[exim-cvs] Fixes for compilation

Inizio della pagina
Delete this message
Reply to this message
Autore: Exim Git Commits Mailing List
Data:  
To: exim-cvs
Oggetto: [exim-cvs] Fixes for compilation
Gitweb: https://git.exim.org/exim.git/commitdiff/86ddd98d63910f57b5aaacc6d77e09aa65b10b32
Commit:     86ddd98d63910f57b5aaacc6d77e09aa65b10b32
Parent:     36771878fa93a04ecf5bdd71ad3c3c380a16aa03
Author:     Jeremy Harris <jgh146exb@???>
AuthorDate: Sat Oct 31 14:36:55 2020 +0000
Committer:  Heiko Schlittermann (HS12-RIPE) <hs@???>
CommitDate: Thu May 27 21:30:32 2021 +0200


    Fixes for compilation


    (cherry picked from commit 85a90771a373aaaced64b92d7176a8a310490b9e)
    (cherry picked from commit da683a61556bbbebdffcbebf2668da58da59f898)
---
 src/exim_monitor/em_version.c |  11 +++
 src/src/exim.c                | 121 ++++++++++++-----------
 src/src/filter.c              |  30 +++---
 src/src/functions.h           |  24 ++---
 src/src/globals.h             |   1 +
 src/src/moan.c                |   3 +-
 src/src/parse.c               | 222 +++++++++++++++++++++---------------------
 src/src/readconf.c            |  10 +-
 src/src/receive.c             |  12 ++-
 src/src/rewrite.c             |  49 +++++-----
 src/src/smtp_in.c             |  54 ++++++----
 src/src/store.c               |   8 +-
 src/src/transport.c           |   9 +-
 src/src/tree.c                |   6 +-
 src/src/verify.c              |   6 +-
 15 files changed, 309 insertions(+), 257 deletions(-)


diff --git a/src/exim_monitor/em_version.c b/src/exim_monitor/em_version.c
index c5931fc..336f2ae 100644
--- a/src/exim_monitor/em_version.c
+++ b/src/exim_monitor/em_version.c
@@ -8,6 +8,17 @@

#define EM_VERSION_C

+/* Needed by macros.h */
+/* Some systems have PATH_MAX and some have MAX_PATH_LEN. */
+
+#ifndef PATH_MAX
+# ifdef MAX_PATH_LEN
+#  define PATH_MAX MAX_PATH_LEN
+# else
+#  define PATH_MAX 1024
+# endif
+#endif
+
 #include "mytypes.h"
 #include "store.h"
 #include "macros.h"
diff --git a/src/src/exim.c b/src/src/exim.c
index 1b7529c..d6f0c08 100644
--- a/src/src/exim.c
+++ b/src/src/exim.c
@@ -767,7 +767,7 @@ exim_len_fail_toolong(int itemlen, int maxlen, const char *description)
 if (itemlen <= maxlen)
   return;
 fprintf(stderr, "exim: length limit exceeded (%d > %d) for: %s\n",
-        len, maxlen, description)
+        itemlen, maxlen, description);
 exit(EXIT_FAILURE);
 }


@@ -1559,10 +1559,11 @@ Arguments:
*/

static void
-expansion_test_line(uschar * line)
+expansion_test_line(const uschar * line)
{
int len;
BOOL dummy_macexp;
+uschar * s;

 Ustrncpy(big_buffer, line, big_buffer_size);
 big_buffer[big_buffer_size-1] = '\0';
@@ -1576,7 +1577,7 @@ if (isupper(big_buffer[0]))
     printf("Defined macro '%s'\n", mlast->name);
   }
 else
-  if ((line = expand_string(big_buffer))) printf("%s\n", CS line);
+  if ((s = expand_string(big_buffer))) printf("%s\n", CS s);
   else printf("Failed: %s\n", expand_string_message);
 }


@@ -1660,10 +1661,10 @@ uschar *cmdline_syslog_name = NULL;
uschar *start_queue_run_id = NULL;
uschar *stop_queue_run_id = NULL;
uschar *expansion_test_message = NULL;
-uschar *ftest_domain = NULL;
-uschar *ftest_localpart = NULL;
-uschar *ftest_prefix = NULL;
-uschar *ftest_suffix = NULL;
+const uschar *ftest_domain = NULL;
+const uschar *ftest_localpart = NULL;
+const uschar *ftest_prefix = NULL;
+const uschar *ftest_suffix = NULL;
uschar *log_oneline = NULL;
uschar *malware_test_file = NULL;
uschar *real_sender_address;
@@ -1759,7 +1760,7 @@ if (f.running_in_test_harness)
debug_store = TRUE;

/* Protect against abusive argv[0] */
-exim_len_fail_toolong(argv[0], PATH_MAX, "argv[0]");
+exim_str_fail_toolong(argv[0], PATH_MAX, "argv[0]");

/* The C standard says that the equivalent of setlocale(LC_ALL, "C") is obeyed
at the start of a program; however, it seems that some environments do not
@@ -3284,7 +3285,7 @@ on the second character (the one after '-'), to save some effort. */

       case 'X':
     if (*argrest) badarg = TRUE;
-    else override_local_interfaces = string_copy_taint(exim_str_fail_toolong(argv[++i], 1024, "-oX", TRUE);
+    else override_local_interfaces = string_copy_taint(exim_str_fail_toolong(argv[++i], 1024, "-oX"), TRUE);
     break;


       /* -oY: Override creation of daemon notifier socket */
@@ -3421,7 +3422,10 @@ on the second character (the one after '-'), to save some effort. */



     case 'R':   /* Synonymous with -qR... */
-    receiving_message = FALSE;
+      {
+      const uschar *tainted_selectstr;
+
+      receiving_message = FALSE;


     /* -Rf:   As -R (below) but force all deliveries,
        -Rff:  Ditto, but also thaw all frozen messages,
@@ -3432,29 +3436,29 @@ on the second character (the one after '-'), to save some effort. */
     in all cases provided there are no further characters in this
     argument. */


-    if (*argrest)
-      for (int i = 0; i < nelem(rsopts); i++)
-        if (Ustrcmp(argrest, rsopts[i]) == 0)
-          {
-          if (i != 2) f.queue_run_force = TRUE;
-          if (i >= 2) f.deliver_selectstring_regex = TRUE;
-          if (i == 1 || i == 4) f.deliver_force_thaw = TRUE;
-          argrest += Ustrlen(rsopts[i]);
-          }
+      if (*argrest)
+    for (int i = 0; i < nelem(rsopts); i++)
+      if (Ustrcmp(argrest, rsopts[i]) == 0)
+        {
+        if (i != 2) f.queue_run_force = TRUE;
+        if (i >= 2) f.deliver_selectstring_regex = TRUE;
+        if (i == 1 || i == 4) f.deliver_force_thaw = TRUE;
+        argrest += Ustrlen(rsopts[i]);
+        }


     /* -R: Set string to match in addresses for forced queue run to
     pick out particular messages. */


-    /* Avoid attacks from people providing very long strings, and do so before
-    we make copies. */
-    const char *tainted_selectstr;
-    if (*argrest)
-      tainted_selectstr = argrest;
-    else if (i+1 < argc)
-      tainted_selectstr = argv[++i];
-    else
-      exim_fail("exim: string expected after -R\n");
-    deliver_selectstring = string_copy_taint(exim_str_fail_toolong(tainted_selectstr, EXIM_EMAILADDR_MAX, "-R"), TRUE);
+      /* Avoid attacks from people providing very long strings, and do so before
+      we make copies. */
+      if (*argrest)
+    tainted_selectstr = argrest;
+      else if (i+1 < argc)
+    tainted_selectstr = argv[++i];
+      else
+    exim_fail("exim: string expected after -R\n");
+      deliver_selectstring = string_copy_taint(exim_str_fail_toolong(tainted_selectstr, EXIM_EMAILADDR_MAX, "-R"), TRUE);
+      }
     break;


     /* -r: an obsolete synonym for -f (see above) */
@@ -3463,7 +3467,10 @@ on the second character (the one after '-'), to save some effort. */
     /* -S: Like -R but works on sender. */


     case 'S':   /* Synonymous with -qS... */
-    receiving_message = FALSE;
+      {
+      const uschar *tainted_selectstr;
+
+      receiving_message = FALSE;


     /* -Sf:   As -S (below) but force all deliveries,
        -Sff:  Ditto, but also thaw all frozen messages,
@@ -3474,27 +3481,27 @@ on the second character (the one after '-'), to save some effort. */
     in all cases provided there are no further characters in this
     argument. */


-    if (*argrest)
-      for (int i = 0; i < nelem(rsopts); i++)
-        if (Ustrcmp(argrest, rsopts[i]) == 0)
-          {
-          if (i != 2) f.queue_run_force = TRUE;
-          if (i >= 2) f.deliver_selectstring_sender_regex = TRUE;
-          if (i == 1 || i == 4) f.deliver_force_thaw = TRUE;
-          argrest += Ustrlen(rsopts[i]);
-          }
+      if (*argrest)
+    for (int i = 0; i < nelem(rsopts); i++)
+      if (Ustrcmp(argrest, rsopts[i]) == 0)
+        {
+        if (i != 2) f.queue_run_force = TRUE;
+        if (i >= 2) f.deliver_selectstring_sender_regex = TRUE;
+        if (i == 1 || i == 4) f.deliver_force_thaw = TRUE;
+        argrest += Ustrlen(rsopts[i]);
+        }


     /* -S: Set string to match in addresses for forced queue run to
     pick out particular messages. */


-    const char *tainted_selectstr;
-    if (*argrest)
-      tainted_selectstr = argrest;
-    else if (i+1 < argc)
-      tainted_selectstr = argv[++i];
-    else
-      exim_fail("exim: string expected after -S\n");
-    deliver_selectstring_sender = string_copy_taint(exim_str_fail_toolong(tainted_selectstr, EXIM_EMAILADDR_MAX, "-S"), TRUE);
+      if (*argrest)
+    tainted_selectstr = argrest;
+      else if (i+1 < argc)
+    tainted_selectstr = argv[++i];
+      else
+    exim_fail("exim: string expected after -S\n");
+      deliver_selectstring_sender = string_copy_taint(exim_str_fail_toolong(tainted_selectstr, EXIM_EMAILADDR_MAX, "-S"), TRUE);
+      }
     break;


     /* -Tqt is an option that is exclusively for use by the testing suite.
@@ -4555,7 +4562,7 @@ if (test_retry_arg >= 0)
   retry_config *yield;
   int basic_errno = 0;
   int more_errno = 0;
-  uschar *s1, *s2;
+  const uschar *s1, *s2;


   if (test_retry_arg >= argc)
     {
@@ -4584,7 +4591,7 @@ if (test_retry_arg >= 0)


   if (test_retry_arg < argc)
     {
-    uschar *ss = exim_str_fail_toolong(argv[test_retry_arg], EXIM_DRIVERNAME_MAX, "-brt 3rd");
+    const uschar *ss = exim_str_fail_toolong(argv[test_retry_arg], EXIM_DRIVERNAME_MAX, "-brt 3rd");
     uschar *error =
       readconf_retry_error(ss, ss + Ustrlen(ss), &basic_errno, &more_errno);
     if (error != NULL)
@@ -5068,11 +5075,15 @@ if (expansion_test)
   dns_init(FALSE, FALSE, FALSE);
   if (msg_action_arg > 0 && msg_action == MSG_LOAD)
     {
-    uschar spoolname[SPOOL_NAME_LENGTH];  /* Not big_buffer; used in spool_read_header() */
+    uschar * spoolname;
     if (!f.admin_user)
       exim_fail("exim: permission denied\n");
-    message_id = exim_str_fail_toolong(argv[msg_action_arg], MESSAGE_ID_LENGTH, "message-id");
-    (void)string_format(spoolname, sizeof(spoolname), "%s-H", message_id);
+    message_id = US exim_str_fail_toolong(argv[msg_action_arg], MESSAGE_ID_LENGTH, "message-id");
+    /* Checking the length of the ID is sufficient to validate it.
+    Get an untainted version so file opens can be done. */
+    message_id = string_copy_taint(message_id, FALSE);
+
+    spoolname = string_sprintf("%s-H", message_id);
     if ((deliver_datafile = spool_open_datafile(message_id)) < 0)
       printf ("Failed to load message datafile %s\n", message_id);
     if (spool_read_header(spoolname, TRUE, FALSE) != spool_read_OK)
@@ -5693,10 +5704,10 @@ while (more)
     {
     deliver_domain = ftest_domain ? ftest_domain : qualify_domain_recipient;
     deliver_domain_orig = deliver_domain;
-    deliver_localpart = ftest_localpart ? ftest_localpart : originator_login;
+    deliver_localpart = ftest_localpart ? US ftest_localpart : originator_login;
     deliver_localpart_orig = deliver_localpart;
-    deliver_localpart_prefix = ftest_prefix;
-    deliver_localpart_suffix = ftest_suffix;
+    deliver_localpart_prefix = US ftest_prefix;
+    deliver_localpart_suffix = US ftest_suffix;
     deliver_home = originator_home;


     if (!return_path)
diff --git a/src/src/filter.c b/src/src/filter.c
index 3897ae0..3f9f750 100644
--- a/src/src/filter.c
+++ b/src/src/filter.c
@@ -51,7 +51,7 @@ typedef struct condition_block {
 /* Miscellaneous other declarations */


 static uschar **error_pointer;
-static uschar *log_filename;
+static const uschar *log_filename;
 static int  filter_options;
 static int  line_number;
 static int  expect_endif;
@@ -1668,7 +1668,7 @@ Returns:      FF_DELIVERED     success, a significant action was taken
 static int
 interpret_commands(filter_cmd *commands, address_item **generated)
 {
-uschar *s;
+const uschar *s;
 int mode;
 address_item *addr;
 BOOL condition_value;
@@ -1677,7 +1677,7 @@ while (commands)
   {
   int ff_ret;
   uschar *fmsg, *ff_name;
-  uschar *expargs[MAILARGS_STRING_COUNT];
+  const uschar *expargs[MAILARGS_STRING_COUNT];


int i, n[2];

@@ -1709,7 +1709,7 @@ while (commands)
     case add_command:
       for (i = 0; i < 2; i++)
     {
-    uschar *ss = expargs[i];
+    const uschar *ss = expargs[i];
     uschar *end;


     if (i == 1 && (*ss++ != 'n' || ss[1] != 0))
@@ -1806,9 +1806,8 @@ while (commands)
     af_ignore_error flag if necessary, and the errors address, which can be
     set in a system filter and to the local address in user filters. */


-    addr = deliver_make_addr(expargs[0], TRUE);  /* TRUE => copy s */
-    addr->prop.errors_address = (s == NULL)?
-      s : string_copy(s);                        /* Default is NULL */
+    addr = deliver_make_addr(US expargs[0], TRUE);  /* TRUE => copy s, so deconst ok */
+    addr->prop.errors_address = !s ? NULL : string_copy(s); /* Default is NULL */
     if (commands->noerror) addr->prop.ignore_error = TRUE;
     addr->next = *generated;
     *generated = addr;
@@ -1848,7 +1847,7 @@ while (commands)
     af_pfr and af_file flags, the af_ignore_error flag if necessary, and the
     mode value. */


-    addr = deliver_make_addr(s, TRUE);  /* TRUE => copy s */
+    addr = deliver_make_addr(US s, TRUE);  /* TRUE => copy s, so deconst ok */
     setflag(addr, af_pfr);
     setflag(addr, af_file);
     if (commands->noerror) addr->prop.ignore_error = TRUE;
@@ -1878,7 +1877,7 @@ while (commands)
     each command argument is expanded in the transport after the command
     has been split up into separate arguments. */


-    addr = deliver_make_addr(s, TRUE);  /* TRUE => copy s */
+    addr = deliver_make_addr(US s, TRUE);  /* TRUE => copy s, so deconst ok */
     setflag(addr, af_pfr);
     setflag(addr, af_expand_pipe);
     if (commands->noerror) addr->prop.ignore_error = TRUE;
@@ -2016,7 +2015,7 @@ while (commands)
     /* This setting lasts only while the filter is running; on exit, the
     variable is reset to the previous value. */


-    else headers_charset = s;
+    else headers_charset = s;    /*XXX loses track of const */
     }
       break;


@@ -2040,7 +2039,7 @@ while (commands)
       ff_ret = FF_FREEZE;


       DEFERFREEZEFAIL:
-      fmsg = expargs[0];
+      fmsg = expargs[0];        /*XXX loses track of const */
       if (Ustrlen(fmsg) > 1024) Ustrcpy(fmsg + 1000, US" ... (truncated)");
       fmsg = US string_printing(fmsg);
       *error_pointer = fmsg;
@@ -2123,7 +2122,7 @@ while (commands)
     for (i = 0; i < MAILARGS_STRING_COUNT; i++)
       {
       uschar *p;
-      uschar *s = expargs[i];
+      const uschar *s = expargs[i];


       if (s == NULL) continue;


@@ -2177,7 +2176,7 @@ while (commands)

       /* The string is OK */


-      commands->args[i].u = s;
+      commands->args[i].u = s;    /*XXX loses track of const */
       }


     /* Proceed with mail or vacation command */
@@ -2365,8 +2364,9 @@ Returns:     TRUE if the message is deemed to be personal
 BOOL
 filter_personal(string_item *aliases, BOOL scan_cc)
 {
-uschar *self, *self_from, *self_to;
-uschar *psself = NULL, *psself_from = NULL, *psself_to = NULL;
+const uschar *self, *self_from, *self_to;
+uschar *psself = NULL;
+const uschar *psself_from = NULL, *psself_to = NULL;
 rmark reset_point = store_mark();
 BOOL yield;
 header_line *h;
diff --git a/src/src/functions.h b/src/src/functions.h
index 7d6e338..06b6974 100644
--- a/src/src/functions.h
+++ b/src/src/functions.h
@@ -371,16 +371,16 @@ extern FILE   *modefopen(const uschar *, const char *, mode_t);


 extern int     open_cutthrough_connection( address_item * addr );


-extern uschar *parse_extract_address(uschar *, uschar **, int *, int *, int *,
+extern uschar *parse_extract_address(const uschar *, uschar **, int *, int *, int *,
                  BOOL);
 extern int     parse_forward_list(uschar *, int, address_item **, uschar **,
                  const uschar *, uschar *, error_block **);
 extern uschar *parse_find_address_end(uschar *, BOOL);
-extern uschar *parse_find_at(uschar *);
+extern const uschar *parse_find_at(const uschar *);
 extern const uschar *parse_fix_phrase(const uschar *, int);
-extern uschar *parse_message_id(uschar *, uschar **, uschar **);
+extern const uschar *parse_message_id(const uschar *, uschar **, uschar **);
 extern const uschar *parse_quote_2047(const uschar *, int, uschar *, BOOL);
-extern uschar *parse_date_time(uschar *str, time_t *t);
+extern const uschar *parse_date_time(const uschar *str, time_t *t);
 extern int     vaguely_random_number(int);
 #ifndef DISABLE_TLS
 extern int     vaguely_random_number_fallback(int);
@@ -408,7 +408,7 @@ extern void    readconf_driver_init(uschar *, driver_instance **,
 extern uschar *readconf_find_option(void *);
 extern void    readconf_main(BOOL);
 extern void    readconf_options_from_list(optionlist *, unsigned, const uschar *, uschar *);
-extern BOOL    readconf_print(uschar *, uschar *, BOOL);
+extern BOOL    readconf_print(const uschar *, uschar *, BOOL);
 extern uschar *readconf_printtime(int);
 extern uschar *readconf_readname(uschar *, int, uschar *);
 extern int     readconf_readtime(const uschar *, int, BOOL);
@@ -434,14 +434,14 @@ extern retry_config *retry_find_config(const uschar *, const uschar *, int, int)
 extern BOOL    retry_ultimate_address_timeout(uschar *, const uschar *,
                  dbdata_retry *, time_t);
 extern void    retry_update(address_item **, address_item **, address_item **);
-extern uschar *rewrite_address(uschar *, BOOL, BOOL, rewrite_rule *, int);
-extern uschar *rewrite_address_qualify(uschar *, BOOL);
+extern const uschar *rewrite_address(const uschar *, BOOL, BOOL, rewrite_rule *, int);
+extern const uschar *rewrite_address_qualify(const uschar *, BOOL);
 extern header_line *rewrite_header(header_line *,
                const uschar *, const uschar *,
                rewrite_rule *, int, BOOL);
-extern uschar *rewrite_one(uschar *, int, BOOL *, BOOL, uschar *,
+extern const uschar *rewrite_one(const uschar *, int, BOOL *, BOOL, uschar *,
                  rewrite_rule *);
-extern void    rewrite_test(uschar *);
+extern void    rewrite_test(const uschar *);
 extern uschar *rfc2047_decode2(uschar *, BOOL, uschar *, int, int *, int *,
                  uschar **);
 extern int     route_address(address_item *, address_item **, address_item **,
@@ -609,9 +609,9 @@ extern BOOL    transport_headers_send(transport_ctx *,
                  BOOL (*)(transport_ctx *, uschar *, int));
 extern gstring * transport_show_supported(gstring *);
 extern BOOL    transport_write_message(transport_ctx *, int);
-extern void    tree_add_duplicate(uschar *, address_item *);
-extern void    tree_add_nonrecipient(uschar *);
-extern void    tree_add_unusable(host_item *);
+extern void    tree_add_duplicate(const uschar *, address_item *);
+extern void    tree_add_nonrecipient(const uschar *);
+extern void    tree_add_unusable(const host_item *);
 extern void    tree_dup(tree_node **, tree_node *);
 extern int     tree_insertnode(tree_node **, tree_node *);
 extern tree_node *tree_search(tree_node *, const uschar *);
diff --git a/src/src/globals.h b/src/src/globals.h
index ed7cffb..4beb9d0 100644
--- a/src/src/globals.h
+++ b/src/src/globals.h
@@ -185,6 +185,7 @@ extern struct global_flags {
  BOOL   authentication_local        :1; /* TRUE if non-smtp (implicit authentication) */


  BOOL   background_daemon        :1; /* Set FALSE to keep in foreground */
+ BOOL   bdat_readers_wanted        :1; /* BDAT-handling to be pushed on readfunc stack */


  BOOL   chunking_offered        :1;
  BOOL   config_changed            :1; /* True if -C used */
diff --git a/src/src/moan.c b/src/src/moan.c
index bf5483c..1d9c5b9 100644
--- a/src/src/moan.c
+++ b/src/src/moan.c
@@ -86,7 +86,8 @@ if (h || message_id)
   fprintf(fp, "References:");
   if (h)
     {
-    uschar * s, * id, * error;
+    const uschar * s;
+    uschar * id, * error;
     uschar * referenced_ids[12];
     int reference_count = 0;


diff --git a/src/src/parse.c b/src/src/parse.c
index 8d689e8..cfc1f99 100644
--- a/src/src/parse.c
+++ b/src/src/parse.c
@@ -12,7 +12,7 @@
#include "exim.h"


-static uschar *last_comment_position;
+static const uschar *last_comment_position;



@@ -143,21 +143,21 @@ Argument: pointer to an address, possibly unqualified
Returns: pointer to the last @ in an address, or NULL if none
*/

-uschar *
-parse_find_at(uschar *s)
+const uschar *
+parse_find_at(const uschar *s)
 {
-uschar *t = s + Ustrlen(s);
+const uschar * t = s + Ustrlen(s);
 while (--t >= s)
-  {
   if (*t == '@')
     {
     int backslash_count = 0;
-    uschar *tt = t - 1;
+    const uschar *tt = t - 1;
     while (tt > s && *tt-- == '\\') backslash_count++;
     if ((backslash_count & 1) == 0) return t;
     }
-  else if (*t == '\"') return NULL;
-  }
+  else if (*t == '\"')
+    return NULL;
+
 return NULL;
 }


@@ -191,8 +191,8 @@ Argument: current character pointer
Returns: new character pointer
*/

-static uschar *
-skip_comment(uschar *s)
+static const uschar *
+skip_comment(const uschar *s)
 {
 last_comment_position = s;
 while (*s)
@@ -232,8 +232,8 @@ Arguments:
 Returns:     new character pointer
 */


-static uschar *
-read_domain(uschar *s, uschar *t, uschar **errorptr)
+static const uschar *
+read_domain(const uschar *s, uschar *t, uschar **errorptr)
{
uschar *tt = t;
s = skip_comment(s);
@@ -406,8 +406,8 @@ Arguments:
Returns: new character pointer
*/

-static uschar *
-read_local_part(uschar *s, uschar *t, uschar **error, BOOL allow_null)
+static const uschar *
+read_local_part(const uschar *s, uschar *t, uschar **error, BOOL allow_null)
 {
 uschar *tt = t;
 *error = NULL;
@@ -491,8 +491,8 @@ Arguments:
 Returns:     new character pointer
 */


-static uschar *
-read_route(uschar *s, uschar *t, uschar **errorptr)
+static const uschar *
+read_route(const uschar *s, uschar *t, uschar **errorptr)
 {
 BOOL commas = FALSE;
 *errorptr = NULL;
@@ -545,8 +545,8 @@ Arguments:
 Returns:     new character pointer
 */


-static uschar *
-read_addr_spec(uschar *s, uschar *t, int term, uschar **errorptr,
+static const uschar *
+read_addr_spec(const uschar *s, uschar *t, int term, uschar **errorptr,
   uschar **domainptr)
 {
 s = read_local_part(s, t, errorptr, FALSE);
@@ -616,12 +616,12 @@ Returns:      points to the extracted address, or NULL on error
 #define FAILED(s) { *errorptr = s; goto PARSE_FAILED; }


uschar *
-parse_extract_address(uschar *mailbox, uschar **errorptr, int *start, int *end,
+parse_extract_address(const uschar *mailbox, uschar **errorptr, int *start, int *end,
int *domain, BOOL allow_null)
{
uschar *yield = store_get(Ustrlen(mailbox) + 1, is_tainted(mailbox));
-uschar *startptr, *endptr;
-uschar *s = US mailbox;
+const uschar *startptr, *endptr;
+const uschar *s = US mailbox;
uschar *t = US yield;

*domain = 0;
@@ -986,7 +986,7 @@ if (i < len)

if (!len)
{
- return string_copy_taint_function("", is_tainted(phrase));
+ return string_copy_taint(US"", is_tainted(phrase));
}

 buffer = store_get(len*4, is_tainted(phrase));
@@ -1595,7 +1595,7 @@ for (;;)
   else
     {
     int start, end, domain;
-    uschar *recipient = NULL;
+    const uschar *recipient = NULL;
     int save = s[len];
     s[len] = 0;


@@ -1691,8 +1691,8 @@ for (;;)
       recipient = ((options & RDO_REWRITE) != 0)?
         rewrite_address(recipient, TRUE, FALSE, global_rewrite_rules,
           rewrite_existflags) :
-        rewrite_address_qualify(recipient, TRUE);
-      addr = deliver_make_addr(recipient, TRUE);  /* TRUE => copy recipient */
+        rewrite_address_qualify(recipient, TRUE);    /*XXX loses track of const */
+      addr = deliver_make_addr(US recipient, TRUE);  /* TRUE => copy recipient, so deconst ok */
       }


     /* Restore the final character in the original data, and add to the
@@ -1726,8 +1726,8 @@ Arguments:
 Returns:       points after the processed message-id or NULL on error
 */


-uschar *
-parse_message_id(uschar *str, uschar **yield, uschar **error)
+const uschar *
+parse_message_id(const uschar *str, uschar **yield, uschar **error)
{
uschar *domain = NULL;
uschar *id;
@@ -1767,8 +1767,7 @@ while (*id) id++;
*id++ = 0;
store_release_above(id);

-str = skip_comment(str);
-return str;
+return skip_comment(str);
}


@@ -1786,16 +1785,16 @@ Arguments:
 Returns:       points after the processed date or NULL on error
 */


-static uschar *
-parse_number(uschar *str, int *n, int digits)
+static const uschar *
+parse_number(const uschar *str, int *n, int digits)
 {
-  *n=0;
-  while (digits--)
+*n=0;
+while (digits--)
   {
-    if (*str<'0' || *str>'9') return NULL;
-    *n=10*(*n)+(*str++-'0');
+  if (*str<'0' || *str>'9') return NULL;
+  *n=10*(*n)+(*str++-'0');
   }
-  return str;
+return str;
 }



@@ -1812,8 +1811,8 @@ Arguments:
 Returns:       points after the parsed day or NULL on error
 */


-static uschar *
-parse_day_of_week(uschar *str)
+static const uschar *
+parse_day_of_week(const uschar * str)
 {
 /*
 day-of-week     =       ([FWS] day-name) / obs-day-of-week
@@ -1828,17 +1827,16 @@ static const uschar *day_name[7]={ US"mon", US"tue", US"wed", US"thu", US"fri",
 int i;
 uschar day[4];


-str=skip_comment(str);
-for (i=0; i<3; ++i)
+str = skip_comment(str);
+for (i = 0; i < 3; ++i)
{
- if ((day[i]=tolower(*str))=='\0') return NULL;
+ if ((day[i] = tolower(*str)) == '\0') return NULL;
++str;
}
-day[3]='\0';
-for (i=0; i<7; ++i) if (Ustrcmp(day,day_name[i])==0) break;
-if (i==7) return NULL;
-str=skip_comment(str);
-return str;
+day[3] = '\0';
+for (i = 0; i<7; ++i) if (Ustrcmp(day,day_name[i]) == 0) break;
+if (i == 7) return NULL;
+return skip_comment(str);
}


@@ -1858,8 +1856,8 @@ Arguments:
 Returns:       points after the processed date or NULL on error
 */


-static uschar *
-parse_date(uschar *str, int *d, int *m, int *y)
+static const uschar *
+parse_date(const uschar *str, int *d, int *m, int *y)
 {
 /*
 date            =       day month year
@@ -1881,36 +1879,39 @@ day             =       ([FWS] 1*2DIGIT) / obs-day
 obs-day         =       [CFWS] 1*2DIGIT [CFWS]
 */


-uschar *c,*n;
+const uschar * s, * n;
static const uschar *month_name[]={ US"jan", US"feb", US"mar", US"apr", US"may", US"jun", US"jul", US"aug", US"sep", US"oct", US"nov", US"dec" };
int i;
uschar month[4];

-str=skip_comment(str);
-if ((str=parse_number(str,d,1))==NULL) return NULL;
-if (*str>='0' && *str<='9') *d=10*(*d)+(*str++-'0');
-c=skip_comment(str);
-if (c==str) return NULL;
-else str=c;
-for (i=0; i<3; ++i) if ((month[i]=tolower(*(str+i)))=='\0') return NULL;
-month[3]='\0';
-for (i=0; i<12; ++i) if (Ustrcmp(month,month_name[i])==0) break;
-if (i==12) return NULL;
+str = skip_comment(str);
+if ((str = parse_number(str,d,1)) == NULL) return NULL;
+
+if (*str>='0' && *str<='9') *d = 10*(*d)+(*str++-'0');
+s = skip_comment(str);
+if (s == str) return NULL;
+str = s;
+
+for (i = 0; i<3; ++i) if ((month[i]=tolower(*(str+i))) == '\0') return NULL;
+month[3] = '\0';
+for (i = 0; i<12; ++i) if (Ustrcmp(month,month_name[i]) == 0) break;
+if (i == 12) return NULL;
 str+=3;
-*m=i;
-c=skip_comment(str);
-if (c==str) return NULL;
-else str=c;
-if ((n=parse_number(str,y,4)))
+*m = i;
+s = skip_comment(str);
+if (s == str) return NULL;
+str=s;
+
+if ((n = parse_number(str,y,4)))
   {
-  str=n;
+  str = n;
   if (*y<1900) return NULL;
-  *y=*y-1900;
+  *y = *y-1900;
   }
-else if ((n=parse_number(str,y,2)))
+else if ((n = parse_number(str,y,2)))
   {
-  str=skip_comment(n);
-  while (*(str-1)==' ' || *(str-1)=='\t') --str; /* match last FWS later */
+  str = skip_comment(n);
+  while (*(str-1) == ' ' || *(str-1) == '\t') --str; /* match last FWS later */
   if (*y<50) *y+=100;
   }
 else return NULL;
@@ -1935,8 +1936,8 @@ Arguments:
 Returns:       points after the processed time or NULL on error
 */


-static uschar *
-parse_time(uschar *str, int *h, int *m, int *s, int *z)
+static const uschar *
+parse_time(const uschar *str, int *h, int *m, int *s, int *z)
 {
 /*
 time            =       time-of-day FWS zone
@@ -1971,61 +1972,61 @@ obs-zone        =       "UT" / "GMT" /          ; Universal Time
                         %d107-122               ; upper and lower case
 */


-uschar *c;
+const uschar * c;

-str=skip_comment(str);
-if ((str=parse_number(str,h,2))==NULL) return NULL;
-str=skip_comment(str);
+str = skip_comment(str);
+if ((str = parse_number(str,h,2)) == NULL) return NULL;
+str = skip_comment(str);
if (*str!=':') return NULL;
++str;
-str=skip_comment(str);
-if ((str=parse_number(str,m,2))==NULL) return NULL;
-c=skip_comment(str);
-if (*str==':')
+str = skip_comment(str);
+if ((str = parse_number(str,m,2)) == NULL) return NULL;
+c = skip_comment(str);
+if (*str == ':')
{
++str;
- str=skip_comment(str);
- if ((str=parse_number(str,s,2))==NULL) return NULL;
- c=skip_comment(str);
+ str = skip_comment(str);
+ if ((str = parse_number(str,s,2)) == NULL) return NULL;
+ c = skip_comment(str);
}
-if (c==str) return NULL;
+if (c == str) return NULL;
else str=c;
-if (*str=='+' || *str=='-')
+if (*str == '+' || *str == '-')
{
int neg;

- neg=(*str=='-');
+ neg = (*str == '-');
++str;
- if ((str=parse_number(str,z,4))==NULL) return NULL;
- *z=(*z/100)*3600+(*z%100)*60;
- if (neg) *z=-*z;
+ if ((str = parse_number(str,z,4)) == NULL) return NULL;
+ *z = (*z/100)*3600+(*z%100)*60;
+ if (neg) *z = -*z;
}
else
{
char zone[5];
- struct { const char *name; int off; } zone_name[10]=
+ struct { const char *name; int off; } zone_name[10] =
{ {"gmt",0}, {"ut",0}, {"est",-5}, {"edt",-4}, {"cst",-6}, {"cdt",-5}, {"mst",-7}, {"mdt",-6}, {"pst",-8}, {"pdt",-7}};
int i,j;

-  for (i=0; i<4; ++i)
+  for (i = 0; i<4; ++i)
     {
-    zone[i]=tolower(*(str+i));
+    zone[i] = tolower(*(str+i));
     if (zone[i]<'a' || zone[i]>'z') break;
     }
-  zone[i]='\0';
-  for (j=0; j<10 && strcmp(zone,zone_name[j].name); ++j);
+  zone[i] = '\0';
+  for (j = 0; j<10 && strcmp(zone,zone_name[j].name); ++j);
   /* Besides zones named in the grammar, RFC 2822 says other alphabetic */
   /* time zones should be treated as unknown offsets. */
   if (j<10)
     {
-    *z=zone_name[j].off*3600;
+    *z = zone_name[j].off*3600;
     str+=i;
     }
   else if (zone[0]<'a' || zone[1]>'z') return 0;
   else
     {
     while ((*str>='a' && *str<='z') || (*str>='A' && *str<='Z')) ++str;
-    *z=0;
+    *z = 0;
     }
   }
 return str;
@@ -2045,8 +2046,8 @@ Arguments:
 Returns:       points after the processed date-time or NULL on error
 */


-uschar *
-parse_date_time(uschar *str, time_t *t)
+const uschar *
+parse_date_time(const uschar *str, time_t *t)
 {
 /*
 date-time       =       [ day-of-week "," ] date FWS time [CFWS]
@@ -2058,27 +2059,26 @@ extern char **environ;
 char **old_environ;
 static char gmt0[]="TZ=GMT0";
 static char *gmt_env[]={ gmt0, (char*)0 };
-uschar *try;
+const uschar * try;


-if ((try=parse_day_of_week(str)))
+if ((try = parse_day_of_week(str)))
{
- str=try;
+ str = try;
if (*str!=',') return 0;
++str;
}
-if ((str=parse_date(str,&tm.tm_mday,&tm.tm_mon,&tm.tm_year))==NULL) return NULL;
+if ((str = parse_date(str,&tm.tm_mday,&tm.tm_mon,&tm.tm_year)) == NULL) return NULL;
if (*str!=' ' && *str!='\t') return NULL;
-while (*str==' ' || *str=='\t') ++str;
-if ((str=parse_time(str,&tm.tm_hour,&tm.tm_min,&tm.tm_sec,&zone))==NULL) return NULL;
-tm.tm_isdst=0;
-old_environ=environ;
-environ=gmt_env;
-*t=mktime(&tm);
-environ=old_environ;
-if (*t==-1) return NULL;
+while (*str == ' ' || *str == '\t') ++str;
+if ((str = parse_time(str,&tm.tm_hour,&tm.tm_min,&tm.tm_sec,&zone)) == NULL) return NULL;
+tm.tm_isdst = 0;
+old_environ = environ;
+environ = gmt_env;
+*t = mktime(&tm);
+environ = old_environ;
+if (*t == -1) return NULL;
*t-=zone;
-str=skip_comment(str);
-return str;
+return skip_comment(str);
}


diff --git a/src/src/readconf.c b/src/src/readconf.c
index 8a7b710..8161333 100644
--- a/src/src/readconf.c
+++ b/src/src/readconf.c
@@ -1321,7 +1321,7 @@ Returns:    pointer to an option entry, or NULL if not found
 */


 static optionlist *
-find_option(uschar *name, optionlist *ol, int last)
+find_option(const uschar *name, optionlist *ol, int last)
 {
 int first = 0;
 while (last > first)
@@ -1360,7 +1360,7 @@ Returns:        a pointer to the boolean flag.
 */


 static BOOL *
-get_set_flag(uschar *name, optionlist *oltop, int last, void *data_block)
+get_set_flag(const uschar *name, optionlist *oltop, int last, void *data_block)
 {
 optionlist *ol;
 uschar name2[EXIM_DRIVERNAME_MAX];
@@ -2436,7 +2436,7 @@ Returns:         boolean success
 */


 static BOOL
-print_ol(optionlist *ol, uschar *name, void *options_block,
+print_ol(optionlist *ol, const uschar *name, void *options_block,
   optionlist *oltop, int last, BOOL no_labels)
 {
 struct passwd *pw;
@@ -2746,7 +2746,7 @@ Returns:      Boolean success
 */


BOOL
-readconf_print(uschar *name, uschar *type, BOOL no_labels)
+readconf_print(const uschar *name, uschar *type, BOOL no_labels)
{
BOOL names_only = FALSE;
optionlist *ol2 = NULL;
@@ -2885,7 +2885,7 @@ if (!type)

   else
     return print_ol(find_option(name,
-      optionlist_config, nelem(optionlist_config)),
+              optionlist_config, nelem(optionlist_config)),
       name, NULL, optionlist_config, nelem(optionlist_config), no_labels);
   }


diff --git a/src/src/receive.c b/src/src/receive.c
index 67971c3..3a3f73e 100644
--- a/src/src/receive.c
+++ b/src/src/receive.c
@@ -2129,7 +2129,8 @@ OVERSIZE:
         if (newsender)
           {
           if (domain == 0 && newsender[0] != 0)
-            newsender = rewrite_address_qualify(newsender, FALSE);
+        /* deconst ok as newsender was not const */
+            newsender = US rewrite_address_qualify(newsender, FALSE);


           if (filter_test != FTEST_NONE || receive_check_set_sender(newsender))
             {
@@ -2509,7 +2510,7 @@ if (extract_recip)
     {
     while (recipients_count-- > 0)
       {
-      uschar *s = rewrite_address(recipients_list[recipients_count].address,
+      const uschar * s = rewrite_address(recipients_list[recipients_count].address,
         TRUE, TRUE, global_rewrite_rules, rewrite_existflags);
       tree_add_nonrecipient(s);
       }
@@ -2796,8 +2797,8 @@ recipients will get here only if the conditions were right (allow_unqualified_
 recipient is TRUE). */


 for (int i = 0; i < recipients_count; i++)
-  recipients_list[i].address =
-    rewrite_address(recipients_list[i].address, TRUE, TRUE,
+  recipients_list[i].address =    /* deconst ok as src was not cont */
+    US rewrite_address(recipients_list[i].address, TRUE, TRUE,
       global_rewrite_rules, rewrite_existflags);


/* If there is no From: header, generate one for local (without
@@ -2972,7 +2973,8 @@ it has already been rewritten as part of verification for SMTP input. */

 if (global_rewrite_rules && !sender_address_unrewritten && *sender_address)
   {
-  sender_address = rewrite_address(sender_address, FALSE, TRUE,
+  /* deconst ok as src was not const */
+  sender_address = US rewrite_address(sender_address, FALSE, TRUE,
     global_rewrite_rules, rewrite_existflags);
   DEBUG(D_receive|D_rewrite)
     debug_printf("rewritten sender = %s\n", sender_address);
diff --git a/src/src/rewrite.c b/src/src/rewrite.c
index d003c6c..ab5f780 100644
--- a/src/src/rewrite.c
+++ b/src/src/rewrite.c
@@ -59,12 +59,12 @@ Arguments:
 Returns:         fully-qualified address
 */


-uschar *
-rewrite_address_qualify(uschar *s, BOOL is_recipient)
+const uschar *
+rewrite_address_qualify(const uschar *s, BOOL is_recipient)
 {
-return (parse_find_at(s) != NULL)? s :
-  string_sprintf("%s@%s", s,
-    is_recipient? qualify_domain_recipient : qualify_domain_sender);
+return parse_find_at(s)
+  ? s : string_sprintf("%s@%s", s,
+      is_recipient ? qualify_domain_recipient : qualify_domain_sender);
 }



@@ -96,12 +96,12 @@ Returns:         new address if rewritten; the input address if no change;
                  rewritten address is returned, not just the active bit.
 */


-uschar *
-rewrite_one(uschar *s, int flag, BOOL *whole, BOOL add_header, uschar *name,
+const uschar *
+rewrite_one(const uschar *s, int flag, BOOL *whole, BOOL add_header, uschar *name,
rewrite_rule *rewrite_rules)
{
-uschar *yield = s;
-uschar *subject = s;
+const uschar *yield = s;
+const uschar *subject = s;
uschar *domain = NULL;
BOOL done = FALSE;
int rule_number = 1;
@@ -119,7 +119,8 @@ for (rewrite_rule * rule = rewrite_rules;
int count = 0;
uschar *save_localpart;
const uschar *save_domain;
- uschar *error, *new, *newparsed;
+ uschar *error, *new;
+ const uschar * newparsed;

   /* Come back here for a repeat after a successful rewrite. We do this
   only so many times. */
@@ -181,7 +182,7 @@ for (rewrite_rule * rule = rewrite_rules;
     set up as an expansion variable */


     domain[-1] = 0;
-    deliver_localpart = subject;
+    deliver_localpart = US subject;
     deliver_domain = domain;


     new = expand_string(rule->replacement);
@@ -386,15 +387,16 @@ Arguments:
 Returns:         possibly rewritten address
 */


-uschar *
-rewrite_address(uschar *s, BOOL is_recipient, BOOL add_header,
+const uschar *
+rewrite_address(const uschar *s, BOOL is_recipient, BOOL add_header,
   rewrite_rule *rewrite_rules, int existflags)
 {
-int flag = is_recipient? rewrite_envto : rewrite_envfrom;
+int flag = is_recipient ? rewrite_envto : rewrite_envfrom;
+
 s = rewrite_address_qualify(s, is_recipient);
-if ((existflags & flag) != 0)
+if (existflags & flag)
   {
-  uschar *new = rewrite_one(s, flag, NULL, add_header, is_recipient?
+  const uschar *new = rewrite_one(s, flag, NULL, add_header, is_recipient?
     US"original-recipient" : US"sender", rewrite_rules);
   if (new != s) s = new;
   }
@@ -526,7 +528,8 @@ while (*s)
     {
     BOOL is_recipient =
       (flag & (rewrite_sender | rewrite_from | rewrite_replyto)) == 0;
-    new = rewrite_address_qualify(recipient, is_recipient);
+    /* deconst ok as recipient was notconst */
+    new = US rewrite_address_qualify(recipient, is_recipient);
     changed = (new != recipient);
     recipient = new;


@@ -549,7 +552,8 @@ while (*s)
   if (existflags & flag)
     {
     BOOL whole;
-    new = rewrite_one(recipient, flag, &whole, FALSE, NULL, rewrite_rules);
+    /* deconst ok as recipient was notconst */
+    new = US rewrite_one(recipient, flag, &whole, FALSE, NULL, rewrite_rules);
     if (new != recipient)
       {
       changed = TRUE;
@@ -741,7 +745,8 @@ Argument: the address to test
 Returns:  nothing
 */


-void rewrite_test(uschar *s)
+void
+rewrite_test(const uschar *s)
{
uschar *recipient, *error;
int start, end, domain;
@@ -758,8 +763,8 @@ pretending it is a sender. */

 if ((rewrite_existflags & rewrite_smtp) != 0)
   {
-  uschar *new = rewrite_one(s, rewrite_smtp|rewrite_smtp_sender, NULL, FALSE,
-    US"", global_rewrite_rules);
+  const uschar * new = rewrite_one(s, rewrite_smtp|rewrite_smtp_sender, NULL,
+    FALSE, US"", global_rewrite_rules);
   if (new != s)
     {
     if (*new == 0)
@@ -792,7 +797,7 @@ for (int i = 0; i < 8; i++)
   {
   BOOL whole = FALSE;
   int flag = 1 << i;
-  uschar *new = rewrite_one(recipient, flag, &whole, FALSE, US"",
+  const uschar * new = rewrite_one(recipient, flag, &whole, FALSE, US"",
     global_rewrite_rules);
   printf("%s: ", rrname[i]);
   if (*new == 0)
diff --git a/src/src/smtp_in.c b/src/src/smtp_in.c
index eb032bb..9ffc246 100644
--- a/src/src/smtp_in.c
+++ b/src/src/smtp_in.c
@@ -593,6 +593,11 @@ if (n > 0)
 }



+/* Forward declarations */
+static void bdat_push_receive_functions(void);
+static void bdat_pop_receive_functions(void);
+
+
/* Get a byte from the smtp input, in CHUNKING mode. Handle ack of the
previous BDAT chunk and getting new ones when we run out. Uses the
underlying smtp_getc or tls_getc both for that and for getting the
@@ -771,7 +776,7 @@ if (chunking_state != CHUNKING_LAST)
}


-void
+static void
bdat_push_receive_functions(void)
{
/* push the current receive_* function on the "stack", and
@@ -792,13 +797,15 @@ receive_getc = bdat_getc;
receive_ungetc = bdat_ungetc;
}

-void
+static void
bdat_pop_receive_functions(void)
{
receive_getc = lwr_receive_getc;
receive_getbuf = lwr_receive_getbuf;
receive_ungetc = lwr_receive_ungetc;
-lwr_receive_getc = lwr_receive_getbuf = lwr_receive_ungetc = NULL;
+lwr_receive_getc = NULL;
+lwr_receive_getbuf = NULL;
+lwr_receive_ungetc = NULL;
}

/*************************************************
@@ -2228,9 +2235,11 @@ while (done <= 0)

       /* Apply SMTP rewrite */


-      raw_sender = ((rewrite_existflags & rewrite_smtp) != 0)?
-    rewrite_one(smtp_cmd_data, rewrite_smtp|rewrite_smtp_sender, NULL, FALSE,
-      US"", global_rewrite_rules) : smtp_cmd_data;
+      raw_sender = rewrite_existflags & rewrite_smtp
+    /* deconst ok as smtp_cmd_data was not const */
+        ? US rewrite_one(smtp_cmd_data, rewrite_smtp|rewrite_smtp_sender, NULL,
+              FALSE, US"", global_rewrite_rules)
+    : smtp_cmd_data;


       /* Extract the address; the TRUE flag allows <> as valid */


@@ -2250,7 +2259,8 @@ while (done <= 0)
          && sender_address[0] != 0 && sender_address[0] != '@')
     if (f.allow_unqualified_sender)
       {
-      sender_address = rewrite_address_qualify(sender_address, FALSE);
+      /* deconst ok as sender_address was not const */
+      sender_address = US rewrite_address_qualify(sender_address, FALSE);
       DEBUG(D_receive) debug_printf("unqualified address %s accepted "
         "and rewritten\n", raw_sender);
       }
@@ -2289,7 +2299,8 @@ while (done <= 0)
       recipient address */


       recipient = rewrite_existflags & rewrite_smtp
-    ? rewrite_one(smtp_cmd_data, rewrite_smtp, NULL, FALSE, US"",
+    /* deconst ok as smtp_cmd_data was not const */
+    ? US rewrite_one(smtp_cmd_data, rewrite_smtp, NULL, FALSE, US"",
               global_rewrite_rules)
     : smtp_cmd_data;


@@ -2308,7 +2319,8 @@ while (done <= 0)
       {
       DEBUG(D_receive) debug_printf("unqualified address %s accepted\n",
         recipient);
-      recipient = rewrite_address_qualify(recipient, TRUE);
+      /* deconst ok as recipient was not const */
+      recipient = US rewrite_address_qualify(recipient, TRUE);
       }
     /* The function moan_smtp_batch() does not return. */
     else
@@ -2550,7 +2562,9 @@ receive_ungetc = smtp_ungetc;
 receive_feof = smtp_feof;
 receive_ferror = smtp_ferror;
 receive_smtp_buffered = smtp_buffered;
-lwr_receive_getc = lwr_receive_getbuf = lwr_receive_ungetc = NULL;
+lwr_receive_getc = NULL;
+lwr_receive_getbuf = NULL;
+lwr_receive_ungetc = NULL;
 smtp_inptr = smtp_inend = smtp_inbuffer;
 smtp_had_eof = smtp_had_error = 0;


@@ -3836,7 +3850,8 @@ if (f.allow_unqualified_recipient || strcmpic(*recipient, US"postmaster") == 0)
   DEBUG(D_receive) debug_printf("unqualified address %s accepted\n",
     *recipient);
   rd = Ustrlen(recipient) + 1;
-  *recipient = rewrite_address_qualify(*recipient, TRUE);
+  /* deconst ok as *recipient was not const */
+  *recipient = US rewrite_address_qualify(*recipient, TRUE);
   return rd;
   }
 smtp_printf("501 %s: recipient address must contain a domain\r\n", FALSE,
@@ -4887,7 +4902,8 @@ while (done <= 0)
       TRUE flag allows "<>" as a sender address. */


       raw_sender = rewrite_existflags & rewrite_smtp
-    ? rewrite_one(smtp_cmd_data, rewrite_smtp, NULL, FALSE, US"",
+    /* deconst ok as smtp_cmd_data was not const */
+    ? US rewrite_one(smtp_cmd_data, rewrite_smtp, NULL, FALSE, US"",
               global_rewrite_rules)
     : smtp_cmd_data;


@@ -4949,7 +4965,8 @@ while (done <= 0)
     if (f.allow_unqualified_sender)
       {
       sender_domain = Ustrlen(sender_address) + 1;
-      sender_address = rewrite_address_qualify(sender_address, FALSE);
+      /* deconst ok as sender_address was not const */
+      sender_address = US rewrite_address_qualify(sender_address, FALSE);
       DEBUG(D_receive) debug_printf("unqualified address %s accepted\n",
         raw_sender);
       }
@@ -5141,7 +5158,8 @@ while (done <= 0)
       as a recipient address */


       recipient = rewrite_existflags & rewrite_smtp
-    ? rewrite_one(smtp_cmd_data, rewrite_smtp, NULL, FALSE, US"",
+    /* deconst ok as smtp_cmd_data was not const */
+    ? US rewrite_one(smtp_cmd_data, rewrite_smtp, NULL, FALSE, US"",
         global_rewrite_rules)
     : smtp_cmd_data;


@@ -5328,7 +5346,7 @@ while (done <= 0)
     case DATA_CMD:
       HAD(SCH_DATA);
       f.dot_ends = TRUE;
-      f.bdat_readers_wanted = FALSE
+      f.bdat_readers_wanted = FALSE;


     DATA_BDAT:        /* Common code for DATA and BDAT */
 #ifndef DISABLE_PIPE_CONNECT
@@ -5399,9 +5417,6 @@ while (done <= 0)
         }
       }


-    if (f.bdat_readers_wanted)
-      bdat_push_receive_functions();
-
     if (user_msg)
       smtp_user_msg(US"354", user_msg);
     else
@@ -5409,6 +5424,9 @@ while (done <= 0)
         "354 Enter message, ending with \".\" on a line by itself\r\n", FALSE);
     }


+      if (f.bdat_readers_wanted)
+    bdat_push_receive_functions();
+
 #ifdef TCP_QUICKACK
       if (smtp_in)    /* all ACKs needed to ramp window up for bulk data */
     (void) setsockopt(fileno(smtp_in), IPPROTO_TCP, TCP_QUICKACK,
diff --git a/src/src/store.c b/src/src/store.c
index c664ad9..a038c4a 100644
--- a/src/src/store.c
+++ b/src/src/store.c
@@ -270,9 +270,11 @@ int pool = tainted ? store_pool + POOL_TAINT_BASE : store_pool;


 /* Ensure we've been asked to allocate memory.
 A negative size is a sign of a security problem.
-A zero size is also suspect (but we might have to allow it if we find our API
-expects it in some places). */
-if (size < 1)
+A zero size might be also suspect, but our internal usage deliberately
+does this to return a current watermark value for a later release of
+allocated store. */
+
+if (size < 0)
   {
   log_write(0, LOG_MAIN|LOG_PANIC_DIE,
             "bad memory allocation requested (%d bytes) at %s %d",
diff --git a/src/src/transport.c b/src/src/transport.c
index 89252ec..3d86919 100644
--- a/src/src/transport.c
+++ b/src/src/transport.c
@@ -959,11 +959,10 @@ if (!(tctx->options & topt_no_headers))


   if (tctx->options & topt_add_return_path)
     {
-    uschar buffer[EXIM_EMAILADDR_MAX + 20];
-    int n = string_format(CS buffer, sizeof(buffer),
-                          "Return-path: <%.*s>\n",
-                          EXIM_EMAILADDR_MAX, return_path);
-    if (!write_chunk(tctx, buffer, n)) goto bad;
+    int n;
+    uschar * s = string_sprintf("Return-path: <%.*s>\n%n",
+                          EXIM_EMAILADDR_MAX, return_path, &n);
+    if (!write_chunk(tctx, s, n)) goto bad;
     }


/* Add envelope-to: if requested */
diff --git a/src/src/tree.c b/src/src/tree.c
index d5a4096..e16a864 100644
--- a/src/src/tree.c
+++ b/src/src/tree.c
@@ -27,7 +27,7 @@ Returns: nothing
*/

void
-tree_add_nonrecipient(uschar *s)
+tree_add_nonrecipient(const uschar *s)
{
rmark rpoint = store_mark();
tree_node *node = store_get(sizeof(tree_node) + Ustrlen(s), is_tainted(s));
@@ -52,7 +52,7 @@ Returns: nothing
*/

 void
-tree_add_duplicate(uschar *s, address_item *addr)
+tree_add_duplicate(const uschar *s, address_item *addr)
 {
 rmark rpoint = store_mark();
 tree_node *node = store_get(sizeof(tree_node) + Ustrlen(s), is_tainted(s));
@@ -74,7 +74,7 @@ Returns:     nothing
 */


 void
-tree_add_unusable(host_item *h)
+tree_add_unusable(const host_item *h)
 {
 rmark rpoint = store_mark();
 tree_node *node;
diff --git a/src/src/verify.c b/src/src/verify.c
index 6ddff47..6e07566 100644
--- a/src/src/verify.c
+++ b/src/src/verify.c
@@ -1685,7 +1685,8 @@ if (parse_find_at(address) == NULL)
     *failure_ptr = US"qualify";
     return FAIL;
     }
-  address = rewrite_address_qualify(address, options & vopt_is_recipient);
+  /* deconst ok as address was not const */
+  address = US rewrite_address_qualify(address, options & vopt_is_recipient);
   }


 DEBUG(D_verify)
@@ -1700,7 +1701,8 @@ may have been set by domains and local part tests during an ACL. */
 if (global_rewrite_rules)
   {
   uschar *old = address;
-  address = rewrite_address(address, options & vopt_is_recipient, FALSE,
+  /* deconst ok as address was not const */
+  address = US rewrite_address(address, options & vopt_is_recipient, FALSE,
     global_rewrite_rules, rewrite_existflags);
   if (address != old)
     {