previously occupied by the original message body.
Problem report by BenoƮt Panizzon.
+
+20211115
+
+ Bugfix (introduced: 20210708): duplicate bounce_notice_recipient
+ entries in postconf output. The fix to send SMTP session
+ transcripts to bounce_notice_recipient was incomplete.
+ Reported by Vincent Lefevre. File: smtpd/smtpd.c.
+
+20211216
+
+ Bugfix (introduced: Postfix 3.0): the proxymap daemon did not
+ automatically authorize proxied maps inside pipemap (example:
+ pipemap:{proxy:maptype:mapname, ...}) or inside unionmap. Problem
+ reported by Mirko Vogt. Files: proxymap/proxymap.c.
+
+20211220
+
+ Bugfix (introduced: Postfix 2.5): off-by-one error while
+ writing a string terminator. This code had passed all memory
+ corruption tests, presumably because it wrote over an
+ alignment padding byte, or over an adjacent character byte
+ that was never read. Reported by Robert Siemer. Files:
+ *qmgr/qmgr_feedback.c.
#include <htable.h>
#include <stringops.h>
#include <dict.h>
+#include <dict_pipe.h>
+#include <dict_union.h>
/* Global library. */
#define STR(x) vstring_str(x)
#define VSTREQ(x,y) (strcmp(STR(x),y) == 0)
+/* get_nested_dict_name - return nested dictionary name pointer, or null */
+
+static char *get_nested_dict_name(char *type_name)
+{
+ const struct {
+ const char *type_col;
+ ssize_t type_col_len;
+ } *prefix, prefixes[] = {
+ DICT_TYPE_UNION ":", (sizeof(DICT_TYPE_UNION ":") - 1),
+ DICT_TYPE_PIPE ":", (sizeof(DICT_TYPE_PIPE ":") - 1),
+ };
+
+#define COUNT_OF(x) (sizeof(x)/sizeof((x)[0]))
+
+ for (prefix = prefixes; prefix < prefixes + COUNT_OF(prefixes); prefix++) {
+ if (strncmp(type_name, prefix->type_col, prefix->type_col_len) == 0)
+ return (type_name + prefix->type_col_len);
+ }
+ return (0);
+}
+
/* proxy_map_find - look up or open table */
static DICT *proxy_map_find(const char *map_type_name, int request_flags,
return (dict_open(map, open_flags, dict_flags));
}
-/* post_jail_init - initialization after privilege drop */
+/* authorize_proxied_maps - recursively authorize maps */
-static void post_jail_init(char *service_name, char **unused_argv)
+static void authorize_proxied_maps(char *bp)
{
const char *sep = CHARS_COMMA_SP;
const char *parens = CHARS_BRACE;
- char *saved_filter;
- char *bp;
char *type_name;
+ while ((type_name = mystrtokq(&bp, sep, parens)) != 0) {
+ char *nested_info;
+
+ /* Recurse into nested map (pipemap, unionmap). */
+ if ((nested_info = get_nested_dict_name(type_name)) != 0) {
+ char *err;
+
+ if (*nested_info != parens[0])
+ continue;
+ /* Warn about blatant syntax error. */
+ if ((err = extpar(&nested_info, parens, EXTPAR_FLAG_NONE)) != 0) {
+ msg_warn("bad %s parameter value: %s",
+ proxy_writer == 0 ? VAR_PROXY_READ_MAPS :
+ VAR_PROXY_WRITE_MAPS, err);
+ myfree(err);
+ continue;
+ }
+ authorize_proxied_maps(nested_info);
+ continue;
+ }
+ if (strncmp(type_name, PROXY_COLON, PROXY_COLON_LEN))
+ continue;
+ do {
+ type_name += PROXY_COLON_LEN;
+ } while (!strncmp(type_name, PROXY_COLON, PROXY_COLON_LEN));
+ if (strchr(type_name, ':') != 0
+ && htable_locate(proxy_auth_maps, type_name) == 0)
+ (void) htable_enter(proxy_auth_maps, type_name, (void *) 0);
+ }
+}
+
+/* post_jail_init - initialization after privilege drop */
+
+static void post_jail_init(char *service_name, char **unused_argv)
+{
+ char *saved_filter;
+
/*
* Are we proxy writer?
*/
/*
* Prepare the pre-approved list of proxied tables.
*/
- saved_filter = bp = mystrdup(proxy_writer ? var_proxy_write_maps :
- var_proxy_read_maps);
+ saved_filter = mystrdup(proxy_writer ? var_proxy_write_maps :
+ var_proxy_read_maps);
proxy_auth_maps = htable_create(13);
- while ((type_name = mystrtokq(&bp, sep, parens)) != 0) {
- if (strncmp(type_name, PROXY_COLON, PROXY_COLON_LEN))
- continue;
- do {
- type_name += PROXY_COLON_LEN;
- } while (!strncmp(type_name, PROXY_COLON, PROXY_COLON_LEN));
- if (strchr(type_name, ':') != 0
- && htable_locate(proxy_auth_maps, type_name) == 0)
- (void) htable_enter(proxy_auth_maps, type_name, (void *) 0);
- }
+ authorize_proxied_maps(saved_filter);
myfree(saved_filter);
/*
VAR_EOD_CHECKS, DEF_EOD_CHECKS, &var_eod_checks, 0, 0,
VAR_MAPS_RBL_DOMAINS, DEF_MAPS_RBL_DOMAINS, &var_maps_rbl_domains, 0, 0,
VAR_RBL_REPLY_MAPS, DEF_RBL_REPLY_MAPS, &var_rbl_reply_maps, 0, 0,
- VAR_BOUNCE_RCPT, DEF_ERROR_RCPT, &var_bounce_rcpt, 1, 0,
+ VAR_BOUNCE_RCPT, DEF_BOUNCE_RCPT, &var_bounce_rcpt, 1, 0,
VAR_ERROR_RCPT, DEF_ERROR_RCPT, &var_error_rcpt, 1, 0,
VAR_REST_CLASSES, DEF_REST_CLASSES, &var_rest_classes, 0, 0,
VAR_CANONICAL_MAPS, DEF_CANONICAL_MAPS, &var_canonical_maps, 0, 0,
projects / thirdparty / postfix.git / commitdiff
