[exim-cvs] Docs: inbound_srs behavior for empty secret. Bug…

Αρχική Σελίδα
Delete this message
Reply to this message
Συντάκτης: Exim Git Commits Mailing List
Ημερομηνία:  
Προς: exim-cvs
Αντικείμενο: [exim-cvs] Docs: inbound_srs behavior for empty secret. Bug 3025
Gitweb: https://git.exim.org/exim.git/commitdiff/953303cf3170248dae7f284b0a55cf105a66371c
Commit:     953303cf3170248dae7f284b0a55cf105a66371c
Parent:     e2fe20104068e079266859fbe7a95fdab5d3fee2
Author:     Dean Brooks <dean@???>
AuthorDate: Sun Sep 24 19:24:38 2023 +0100
Committer:  Jeremy Harris <jgh146exb@???>
CommitDate: Sun Sep 24 19:28:23 2023 +0100


    Docs: inbound_srs behavior for empty secret.  Bug 3025


    Additional docs commentary and code-tidying by committer
---
 doc/doc-docbook/spec.xfpt | 16 +++++++++--
 src/src/expand.c          | 67 ++++++++++++++++++++++-------------------------
 2 files changed, 46 insertions(+), 37 deletions(-)


diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index 85c6d3b3b..f99f86011 100644
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -42295,18 +42295,30 @@ encoding operation.
If this value is empty the the expansion result will be empty.
The third argument should be the recipient domain of the message when
it arrived at this system.
+All arguments are expanded before use.
+
+The result of the expansion is the replacement envelope-from (return path)
+to be used.
.endlist

.cindex SRS decoding
To decode an address use this expansion condition:
.vlist
.vitem &*inbound_srs&~{*&<&'local&~part'&>&*}{*&<&'secret'&>&*}*&
-The first argument should be the recipient local prt as is was received.
+The first argument should be the recipient local part as it was received.
The second argument is the site secret.
+Both arguments are expanded before use.

If the messages is not for an SRS-encoded recipient the condition will
-return false. If it is, the condition will return true and the variable
+return false.
+If it is, the condition will return true and the variable
&$srs_recipient$& will be set to the decoded (original) value.
+
+.new
+If the second argument is empty then the condition returns true if
+the first argument is in valid SRS formet, else false.
+The variable &$srs_recipient$& is not set for this case.
+.wen
.endlist

 Example usage:
diff --git a/src/src/expand.c b/src/src/expand.c
index aa8bfe643..bcfa60fb6 100644
--- a/src/src/expand.c
+++ b/src/src/expand.c
@@ -3583,53 +3583,50 @@ switch(cond_type = identify_operator(&s, &opname))
     /* If a zero-length secret was given, we're done.  Otherwise carry on
     and validate the given SRS local_part againt our secret. */


-    if (!*sub[1])
+    if (*sub[1])
       {
-      boolvalue = TRUE;
-      goto srs_result;
-      }
+      /* check the timestamp */
+    {
+    struct timeval now;
+    uschar * ss = sub[0] + ovec[4];    /* substring 2, the timestamp */
+    long d;
+    int n;


-    /* check the timestamp */
-      {
-      struct timeval now;
-      uschar * ss = sub[0] + ovec[4];    /* substring 2, the timestamp */
-      long d;
-      int n;
+    gettimeofday(&now, NULL);
+    now.tv_sec /= 86400;            /* days since epoch */


-      gettimeofday(&now, NULL);
-      now.tv_sec /= 86400;        /* days since epoch */
+    /* Decode substring 2 from base32 to a number */


-      /* Decode substring 2 from base32 to a number */
+    for (d = 0, n = ovec[5]-ovec[4]; n; n--)
+      {
+      uschar * t = Ustrchr(base32_chars, *ss++);
+      d = d * 32 + (t - base32_chars);
+      }


-      for (d = 0, n = ovec[5]-ovec[4]; n; n--)
-    {
-    uschar * t = Ustrchr(base32_chars, *ss++);
-    d = d * 32 + (t - base32_chars);
+    if (((now.tv_sec - d) & 0x3ff) > 10)    /* days since SRS generated */
+      {
+      DEBUG(D_expand) debug_printf("SRS too old\n");
+      goto srs_result;
+      }
     }


-      if (((now.tv_sec - d) & 0x3ff) > 10)    /* days since SRS generated */
+      /* check length of substring 1, the offered checksum */
+
+      if (ovec[3]-ovec[2] != 4)
     {
-    DEBUG(D_expand) debug_printf("SRS too old\n");
+    DEBUG(D_expand) debug_printf("SRS checksum wrong size\n");
     goto srs_result;
     }
-      }
-
-    /* check length of substring 1, the offered checksum */
-
-    if (ovec[3]-ovec[2] != 4)
-      {
-      DEBUG(D_expand) debug_printf("SRS checksum wrong size\n");
-      goto srs_result;
-      }


-    /* Hash the address with our secret, and compare that computed checksum
-    with the one extracted from the arg */
+      /* Hash the address with our secret, and compare that computed checksum
+      with the one extracted from the arg */


-    hmac_md5(sub[1], srs_recipient, cksum, sizeof(cksum));
-    if (Ustrncmp(cksum, sub[0] + ovec[2], 4) != 0)
-      {
-      DEBUG(D_expand) debug_printf("SRS checksum mismatch\n");
-      goto srs_result;
+      hmac_md5(sub[1], srs_recipient, cksum, sizeof(cksum));
+      if (Ustrncmp(cksum, sub[0] + ovec[2], 4) != 0)
+    {
+    DEBUG(D_expand) debug_printf("SRS checksum mismatch\n");
+    goto srs_result;
+    }
       }
     boolvalue = TRUE;



--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-cvs.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-cvs-unsubscribe@???
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/