From: Wietse Venema Date: Sat, 29 Jun 2019 05:00:00 +0000 (-0500) Subject: postfix-3.3.5 X-Git-Tag: v3.3.5^0 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=43a4b6b527fb041c3a3c668e0c03c2429ba3c2bd;p=thirdparty%2Fpostfix.git postfix-3.3.5 --- diff --git a/postfix/HISTORY b/postfix/HISTORY index c2d2c7ec2..bf6d9861d 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -23448,3 +23448,31 @@ Apologies for any names omitted. could exhaust LMTP server resources, resulting in two-second pauses between email deliveries. This problem was investigated by Juliana Rodrigueiro. File: smtp/smtp_connect.c. + +20190403 + + Bugfix (introduced: Postfix 2.3): a censoring filter broke + multiline Milter responses for header/body events. Problem + report by Andreas Thienemann. Files: util/printable.c, + util/stringops.h, smtpd/smtpd.c + + Bugfix (introduced: Postfix 3.3): "smtp_mx_address_limit = + 0" no longer meant 'unlimited'. Problem report by Luc Pardon. + File: smtp/smtp_addr.c. + +20190615 + + Workaround for implementations that hang Postfix while + shutting down a TLS session, until Postfix times out. With + "tls_fast_shutdown_enable = yes" (the default), Postfix no + longer waits for the TLS peer to respond to a TLS 'close' + request. This is recommended with TLSv1.0 and later. Files: + global/mail_params.h, tls/tls_session.c, and documentation. + +20190621 + + Bugfix (introduced: Postfix 3.0): the code to reset Postfix + SMTP server command counts was not called after a HaProxy + handshake failure, causing stale numbers to be reported. + The command counts are now reset in the function that reports + the counts. File: smtpd/smtpd.c. diff --git a/postfix/RELEASE_NOTES b/postfix/RELEASE_NOTES index e3762d8d4..acecd044d 100644 --- a/postfix/RELEASE_NOTES +++ b/postfix/RELEASE_NOTES @@ -16,6 +16,16 @@ specifies the release date of a stable release or snapshot release. If you upgrade from Postfix 3.1 or earlier, read RELEASE_NOTES-3.2 before proceeding. +TLS Workaround for Postfix 3.4.6, 3.3.5, 3.2.10 and 3.1.13 +----------------------------------------------------------- + +This release introduces a workaround for implementations that hang +Postfix while shutting down a TLS session, until Postfix times out. +With "tls_fast_shutdown_enable = yes" (the default), Postfix no +longer waits for a remote TLS peer to respond to a TLS 'close' +request. This behavior is recommended with TLSv1.0 and later. Specify +"tls_fast_shutdown_enable = no" to get historical Postfix behavior. + License change --------------- diff --git a/postfix/html/lmtp.8.html b/postfix/html/lmtp.8.html index e5e0259c7..8e9e825c8 100644 --- a/postfix/html/lmtp.8.html +++ b/postfix/html/lmtp.8.html @@ -573,6 +573,12 @@ SMTP(8) SMTP(8) nexthop destination security level is dane, but the MX record was found via an "insecure" MX lookup. + Introduced with Postfix 3.4.6, 3.3.5, 3.2.10, and 3.1.13: + + tls_fast_shutdown_enable (yes) + A workaround for implementations that hang Postfix while shuting + down a TLS session, until Postfix times out. + OBSOLETE STARTTLS CONTROLS The following configuration parameters exist for compatibility with Postfix versions before 2.3. Support for these will be removed in a diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html index 6e4cc59ee..1e148cfbe 100644 --- a/postfix/html/postconf.5.html +++ b/postfix/html/postconf.5.html @@ -17923,6 +17923,21 @@ encouraged to not change this setting.

This feature is available in Postfix 2.3 and later.

+ + +
tls_fast_shutdown_enable +(default: yes)
+ +

A workaround for implementations that hang Postfix while shuting +down a TLS session, until Postfix times out. With this enabled, +Postfix will not wait for the remote TLS peer to respond to a TLS +'close' notification. This behavior is recommended for TLSv1.0 and +later.

+ +

This feature was introduced with Postfix 3.4.6, 3.3.5, 3.2.10, +and 3.1.13.

+ +
tls_high_cipherlist diff --git a/postfix/html/smtp.8.html b/postfix/html/smtp.8.html index e5e0259c7..8e9e825c8 100644 --- a/postfix/html/smtp.8.html +++ b/postfix/html/smtp.8.html @@ -573,6 +573,12 @@ SMTP(8) SMTP(8) nexthop destination security level is dane, but the MX record was found via an "insecure" MX lookup. + Introduced with Postfix 3.4.6, 3.3.5, 3.2.10, and 3.1.13: + + tls_fast_shutdown_enable (yes) + A workaround for implementations that hang Postfix while shuting + down a TLS session, until Postfix times out. + OBSOLETE STARTTLS CONTROLS The following configuration parameters exist for compatibility with Postfix versions before 2.3. Support for these will be removed in a diff --git a/postfix/html/smtpd.8.html b/postfix/html/smtpd.8.html index 141e8336f..aa2a52508 100644 --- a/postfix/html/smtpd.8.html +++ b/postfix/html/smtpd.8.html @@ -571,6 +571,12 @@ SMTPD(8) SMTPD(8) The prioritized list of elliptic curves supported by the Postfix SMTP client and server. + Introduced with Postfix 3.4.6, 3.3.5, 3.2.10, and 3.1.13: + + tls_fast_shutdown_enable (yes) + A workaround for implementations that hang Postfix while shuting + down a TLS session, until Postfix times out. + OBSOLETE STARTTLS CONTROLS The following configuration parameters exist for compatibility with Postfix versions before 2.3. Support for these will be removed in a diff --git a/postfix/html/tlsproxy.8.html b/postfix/html/tlsproxy.8.html index de6084708..67909ab8a 100644 --- a/postfix/html/tlsproxy.8.html +++ b/postfix/html/tlsproxy.8.html @@ -159,6 +159,12 @@ TLSPROXY(8) TLSPROXY(8) tlsmgr_service_name (tlsmgr) The name of the tlsmgr(8) service entry in master.cf. + Introduced with Postfix 3.4.6, 3.3.5, 3.2.10, and 3.1.13: + + tls_fast_shutdown_enable (yes) + A workaround for implementations that hang Postfix while shuting + down a TLS session, until Postfix times out. + OBSOLETE STARTTLS SUPPORT CONTROLS These parameters are supported for compatibility with smtpd(8) legacy parameters. diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5 index e32f09671..cd513529c 100644 --- a/postfix/man/man5/postconf.5 +++ b/postfix/man/man5/postconf.5 @@ -12381,6 +12381,15 @@ the default cipherlist for the SMTP server. You are strongly encouraged to not change this setting. .PP This feature is available in Postfix 2.3 and later. +.SH tls_fast_shutdown_enable (default: yes) +A workaround for implementations that hang Postfix while shuting +down a TLS session, until Postfix times out. With this enabled, +Postfix will not wait for the remote TLS peer to respond to a TLS +'close' notification. This behavior is recommended for TLSv1.0 and +later. +.PP +This feature was introduced with Postfix 3.4.6, 3.3.5, 3.2.10, +and 3.1.13. .SH tls_high_cipherlist (default: see "postconf \-d" output) The OpenSSL cipherlist for "high" grade ciphers. This defines the meaning of the "high" setting in smtpd_tls_ciphers, diff --git a/postfix/man/man8/smtp.8 b/postfix/man/man8/smtp.8 index f3f24c5b8..0d810e5ad 100644 --- a/postfix/man/man8/smtp.8 +++ b/postfix/man/man8/smtp.8 @@ -508,6 +508,11 @@ Available in Postfix version 3.1 and later: The TLS policy for MX hosts with "secure" TLSA records when the nexthop destination security level is \fBdane\fR, but the MX record was found via an "insecure" MX lookup. +.PP +Introduced with Postfix 3.4.6, 3.3.5, 3.2.10, and 3.1.13: +.IP "\fBtls_fast_shutdown_enable (yes)\fR" +A workaround for implementations that hang Postfix while shuting +down a TLS session, until Postfix times out. .SH "OBSOLETE STARTTLS CONTROLS" .na .nf diff --git a/postfix/man/man8/smtpd.8 b/postfix/man/man8/smtpd.8 index 10db32d00..a0275543d 100644 --- a/postfix/man/man8/smtpd.8 +++ b/postfix/man/man8/smtpd.8 @@ -512,6 +512,11 @@ Available in Postfix version 3.2 and later: .IP "\fBtls_eecdh_auto_curves (see 'postconf -d' output)\fR" The prioritized list of elliptic curves supported by the Postfix SMTP client and server. +.PP +Introduced with Postfix 3.4.6, 3.3.5, 3.2.10, and 3.1.13: +.IP "\fBtls_fast_shutdown_enable (yes)\fR" +A workaround for implementations that hang Postfix while shuting +down a TLS session, until Postfix times out. .SH "OBSOLETE STARTTLS CONTROLS" .na .nf diff --git a/postfix/man/man8/tlsproxy.8 b/postfix/man/man8/tlsproxy.8 index 2d439ac28..241973fd8 100644 --- a/postfix/man/man8/tlsproxy.8 +++ b/postfix/man/man8/tlsproxy.8 @@ -152,6 +152,11 @@ parameters smtpd_use_tls and smtpd_enforce_tls. Available in Postfix version 2.11 and later: .IP "\fBtlsmgr_service_name (tlsmgr)\fR" The name of the \fBtlsmgr\fR(8) service entry in master.cf. +.PP +Introduced with Postfix 3.4.6, 3.3.5, 3.2.10, and 3.1.13: +.IP "\fBtls_fast_shutdown_enable (yes)\fR" +A workaround for implementations that hang Postfix while shuting +down a TLS session, until Postfix times out. .SH "OBSOLETE STARTTLS SUPPORT CONTROLS" .na .nf diff --git a/postfix/mantools/postlink b/postfix/mantools/postlink index 4f07119a1..86c6e3740 100755 --- a/postfix/mantools/postlink +++ b/postfix/mantools/postlink @@ -753,6 +753,7 @@ while (<>) { s;\btls_wildcard_matches_multiple_labels\b;$&;g; s;\btls_session_ticket_cipher\b;$&;g; s;\btls_ssl_options\b;$&;g; + s;\btls_fast_shutdown_enable\b;$&;g; s;\bfrozen_delivered_to\b;$&;g; s;\breset_owner_alias\b;$&;g; diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto index 099639cba..d80af287f 100644 --- a/postfix/proto/postconf.proto +++ b/postfix/proto/postconf.proto @@ -16134,6 +16134,17 @@ support is via the tls_ssl_options parameter.

This feature is available in Postfix 3.0 and later.

+%PARAM tls_fast_shutdown_enable yes + +

A workaround for implementations that hang Postfix while shuting +down a TLS session, until Postfix times out. With this enabled, +Postfix will not wait for the remote TLS peer to respond to a TLS +'close' notification. This behavior is recommended for TLSv1.0 and +later.

+ +

This feature was introduced with Postfix 3.4.6, 3.3.5, 3.2.10, +and 3.1.13.

+ %PARAM default_delivery_status_filter

Optional filter to replace the delivery status code or explanatory diff --git a/postfix/src/global/mail_params.h b/postfix/src/global/mail_params.h index dd2589fe0..3bd06de2f 100644 --- a/postfix/src/global/mail_params.h +++ b/postfix/src/global/mail_params.h @@ -3336,6 +3336,13 @@ extern char *var_tls_dane_digests; #define DEF_TLS_DANE_TAA_DGST 1 extern bool var_tls_dane_taa_dgst; + /* + * The default is backwards-incompatible. + */ +#define VAR_TLS_FAST_SHUTDOWN "tls_fast_shutdown" +#define DEF_TLS_FAST_SHUTDOWN 1 +extern bool var_tls_fast_shutdown; + /* * Sendmail-style mail filter support. */ diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index 0921aacfd..dd324ad01 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,8 +20,8 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20190330" -#define MAIL_VERSION_NUMBER "3.3.4" +#define MAIL_RELEASE_DATE "20190629" +#define MAIL_VERSION_NUMBER "3.3.5" #ifdef SNAPSHOT #define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE diff --git a/postfix/src/smtp/smtp.c b/postfix/src/smtp/smtp.c index ed27be96a..c9039457a 100644 --- a/postfix/src/smtp/smtp.c +++ b/postfix/src/smtp/smtp.c @@ -478,6 +478,11 @@ /* The TLS policy for MX hosts with "secure" TLSA records when the /* nexthop destination security level is \fBdane\fR, but the MX /* record was found via an "insecure" MX lookup. +/* .PP +/* Introduced with Postfix 3.4.6, 3.3.5, 3.2.10, and 3.1.13: +/* .IP "\fBtls_fast_shutdown_enable (yes)\fR" +/* A workaround for implementations that hang Postfix while shuting +/* down a TLS session, until Postfix times out. /* OBSOLETE STARTTLS CONTROLS /* .ad /* .fi diff --git a/postfix/src/smtp/smtp_addr.c b/postfix/src/smtp/smtp_addr.c index f374adad5..2210ff7d8 100644 --- a/postfix/src/smtp/smtp_addr.c +++ b/postfix/src/smtp/smtp_addr.c @@ -623,7 +623,7 @@ DNS_RR *smtp_domain_addr(const char *name, DNS_RR **mxrr, int misc_flags, if (var_smtp_rand_addr) addr_list = dns_rr_shuffle(addr_list); addr_list = dns_rr_sort(addr_list, SMTP_COMPARE_ADDR(misc_flags)); - if (var_smtp_balance_inet_proto) + if (var_smtp_mxaddr_limit > 0 && var_smtp_balance_inet_proto) addr_list = smtp_balance_inet_proto(addr_list, misc_flags, var_smtp_mxaddr_limit); } @@ -683,7 +683,7 @@ DNS_RR *smtp_host_addr(const char *host, int misc_flags, DSN_BUF *why) /* The following changes the order of equal-preference hosts. */ if (inet_proto_info()->ai_family_list[1] != 0) addr_list = dns_rr_sort(addr_list, SMTP_COMPARE_ADDR(misc_flags)); - if (var_smtp_balance_inet_proto) + if (var_smtp_mxaddr_limit > 0 && var_smtp_balance_inet_proto) addr_list = smtp_balance_inet_proto(addr_list, misc_flags, var_smtp_mxaddr_limit); } diff --git a/postfix/src/smtpd/smtpd.c b/postfix/src/smtpd/smtpd.c index 7dc4b6928..dfacf3105 100644 --- a/postfix/src/smtpd/smtpd.c +++ b/postfix/src/smtpd/smtpd.c @@ -478,6 +478,11 @@ /* .IP "\fBtls_eecdh_auto_curves (see 'postconf -d' output)\fR" /* The prioritized list of elliptic curves supported by the Postfix /* SMTP client and server. +/* .PP +/* Introduced with Postfix 3.4.6, 3.3.5, 3.2.10, and 3.1.13: +/* .IP "\fBtls_fast_shutdown_enable (yes)\fR" +/* A workaround for implementations that hang Postfix while shuting +/* down a TLS session, until Postfix times out. /* OBSOLETE STARTTLS CONTROLS /* .ad /* .fi @@ -3489,6 +3494,12 @@ static int data_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *unused_argv) if (vstream_ferror(state->cleanup)) state->err = CLEANUP_STAT_WRITE; } + +#define IS_SMTP_REJECT(s) \ + (((s)[0] == '4' || (s)[0] == '5') \ + && ISDIGIT((s)[1]) && ISDIGIT((s)[2]) \ + && ((s)[3] == '\0' || (s)[3] == ' ' || (s)[3] == '-')) + if (state->err == CLEANUP_STAT_OK) if (rec_fputs(state->cleanup, REC_TYPE_END, "") < 0 || vstream_fflush(state->cleanup)) @@ -3496,7 +3507,10 @@ static int data_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *unused_argv) if (state->err == 0) { why = vstring_alloc(10); state->err = mail_stream_finish(state->dest, why); - printable(STR(why), ' '); + if (IS_SMTP_REJECT(STR(why))) + printable_except(STR(why), ' ', "\r\n"); + else + printable(STR(why), ' '); } else mail_stream_cleanup(state->dest); state->dest = 0; @@ -3531,11 +3545,6 @@ static int data_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *unused_argv) * * See also: qmqpd.c */ -#define IS_SMTP_REJECT(s) \ - (((s)[0] == '4' || (s)[0] == '5') \ - && ISDIGIT((s)[1]) && ISDIGIT((s)[2]) \ - && ((s)[3] == '\0' || (s)[3] == ' ' || (s)[3] == '-')) - if (state->err == CLEANUP_STAT_OK) { state->error_count = 0; state->error_mask = 0; @@ -4996,15 +5005,6 @@ static void smtpd_proto(SMTPD_STATE *state) case 0: - /* - * Reset the per-command counters. - */ - for (cmdp = smtpd_cmd_table; /* see below */ ; cmdp++) { - cmdp->success_count = cmdp->total_count = 0; - if (cmdp->name == 0) - break; - } - /* * In TLS wrapper mode, turn on TLS using code that is shared with * the STARTTLS command. This code does not return when the handshake @@ -5395,6 +5395,15 @@ static char *smtpd_format_cmd_stats(VSTRING *buf) break; } + /* + * Reset the per-command counters. + */ + for (cmdp = smtpd_cmd_table; /* see below */ ; cmdp++) { + cmdp->success_count = cmdp->total_count = 0; + if (cmdp->name == 0) + break; + } + /* * Log total numbers, so that logfile analyzers will see something even * if the above loop produced no output. When no commands were received diff --git a/postfix/src/tls/Makefile.in b/postfix/src/tls/Makefile.in index 55dfd1ecc..ab6fd55a2 100644 --- a/postfix/src/tls/Makefile.in +++ b/postfix/src/tls/Makefile.in @@ -431,6 +431,7 @@ tls_server.o: tls_server.c tls_session.o: ../../include/argv.h tls_session.o: ../../include/check_arg.h tls_session.o: ../../include/dns.h +tls_session.o: ../../include/mail_params.h tls_session.o: ../../include/msg.h tls_session.o: ../../include/myaddrinfo.h tls_session.o: ../../include/mymalloc.h diff --git a/postfix/src/tls/tls_misc.c b/postfix/src/tls/tls_misc.c index 9460d9fd6..ee6a26e75 100644 --- a/postfix/src/tls/tls_misc.c +++ b/postfix/src/tls/tls_misc.c @@ -45,6 +45,7 @@ /* char *var_tls_mgr_service; /* char *var_tls_tkt_cipher; /* char *var_openssl_path; +/* bool var_tls_fast_shutdown; /* /* TLS_APPL_STATE *tls_alloc_app_context(ssl_ctx, log_mask) /* SSL_CTX *ssl_ctx; @@ -285,6 +286,7 @@ bool var_tls_multi_wildcard; char *var_tls_mgr_service; char *var_tls_tkt_cipher; char *var_openssl_path; +bool var_tls_fast_shutdown; #ifdef VAR_TLS_PREEMPT_CLIST bool var_tls_preempt_clist; @@ -739,6 +741,7 @@ void tls_param_init(void) VAR_TLS_DANE_TAA_DGST, DEF_TLS_DANE_TAA_DGST, &var_tls_dane_taa_dgst, VAR_TLS_PREEMPT_CLIST, DEF_TLS_PREEMPT_CLIST, &var_tls_preempt_clist, VAR_TLS_MULTI_WILDCARD, DEF_TLS_MULTI_WILDCARD, &var_tls_multi_wildcard, + VAR_TLS_FAST_SHUTDOWN, DEF_TLS_FAST_SHUTDOWN, &var_tls_fast_shutdown, 0, }; static int init_done; diff --git a/postfix/src/tls/tls_session.c b/postfix/src/tls/tls_session.c index 8fc11cf26..8a95e903b 100644 --- a/postfix/src/tls/tls_session.c +++ b/postfix/src/tls/tls_session.c @@ -66,6 +66,10 @@ #include #include +/* Global library. */ + +#include + /* TLS library. */ #define TLS_INTERNAL @@ -90,6 +94,18 @@ void tls_session_stop(TLS_APPL_STATE *unused_ctx, VSTREAM *stream, int timeou msg_panic("%s: stream has no active TLS context", myname); /* + * According to RFC 2246 (TLS 1.0), there is no requirement to wait for + * the peer's close-notify. If the application protocol provides + * sufficient session termination signaling, then there's no need to + * duplicate that at the TLS close-notify layer. + * + * https://tools.ietf.org/html/rfc2246#section-7.2.1 + * https://tools.ietf.org/html/rfc4346#section-7.2.1 + * https://tools.ietf.org/html/rfc5246#section-7.2.1 + * + * Specify 'tls_fast_shutdown = no' to enable the historical behavior + * described below. + * * Perform SSL_shutdown() twice, as the first attempt will send out the * shutdown alert but it will not wait for the peer's shutdown alert. * Therefore, when we are the first party to send the alert, we must call @@ -99,7 +115,7 @@ void tls_session_stop(TLS_APPL_STATE *unused_ctx, VSTREAM *stream, int timeou */ if (!failure) { retval = tls_bio_shutdown(vstream_fileno(stream), timeout, TLScontext); - if (retval == 0) + if (!var_tls_fast_shutdown && retval == 0) tls_bio_shutdown(vstream_fileno(stream), timeout, TLScontext); } tls_free_context(TLScontext); diff --git a/postfix/src/tlsproxy/tlsproxy.c b/postfix/src/tlsproxy/tlsproxy.c index 2c855ffcc..0604a1d67 100644 --- a/postfix/src/tlsproxy/tlsproxy.c +++ b/postfix/src/tlsproxy/tlsproxy.c @@ -136,6 +136,11 @@ /* Available in Postfix version 2.11 and later: /* .IP "\fBtlsmgr_service_name (tlsmgr)\fR" /* The name of the \fBtlsmgr\fR(8) service entry in master.cf. +/* .PP +/* Introduced with Postfix 3.4.6, 3.3.5, 3.2.10, and 3.1.13: +/* .IP "\fBtls_fast_shutdown_enable (yes)\fR" +/* A workaround for implementations that hang Postfix while shuting +/* down a TLS session, until Postfix times out. /* OBSOLETE STARTTLS SUPPORT CONTROLS /* .ad /* .fi diff --git a/postfix/src/util/printable.c b/postfix/src/util/printable.c index a37ff6306..6c148fd00 100644 --- a/postfix/src/util/printable.c +++ b/postfix/src/util/printable.c @@ -11,6 +11,11 @@ /* char *printable(buffer, replacement) /* char *buffer; /* int replacement; +/* +/* char *printable_except(buffer, replacement, except) +/* char *buffer; +/* int replacement; +/* const char *except; /* DESCRIPTION /* printable() replaces non-printable characters /* in its input with the given replacement. @@ -24,6 +29,8 @@ /* .IP replacement /* Replacement value for characters in \fIbuffer\fR that do not /* pass the ASCII isprint(3) test or that are not valid UTF8. +/* .IP except +/* Null-terminated sequence of non-replaced ASCII characters. /* LICENSE /* .ad /* .fi @@ -33,12 +40,18 @@ /* IBM T.J. Watson Research /* P.O. Box 704 /* Yorktown Heights, NY 10598, USA +/* +/* Wietse Venema +/* Google, Inc. +/* 111 8th Avenue +/* New York, NY 10011, USA /*--*/ /* System library. */ #include "sys_defs.h" #include +#include /* Utility library. */ @@ -46,7 +59,20 @@ int util_utf8_enable = 0; +/* printable - binary compatibility */ + +#undef printable + +char *printable(char *, int); + char *printable(char *string, int replacement) +{ + return (printable_except(string, replacement, (char *) 0)); +} + +/* printable_except - pass through printable or other preserved characters */ + +char *printable_except(char *string, int replacement, const char *except) { unsigned char *cp; int ch; @@ -57,7 +83,7 @@ char *printable(char *string, int replacement) */ cp = (unsigned char *) string; while ((ch = *cp) != 0) { - if (ISASCII(ch) && ISPRINT(ch)) { + if (ISASCII(ch) && (ISPRINT(ch) || (except && strchr(except, ch)))) { /* ok */ } else if (util_utf8_enable && ch >= 194 && ch <= 254 && cp[1] >= 128 && cp[1] < 192) { diff --git a/postfix/src/util/stringops.h b/postfix/src/util/stringops.h index c227b8460..c54a5268b 100644 --- a/postfix/src/util/stringops.h +++ b/postfix/src/util/stringops.h @@ -20,7 +20,7 @@ * External interface. */ extern int util_utf8_enable; -extern char *printable(char *, int); +extern char *printable_except(char *, int, const char *); extern char *neuter(char *, const char *, int); extern char *lowercase(char *); extern char *casefoldx(int, VSTRING *, const char *, ssize_t); @@ -32,6 +32,9 @@ extern char *mystrtok(char **, const char *); extern char *mystrtokq(char **, const char *, const char *); extern char *translit(char *, const char *, const char *); +#define printable(string, replacement) \ + printable_except((string), (replacement), (char *) 0) + #ifndef HAVE_BASENAME #define basename postfix_basename extern char *basename(const char *);