[exim-cvs] Re-fix live variable $value free. The inital fix…

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Exim Git Commits Mailing List
Datum:  
To: exim-cvs
Betreff: [exim-cvs] Re-fix live variable $value free. The inital fix resulted in $value from ${run...} not
Gitweb: https://git.exim.org/exim.git/commitdiff/21b172df101c2c52faf0cc56a502395451975be9
Commit:     21b172df101c2c52faf0cc56a502395451975be9
Parent:     c18090c685f592d2ae944c2d24926394937c15c2
Author:     Jeremy Harris <jgh146exb@???>
AuthorDate: Thu Aug 24 15:51:21 2023 +0100
Committer:  Jeremy Harris <jgh146exb@???>
CommitDate: Thu Aug 24 16:06:39 2023 +0100


    Re-fix live variable $value free.  The inital fix resulted in $value from ${run...} not
    being available later, which is a documented feature.


    Broken=by: cf3fecb9e873
---
 doc/doc-docbook/spec.xfpt |  1 +
 doc/doc-txt/ChangeLog     |  4 ++--
 src/src/exim.c            |  3 ++-
 test/confs/0635           |  1 +
 test/log/0635             |  1 +
 test/mail/0635.CALLER     | 13 +++++++++++++
 6 files changed, 20 insertions(+), 3 deletions(-)


diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index d0f310f57..ffb34e882 100644
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -10694,6 +10694,7 @@ shell must be invoked directly, such as with:
.code
${run{/bin/bash -c "/usr/bin/id >/tmp/id"}{yes}{yes}}
.endd
+Note that &$value$& will not persist beyond the reception of a single message.

 .vindex "&$runrc$&"
 The return code from the command is put in the variable &$runrc$&, and this
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index aa1db1dfe..948e51d73 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -170,8 +170,8 @@ JH/31 Bug 2998: Fix ${utf8clean:...} to disallow UTF-16 surrogate codepoints.
 JH/32 Fix "tls_dhparam = none" under GnuTLS.  At least with 3.7.9 this gave
       a null-indirection SIGSEGV for the receive process.


-JH/33 Fix free for live variable $value created by a ${run ...} expansion.
-      Although not seen, this could have resulted in a SIGSEGV.
+JH/33 Fix free for live variable $value created by a ${run ...} expansion during
+      -bh use.  Internal checking would spot this and take a panic.


 JH/34 Bug 3013: Fix use of $recipients within arguments for ${run...}.
       In 4.96 this would expand to empty.
diff --git a/src/src/exim.c b/src/src/exim.c
index c44c7cb1b..a96d12167 100644
--- a/src/src/exim.c
+++ b/src/src/exim.c
@@ -5779,7 +5779,7 @@ for (BOOL more = TRUE; more; )
       int start, end, domain;
       uschar * errmess;
       /* There can be multiple addresses, so EXIM_DISPLAYMAIL_MAX (tuned for 1) is too short.
-       * We'll still want to cap it to something, just in case. */
+      We'll still want to cap it to something, just in case. */
       uschar * s = string_copy_taint(
     exim_str_fail_toolong(list[i], BIG_BUFFER_SIZE, "address argument"),
     GET_TAINTED);
@@ -6114,6 +6114,7 @@ MORELOOP:
   deliver_localpart_data = deliver_domain_data =
   recipient_data = sender_data = NULL;
   acl_var_m = NULL;
+  lookup_value = NULL;                            /* Can be set by ACL */


   store_reset(reset_point);
   }
diff --git a/test/confs/0635 b/test/confs/0635
index 2b6a726d1..4aec94e13 100644
--- a/test/confs/0635
+++ b/test/confs/0635
@@ -19,6 +19,7 @@ begin acl
 check_data:
   accept logwrite = \$recipients: "$recipients"
      logwrite = run-wrapped \$recipients: "${run{/bin/echo $recipients}}"
+     logwrite = \$value after \${run...}: '$value'


# ----- Routers -----

diff --git a/test/log/0635 b/test/log/0635
index 5126c2c63..889cfa651 100644
--- a/test/log/0635
+++ b/test/log/0635
@@ -1,5 +1,6 @@
 1999-03-02 09:44:33 10HmaX-000000005vi-0000 $recipients: "CALLER@???"
 1999-03-02 09:44:33 10HmaX-000000005vi-0000 run-wrapped $recipients: "CALLER@???\n"
+1999-03-02 09:44:33 10HmaX-000000005vi-0000 $value after ${run...}: 'CALLER@???\n'
 1999-03-02 09:44:33 10HmaX-000000005vi-0000 <= someone@??? U=CALLER P=local-smtp S=sss
 1999-03-02 09:44:33 10HmaX-000000005vi-0000 => CALLER <CALLER@???> R=localuser T=local_delivery
 1999-03-02 09:44:33 10HmaX-000000005vi-0000 Completed
diff --git a/test/mail/0635.CALLER b/test/mail/0635.CALLER
new file mode 100644
index 000000000..25b61aadd
--- /dev/null
+++ b/test/mail/0635.CALLER
@@ -0,0 +1,13 @@
+From someone@??? Tue Mar 02 09:44:33 1999
+Received: from CALLER (helo=test)
+    by the.local.host.name with local-smtp (Exim x.yz)
+    (envelope-from <someone@???>)
+    id 10HmaX-000000005vi-0000
+    for CALLER@???;
+    Tue, 2 Mar 1999 09:44:33 +0000
+Message-Id: <E10HmaX-000000005vi-0000@???>
+From: someone@???
+Date: Tue, 2 Mar 1999 09:44:33 +0000
+
+This is a test message.
+


--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-cvs.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-cvs-unsubscribe@???
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/