Gitweb:
https://git.exim.org/exim.git/commitdiff/1e32c64d1c2cc8cd6e26a489d47ceff350587669
Commit: 1e32c64d1c2cc8cd6e26a489d47ceff350587669
Parent: 625b98df85c27b72703c4bb7eff7a7f43a0fe3c8
Author: Jeremy Harris <jgh146exb@???>
AuthorDate: Sun Sep 1 17:25:35 2024 +0100
Committer: Jeremy Harris <jgh146exb@???>
CommitDate: Sun Sep 1 18:33:18 2024 +0100
Fix multi-method query-style lookup quoters
Broken-by: ac8aeb5485a8
---
src/src/lookupapi.h | 1 +
src/src/lookups/testdb.c | 49 +++++++++++++++++++++++++++++++++++++++----
src/src/search.c | 7 +++----
src/src/store.c | 14 +++++++------
src/src/store.h | 2 +-
test/confs/3213 | 2 +-
test/runtest | 1 -
test/scripts/3200-testdb/3200 | 12 +++++++++++
test/stderr/2610 | 12 +++++++----
test/stderr/2620 | 6 ++++--
test/stderr/3200 | 1 +
test/stdout/3200 | 11 +++++++++-
12 files changed, 94 insertions(+), 24 deletions(-)
diff --git a/src/src/lookupapi.h b/src/src/lookupapi.h
index af7bd51f6..524a2fc1d 100644
--- a/src/src/lookupapi.h
+++ b/src/src/lookupapi.h
@@ -7,6 +7,7 @@
/* See the file NOTICE for conditions of use and distribution. */
/* SPDX-License-Identifier: GPL-2.0-or-later */
+#define LOOKUPAPI_H
/* The "type" field in each item is a set of bit flags:
diff --git a/src/src/lookups/testdb.c b/src/src/lookups/testdb.c
index 8de7090b7..2319291d5 100644
--- a/src/src/lookups/testdb.c
+++ b/src/src/lookups/testdb.c
@@ -61,6 +61,17 @@ return OK;
}
+/* Don't actually alter the string; just copy to quoted-pool memory */
+
+static uschar *
+testdb_quote(uschar * s, uschar * opt, unsigned idx)
+{
+int len = Ustrlen(s) + 1;
+uschar * quoted = store_get_quoted(len, s, idx, US"testdb");
+memcpy(quoted, s, len);
+return quoted;
+}
+
/*************************************************
* Version reporting entry point *
*************************************************/
@@ -79,7 +90,7 @@ return g;
}
-static lookup_info _lookup_info = {
+static lookup_info testdb_lookup_info = {
.name = US"testdb", /* lookup name */
.type = lookup_querystyle, /* query-style lookup */
.open = testdb_open, /* open function */
@@ -87,7 +98,31 @@ static lookup_info _lookup_info = {
.find = testdb_find, /* find function */
.close = NULL, /* no close function */
.tidy = NULL, /* no tidy function */
- .quote = NULL, /* no quoting function */
+ .quote = testdb_quote, /* quoting function */
+ .version_report = testdb_version_report /* version reporting */
+};
+
+static lookup_info testdb2_lookup_info = {
+ .name = US"testdb2", /* lookup name */
+ .type = lookup_querystyle, /* query-style lookup */
+ .open = testdb_open, /* open function */
+ .check = NULL, /* check function */
+ .find = testdb_find, /* find function */
+ .close = NULL, /* no close function */
+ .tidy = NULL, /* no tidy function */
+ .quote = testdb_quote, /* same quoting function */
+ .version_report = testdb_version_report /* version reporting */
+};
+
+static lookup_info testdb3_lookup_info = {
+ .name = US"testdb_nq", /* lookup name */
+ .type = lookup_querystyle, /* query-style lookup */
+ .open = testdb_open, /* open function */
+ .check = NULL, /* check function */
+ .find = testdb_find, /* find function */
+ .close = NULL, /* no close function */
+ .tidy = NULL, /* no tidy function */
+ .quote = NULL, /* NO quoting function */
.version_report = testdb_version_report /* version reporting */
};
@@ -95,7 +130,13 @@ static lookup_info _lookup_info = {
#define testdb_lookup_module_info _lookup_module_info
#endif
-static lookup_info *_lookup_list[] = { &_lookup_info };
-lookup_module_info testdb_lookup_module_info = { LOOKUP_MODULE_INFO_MAGIC, _lookup_list, 1 };
+static lookup_info *_lookup_list[] = {
+ &testdb_lookup_info,
+ &testdb2_lookup_info,
+ &testdb3_lookup_info
+};
+
+lookup_module_info testdb_lookup_module_info = {
+ LOOKUP_MODULE_INFO_MAGIC, _lookup_list, 3 };
/* End of lookups/testdb.c */
diff --git a/src/src/search.c b/src/src/search.c
index ad55e8780..981c1a73d 100644
--- a/src/src/search.c
+++ b/src/src/search.c
@@ -536,7 +536,6 @@ search_cache * c = (search_cache *)(t->data.ptr);
const lookup_info * li = c->li;
expiring_data * e = NULL; /* compiler quietening */
uschar * data = NULL;
-int required_quoter_id = li->acq_num;
int old_pool = store_pool;
/* Lookups that return DEFER may not always set an error message. So that
@@ -603,7 +602,7 @@ else
*/
if ( !filename && li->quote
- && is_tainted(keystring) && !is_quoted_like(keystring, required_quoter_id))
+ && is_tainted(keystring) && !is_quoted_like(keystring, li))
{
const uschar * ks = keystring;
uschar * loc = acl_current_verb();
@@ -638,8 +637,8 @@ else
const uschar * quoter_name;
int q = quoter_for_address(ks, "er_name);
- debug_printf_indent("required_quoter_id %d (%s) quoting %d (%s)\n",
- required_quoter_id, li->name,
+ debug_printf_indent("required_quoter_id (%s) quoting %d (%s)\n",
+ li->name,
q, quoter_name);
}
#endif
diff --git a/src/src/store.c b/src/src/store.c
index 4824b5c54..a609e5c61 100644
--- a/src/src/store.c
+++ b/src/src/store.c
@@ -659,20 +659,22 @@ found:
There is extra complexity to handle lookup providers with multiple
find variants but shared quote functions. */
BOOL
-is_quoted_like(const void * p, unsigned quoter)
+is_quoted_like(const void * p, const void * v_q_li)
{
-const uschar * p_name, * q_name = NULL;
-const lookup_info * p_li, * q_li;
+const uschar * p_name;
+const lookup_info * p_li, * q_li = v_q_li;
void * p_qfn, * q_qfn;
(void) quoter_for_address(p, &p_name);
-(void) pool_for_quoter(quoter, &q_name);
-if (!p_name || !q_name) return FALSE;
+if (!p_name)
+ {
+ DEBUG(D_any) debug_printf("No quoter name for addr\n");
+ return FALSE;
+ }
p_li = search_findtype(p_name, Ustrlen(p_name));
p_qfn = p_li ? p_li->quote : NULL;
-q_li = search_findtype(q_name, Ustrlen(q_name));
q_qfn = q_li ? q_li->quote : NULL;
BOOL y = p_qfn == q_qfn;
diff --git a/src/src/store.h b/src/src/store.h
index f088647f1..e54d45fc0 100644
--- a/src/src/store.h
+++ b/src/src/store.h
@@ -83,7 +83,7 @@ extern rmark store_reset_3(rmark, const char *, int);
#define GET_TAINTED (const void *)1
extern int quoter_for_address(const void *, const uschar **);
-extern BOOL is_quoted_like(const void *, unsigned);
+extern BOOL is_quoted_like(const void *, const void *);
extern BOOL is_real_quoter(int);
extern void debug_print_taint(const void * p);
diff --git a/test/confs/3213 b/test/confs/3213
index 5752f91ed..77c0f34ef 100644
--- a/test/confs/3213
+++ b/test/confs/3213
@@ -14,7 +14,7 @@ acl_smtp_mail = check_mail
begin ACL
check_mail:
- accept senders = testdb;<$sender_address>
+ accept senders = testdb;<${quote_testdb:$sender_address}>
# End
diff --git a/test/runtest b/test/runtest
index ae227810c..70499312d 100755
--- a/test/runtest
+++ b/test/runtest
@@ -1475,7 +1475,6 @@ RESET_AFTER_EXTRA_LINE_READ:
}
# Different builds will have different lookup types included
- s/required_quoter_id \K\d+ \((\w+)\) quoting -1 \(NULL\)$/NN ($1) quoting -1 (NULL)/;
# and different numbers of lookup types result in different type-code letters,
# so convert them all to "0"
s%(?<!lsearch)[^ ](?=TESTSUITE/aux-fixed/(?:0414.list[12]|0464.domains)$)%0%;
diff --git a/test/scripts/3200-testdb/3200 b/test/scripts/3200-testdb/3200
index f5b12972d..6ea2c9865 100644
--- a/test/scripts/3200-testdb/3200
+++ b/test/scripts/3200-testdb/3200
@@ -9,3 +9,15 @@ bad default: ${lookup testdb*@{abcd}}
bad default: ${lookup testdb*{fail}}
bad default: ${lookup testdb*@{fail}}
****
+#
+exim -be
+set,t acl_m0 = expected_fail
+set,t acl_m1 = barbaz
+set,t acl_m2 = foo_2
+set,t acl_m3 = foo_3
+missing quoter: ${lookup testdb {$acl_m0}}
+proper quoter: ${lookup testdb {${quote_testdb:$acl_m1}}}
+missing (but cached): ${lookup testdb {$acl_m1}}
+shared quoter: ${lookup testdb2 {${quote_testdb:$acl_m2}}}
+quoter notreq: ${lookup testdb_nq {$acl_m3}}
+****
diff --git a/test/stderr/2610 b/test/stderr/2610
index 564fb7b11..f253cac9d 100644
--- a/test/stderr/2610
+++ b/test/stderr/2610
@@ -377,9 +377,10 @@ close MYSQL connection: 127.0.0.1:PORT_N/test/root
01:01:01 p1235 type=mysql key="select name from them where id = 'c'" opts="no_rd"
01:01:01 p1235 cached data found but wrong opts; database lookup required for select name from them where id = 'c'
01:01:01 p1235 (tainted)
+01:01:01 p1235 No quoter name for addr
01:01:01 p1235 LOG: MAIN PANIC
01:01:01 p1235 tainted search query is not properly quoted (ACL warn, TESTSUITE/test-config 26): select name from them where id = 'c'
-01:01:01 p1235 required_quoter_id NN (mysql) quoting -1 (NULL)
+01:01:01 p1235 required_quoter_id (mysql) quoting -1 (NULL)
01:01:01 p1235 MySQL query: "select name from them where id = 'c'" opts 'no_rd'
01:01:01 p1235 MYSQL using cached connection for 127.0.0.1:PORT_N/test/root
01:01:01 p1235 MYSQL: no data found
@@ -536,9 +537,10 @@ close MYSQL connection: 127.0.0.1:PORT_N/test/root
01:01:01 p1235 type=mysql key="servers=127.0.0.1::PORT_N; select name from them where id = 'c'" opts=NULL
01:01:01 p1235 database lookup required for servers=127.0.0.1::PORT_N; select name from them where id = 'c'
01:01:01 p1235 (tainted)
+01:01:01 p1235 No quoter name for addr
01:01:01 p1235 LOG: MAIN PANIC
01:01:01 p1235 tainted search query is not properly quoted (ACL warn, TESTSUITE/test-config 39): select name from them where id = 'c'
-01:01:01 p1235 required_quoter_id NN (mysql) quoting -1 (NULL)
+01:01:01 p1235 required_quoter_id (mysql) quoting -1 (NULL)
01:01:01 p1235 MySQL query: "servers=127.0.0.1::PORT_N; select name from them where id = 'c'" opts 'NULL'
01:01:01 p1235 LOG: MAIN
01:01:01 p1235 Exim configuration error in line 89 of TESTSUITE/test-config:
@@ -842,9 +844,10 @@ processing address_data
type=mysql key="select name from them where id='ph10' limit 1" opts=NULL
database lookup required for select name from them where id='ph10' limit 1
(tainted)
+No quoter name for addr
LOG: MAIN PANIC
tainted search query is not properly quoted (router r1, TESTSUITE/test-config 68): select name from them where id='ph10' limit 1
- required_quoter_id NN (mysql) quoting -1 (NULL)
+ required_quoter_id (mysql) quoting -1 (NULL)
MySQL query: "select name from them where id='ph10' limit 1" opts 'NULL'
MYSQL using cached connection for 127.0.0.1:PORT_N/test/root
creating new cache entry
@@ -886,9 +889,10 @@ appendfile transport entered
type=mysql key="select id from them where id='ph10'" opts=NULL
database lookup required for select id from them where id='ph10'
(tainted)
+No quoter name for addr
LOG: MAIN
tainted search query is not properly quoted (transport t1, TESTSUITE/test-config 82): select id from them where id='ph10'
- required_quoter_id NN (mysql) quoting -1 (NULL)
+ required_quoter_id (mysql) quoting -1 (NULL)
MySQL query: "select id from them where id='ph10'" opts 'NULL'
MYSQL new connection: host=127.0.0.1 port=PORT_N socket=NULL database=test user=root
creating new cache entry
diff --git a/test/stderr/2620 b/test/stderr/2620
index 0d42feccb..390427790 100644
--- a/test/stderr/2620
+++ b/test/stderr/2620
@@ -293,9 +293,10 @@ check set acl_m0 = ok: ${lookup pgsql {select name from the
type=pgsql key="select name from them where id = 'c'" opts=NULL
cached data found but no_rd option set; database lookup required for select name from them where id = 'c'
(tainted)
+No quoter name for addr
LOG: MAIN PANIC
tainted search query is not properly quoted (ACL warn, TESTSUITE/test-config 27): select name from them where id = 'c'
- required_quoter_id NN (pgsql) quoting -1 (NULL)
+ required_quoter_id (pgsql) quoting -1 (NULL)
PostgreSQL query: "select name from them where id = 'c'" opts 'NULL'
PGSQL using cached connection for localhost:PORT_N/test/CALLER
PGSQL: no data found
@@ -488,9 +489,10 @@ check set acl_m0 = ok: ${lookup pgsql {select name from the
type=pgsql key="select name from them where id = 'c'" opts=NULL
cached data found but no_rd option set; database lookup required for select name from them where id = 'c'
(tainted)
+No quoter name for addr
LOG: MAIN PANIC
tainted search query is not properly quoted (ACL warn, TESTSUITE/test-config 27): select name from them where id = 'c'
- required_quoter_id NN (pgsql) quoting -1 (NULL)
+ required_quoter_id (pgsql) quoting -1 (NULL)
PostgreSQL query: "select name from them where id = 'c'" opts 'NULL'
PGSQL using cached connection for localhost:PORT_N/test/CALLER
PGSQL: no data found
diff --git a/test/stderr/3200 b/test/stderr/3200
index 2f416adf5..aaff83d71 100644
--- a/test/stderr/3200
+++ b/test/stderr/3200
@@ -1 +1,2 @@
1999-03-02 09:44:33 defaults using "*" or "*@" are not permitted for lookup type "testdb*"
+1999-03-02 09:44:33 tainted search query is not properly quoted: expected_fail
diff --git a/test/stdout/3200 b/test/stdout/3200
index 04ff51884..4ad324835 100644
--- a/test/stdout/3200
+++ b/test/stdout/3200
@@ -1,3 +1,12 @@
> match_ip: 12 true
> match_ip: 13
->
\ No newline at end of file
+> > variable m0 set
+> variable m1 set
+> variable m2 set
+> variable m3 set
+> missing quoter: expected_fail
+> proper quoter: barbaz
+> missing (but cached): barbaz
+> shared quoter: foo_2
+> quoter notreq: foo_3
+>
--
## subscription configuration (requires account):
##
https://lists.exim.org/mailman3/postorius/lists/exim-cvs.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-cvs-unsubscribe@???
## Exim details at
http://www.exim.org/
## Please use the Wiki with this list -
http://wiki.exim.org/
