[exim-cvs] Fix multi-method query-style lookup quoters

Top Page
Delete this message
Reply to this message
Author: Exim Git Commits Mailing List
Date:  
To: exim-cvs
Subject: [exim-cvs] Fix multi-method query-style lookup quoters
Gitweb: https://git.exim.org/exim.git/commitdiff/1e32c64d1c2cc8cd6e26a489d47ceff350587669
Commit:     1e32c64d1c2cc8cd6e26a489d47ceff350587669
Parent:     625b98df85c27b72703c4bb7eff7a7f43a0fe3c8
Author:     Jeremy Harris <jgh146exb@???>
AuthorDate: Sun Sep 1 17:25:35 2024 +0100
Committer:  Jeremy Harris <jgh146exb@???>
CommitDate: Sun Sep 1 18:33:18 2024 +0100


    Fix multi-method query-style lookup quoters


    Broken-by: ac8aeb5485a8
---
 src/src/lookupapi.h           |  1 +
 src/src/lookups/testdb.c      | 49 +++++++++++++++++++++++++++++++++++++++----
 src/src/search.c              |  7 +++----
 src/src/store.c               | 14 +++++++------
 src/src/store.h               |  2 +-
 test/confs/3213               |  2 +-
 test/runtest                  |  1 -
 test/scripts/3200-testdb/3200 | 12 +++++++++++
 test/stderr/2610              | 12 +++++++----
 test/stderr/2620              |  6 ++++--
 test/stderr/3200              |  1 +
 test/stdout/3200              | 11 +++++++++-
 12 files changed, 94 insertions(+), 24 deletions(-)


diff --git a/src/src/lookupapi.h b/src/src/lookupapi.h
index af7bd51f6..524a2fc1d 100644
--- a/src/src/lookupapi.h
+++ b/src/src/lookupapi.h
@@ -7,6 +7,7 @@
/* See the file NOTICE for conditions of use and distribution. */
/* SPDX-License-Identifier: GPL-2.0-or-later */

+#define LOOKUPAPI_H

/* The "type" field in each item is a set of bit flags:

diff --git a/src/src/lookups/testdb.c b/src/src/lookups/testdb.c
index 8de7090b7..2319291d5 100644
--- a/src/src/lookups/testdb.c
+++ b/src/src/lookups/testdb.c
@@ -61,6 +61,17 @@ return OK;
}


+/* Don't actually alter the string; just copy to quoted-pool memory */
+
+static uschar *
+testdb_quote(uschar * s, uschar * opt, unsigned idx)
+{
+int len = Ustrlen(s) + 1;
+uschar * quoted = store_get_quoted(len, s, idx, US"testdb");
+memcpy(quoted, s, len);
+return quoted;
+}
+
 /*************************************************
 *         Version reporting entry point          *
 *************************************************/
@@ -79,7 +90,7 @@ return g;
 }



-static lookup_info _lookup_info = {
+static lookup_info testdb_lookup_info = {
   .name = US"testdb",            /* lookup name */
   .type = lookup_querystyle,        /* query-style lookup */
   .open = testdb_open,            /* open function */
@@ -87,7 +98,31 @@ static lookup_info _lookup_info = {
   .find = testdb_find,            /* find function */
   .close = NULL,            /* no close function */
   .tidy = NULL,                /* no tidy function */
-  .quote = NULL,            /* no quoting function */
+  .quote = testdb_quote,        /* quoting function */
+  .version_report = testdb_version_report          /* version reporting */
+};
+
+static lookup_info testdb2_lookup_info = {
+  .name = US"testdb2",            /* lookup name */
+  .type = lookup_querystyle,        /* query-style lookup */
+  .open = testdb_open,            /* open function */
+  .check = NULL,            /* check function */
+  .find = testdb_find,            /* find function */
+  .close = NULL,            /* no close function */
+  .tidy = NULL,                /* no tidy function */
+  .quote = testdb_quote,        /* same quoting function */
+  .version_report = testdb_version_report          /* version reporting */
+};
+
+static lookup_info testdb3_lookup_info = {
+  .name = US"testdb_nq",        /* lookup name */
+  .type = lookup_querystyle,        /* query-style lookup */
+  .open = testdb_open,            /* open function */
+  .check = NULL,            /* check function */
+  .find = testdb_find,            /* find function */
+  .close = NULL,            /* no close function */
+  .tidy = NULL,                /* no tidy function */
+  .quote = NULL,            /* NO quoting function */
   .version_report = testdb_version_report          /* version reporting */
 };


@@ -95,7 +130,13 @@ static lookup_info _lookup_info = {
#define testdb_lookup_module_info _lookup_module_info
#endif

-static lookup_info *_lookup_list[] = { &_lookup_info };
-lookup_module_info testdb_lookup_module_info = { LOOKUP_MODULE_INFO_MAGIC, _lookup_list, 1 };
+static lookup_info *_lookup_list[] = {
+ &testdb_lookup_info,
+ &testdb2_lookup_info,
+ &testdb3_lookup_info
+};
+
+lookup_module_info testdb_lookup_module_info = {
+ LOOKUP_MODULE_INFO_MAGIC, _lookup_list, 3 };

 /* End of lookups/testdb.c */
diff --git a/src/src/search.c b/src/src/search.c
index ad55e8780..981c1a73d 100644
--- a/src/src/search.c
+++ b/src/src/search.c
@@ -536,7 +536,6 @@ search_cache * c = (search_cache *)(t->data.ptr);
 const lookup_info * li = c->li;
 expiring_data * e = NULL;    /* compiler quietening */
 uschar * data = NULL;
-int required_quoter_id = li->acq_num;
 int old_pool = store_pool;


/* Lookups that return DEFER may not always set an error message. So that
@@ -603,7 +602,7 @@ else
*/

   if (  !filename && li->quote
-     && is_tainted(keystring) && !is_quoted_like(keystring, required_quoter_id))
+     && is_tainted(keystring) && !is_quoted_like(keystring, li))
     {
     const uschar * ks = keystring;
     uschar * loc = acl_current_verb();
@@ -638,8 +637,8 @@ else
       const uschar * quoter_name;
       int q = quoter_for_address(ks, &quoter_name);


-      debug_printf_indent("required_quoter_id %d (%s) quoting %d (%s)\n",
-    required_quoter_id, li->name,
+      debug_printf_indent("required_quoter_id (%s) quoting %d (%s)\n",
+    li->name,
     q, quoter_name);
       }
 #endif
diff --git a/src/src/store.c b/src/src/store.c
index 4824b5c54..a609e5c61 100644
--- a/src/src/store.c
+++ b/src/src/store.c
@@ -659,20 +659,22 @@ found:
 There is extra complexity to handle lookup providers with multiple
 find variants but shared quote functions. */
 BOOL
-is_quoted_like(const void * p, unsigned quoter)
+is_quoted_like(const void * p, const void * v_q_li)
 {
-const uschar * p_name, * q_name = NULL;
-const lookup_info * p_li, * q_li;
+const uschar * p_name;
+const lookup_info * p_li, * q_li = v_q_li;
 void * p_qfn, * q_qfn;


(void) quoter_for_address(p, &p_name);
-(void) pool_for_quoter(quoter, &q_name);

-if (!p_name || !q_name) return FALSE;
+if (!p_name)
+ {
+ DEBUG(D_any) debug_printf("No quoter name for addr\n");
+ return FALSE;
+ }

p_li = search_findtype(p_name, Ustrlen(p_name));
p_qfn = p_li ? p_li->quote : NULL;
-q_li = search_findtype(q_name, Ustrlen(q_name));
q_qfn = q_li ? q_li->quote : NULL;

 BOOL y = p_qfn == q_qfn;
diff --git a/src/src/store.h b/src/src/store.h
index f088647f1..e54d45fc0 100644
--- a/src/src/store.h
+++ b/src/src/store.h
@@ -83,7 +83,7 @@ extern rmark   store_reset_3(rmark, const char *, int);
 #define GET_TAINTED    (const void *)1


 extern int    quoter_for_address(const void *, const uschar **);
-extern BOOL    is_quoted_like(const void *, unsigned);
+extern BOOL    is_quoted_like(const void *, const void *);
 extern BOOL    is_real_quoter(int);
 extern void    debug_print_taint(const void * p);


diff --git a/test/confs/3213 b/test/confs/3213
index 5752f91ed..77c0f34ef 100644
--- a/test/confs/3213
+++ b/test/confs/3213
@@ -14,7 +14,7 @@ acl_smtp_mail = check_mail
begin ACL

check_mail:
- accept senders = testdb;<$sender_address>
+ accept senders = testdb;<${quote_testdb:$sender_address}>


 # End
diff --git a/test/runtest b/test/runtest
index ae227810c..70499312d 100755
--- a/test/runtest
+++ b/test/runtest
@@ -1475,7 +1475,6 @@ RESET_AFTER_EXTRA_LINE_READ:
       }


     # Different builds will have different lookup types included
-    s/required_quoter_id \K\d+ \((\w+)\) quoting -1 \(NULL\)$/NN ($1) quoting -1 (NULL)/;
     # and different numbers of lookup types result in different type-code letters,
     # so convert them all to "0"
     s%(?<!lsearch)[^ ](?=TESTSUITE/aux-fixed/(?:0414.list[12]|0464.domains)$)%0%;
diff --git a/test/scripts/3200-testdb/3200 b/test/scripts/3200-testdb/3200
index f5b12972d..6ea2c9865 100644
--- a/test/scripts/3200-testdb/3200
+++ b/test/scripts/3200-testdb/3200
@@ -9,3 +9,15 @@ bad default:     ${lookup testdb*@{abcd}}
 bad default:     ${lookup testdb*{fail}}
 bad default:     ${lookup testdb*@{fail}}
 ****
+#
+exim -be
+set,t acl_m0 = expected_fail
+set,t acl_m1 = barbaz
+set,t acl_m2 = foo_2
+set,t acl_m3 = foo_3
+missing quoter:  ${lookup testdb {$acl_m0}}
+proper quoter:   ${lookup testdb {${quote_testdb:$acl_m1}}}
+missing (but cached): ${lookup testdb {$acl_m1}}
+shared quoter:   ${lookup testdb2 {${quote_testdb:$acl_m2}}}
+quoter notreq:   ${lookup testdb_nq {$acl_m3}}
+****
diff --git a/test/stderr/2610 b/test/stderr/2610
index 564fb7b11..f253cac9d 100644
--- a/test/stderr/2610
+++ b/test/stderr/2610
@@ -377,9 +377,10 @@ close MYSQL connection: 127.0.0.1:PORT_N/test/root
 01:01:01 p1235     type=mysql key="select name from them where id = 'c'" opts="no_rd"
 01:01:01 p1235   cached data found but wrong opts;  database lookup required for select name from them where id = 'c'
 01:01:01 p1235                                (tainted)
+01:01:01 p1235  No quoter name for addr
 01:01:01 p1235  LOG: MAIN PANIC
 01:01:01 p1235    tainted search query is not properly quoted (ACL warn, TESTSUITE/test-config 26): select name from them where id = 'c'
-01:01:01 p1235   required_quoter_id NN (mysql) quoting -1 (NULL)
+01:01:01 p1235   required_quoter_id (mysql) quoting -1 (NULL)
 01:01:01 p1235   MySQL query: "select name from them where id = 'c'" opts 'no_rd'
 01:01:01 p1235   MYSQL using cached connection for 127.0.0.1:PORT_N/test/root
 01:01:01 p1235   MYSQL: no data found
@@ -536,9 +537,10 @@ close MYSQL connection: 127.0.0.1:PORT_N/test/root
 01:01:01 p1235     type=mysql key="servers=127.0.0.1::PORT_N; select name from them where id = 'c'" opts=NULL
 01:01:01 p1235   database lookup required for servers=127.0.0.1::PORT_N; select name from them where id = 'c'
 01:01:01 p1235                                (tainted)
+01:01:01 p1235  No quoter name for addr
 01:01:01 p1235  LOG: MAIN PANIC
 01:01:01 p1235    tainted search query is not properly quoted (ACL warn, TESTSUITE/test-config 39): select name from them where id = 'c'
-01:01:01 p1235   required_quoter_id NN (mysql) quoting -1 (NULL)
+01:01:01 p1235   required_quoter_id (mysql) quoting -1 (NULL)
 01:01:01 p1235   MySQL query: "servers=127.0.0.1::PORT_N; select name from them where id = 'c'" opts 'NULL'
 01:01:01 p1235  LOG: MAIN
 01:01:01 p1235    Exim configuration error in line 89 of TESTSUITE/test-config:
@@ -842,9 +844,10 @@ processing address_data
    type=mysql key="select name from them where id='ph10' limit 1" opts=NULL
  database lookup required for select name from them where id='ph10' limit 1
                               (tainted)
+No quoter name for addr
 LOG: MAIN PANIC
   tainted search query is not properly quoted (router r1, TESTSUITE/test-config 68): select name from them where id='ph10' limit 1
- required_quoter_id NN (mysql) quoting -1 (NULL)
+ required_quoter_id (mysql) quoting -1 (NULL)
  MySQL query: "select name from them where id='ph10' limit 1" opts 'NULL'
  MYSQL using cached connection for 127.0.0.1:PORT_N/test/root
  creating new cache entry
@@ -886,9 +889,10 @@ appendfile transport entered
    type=mysql key="select id from them where id='ph10'" opts=NULL
  database lookup required for select id from them where id='ph10'
                               (tainted)
+No quoter name for addr
 LOG: MAIN
   tainted search query is not properly quoted (transport t1, TESTSUITE/test-config 82): select id from them where id='ph10'
- required_quoter_id NN (mysql) quoting -1 (NULL)
+ required_quoter_id (mysql) quoting -1 (NULL)
  MySQL query: "select id from them where id='ph10'" opts 'NULL'
  MYSQL new connection: host=127.0.0.1 port=PORT_N socket=NULL database=test user=root
  creating new cache entry
diff --git a/test/stderr/2620 b/test/stderr/2620
index 0d42feccb..390427790 100644
--- a/test/stderr/2620
+++ b/test/stderr/2620
@@ -293,9 +293,10 @@ check set acl_m0 = ok:   ${lookup pgsql                    {select name from the
    type=pgsql key="select name from them where id = 'c'" opts=NULL
  cached data found but no_rd option set;  database lookup required for select name from them where id = 'c'
                               (tainted)
+No quoter name for addr
 LOG: MAIN PANIC
   tainted search query is not properly quoted (ACL warn, TESTSUITE/test-config 27): select name from them where id = 'c'
- required_quoter_id NN (pgsql) quoting -1 (NULL)
+ required_quoter_id (pgsql) quoting -1 (NULL)
  PostgreSQL query: "select name from them where id = 'c'" opts 'NULL'
  PGSQL using cached connection for localhost:PORT_N/test/CALLER
  PGSQL: no data found
@@ -488,9 +489,10 @@ check set acl_m0 = ok:   ${lookup pgsql                    {select name from the
    type=pgsql key="select name from them where id = 'c'" opts=NULL
  cached data found but no_rd option set;  database lookup required for select name from them where id = 'c'
                               (tainted)
+No quoter name for addr
 LOG: MAIN PANIC
   tainted search query is not properly quoted (ACL warn, TESTSUITE/test-config 27): select name from them where id = 'c'
- required_quoter_id NN (pgsql) quoting -1 (NULL)
+ required_quoter_id (pgsql) quoting -1 (NULL)
  PostgreSQL query: "select name from them where id = 'c'" opts 'NULL'
  PGSQL using cached connection for localhost:PORT_N/test/CALLER
  PGSQL: no data found
diff --git a/test/stderr/3200 b/test/stderr/3200
index 2f416adf5..aaff83d71 100644
--- a/test/stderr/3200
+++ b/test/stderr/3200
@@ -1 +1,2 @@
 1999-03-02 09:44:33 defaults using "*" or "*@" are not permitted for lookup type "testdb*"
+1999-03-02 09:44:33 tainted search query is not properly quoted: expected_fail
diff --git a/test/stdout/3200 b/test/stdout/3200
index 04ff51884..4ad324835 100644
--- a/test/stdout/3200
+++ b/test/stdout/3200
@@ -1,3 +1,12 @@

 > match_ip:        12 true
 > match_ip:        13 

->
\ No newline at end of file
+> > variable m0 set
+> variable m1 set
+> variable m2 set
+> variable m3 set
+> missing quoter: expected_fail
+> proper quoter: barbaz
+> missing (but cached): barbaz
+> shared quoter: foo_2
+> quoter notreq: foo_3
+>

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-cvs.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-cvs-unsubscribe@???
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/