From 0f2fc4794bbfba3839d3dc73ed648b79260fb0c9 Mon Sep 17 00:00:00 2001 From: Manvendra Bhangui Date: Sun, 29 Oct 2023 18:33:24 +0530 Subject: [PATCH] added matchregex bugfix --- indimail-mta-x/doc/ChangeLog | 4 ++ indimail-mta-x/filterit_sub.c | 8 ++- indimail-mta-x/qmail-queue.9 | 107 +++++++++++++++++++++++++--------- indimail-mta-x/qmail-queue.c | 15 +++-- indimail-mta-x/qregex.c | 20 ++++--- indimail-mta-x/smtpd.c | 18 +++--- 6 files changed, 123 insertions(+), 49 deletions(-) diff --git a/indimail-mta-x/doc/ChangeLog b/indimail-mta-x/doc/ChangeLog index fd8dc9fe91..9f2c04d6d5 100644 --- a/indimail-mta-x/doc/ChangeLog +++ b/indimail-mta-x/doc/ChangeLog @@ -106,6 +106,10 @@ o Updated test-indimail-mta with additional tests (SPF, SRS, CHECKSENDER, - 25/10/2023 65. autoresponder.c, indimail-spamfilter.c: rewind descriptor 0 regardless of MAKE_SEEKABLE setting +- 29/10/2023 +66. filterit_sub.c, qmail-queue.c, smtpd.c, qregex.c, bug - error in regexp + treated as match +67. test-indimail-mta: added test case to test invalid regex expression * Fri Sep 08 2023 11:58:03 +0000 Manvendra Bhangui 3.0.4-1.1%{?dist} Release 3.0.4-1.1 Start 24/04/2023 End 08/09/2023 diff --git a/indimail-mta-x/filterit_sub.c b/indimail-mta-x/filterit_sub.c index 452e114fb2..04417f7d54 100644 --- a/indimail-mta-x/filterit_sub.c +++ b/indimail-mta-x/filterit_sub.c @@ -1,5 +1,5 @@ /* - * $Id: filterit_sub.c,v 1.4 2023-10-01 02:11:00+05:30 Cprogrammer Exp mbhangui $ + * $Id: filterit_sub.c,v 1.5 2023-10-29 17:12:48+05:30 Cprogrammer Exp mbhangui $ */ #include #include @@ -615,7 +615,8 @@ filterit_sub1(int argc, char **argv) break; case 5: /*- RegExp */ for (ptr = matched_header.s + tmp.len; isspace(*ptr); ptr++, tmp.len++); - match = matchregex(matched_header.s + tmp.len, keyword, 0); + if ((match = matchregex(matched_header.s + tmp.len, keyword, 0)) == -1) + break; if (negate) match = !match; if (match) @@ -652,6 +653,9 @@ getversion_filterit_c() /* * $Log: filterit_sub.c,v $ + * Revision 1.5 2023-10-29 17:12:48+05:30 Cprogrammer + * bug - error in regexp treated as match + * * Revision 1.4 2023-10-01 02:11:00+05:30 Cprogrammer * removed setting of QQEH for X-FilterIT header * diff --git a/indimail-mta-x/qmail-queue.9 b/indimail-mta-x/qmail-queue.9 index c795f3db26..efa619aa00 100644 --- a/indimail-mta-x/qmail-queue.9 +++ b/indimail-mta-x/qmail-queue.9 @@ -10,7 +10,7 @@ qmail-queue \- queue a mail message for delivery .SH DESCRIPTION \fBqmail-queue\fR reads a mail message from descriptor 0. It then reads envelope information from descriptor 1. It places the message into the -outgoing queue for future delivery by \fBqmail-send\fR. The default +outgoing queue for future delivery by \fBqmail-send\fR. The default outgoing queue is @qmaildir@/queue. This can be changed by setting environment variable QUEUEDIR to point to a path having a valid queue created by the program \fBqueue-fix\fR(8). \fBqmail-queue\fR @@ -22,21 +22,21 @@ by the following environment variables. .TP 5 \fBQUEUE_BASE\fR The base directory having all the indimail queues. If this is not defined, the control file \fIqueue_base\fR is used. This is -typically QMAILHOME/queue. +typically @qmaildir@/queue. .TP 5 \fBQUEUE_START\fR This is a number which defines the first queue that should be used. -e.g. QUEUE_START=1 implies the first queue to be QMAILHOME/queue/queue1 +e.g. QUEUE_START=1 implies the first queue to be @qmaildir@/queue/queue1 .TP 5 \fBQUEUE_COUNT\fR This defines the number of queues that should be used for load balancing. \fBqmail-queue\fR used a random number to select a queue in a multi-queue setup. -e.g. QUEUE_START=1, QUEUE_COUNT=5 implies 5 queues QMAILHOME/queue/queue1, -QMAILHOME/queue/queue2, ..., QMAILHOME/queue/queue5 +e.g. QUEUE_START=1, QUEUE_COUNT=5 implies 5 queues @qmaildir@/queue/queue1, +@qmaildir@/queue/queue2, ..., @qmaildir@/queue/queue5 .TP 5 .B MIN_FREE @@ -111,7 +111,7 @@ If the environment variable \fBORIGINIPFIELD\fR is set, a "X-Originating-IP" header will be added to every relayed mail. If the environment variable \fBFASTQUEUE\fR is set, qmail-queue will bypass -QHPSI, ORIGINIPFIELD, extraqueue, removehaders, envheaders, logheaders, +QHPSI, ORIGINIPFIELD, extraqueue, removeheaders, envheaders, logheaders, mailarchive control files .SH CONTROL FILES @@ -205,12 +205,12 @@ the form type:regexp:dest_mailbox .EE -where \fItype\fR is \fBF\fR or \fBT\fR. If \fItype\fR is \fBF\fR, rule +where \fItype\fR is \fBF\fR or \fBT\fR. If \fItype\fR is \fBF\fR, rule is appled on the sender. If \fItype\fR is \fBT\fR, the rule is applied on the recipient. \fItype\fR can be omitted to match all recipients (but not senders). \fIregexp\fR is an expression to match the address (sender or -recipient as specfied by \fItype\fR) and \fIdest_mailbox\fR is a valid -email address. \fIregexp\fR can be omitted to match any address. Remember +recipient as specfied by \fItype\fR). \fIdest_mailbox\fR is a valid email +address. \fIregexp\fR can be omitted to match any address. Remember that \fIregexp\fR is a real regular expression and not filename glob pattern as used by functions like \fBfnmatch\fR(3). Typically \fB.*@yourdomain\fR (and not \fB*@yourdomain\fR) is what you intend when @@ -226,7 +226,7 @@ replaced as below .EE As stated above, the address used for matching \fIregexp\fR is the sender -in case type is \fBF\fR. For bounces, you can use \fB<>\fR to match a null +when type is \fBF\fR. For bounces, you can use \fB<>\fR to match a null sender. e.g. .EX @@ -238,8 +238,8 @@ When a rule matches a sender or any one of the recipients, the recipient list. When a rule matches multiple recipients, only one email address will be added to recipient list to avoid duplicates. -The below will make a copy all mails for domain \fIyourdomain\fR to -\fIarchyourdomain\fR (for all senders - practically each and every mail). +The below will make a copy all mails for domain \fIdomain\fR to +arch\fIdomain\fR (for all recipients - practically each and every mail). .EX ::%u@arch%d @@ -260,6 +260,8 @@ result of \fIregexp\fR match. F:!.*@yourdomain:incoming@yourdomain .EE +NOTE: Invalid \fIregexp\fR are silently discarded. + .TP \fBoriginipfield\fR If this control file is set or if the environment variable @@ -302,15 +304,15 @@ necessity to call additional programs (like reformime or ripmime) except for the virus scanner itself. The QHPSI extension for qmail-queue allows to call an arbitary virus scanner -directly, scanning the incoming data-stream on STDIN or it allows plugins to -be loaded from the @prefix@/lib/indimail/plugins directory. This directory -can be changed by defining \fBPLUGINDIR\fR environment variable. QHPSI can -be advised to pass multiple arguments to the virus scanner for customization. -To run external scanner or load scanner plugins, \fBqmail-queue\fR calls -\fBqhpsi\fR, a program setuid to \fIqscand\fR. By default, \fBqhpsi\fR looks -for the symbol \fIvirusscan\fR to invoke the scanner. The symbol can be -changed by setting the environment variable \fBQUEUE_PLUGIN_SYMB\fR to the -desired symbol. +directly to scan the message file in \fImess\fR subdirectory or it allows +plugins to be loaded from the @prefix@/lib/indimail/plugins directory. This +directory can be changed by defining \fBPLUGINDIR\fR environment variable. +QHPSI can be advised to pass multiple arguments to the virus scanner for +customization. To run external scanner or load scanner plugins, +\fBqmail-queue\fR calls \fBqhpsi\fR, a program setuid to \fIqscand\fR. By +default, \fBqhpsi\fR looks for the symbol \fIvirusscan\fR to invoke the +scanner. The symbol can be changed by setting the environment variable +\fBQUEUE_PLUGIN_SYMB\fR to the desired symbol. In order to use the QHPSI, the virus scanner has to have the following qualifications: @@ -342,7 +344,7 @@ can be set either to the full path of a scanner or to a list of plugins. .IP \n[step] 2 is set to full path of the virus scanner, i.e. QHPSI=@prefix@/bin/clamdscan. If full path is not specified, \fBqmail-queue\fR will use execvp(2) to run -the scanner. Else it uses execv(2). Setting QHPSI environment variable +the scanner. Else it uses execv(2). Setting QHPSI environment variable turns on the QHPSI interface. The Qmail High Performance Scanner interface QHPSI also allows \fBqmail-queue\fR to read command line arguments taken from the \fBQHPSI\fR environment to be used as a call-interface for an @@ -399,8 +401,8 @@ to a value > 2 will bounce infected mails to sender \fBVIRUSFORWARD\fR Infected mails will be quarantined to the email defined by VIRUSFORWARD. This will work only if \fBREJECTVIRUS\fR is not equal to 1. Setting -VIRUSFORWARD sets the \fBX-Quarantine-ID\fR containing the list of original -recipient list is added. +VIRUSFORWARD sets the \fBX-Quarantine-ID\fR containing the list of all +recipients. .TP \fBQHPSIMINSIZE\fR @@ -416,6 +418,59 @@ When QHPSI is enabled \fBqmail-queue\fR adds the header X-QHPSI, the value of which is either 'infected' or 'clean' (depending on whether the mail as identifed as infected or not). +.SH PROGRAMS USING \fBQMAILQUEUE\fR + +All of the below programs use the setting of \fBQMAILQUEUE\fR environment +variables to execute \fBqmail-queue\fR. They all can either take +\fBQMAILQUEUE\fR set to the path of a single \fBqmail-queue\fR frontend or +as command line chain of \fBqmail-queue\fR frontend programs. If you +specify \fBqmail-queue\fR as one of the programs in \fBQMAILQUEUE\fR, the +chain will stop at \fBqmail-queue\fR. Any programs listed after +\fBqmail-queue\fR will not get executed. So it is important not to have +\fBqmail-queue\fR in the list. + +\fBcondredirect\fR(1), +\fBdot-forward\fR(1), +\fBfastforward\fR(1), +\fBfilterto\fR(1), +\fBforward\fR(1), +\fBmaildirserial\fR(1), +\fBmini-smtpd\fR(8), +\fBnew-inject\fR(1), +\fBofmipd\fR(8), +\fBqmail-inject\fR(8), +\fBsendmail\fR(8), +\fBqmail-local\fR(8), +\fBqmail-qmqpd\fR(8), +\fBqmail-qmtpd\fR(8), +\fBqmail-send\fR(8), +\fBqmta-send\fR(8), +\fBqnotify\fR(1), +\fBqreceipt\fR(1), +\fBreplier\fR(1), +\fBrrforward\fR(1), +\fBrrt\fR(1), +\fBslowq-send\fR(8), +\fBqmail-smtpd\fR(8), +\fBsrsfilter\fR(1), +\fBqmail-spamfilter\fR(8), +\fBqmail-multi\fR(8), +\fBqmail-nullqueue\fR(8), +\fBqmail-qfilter\fR(1), +\fBqmail-dkim\fR(8), +\fBqscanq-stdin\fR(8) + +The below programs also act as a \fBqmail-queue\fR frontend. They can be +set in \fBQMAILQUEUE\fR environment variable and will ultimately execute +\fBqmail-queue\fR in the end as a default. + +\fBqmail-spamfilter\fR(8), +\fBqmail-multi\fR(8), +\fBqmail-nullqueue\fR(8), +\fBqmail-qfilter\fR(1), +\fBqmail-dkim\fR(8), +\fBqscanq-stdin\fR(8) + .SH "EXIT CODES" \fBqmail-queue\fR does not print diagnostics. It exits 0 if it has successfully queued the message. It exits between 1 and 99 if it has failed @@ -539,11 +594,11 @@ Comments: Sample with McAfee's uvscan: - :allow,QHPSI='/usr/bin/uvscan --secure',QHPSIMAXSIZE='9000000',QHPSIRC='13' + :allow,QHPSI='@prefix@/bin/uvscan --secure',QHPSIMAXSIZE='9000000',QHPSIRC='13' Comments: - - The path of 'uvscan' is '/usr/local/bin' and can be ommitted. + - The path of 'uvscan' is '@prefix@/bin' and can be ommitted. - 'uvscan' returns with RC=13 in case a virus is found, therefore, QHPSIRC has to provide this value. - The virus scanning is omitted, if the size of the message diff --git a/indimail-mta-x/qmail-queue.c b/indimail-mta-x/qmail-queue.c index a7b5f2cdaa..1d8593cda0 100644 --- a/indimail-mta-x/qmail-queue.c +++ b/indimail-mta-x/qmail-queue.c @@ -1,5 +1,5 @@ /* - * $Id: qmail-queue.c,v 1.88 2023-10-24 20:07:31+05:30 Cprogrammer Exp mbhangui $ + * $Id: qmail-queue.c,v 1.89 2023-10-29 17:13:32+05:30 Cprogrammer Exp mbhangui $ */ #include #include @@ -584,10 +584,10 @@ set_archive(char *eaddr) addr_ptr = 0; else { if (negate) { - if (!matchregex(addr, addr_ptr, &errStr)) + if (matchregex(addr, addr_ptr, &errStr) == 0) addr_ptr = 0; } else { - if (matchregex(addr, addr_ptr, &errStr)) + if (matchregex(addr, addr_ptr, &errStr) == 1) addr_ptr = 0; } } @@ -636,7 +636,7 @@ set_archive(char *eaddr) } ptr += (str_len(ptr) + 1); } - if (!found && !stralloc_cat(&arch_email, &tmpe)) + if (!found && !stralloc_cat(&arch_email, &tmpe)) /*- append if not duplicate */ return (1); } else *(dest - 1) = ':'; @@ -1076,7 +1076,7 @@ main() for (len = 0; len < ADDR; ++len) { if (substdio_get(&ssin, &ch, 1) < 1) die(QQ_READ_ERR, 1, "trouble reading envelope"); - if (flagquarantine) { + if (flagquarantine) { /*- append all recipients to quarantine */ if (ch && !stralloc_append(&qqehextra, &ch)) die(QQ_OUT_OF_MEMORY, 1, "out of memory"); } else @@ -1188,7 +1188,7 @@ main() void getversion_qmail_queue_c() { - static char *x = "$Id: qmail-queue.c,v 1.88 2023-10-24 20:07:31+05:30 Cprogrammer Exp mbhangui $"; + static char *x = "$Id: qmail-queue.c,v 1.89 2023-10-29 17:13:32+05:30 Cprogrammer Exp mbhangui $"; x = sccsidmakeargsh; x++; @@ -1196,6 +1196,9 @@ getversion_qmail_queue_c() #endif /* * $Log: qmail-queue.c,v $ + * Revision 1.89 2023-10-29 17:13:32+05:30 Cprogrammer + * bug - error in regexp treated as match + * * Revision 1.88 2023-10-24 20:07:31+05:30 Cprogrammer * added feature to negate regexp match * diff --git a/indimail-mta-x/qregex.c b/indimail-mta-x/qregex.c index f8881ca585..88e985b8d6 100644 --- a/indimail-mta-x/qregex.c +++ b/indimail-mta-x/qregex.c @@ -1,11 +1,11 @@ /* - * $Id: qregex.c,v 1.34 2023-10-24 20:08:02+05:30 Cprogrammer Exp mbhangui $ + * $Id: qregex.c,v 1.35 2023-10-29 17:13:39+05:30 Cprogrammer Exp mbhangui $ * * qregex (v2) * Author : Evan Borgstrom (evan at unixpimps dot org) * Created : 2001/12/14 23:08:16 - * Modified: $Date: 2023-10-24 20:08:02+05:30 $ - * Revision: $Revision: 1.34 $ + * Modified: $Date: 2023-10-29 17:13:39+05:30 $ + * Revision: $Revision: 1.35 $ * * Do POSIX regex matching on addresses for anti-relay / spam control. * It logs to the maillog @@ -223,11 +223,12 @@ regex_match(stralloc *addr, stralloc *map, char **errStr) return (AM_MEMORY_ERR); if (!stralloc_0(&curregex)) return (AM_MEMORY_ERR); - if ((k = matchregex(addr->s, curregex.s, errStr)) == 1) { - if (negate) - return (0); + if ((k = matchregex(addr->s, curregex.s, errStr)) == -1) + return AM_REGEX_ERR; + if (negate) + k = !k; + if (k) match = 1; - } j = i + 1; negate = 0; } @@ -238,7 +239,7 @@ regex_match(stralloc *addr, stralloc *map, char **errStr) void getversion_qregex_c() { - static char *x = "$Id: qregex.c,v 1.34 2023-10-24 20:08:02+05:30 Cprogrammer Exp mbhangui $"; + static char *x = "$Id: qregex.c,v 1.35 2023-10-29 17:13:39+05:30 Cprogrammer Exp mbhangui $"; x = sccsidwildmath; x++; @@ -246,6 +247,9 @@ getversion_qregex_c() /* * $Log: qregex.c,v $ + * Revision 1.35 2023-10-29 17:13:39+05:30 Cprogrammer + * bug - error in regexp treated as match + * * Revision 1.34 2023-10-24 20:08:02+05:30 Cprogrammer * use matchregex.h from /usr/include/qmail * diff --git a/indimail-mta-x/smtpd.c b/indimail-mta-x/smtpd.c index fa6b32ef2b..70a4bb5bd0 100644 --- a/indimail-mta-x/smtpd.c +++ b/indimail-mta-x/smtpd.c @@ -1,6 +1,6 @@ /* * RCS log at bottom - * $Id: smtpd.c,v 1.307 2023-10-24 20:08:07+05:30 Cprogrammer Exp mbhangui $ + * $Id: smtpd.c,v 1.308 2023-10-29 17:13:43+05:30 Cprogrammer Exp mbhangui $ */ #include #include @@ -155,7 +155,7 @@ static SSL *ssl = NULL; static struct strerr *se; #endif static int tr_success = 0; -static char *revision = "$Revision: 1.307 $"; +static char *revision = "$Revision: 1.308 $"; static char *protocol = "SMTP"; static stralloc proto = { 0 }; static stralloc Revision = { 0 }; @@ -2339,10 +2339,11 @@ badhostcheck() if (!stralloc_copyb(&curregex, brh.s + j, (i - j)) || !stralloc_0(&curregex)) die_nomem(); - x = matchregex(remotehost, curregex.s, NULL); - if ((negate) && (x == 0)) - return 1; - if (!(negate) && (x > 0)) + if ((x = matchregex(remotehost, curregex.s, NULL)) == -1) + die_regex(); + if (negate) + x = !x; + if (x) return 1; j = i + 1; negate = 0; @@ -7190,6 +7191,9 @@ addrrelay() /* * $Log: smtpd.c,v $ + * Revision 1.308 2023-10-29 17:13:43+05:30 Cprogrammer + * bug - error in regexp treated as match + * * Revision 1.307 2023-10-24 20:08:07+05:30 Cprogrammer * use matchregex.h from /usr/include/qmail * @@ -7568,7 +7572,7 @@ addrrelay() char * getversion_smtpd_c() { - static char *x = "$Id: smtpd.c,v 1.307 2023-10-24 20:08:07+05:30 Cprogrammer Exp mbhangui $"; + static char *x = "$Id: smtpd.c,v 1.308 2023-10-29 17:13:43+05:30 Cprogrammer Exp mbhangui $"; x++; return revision + 11;