From 62931e5b1f9f1e80d02a496c7fd0062a5aae1d25 Mon Sep 17 00:00:00 2001 From: Wietse Venema Date: Fri, 31 Mar 2023 00:00:00 -0500 Subject: [PATCH] postfix-3.8-20230331 --- postfix/HISTORY | 22 ++++++- postfix/WISHLIST | 15 +++-- postfix/html/posttls-finger.1.html | 2 + postfix/man/man1/posttls-finger.1 | 2 + postfix/proto/stop.double-history | 1 + postfix/src/global/mail_version.h | 2 +- postfix/src/posttls-finger/posttls-finger.c | 6 +- postfix/src/smtp/smtp.h | 4 +- postfix/src/util/Makefile.in | 8 ++- postfix/src/util/clean_env.c | 65 ++++++++++++++++----- postfix/src/util/split_nameval.c | 4 +- 11 files changed, 103 insertions(+), 28 deletions(-) diff --git a/postfix/HISTORY b/postfix/HISTORY index 7aeaffb70..43198443a 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -26969,9 +26969,29 @@ Apologies for any names omitted. Cleanup: renamed net_mask_top.* to inet_prefix_top.*. - Cleanup: updated unit tests. Files: smtpd/smtod_check.c, + Cleanup: updated unit tests. Files: smtpd/smtpd_check.c, smtpd/smtpd_server.in, smtpd/smtpd_server.ref. Increased the smtpd_client_ipv6_prefix_length to 84 bits, which should prevent anvil exhaustion attacks from a typical /64 consumer network, without penalizing legitimate usage. + +20230319 + + Shut up a compiler waning triggered by an extreme setting. + File: smtp/smtp.h. + +20230328 + + Cleanup: replaced ``argv_split_append(x, y, "")'' with + ``argv_add(x, y, , ARGV_END)'', in two places. File: + posttls-finger/posttls-finger.c. + +20230330 + + Safety: the long form { name = value } in import_environment + or export_environment is not documented, but accepted, and + it was stored in the process environment as the invalid + form "name = value" instead of the expected "name=value". + Found during code maintenance. Also refined an "empty name" + check. Files: clean_env.c, split_nameval.c. diff --git a/postfix/WISHLIST b/postfix/WISHLIST index 7c891253c..a83418605 100644 --- a/postfix/WISHLIST +++ b/postfix/WISHLIST @@ -9,6 +9,13 @@ Wish list: Scan Postfix code with github.com/googleprojectzero/weggli (depends on "rust"). + Investigate clang-format compatibility as a possible migration + away from indent. This requires that the output is stable. + + Check out https://github.com/milter-manager/milter-manager/ + + Check out https://cutter.osdn.jp/ (C/C++ unit tests). + Follow https://github.com/vdukhovni/postfix/commits/rpk Multi-recipient support in sender/recipient_bcc_maps and @@ -27,11 +34,6 @@ Wish list: when the number of attributes received < the expected number? If there is no such code, then we can simplify a few things. - In tls_fprint.c() rename unsafe macros to upper-case names. - For example, checkok() has a function-like name, but it - evaluates arguments conditionally. Rename all macros that - invoke checkok(). - Update TLS_README diagram, tlsmgr no longer manages cert info. @@ -57,9 +59,6 @@ Wish list: Enforce var_line_limit in util/attr_scan*c. This is needed if we want to expose Postfix RPC protocols externally. - Investigate clang-format compatibility as a possible migration - away from indent. This requires that the output is stable. - Can tests use LD_PRELOAD to inject fake modules such as fake_dns(3), fake_msg(3), fake_myaddrinfo(3) and so on? One limitation is that functions etc. in a preloaded object diff --git a/postfix/html/posttls-finger.1.html b/postfix/html/posttls-finger.1.html index 2ed629a86..71207d8cf 100644 --- a/postfix/html/posttls-finger.1.html +++ b/postfix/html/posttls-finger.1.html @@ -361,5 +361,7 @@ POSTTLS-FINGER(1) POSTTLS-FINGER(1) Viktor Dukhovni + Wietse Venema + POSTTLS-FINGER(1) diff --git a/postfix/man/man1/posttls-finger.1 b/postfix/man/man1/posttls-finger.1 index 1e22a03d9..f3bfafaa1 100644 --- a/postfix/man/man1/posttls-finger.1 +++ b/postfix/man/man1/posttls-finger.1 @@ -343,3 +343,5 @@ Google, Inc. New York, NY 10011, USA Viktor Dukhovni + +Wietse Venema diff --git a/postfix/proto/stop.double-history b/postfix/proto/stop.double-history index 18511878d..602285f0e 100644 --- a/postfix/proto/stop.double-history +++ b/postfix/proto/stop.double-history @@ -37,3 +37,4 @@ proto proto SASL_README html proto SQLITE_README html postfix postfix c postlog postlog c util net_mask_top hc smtpd smtpd c smtpd smtpd_peer c util inet_prefix_top hc smtpd smtpd c smtpd smtpd_peer c + File smtp smtp h diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index 5c8aaba43..6285c99f8 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,7 +20,7 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20230314" +#define MAIL_RELEASE_DATE "20230331" #define MAIL_VERSION_NUMBER "3.8" #ifdef SNAPSHOT diff --git a/postfix/src/posttls-finger/posttls-finger.c b/postfix/src/posttls-finger/posttls-finger.c index 2a9efe2db..d83756869 100644 --- a/postfix/src/posttls-finger/posttls-finger.c +++ b/postfix/src/posttls-finger/posttls-finger.c @@ -327,6 +327,8 @@ /* New York, NY 10011, USA /* /* Viktor Dukhovni +/* +/* Wietse Venema /*--*/ /* @@ -2117,14 +2119,14 @@ static void parse_match(STATE *state, int argc, char *argv[]) case TLS_LEV_SECURE: state->match = argv_alloc(2); while (*argv) - argv_split_append(state->match, *argv++, ""); + argv_add(state->match, *argv++, ARGV_END); if (state->match->argc == 0) argv_add(state->match, "nexthop", "dot-nexthop", ARGV_END); break; case TLS_LEV_VERIFY: state->match = argv_alloc(1); while (*argv) - argv_split_append(state->match, *argv++, ""); + argv_add(state->match, *argv++, ARGV_END); if (state->match->argc == 0) argv_add(state->match, "hostname", ARGV_END); break; diff --git a/postfix/src/smtp/smtp.h b/postfix/src/smtp/smtp.h index 0864313b7..a3de6ce0c 100644 --- a/postfix/src/smtp/smtp.h +++ b/postfix/src/smtp/smtp.h @@ -204,7 +204,7 @@ typedef struct SMTP_STATE { * One-bit counters to avoid logging the same warning multiple times per * delivery request. */ - int logged_line_length_limit:1; + unsigned logged_line_length_limit:1; } SMTP_STATE; /* @@ -777,4 +777,6 @@ extern int smtp_hfrom_format; /* /* Victor Duchovni /* Morgan Stanley +/* +/* Wietse Venema /*--*/ diff --git a/postfix/src/util/Makefile.in b/postfix/src/util/Makefile.in index 3e3ea9ab8..410a893ae 100644 --- a/postfix/src/util/Makefile.in +++ b/postfix/src/util/Makefile.in @@ -144,7 +144,8 @@ TESTPROG= dict_open dup2_pass_on_exec events exec_command fifo_open \ valid_utf8_string ip_match base32_code msg_rate_delay netstring \ vstream timecmp dict_cache midna_domain casefold strcasecmp_utf8 \ vbuf_print split_qnameval vstream msg_logger byte_mask \ - known_tcp_ports dict_stream find_inet binhash hash_fnv argv + known_tcp_ports dict_stream find_inet binhash hash_fnv argv \ + clean_env PLUGIN_MAP_SO = $(LIB_PREFIX)pcre$(LIB_SUFFIX) $(LIB_PREFIX)lmdb$(LIB_SUFFIX) \ $(LIB_PREFIX)cdb$(LIB_SUFFIX) $(LIB_PREFIX)sdbm$(LIB_SUFFIX) HTABLE_FIX = NORANDOMIZE=1 @@ -504,6 +505,11 @@ find_inet: $(LIB) $(CC) $(CFLAGS) -DTEST -o $@ $@.c $(LIB) $(SYSLIBS) mv junk $@.o +clean_env: $(LIB) + mv $@.o junk + $(CC) $(CFLAGS) -DTEST -o $@ $@.c $(LIB) $(SYSLIBS) + mv junk $@.o + stream_test: stream_test.c $(LIB) $(CC) $(CFLAGS) -o $@ $@.c $(LIB) $(SYSLIBS) diff --git a/postfix/src/util/clean_env.c b/postfix/src/util/clean_env.c index c6daffac3..6886c9eae 100644 --- a/postfix/src/util/clean_env.c +++ b/postfix/src/util/clean_env.c @@ -38,6 +38,8 @@ /* Google, Inc. /* 111 8th Avenue /* New York, NY 10011, USA +/* +/* Wietse Venema /*--*/ /* System library. */ @@ -50,9 +52,11 @@ /* Utility library. */ #include +#include #include #include #include +#include /* clean_env - clean up the environment */ @@ -62,20 +66,27 @@ void clean_env(char **preserve_list) ARGV *save_list; char *value; char **cpp; - char *eq; + char *copy; + char *key; + char *val; + const char *err; /* * Preserve or specify selected environment variables. */ -#define STRING_AND_LENGTH(x, y) (x), (ssize_t) (y) - save_list = argv_alloc(10); - for (cpp = preserve_list; *cpp; cpp++) - if ((eq = strchr(*cpp, '=')) != 0) - argv_addn(save_list, STRING_AND_LENGTH(*cpp, eq - *cpp), - STRING_AND_LENGTH(eq + 1, strlen(eq + 1)), (char *) 0); - else if ((value = safe_getenv(*cpp)) != 0) + for (cpp = preserve_list; *cpp; cpp++) { + if (strchr(*cpp, '=') != 0) { + copy = mystrdup(*cpp); + err = split_nameval(copy, &key, &val); + if (err != 0) + msg_fatal("clean_env: %s in: %s", err, *cpp); + argv_add(save_list, key, val, (char *) 0); + myfree(copy); + } else if ((value = safe_getenv(*cpp)) != 0) { argv_add(save_list, *cpp, value, (char *) 0); + } + } /* * Truncate the process environment, if available. On some systems @@ -103,16 +114,25 @@ void update_env(char **preserve_list) { char **cpp; ARGV *save_list; - char *eq; + char *copy; + char *key; + char *val; + const char *err; /* * Extract name=value settings. */ save_list = argv_alloc(10); - for (cpp = preserve_list; *cpp; cpp++) - if ((eq = strchr(*cpp, '=')) != 0) - argv_addn(save_list, STRING_AND_LENGTH(*cpp, eq - *cpp), - STRING_AND_LENGTH(eq + 1, strlen(eq + 1)), (char *) 0); + for (cpp = preserve_list; *cpp; cpp++) { + if (strchr(*cpp, '=') != 0) { + copy = mystrdup(*cpp); + err = split_nameval(copy, &key, &val); + if (err != 0) + msg_fatal("update_env: %s in: %s", err, *cpp); + argv_add(save_list, key, val, (char *) 0); + myfree(copy); + } + } /* * Apply name=value settings. @@ -126,3 +146,22 @@ void update_env(char **preserve_list) */ argv_free(save_list); } + +#ifdef TEST + +#include +#include + +int main(int argc, char **argv) +{ + extern char **environ; + char **cpp; + + clean_env(argv + 1); + for (cpp = environ; *cpp; cpp++) + vstream_printf("%s\n", *cpp); + vstream_fflush(VSTREAM_OUT); + exit(0); +} + +#endif diff --git a/postfix/src/util/split_nameval.c b/postfix/src/util/split_nameval.c index 0359f1a13..428bc37f5 100644 --- a/postfix/src/util/split_nameval.c +++ b/postfix/src/util/split_nameval.c @@ -43,6 +43,8 @@ /* IBM T.J. Watson Research /* P.O. Box 704 /* Yorktown Heights, NY 10598, USA +/* +/* Wietse Venema /*--*/ /* System libraries. */ @@ -81,7 +83,7 @@ const char *split_nameval(char *buf, char **name, char **value) } while (0) SKIP(buf, np, ISSPACE(*np)); /* find name begin */ - if (*np == 0) + if (*np == 0 || *np == '=') return ("missing attribute name"); SKIP(np, ep, !ISSPACE(*ep) && *ep != '='); /* find name end */ SKIP(ep, cp, ISSPACE(*cp)); /* skip blanks before '=' */ -- 2.47.3