ((rc = match_isinlist(addr->domain, (const uschar **)&queue_domains, 0,
+ if ((rc = match_isinlist(addr->domain, CUSS &queue_domains, 0,
&domainlist_anchor, addr->domain_cache, MCL_DOMAIN, TRUE, NULL))
!= OK)
if (rc == DEFER)
diff --git a/src/src/dns.c b/src/src/dns.c
index a636f07..c686987 100644
--- a/src/src/dns.c
+++ b/src/src/dns.c
@@ -515,7 +515,7 @@ if ( !h->aa
|| !(trusted = expand_string(dns_trust_aa))
|| !*trusted
|| !(auth_name = dns_extract_auth_name(dnsa))
- || OK != match_isinlist(auth_name, &trusted, 0, NULL, NULL,
+ || OK != match_isinlist(auth_name, &trusted, 0, &domainlist_anchor, NULL,
MCL_DOMAIN, TRUE, NULL)
)
return FALSE;
@@ -904,8 +904,8 @@ if (dnsa->answerlen < 0) switch (h_errno)
#ifndef STAND_ALONE
save_domain = deliver_domain;
deliver_domain = string_copy(name); /* set $domain */
- rc = match_isinlist(name, (const uschar **)&dns_again_means_nonexist, 0, NULL, NULL,
- MCL_DOMAIN, TRUE, NULL);
+ rc = match_isinlist(name, CUSS &dns_again_means_nonexist, 0,
+ &domainlist_anchor, NULL, MCL_DOMAIN, TRUE, NULL);
deliver_domain = save_domain;
if (rc != OK)
{
diff --git a/src/src/host.c b/src/src/host.c
index a31c09b..5f254a2 100644
--- a/src/src/host.c
+++ b/src/src/host.c
@@ -1971,8 +1971,8 @@ lookups here (except when testing standalone). */
#else
if ( disable_ipv6
|| dns_ipv4_lookup
- && match_isinlist(host->name, CUSS &dns_ipv4_lookup, 0, NULL, NULL,
- MCL_DOMAIN, TRUE, NULL) == OK)
+ && match_isinlist(host->name, CUSS &dns_ipv4_lookup, 0,
+ &domainlist_anchor, NULL, MCL_DOMAIN, TRUE, NULL) == OK)
#endif
{ af = AF_INET; times = 1; }
@@ -2191,12 +2191,12 @@ dns_again_means_nonexist, return permanent rather than temporary failure. */
RETURN_AGAIN:
{
- #ifndef STAND_ALONE
+#ifndef STAND_ALONE
int rc;
const uschar *save = deliver_domain;
deliver_domain = host->name; /* set $domain */
- rc = match_isinlist(host->name, CUSS &dns_again_means_nonexist, 0, NULL, NULL,
- MCL_DOMAIN, TRUE, NULL);
+ rc = match_isinlist(host->name, CUSS &dns_again_means_nonexist, 0,
+ &domainlist_anchor, NULL, MCL_DOMAIN, TRUE, NULL);
deliver_domain = save;
if (rc == OK)
{
@@ -2204,7 +2204,7 @@ RETURN_AGAIN:
"returning HOST_FIND_FAILED\n", host->name);
return HOST_FIND_FAILED;
}
- #endif
+#endif
return HOST_FIND_AGAIN;
}
}
@@ -2296,9 +2296,9 @@ On an IPv4 system, go round the loop once only, looking only for A records. */
#ifndef STAND_ALONE
if ( disable_ipv6
|| !(whichrrs & HOST_FIND_BY_AAAA)
- || (dns_ipv4_lookup
- && match_isinlist(host->name, CUSS &dns_ipv4_lookup, 0, NULL, NULL,
- MCL_DOMAIN, TRUE, NULL) == OK)
+ || dns_ipv4_lookup
+ && match_isinlist(host->name, CUSS &dns_ipv4_lookup, 0,
+ &domainlist_anchor, NULL, MCL_DOMAIN, TRUE, NULL) == OK
)
i = 0; /* look up A records only */
else
@@ -2556,12 +2556,12 @@ int yield;
dns_answer * dnsa = store_get_dns_answer();
dns_scan dnss;
BOOL dnssec_require = dnssec_d
- && match_isinlist(host->name, CUSS &dnssec_d->require,
- 0, NULL, NULL, MCL_DOMAIN, TRUE, NULL) == OK;
+ && match_isinlist(host->name, CUSS &dnssec_d->require,
+ 0, &domainlist_anchor, NULL, MCL_DOMAIN, TRUE, NULL) == OK;
BOOL dnssec_request = dnssec_require
- || ( dnssec_d
- && match_isinlist(host->name, CUSS &dnssec_d->request,
- 0, NULL, NULL, MCL_DOMAIN, TRUE, NULL) == OK);
+ || ( dnssec_d
+ && match_isinlist(host->name, CUSS &dnssec_d->request,
+ 0, &domainlist_anchor, NULL, MCL_DOMAIN, TRUE, NULL) == OK);
dnssec_status_t dnssec;
/* Set the default fully qualified name to the incoming name, initialize the
@@ -2626,13 +2626,13 @@ if (whichrrs & HOST_FIND_BY_SRV)
}
if (rc == DNS_FAIL || rc == DNS_AGAIN)
{
- #ifndef STAND_ALONE
- if (match_isinlist(host->name, CUSS &srv_fail_domains, 0, NULL, NULL,
- MCL_DOMAIN, TRUE, NULL) != OK)
- #endif
+#ifndef STAND_ALONE
+ if (match_isinlist(host->name, CUSS &srv_fail_domains, 0,
+ &domainlist_anchor, NULL, MCL_DOMAIN, TRUE, NULL) != OK)
+#endif
{ yield = HOST_FIND_AGAIN; goto out; }
DEBUG(D_host_lookup) debug_printf("DNS_%s treated as DNS_NODATA "
- "(domain in srv_fail_domains)\n", (rc == DNS_FAIL)? "FAIL":"AGAIN");
+ "(domain in srv_fail_domains)\n", rc == DNS_FAIL ? "FAIL":"AGAIN");
}
}
@@ -2678,8 +2678,8 @@ if (rc != DNS_SUCCEED && whichrrs & HOST_FIND_BY_MX)
DEBUG(D_host_lookup)
debug_printf("dnssec fail on MX for %.256s", host->name);
#ifndef STAND_ALONE
- if (match_isinlist(host->name, CUSS &mx_fail_domains, 0, NULL, NULL,
- MCL_DOMAIN, TRUE, NULL) != OK)
+ if (match_isinlist(host->name, CUSS &mx_fail_domains, 0,
+ &domainlist_anchor, NULL, MCL_DOMAIN, TRUE, NULL) != OK)
{ yield = HOST_FIND_SECURITY; goto out; }
#endif
rc = DNS_FAIL;
@@ -2688,8 +2688,8 @@ if (rc != DNS_SUCCEED && whichrrs & HOST_FIND_BY_MX)
case DNS_FAIL:
case DNS_AGAIN:
#ifndef STAND_ALONE
- if (match_isinlist(host->name, CUSS &mx_fail_domains, 0, NULL, NULL,
- MCL_DOMAIN, TRUE, NULL) != OK)
+ if (match_isinlist(host->name, CUSS &mx_fail_domains, 0,
+ &domainlist_anchor, NULL, MCL_DOMAIN, TRUE, NULL) != OK)
#endif
{ yield = HOST_FIND_AGAIN; goto out; }
DEBUG(D_host_lookup) debug_printf("DNS_%s treated as DNS_NODATA "
diff --git a/src/src/readconf.c b/src/src/readconf.c
index 7f808de..fb9164c 100644
--- a/src/src/readconf.c
+++ b/src/src/readconf.c
@@ -3350,10 +3350,11 @@ but if that yields an unqualified value, make a FQDN by using gethostbyname to
canonize it. Some people like upper case letters in their host names, so we
don't force the case. */
-if (primary_hostname == NULL)
+if (!primary_hostname)
{
- const uschar *hostname;
+ const uschar * hostname;
struct utsname uts;
+
if (uname(&uts) < 0)
log_write(0, LOG_MAIN|LOG_PANIC_DIE, "uname() failed to yield host name");
hostname = US uts.nodename;
@@ -3363,33 +3364,29 @@ if (primary_hostname == NULL)
int af = AF_INET;
struct hostent *hostdata;
- #if HAVE_IPV6
- if (!disable_ipv6 && (dns_ipv4_lookup == NULL ||
- match_isinlist(hostname, CUSS &dns_ipv4_lookup, 0, NULL, NULL,
+#if HAVE_IPV6
+ if ( !disable_ipv6
+ && ( !dns_ipv4_lookup
+ || match_isinlist(hostname, CUSS &dns_ipv4_lookup, 0, NULL, NULL,
MCL_DOMAIN, TRUE, NULL) != OK))
af = AF_INET6;
- #else
- af = AF_INET;
- #endif
+#endif
for (;;)
{
- #if HAVE_IPV6
- #if HAVE_GETIPNODEBYNAME
+#if HAVE_IPV6
+# if HAVE_GETIPNODEBYNAME
int error_num;
hostdata = getipnodebyname(CS hostname, af, 0, &error_num);
#else
hostdata = gethostbyname2(CS hostname, af);
- #endif
- #else
+# endif
+#else
hostdata = gethostbyname(CS hostname);
- #endif
+#endif
- if (hostdata != NULL)
- {
- hostname = US hostdata->h_name;
- break;
- }
+ if (hostdata)
+ { hostname = US hostdata->h_name; break; }
if (af == AF_INET) break;
af = AF_INET;
