Cleanup: renamed net_mask_top.* to inet_prefix_top.*.
- Cleanup: updated unit tests. Files: smtpd/smtod_check.c,
+ Cleanup: updated unit tests. Files: smtpd/smtpd_check.c,
smtpd/smtpd_server.in, smtpd/smtpd_server.ref.
Increased the smtpd_client_ipv6_prefix_length to 84 bits,
which should prevent anvil exhaustion attacks from a typical
/64 consumer network, without penalizing legitimate usage.
+
+20230319
+
+ Shut up a compiler waning triggered by an extreme setting.
+ File: smtp/smtp.h.
+
+20230328
+
+ Cleanup: replaced ``argv_split_append(x, y, "")'' with
+ ``argv_add(x, y, , ARGV_END)'', in two places. File:
+ posttls-finger/posttls-finger.c.
+
+20230330
+
+ Safety: the long form { name = value } in import_environment
+ or export_environment is not documented, but accepted, and
+ it was stored in the process environment as the invalid
+ form "name = value" instead of the expected "name=value".
+ Found during code maintenance. Also refined an "empty name"
+ check. Files: clean_env.c, split_nameval.c.
Scan Postfix code with github.com/googleprojectzero/weggli
(depends on "rust").
+ Investigate clang-format compatibility as a possible migration
+ away from indent. This requires that the output is stable.
+
+ Check out https://github.com/milter-manager/milter-manager/
+
+ Check out https://cutter.osdn.jp/ (C/C++ unit tests).
+
Follow https://github.com/vdukhovni/postfix/commits/rpk
Multi-recipient support in sender/recipient_bcc_maps and
when the number of attributes received < the expected number?
If there is no such code, then we can simplify a few things.
- In tls_fprint.c() rename unsafe macros to upper-case names.
- For example, checkok() has a function-like name, but it
- evaluates arguments conditionally. Rename all macros that
- invoke checkok().
-
Update TLS_README diagram, tlsmgr no longer manages cert
info.
Enforce var_line_limit in util/attr_scan*c. This is needed if
we want to expose Postfix RPC protocols externally.
- Investigate clang-format compatibility as a possible migration
- away from indent. This requires that the output is stable.
-
Can tests use LD_PRELOAD to inject fake modules such as
fake_dns(3), fake_msg(3), fake_myaddrinfo(3) and so on?
One limitation is that functions etc. in a preloaded object
Viktor Dukhovni
+ Wietse Venema
+
POSTTLS-FINGER(1)
</pre> </body> </html>
New York, NY 10011, USA
Viktor Dukhovni
+
+Wietse Venema
postfix postfix c postlog postlog c
util net_mask_top hc smtpd smtpd c smtpd smtpd_peer c
util inet_prefix_top hc smtpd smtpd c smtpd smtpd_peer c
+ File smtp smtp h
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20230314"
+#define MAIL_RELEASE_DATE "20230331"
#define MAIL_VERSION_NUMBER "3.8"
#ifdef SNAPSHOT
/* New York, NY 10011, USA
/*
/* Viktor Dukhovni
+/*
+/* Wietse Venema
/*--*/
/*
case TLS_LEV_SECURE:
state->match = argv_alloc(2);
while (*argv)
- argv_split_append(state->match, *argv++, "");
+ argv_add(state->match, *argv++, ARGV_END);
if (state->match->argc == 0)
argv_add(state->match, "nexthop", "dot-nexthop", ARGV_END);
break;
case TLS_LEV_VERIFY:
state->match = argv_alloc(1);
while (*argv)
- argv_split_append(state->match, *argv++, "");
+ argv_add(state->match, *argv++, ARGV_END);
if (state->match->argc == 0)
argv_add(state->match, "hostname", ARGV_END);
break;
* One-bit counters to avoid logging the same warning multiple times per
* delivery request.
*/
- int logged_line_length_limit:1;
+ unsigned logged_line_length_limit:1;
} SMTP_STATE;
/*
/*
/* Victor Duchovni
/* Morgan Stanley
+/*
+/* Wietse Venema
/*--*/
valid_utf8_string ip_match base32_code msg_rate_delay netstring \
vstream timecmp dict_cache midna_domain casefold strcasecmp_utf8 \
vbuf_print split_qnameval vstream msg_logger byte_mask \
- known_tcp_ports dict_stream find_inet binhash hash_fnv argv
+ known_tcp_ports dict_stream find_inet binhash hash_fnv argv \
+ clean_env
PLUGIN_MAP_SO = $(LIB_PREFIX)pcre$(LIB_SUFFIX) $(LIB_PREFIX)lmdb$(LIB_SUFFIX) \
$(LIB_PREFIX)cdb$(LIB_SUFFIX) $(LIB_PREFIX)sdbm$(LIB_SUFFIX)
HTABLE_FIX = NORANDOMIZE=1
$(CC) $(CFLAGS) -DTEST -o $@ $@.c $(LIB) $(SYSLIBS)
mv junk $@.o
+clean_env: $(LIB)
+ mv $@.o junk
+ $(CC) $(CFLAGS) -DTEST -o $@ $@.c $(LIB) $(SYSLIBS)
+ mv junk $@.o
+
stream_test: stream_test.c $(LIB)
$(CC) $(CFLAGS) -o $@ $@.c $(LIB) $(SYSLIBS)
/* Google, Inc.
/* 111 8th Avenue
/* New York, NY 10011, USA
+/*
+/* Wietse Venema
/*--*/
/* System library. */
/* Utility library. */
#include <msg.h>
+#include <mymalloc.h>
#include <argv.h>
#include <safe.h>
#include <clean_env.h>
+#include <stringops.h>
/* clean_env - clean up the environment */
ARGV *save_list;
char *value;
char **cpp;
- char *eq;
+ char *copy;
+ char *key;
+ char *val;
+ const char *err;
/*
* Preserve or specify selected environment variables.
*/
-#define STRING_AND_LENGTH(x, y) (x), (ssize_t) (y)
-
save_list = argv_alloc(10);
- for (cpp = preserve_list; *cpp; cpp++)
- if ((eq = strchr(*cpp, '=')) != 0)
- argv_addn(save_list, STRING_AND_LENGTH(*cpp, eq - *cpp),
- STRING_AND_LENGTH(eq + 1, strlen(eq + 1)), (char *) 0);
- else if ((value = safe_getenv(*cpp)) != 0)
+ for (cpp = preserve_list; *cpp; cpp++) {
+ if (strchr(*cpp, '=') != 0) {
+ copy = mystrdup(*cpp);
+ err = split_nameval(copy, &key, &val);
+ if (err != 0)
+ msg_fatal("clean_env: %s in: %s", err, *cpp);
+ argv_add(save_list, key, val, (char *) 0);
+ myfree(copy);
+ } else if ((value = safe_getenv(*cpp)) != 0) {
argv_add(save_list, *cpp, value, (char *) 0);
+ }
+ }
/*
* Truncate the process environment, if available. On some systems
{
char **cpp;
ARGV *save_list;
- char *eq;
+ char *copy;
+ char *key;
+ char *val;
+ const char *err;
/*
* Extract name=value settings.
*/
save_list = argv_alloc(10);
- for (cpp = preserve_list; *cpp; cpp++)
- if ((eq = strchr(*cpp, '=')) != 0)
- argv_addn(save_list, STRING_AND_LENGTH(*cpp, eq - *cpp),
- STRING_AND_LENGTH(eq + 1, strlen(eq + 1)), (char *) 0);
+ for (cpp = preserve_list; *cpp; cpp++) {
+ if (strchr(*cpp, '=') != 0) {
+ copy = mystrdup(*cpp);
+ err = split_nameval(copy, &key, &val);
+ if (err != 0)
+ msg_fatal("update_env: %s in: %s", err, *cpp);
+ argv_add(save_list, key, val, (char *) 0);
+ myfree(copy);
+ }
+ }
/*
* Apply name=value settings.
*/
argv_free(save_list);
}
+
+#ifdef TEST
+
+#include <stdlib.h>
+#include <vstream.h>
+
+int main(int argc, char **argv)
+{
+ extern char **environ;
+ char **cpp;
+
+ clean_env(argv + 1);
+ for (cpp = environ; *cpp; cpp++)
+ vstream_printf("%s\n", *cpp);
+ vstream_fflush(VSTREAM_OUT);
+ exit(0);
+}
+
+#endif
/* IBM T.J. Watson Research
/* P.O. Box 704
/* Yorktown Heights, NY 10598, USA
+/*
+/* Wietse Venema
/*--*/
/* System libraries. */
} while (0)
SKIP(buf, np, ISSPACE(*np)); /* find name begin */
- if (*np == 0)
+ if (*np == 0 || *np == '=')
return ("missing attribute name");
SKIP(np, ep, !ISSPACE(*ep) && *ep != '='); /* find name end */
SKIP(ep, cp, ISSPACE(*cp)); /* skip blanks before '=' */
projects / thirdparty / postfix.git / commitdiff
