X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=src%2Fsrc%2Fexpand.c;h=bcfa60fb660e1246c048bd808a7bc13fa4f33b8e;hb=953303cf3170248dae7f284b0a55cf105a66371c;hp=ca954ebc29ec3ceb47fdea8739482ce135545c3f;hpb=ddaf34e7b7fe02cbbb99a6bf515eb4298d6b2d4b;p=user%2Fhenk%2Fcode%2Fexim.git diff --git a/src/src/expand.c b/src/src/expand.c index ca954ebc2..bcfa60fb6 100644 --- a/src/src/expand.c +++ b/src/src/expand.c @@ -3583,53 +3583,50 @@ switch(cond_type = identify_operator(&s, &opname)) /* If a zero-length secret was given, we're done. Otherwise carry on and validate the given SRS local_part againt our secret. */ - if (!*sub[1]) + if (*sub[1]) { - boolvalue = TRUE; - goto srs_result; - } + /* check the timestamp */ + { + struct timeval now; + uschar * ss = sub[0] + ovec[4]; /* substring 2, the timestamp */ + long d; + int n; - /* check the timestamp */ - { - struct timeval now; - uschar * ss = sub[0] + ovec[4]; /* substring 2, the timestamp */ - long d; - int n; + gettimeofday(&now, NULL); + now.tv_sec /= 86400; /* days since epoch */ - gettimeofday(&now, NULL); - now.tv_sec /= 86400; /* days since epoch */ + /* Decode substring 2 from base32 to a number */ - /* Decode substring 2 from base32 to a number */ + for (d = 0, n = ovec[5]-ovec[4]; n; n--) + { + uschar * t = Ustrchr(base32_chars, *ss++); + d = d * 32 + (t - base32_chars); + } - for (d = 0, n = ovec[5]-ovec[4]; n; n--) - { - uschar * t = Ustrchr(base32_chars, *ss++); - d = d * 32 + (t - base32_chars); + if (((now.tv_sec - d) & 0x3ff) > 10) /* days since SRS generated */ + { + DEBUG(D_expand) debug_printf("SRS too old\n"); + goto srs_result; + } } - if (((now.tv_sec - d) & 0x3ff) > 10) /* days since SRS generated */ + /* check length of substring 1, the offered checksum */ + + if (ovec[3]-ovec[2] != 4) { - DEBUG(D_expand) debug_printf("SRS too old\n"); + DEBUG(D_expand) debug_printf("SRS checksum wrong size\n"); goto srs_result; } - } - - /* check length of substring 1, the offered checksum */ - if (ovec[3]-ovec[2] != 4) - { - DEBUG(D_expand) debug_printf("SRS checksum wrong size\n"); - goto srs_result; - } - - /* Hash the address with our secret, and compare that computed checksum - with the one extracted from the arg */ + /* Hash the address with our secret, and compare that computed checksum + with the one extracted from the arg */ - hmac_md5(sub[1], srs_recipient, cksum, sizeof(cksum)); - if (Ustrncmp(cksum, sub[0] + ovec[2], 4) != 0) - { - DEBUG(D_expand) debug_printf("SRS checksum mismatch\n"); - goto srs_result; + hmac_md5(sub[1], srs_recipient, cksum, sizeof(cksum)); + if (Ustrncmp(cksum, sub[0] + ovec[2], 4) != 0) + { + DEBUG(D_expand) debug_printf("SRS checksum mismatch\n"); + goto srs_result; + } } boolvalue = TRUE; @@ -5646,8 +5643,6 @@ while (*s) FILE * f; const uschar * arg, ** argv; unsigned late_expand = TSUC_EXPAND_ARGS | TSUC_ALLOW_TAINTED_ARGS | TSUC_ALLOW_RECIPIENTS; - uschar * save_value = lookup_value; - int yesno; if (expand_forbid & RDO_RUN) { @@ -5770,24 +5765,20 @@ while (*s) expand_string_message = string_sprintf("command killed by signal %d", -runrc); - lookup_value = save_value; goto EXPAND_FAILED; } } /* Process the yes/no strings; $value may be useful in both cases */ - yesno = process_yesno( + switch(process_yesno( flags, /* were previously skipping */ runrc == 0, /* success/failure indicator */ lookup_value, /* value to reset for string2 */ &s, /* input pointer */ &yield, /* output pointer */ US"run", /* condition type */ - &resetok); - lookup_value = save_value; - - switch(yesno) + &resetok)) { case 1: goto EXPAND_FAILED; /* when all is well, the */ case 2: goto EXPAND_FAILED_CURLY; /* returned value is 0 */ @@ -5813,16 +5804,15 @@ while (*s) case 3: goto EXPAND_FAILED; } - yield = string_cat(yield, sub[0]); - o2m = Ustrlen(sub[2]) - 1; - - if (o2m >= 0) for (; oldptr < yield->ptr; oldptr++) + if ( (yield = string_cat(yield, sub[0])) + && (o2m = Ustrlen(sub[2]) - 1) >= 0) + for (; oldptr < yield->ptr; oldptr++) { uschar * m = Ustrrchr(sub[1], yield->s[oldptr]); if (m) { int o = m - sub[1]; - yield->s[oldptr] = sub[2][(o < o2m)? o : o2m]; + yield->s[oldptr] = sub[2][o < o2m ? o : o2m]; } } @@ -8141,7 +8131,7 @@ NOT_ITEM: ; case EOP_BASE64D: { uschar * s; - int len = b64decode(sub, &s); + int len = b64decode(sub, &s, sub); if (len < 0) { expand_string_message = string_sprintf("string \"%s\" is not "