diff options
author | gshapiro <gshapiro@FreeBSD.org> | 2013-04-21 17:08:44 +0000 |
---|---|---|
committer | gshapiro <gshapiro@FreeBSD.org> | 2013-04-21 17:08:44 +0000 |
commit | 891f1b61da33280fa1ba153569b360771d27e984 (patch) | |
tree | ab52d50bcac2932bf5e37126b12ef0d2886488f1 /contrib/sendmail/src | |
parent | 84dd41acc62e69379821ee9ff4d6461233543f07 (diff) | |
parent | a03b7e14eaaeb30fff6859c589152c8787d230e3 (diff) | |
download | FreeBSD-src-891f1b61da33280fa1ba153569b360771d27e984.zip FreeBSD-src-891f1b61da33280fa1ba153569b360771d27e984.tar.gz |
Merge sendmail 8.14.7 to HEAD
MFC after: 4 days
Diffstat (limited to 'contrib/sendmail/src')
-rw-r--r-- | contrib/sendmail/src/Makefile.m4 | 2 | ||||
-rw-r--r-- | contrib/sendmail/src/alias.c | 8 | ||||
-rw-r--r-- | contrib/sendmail/src/collect.c | 20 | ||||
-rw-r--r-- | contrib/sendmail/src/conf.c | 42 | ||||
-rw-r--r-- | contrib/sendmail/src/control.c | 4 | ||||
-rw-r--r-- | contrib/sendmail/src/deliver.c | 8 | ||||
-rw-r--r-- | contrib/sendmail/src/main.c | 12 | ||||
-rw-r--r-- | contrib/sendmail/src/map.c | 11 | ||||
-rw-r--r-- | contrib/sendmail/src/mci.c | 4 | ||||
-rw-r--r-- | contrib/sendmail/src/milter.c | 7 | ||||
-rw-r--r-- | contrib/sendmail/src/mime.c | 41 | ||||
-rw-r--r-- | contrib/sendmail/src/parseaddr.c | 10 | ||||
-rw-r--r-- | contrib/sendmail/src/queue.c | 6 | ||||
-rw-r--r-- | contrib/sendmail/src/readcf.c | 25 | ||||
-rw-r--r-- | contrib/sendmail/src/recipient.c | 4 | ||||
-rw-r--r-- | contrib/sendmail/src/savemail.c | 67 | ||||
-rw-r--r-- | contrib/sendmail/src/sendmail.h | 19 | ||||
-rw-r--r-- | contrib/sendmail/src/sfsasl.c | 31 | ||||
-rw-r--r-- | contrib/sendmail/src/srvrsmtp.c | 27 | ||||
-rw-r--r-- | contrib/sendmail/src/tls.c | 70 | ||||
-rw-r--r-- | contrib/sendmail/src/usersmtp.c | 4 | ||||
-rw-r--r-- | contrib/sendmail/src/util.c | 15 | ||||
-rw-r--r-- | contrib/sendmail/src/version.c | 6 |
23 files changed, 319 insertions, 124 deletions
diff --git a/contrib/sendmail/src/Makefile.m4 b/contrib/sendmail/src/Makefile.m4 index 5908b97..a29c18e 100644 --- a/contrib/sendmail/src/Makefile.m4 +++ b/contrib/sendmail/src/Makefile.m4 @@ -1,4 +1,4 @@ -dnl $Id: Makefile.m4,v 8.132 2012/09/11 20:02:44 ca Exp $ +dnl $Id: Makefile.m4,v 8.139 2013/04/17 17:15:54 ca Exp $ include(confBUILDTOOLSDIR`/M4/switch.m4') define(`confREQUIRE_LIBSM', `true') diff --git a/contrib/sendmail/src/alias.c b/contrib/sendmail/src/alias.c index 3eae4ba..57d0b08 100644 --- a/contrib/sendmail/src/alias.c +++ b/contrib/sendmail/src/alias.c @@ -13,7 +13,7 @@ #include <sendmail.h> -SM_RCSID("@(#)$Id: alias.c,v 8.219 2006/10/24 18:04:09 ca Exp $") +SM_RCSID("@(#)$Id: alias.c,v 8.220 2013/03/12 15:24:52 ca Exp $") #define SEPARATOR ':' # define ALIAS_SPEC_SEPARATORS " ,/:" @@ -657,7 +657,7 @@ readaliases(map, af, announcestats, logstats) LineNumber = 0; naliases = bytes = longest = 0; skipping = false; - while (sm_io_fgets(af, SM_TIME_DEFAULT, line, sizeof(line)) != NULL) + while (sm_io_fgets(af, SM_TIME_DEFAULT, line, sizeof(line)) >= 0) { int lhssize, rhssize; int c; @@ -670,7 +670,7 @@ readaliases(map, af, announcestats, logstats) { p--; if (sm_io_fgets(af, SM_TIME_DEFAULT, p, - SPACELEFT(line, p)) == NULL) + SPACELEFT(line, p)) < 0) break; LineNumber++; p = strchr(p, '\n'); @@ -780,7 +780,7 @@ readaliases(map, af, announcestats, logstats) /* read continuation line */ if (sm_io_fgets(af, SM_TIME_DEFAULT, p, - sizeof(line) - (p-line)) == NULL) + sizeof(line) - (p-line)) < 0) break; LineNumber++; diff --git a/contrib/sendmail/src/collect.c b/contrib/sendmail/src/collect.c index c8dcb8a..1b7b5f5 100644 --- a/contrib/sendmail/src/collect.c +++ b/contrib/sendmail/src/collect.c @@ -13,7 +13,7 @@ #include <sendmail.h> -SM_RCSID("@(#)$Id: collect.c,v 8.285 2012/06/14 23:54:02 ca Exp $") +SM_RCSID("@(#)$Id: collect.c,v 8.286 2013/03/15 17:54:12 ca Exp $") static void eatfrom __P((char *volatile, ENVELOPE *)); static void collect_doheader __P((ENVELOPE *)); @@ -300,6 +300,9 @@ collect(fp, smtpmode, hdrp, e, rsetsize) unsigned char *pbp; unsigned char peekbuf[8]; char bufbuf[MAXLINE]; +#if _FFR_REJECT_NUL_BYTE + bool hasNUL; /* has at least one NUL input byte */ +#endif /* _FFR_REJECT_NUL_BYTE */ df = NULL; ignrdot = smtpmode ? false : IgnrDot; @@ -315,6 +318,9 @@ collect(fp, smtpmode, hdrp, e, rsetsize) hdrslen = 0; numhdrs = 0; HasEightBits = false; +#if _FFR_REJECT_NUL_BYTE + hasNUL = false; +#endif /* _FFR_REJECT_NUL_BYTE */ buf = bp = bufbuf; buflen = sizeof(bufbuf); pbp = peekbuf; @@ -403,6 +409,10 @@ collect(fp, smtpmode, hdrp, e, rsetsize) SM_TIME_DEFAULT, c); } +#if _FFR_REJECT_NUL_BYTE + if (c == '\0') + hasNUL = true; +#endif /* _FFR_REJECT_NUL_BYTE */ if (c == SM_IO_EOF) goto readerr; if (SevenBitInput) @@ -893,6 +903,14 @@ readerr: e->e_bodytype = "7BIT"; } +#if _FFR_REJECT_NUL_BYTE + if (hasNUL && RejectNUL) + { + e->e_status = "5.6.1"; + usrerrenh(e->e_status, "554 NUL byte not allowed"); + } +#endif /* _FFR_REJECT_NUL_BYTE */ + if (SuperSafe == SAFE_REALLY && !bitset(EF_FATALERRS, e->e_flags)) { char *dfname = queuename(e, DATAFL_LETTER); diff --git a/contrib/sendmail/src/conf.c b/contrib/sendmail/src/conf.c index 9130455..edfa0c2 100644 --- a/contrib/sendmail/src/conf.c +++ b/contrib/sendmail/src/conf.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998-2012 Sendmail, Inc. and its suppliers. + * Copyright (c) 1998-2013 Sendmail, Inc. and its suppliers. * All rights reserved. * Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved. * Copyright (c) 1988, 1993 @@ -13,7 +13,7 @@ #include <sendmail.h> -SM_RCSID("@(#)$Id: conf.c,v 8.1176 2012/12/07 03:59:54 ca Exp $") +SM_RCSID("@(#)$Id: conf.c,v 8.1182 2013/04/05 17:39:09 ca Exp $") #include <sm/sendmail.h> #include <sendmail/pathnames.h> @@ -967,7 +967,7 @@ switch_map_find(service, maptype, mapreturn) char buf[MAXLINE]; while (sm_io_fgets(fp, SM_TIME_DEFAULT, buf, - sizeof(buf)) != NULL) + sizeof(buf)) >= 0) { register char *p; @@ -2848,7 +2848,7 @@ uname(name) char buf[MAXLINE]; while (sm_io_fgets(file, SM_TIME_DEFAULT, - buf, sizeof(buf)) != NULL) + buf, sizeof(buf)) >= 0) { if (sm_io_sscanf(buf, "#define sysname \"%*[^\"]\"", NODE_LENGTH, name->nodename) > 0) @@ -3222,7 +3222,7 @@ usershellok(user, shell) return false; } - while (sm_io_fgets(shellf, SM_TIME_DEFAULT, buf, sizeof(buf)) != NULL) + while (sm_io_fgets(shellf, SM_TIME_DEFAULT, buf, sizeof(buf)) >= 0) { register char *p, *q; @@ -4294,7 +4294,12 @@ sm_gethostbyname(name, family) #else /* (SOLARIS > 10000 && SOLARIS < 20400) || (defined(SOLARIS) && SOLARIS < 204) || (defined(sony_news) && defined(__svr4)) */ int nmaps; # if NETINET6 - int flags = AI_DEFAULT|AI_ALL; +# ifndef SM_IPNODEBYNAME_FLAGS + /* For IPv4-mapped addresses, use: AI_DEFAULT|AI_ALL */ +# define SM_IPNODEBYNAME_FLAGS AI_ADDRCONFIG +# endif /* SM_IPNODEBYNAME_FLAGS */ + + int flags = SM_IPNODEBYNAME_FLAGS; int err; # endif /* NETINET6 */ char *maptype[MAXMAPSTACK]; @@ -6004,6 +6009,23 @@ char *OsCompileOptions[] = #if SECUREWARE "SECUREWARE", #endif /* SECUREWARE */ +#if SFS_TYPE == SFS_4ARGS + "SFS_4ARGS", +#elif SFS_TYPE == SFS_MOUNT + "SFS_MOUNT", +#elif SFS_TYPE == SFS_NONE + "SFS_NONE", +#elif SFS_TYPE == SFS_NT + "SFS_NT", +#elif SFS_TYPE == SFS_STATFS + "SFS_STATFS", +#elif SFS_TYPE == SFS_STATVFS + "SFS_STATVFS", +#elif SFS_TYPE == SFS_USTAT + "SFS_USTAT", +#elif SFS_TYPE == SFS_VFS + "SFS_VFS", +#endif #if SHARE_V1 "SHARE_V1", #endif /* SHARE_V1 */ @@ -6184,6 +6206,10 @@ char *FFRCompileOptions[] = "_FFR_GETHBN_ExFILE", #endif /* _FFR_GETHBN_ExFILE */ +#if _FFR_FIPSMODE + /* FIPSMode (if supported by OpenSSL library) */ + "_FFR_FIPSMODE", +#endif /* _FFR_FIPSMODE */ #if _FFR_FIX_DASHT /* ** If using -t, force not sending to argv recipients, even @@ -6363,6 +6389,10 @@ char *FFRCompileOptions[] = "_FFR_REDIRECTEMPTY", #endif /* _FFR_REDIRECTEMPTY */ +#if _FFR_REJECT_NUL_BYTE + /* reject NUL bytes in body */ + "_FFR_REJECT_NUL_BYTE", +#endif /* _FFR_REJECT_NUL_BYTE */ #if _FFR_RESET_MACRO_GLOBALS /* Allow macro 'j' to be set dynamically via rulesets. */ "_FFR_RESET_MACRO_GLOBALS", diff --git a/contrib/sendmail/src/control.c b/contrib/sendmail/src/control.c index 0b525f7..4d10740 100644 --- a/contrib/sendmail/src/control.c +++ b/contrib/sendmail/src/control.c @@ -10,7 +10,7 @@ #include <sendmail.h> -SM_RCSID("@(#)$Id: control.c,v 8.128 2006/08/15 23:24:56 ca Exp $") +SM_RCSID("@(#)$Id: control.c,v 8.129 2013/03/12 15:24:52 ca Exp $") #include <sm/fdset.h> @@ -301,7 +301,7 @@ control_command(sock, e) (void) sm_io_setvbuf(s, SM_TIME_DEFAULT, NULL, SM_IO_NBF, SM_IO_BUFSIZ); - if (sm_io_fgets(s, SM_TIME_DEFAULT, inp, sizeof(inp)) == NULL) + if (sm_io_fgets(s, SM_TIME_DEFAULT, inp, sizeof(inp)) < 0) { (void) sm_io_close(s, SM_TIME_DEFAULT); exit(EX_IOERR); diff --git a/contrib/sendmail/src/deliver.c b/contrib/sendmail/src/deliver.c index 581a98d..1d5eddd 100644 --- a/contrib/sendmail/src/deliver.c +++ b/contrib/sendmail/src/deliver.c @@ -14,7 +14,7 @@ #include <sendmail.h> #include <sm/time.h> -SM_RCSID("@(#)$Id: deliver.c,v 8.1027 2012/12/19 02:49:21 ca Exp $") +SM_RCSID("@(#)$Id: deliver.c,v 8.1028 2013/01/02 18:57:42 ca Exp $") #if HASSETUSERCONTEXT # include <login_cap.h> @@ -6159,7 +6159,7 @@ starttls(m, mci, e) sm_syslog(LOG_ERR, NOQID, "STARTTLS=client, error: SSL_new failed"); if (LogLevel > 9) - tlslogerr("client"); + tlslogerr(LOG_WARNING, "client"); } return EX_SOFTWARE; } @@ -6178,7 +6178,7 @@ starttls(m, mci, e) "STARTTLS=client, error: SSL_set_xfd failed=%d", result); if (LogLevel > 9) - tlslogerr("client"); + tlslogerr(LOG_WARNING, "client"); } return EX_SOFTWARE; } @@ -6208,7 +6208,7 @@ ssl_retry: result, sr == NULL ? "unknown" : sr, ssl_err, errno, i); if (LogLevel > 9) - tlslogerr("client"); + tlslogerr(LOG_WARNING, "client"); } SSL_free(clt_ssl); diff --git a/contrib/sendmail/src/main.c b/contrib/sendmail/src/main.c index 2294063..75c8be1 100644 --- a/contrib/sendmail/src/main.c +++ b/contrib/sendmail/src/main.c @@ -26,7 +26,7 @@ SM_UNUSED(static char copyright[]) = The Regents of the University of California. All rights reserved.\n"; #endif /* ! lint */ -SM_RCSID("@(#)$Id: main.c,v 8.981 2012/06/14 23:54:02 ca Exp $") +SM_RCSID("@(#)$Id: main.c,v 8.983 2013/03/12 15:24:52 ca Exp $") #if NETINET || NETINET6 @@ -2103,7 +2103,7 @@ main(argc, argv, envp) "> "); (void) sm_io_flush(smioout, SM_TIME_DEFAULT); if (sm_io_fgets(smioin, SM_TIME_DEFAULT, buf, - sizeof(buf)) == NULL) + sizeof(buf)) < 0) testmodeline("/quit", &MainEnvelope); p = strchr(buf, '\n'); if (p != NULL) @@ -2153,7 +2153,13 @@ main(argc, argv, envp) if (tls_ok) { /* basic TLS initialization */ - tls_ok = init_tls_library(); + tls_ok = init_tls_library(FipsMode); + if (!tls_ok && FipsMode) + { + (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT, + "ERROR: FIPSMode failed to initialize\n"); + exit(EX_USAGE); + } } if (!tls_ok && (OpMode == MD_QUEUERUN || OpMode == MD_DELIVER)) diff --git a/contrib/sendmail/src/map.c b/contrib/sendmail/src/map.c index 01d79ff..ad7d818 100644 --- a/contrib/sendmail/src/map.c +++ b/contrib/sendmail/src/map.c @@ -13,7 +13,7 @@ #include <sendmail.h> -SM_RCSID("@(#)$Id: map.c,v 8.709 2012/04/20 18:47:09 ca Exp $") +SM_RCSID("@(#)$Id: map.c,v 8.711 2013/03/12 15:24:52 ca Exp $") #if LDAPMAP # include <sm/ldap.h> @@ -2883,6 +2883,9 @@ nis_getcanonname(name, hbsize, statp) # undef T_UNSPEC /* symbol conflict in nis.h -> ... -> sys/tiuser.h */ # include <rpcsvc/nis.h> # include <rpcsvc/nislib.h> +# ifndef NIS_TABLE_OBJ +# define NIS_TABLE_OBJ TABLE_OBJ +# endif /* NIS_TABLE_OBJ */ # define EN_col(col) zo_data.objdata_u.en_data.en_cols.en_cols_val[(col)].ec_value.ec_value_val # define COL_NAME(res,i) ((res->objects.objects_val)->TA_data.ta_cols.ta_cols_val)[i].tc_name @@ -2970,7 +2973,7 @@ nisplus_map_open(map, mode) } if (NIS_RES_NUMOBJ(res) != 1 || - (NIS_RES_OBJECT(res)->zo_data.zo_type != TABLE_OBJ)) + (NIS_RES_OBJECT(res)->zo_data.zo_type != NIS_TABLE_OBJ)) { if (tTd(38, 10)) sm_dprintf("nisplus_map_open: %s is not a table\n", qbuf); @@ -5834,7 +5837,7 @@ text_map_lookup(map, name, av, statp) key_idx = map->map_keycolno; delim = map->map_coldelim; while (sm_io_fgets(f, SM_TIME_DEFAULT, - linebuf, sizeof(linebuf)) != NULL) + linebuf, sizeof(linebuf)) >= 0) { char *p; @@ -5908,7 +5911,7 @@ text_getcanonname(name, hbsize, statp) found = false; while (!found && sm_io_fgets(f, SM_TIME_DEFAULT, - linebuf, sizeof(linebuf)) != NULL) + linebuf, sizeof(linebuf)) >= 0) { char *p = strpbrk(linebuf, "#\n"); diff --git a/contrib/sendmail/src/mci.c b/contrib/sendmail/src/mci.c index 7b17167..6e635a8 100644 --- a/contrib/sendmail/src/mci.c +++ b/contrib/sendmail/src/mci.c @@ -13,7 +13,7 @@ #include <sendmail.h> -SM_RCSID("@(#)$Id: mci.c,v 8.223 2010/03/10 04:35:28 ca Exp $") +SM_RCSID("@(#)$Id: mci.c,v 8.224 2013/03/12 15:24:53 ca Exp $") #if NETINET || NETINET6 # include <arpa/inet.h> @@ -972,7 +972,7 @@ mci_read_persistent(fp, mci) sm_io_rewind(fp, SM_TIME_DEFAULT); ver = -1; LineNumber = 0; - while (sm_io_fgets(fp, SM_TIME_DEFAULT, buf, sizeof(buf)) != NULL) + while (sm_io_fgets(fp, SM_TIME_DEFAULT, buf, sizeof(buf)) >= 0) { LineNumber++; p = strchr(buf, '\n'); diff --git a/contrib/sendmail/src/milter.c b/contrib/sendmail/src/milter.c index a403a16..958b608 100644 --- a/contrib/sendmail/src/milter.c +++ b/contrib/sendmail/src/milter.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999-2009 Sendmail, Inc. and its suppliers. + * Copyright (c) 1999-2009, 2012, 2013 Sendmail, Inc. and its suppliers. * All rights reserved. * * By using this file, you agree to the terms and conditions set @@ -10,7 +10,7 @@ #include <sendmail.h> -SM_RCSID("@(#)$Id: milter.c,v 8.279 2012/11/16 20:25:03 ca Exp $") +SM_RCSID("@(#)$Id: milter.c,v 8.280 2013/01/16 18:48:36 ca Exp $") #if MILTER # include <sm/sendmail.h> @@ -2184,7 +2184,7 @@ milter_send_command(m, cmd, data, sz, e, state, where) ** cmd -- command to send. ** data -- optional command data. ** sz -- length of buf. -** macros -- macros to send for filter smfi_getsymval(). +** stage -- index of macros to send for filter smfi_getsymval(). ** e -- current envelope (for macro access). ** state -- return state word. ** where -- description of calling function (logging). @@ -2328,7 +2328,6 @@ milter_getsymlist(m, buf, rlen, offset) case SMFIM_DATA: SM_ASSERT(m->mf_idx > 0 && m->mf_idx < MAXFILTERS); macros = MilterMacros[i][m->mf_idx]; - m->mf_lflags |= MI_LFLAGS_SYM(i); len = strlen(buf + offset); if (len > 0) diff --git a/contrib/sendmail/src/mime.c b/contrib/sendmail/src/mime.c index af71d79..f0fb54a 100644 --- a/contrib/sendmail/src/mime.c +++ b/contrib/sendmail/src/mime.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998-2003, 2006 Sendmail, Inc. and its suppliers. + * Copyright (c) 1998-2003, 2006, 2013 Sendmail, Inc. and its suppliers. * All rights reserved. * Copyright (c) 1994, 1996-1997 Eric P. Allman. All rights reserved. * Copyright (c) 1994 @@ -14,7 +14,7 @@ #include <sendmail.h> #include <string.h> -SM_RCSID("@(#)$Id: mime.c,v 8.147 2007/09/26 23:29:11 ca Exp $") +SM_RCSID("@(#)$Id: mime.c,v 8.148 2013/03/12 15:24:53 ca Exp $") /* ** MIME support. @@ -107,6 +107,7 @@ mime8to7(mci, header, e, boundaries, flags, level) { register char *p; int linelen; + int blen; int bt; off_t offset; size_t sectionsize, sectionhighbits; @@ -322,13 +323,13 @@ mime8to7(mci, header, e, boundaries, flags, level) goto writeerr; mci->mci_flags &= ~MCIF_INHEADER; bt = MBT_FINAL; - while (sm_io_fgets(e->e_dfp, SM_TIME_DEFAULT, buf, sizeof(buf)) - != NULL) + while ((blen = sm_io_fgets(e->e_dfp, SM_TIME_DEFAULT, buf, + sizeof(buf))) >= 0) { bt = mimeboundary(buf, boundaries); if (bt != MBT_NOTSEP) break; - if (!putxline(buf, strlen(buf), mci, + if (!putxline(buf, blen, mci, PXLF_MAPFROM|PXLF_STRIP8BIT)) goto writeerr; if (tTd(43, 99)) @@ -366,13 +367,13 @@ mime8to7(mci, header, e, boundaries, flags, level) mci->mci_flags &= ~MCIF_INMIME; /* skip the late "comment" epilogue */ - while (sm_io_fgets(e->e_dfp, SM_TIME_DEFAULT, buf, sizeof(buf)) - != NULL) + while ((blen = sm_io_fgets(e->e_dfp, SM_TIME_DEFAULT, buf, + sizeof(buf))) >= 0) { bt = mimeboundary(buf, boundaries); if (bt != MBT_NOTSEP) break; - if (!putxline(buf, strlen(buf), mci, + if (!putxline(buf, blen, mci, PXLF_MAPFROM|PXLF_STRIP8BIT)) goto writeerr; if (tTd(43, 99)) @@ -443,16 +444,16 @@ mime8to7(mci, header, e, boundaries, flags, level) DATAFL_LETTER, e->e_id); /* do a scan of this body type to count character types */ - while (sm_io_fgets(e->e_dfp, SM_TIME_DEFAULT, buf, sizeof(buf)) - != NULL) + while ((blen = sm_io_fgets(e->e_dfp, SM_TIME_DEFAULT, buf, + sizeof(buf))) >= 0) { if (mimeboundary(buf, boundaries) != MBT_NOTSEP) break; - for (p = buf; *p != '\0'; p++) + for (i = 0; i < blen; i++) { /* count bytes with the high bit set */ sectionsize++; - if (bitset(0200, *p)) + if (bitset(0200, buf[i])) sectionhighbits++; } @@ -522,8 +523,8 @@ mime8to7(mci, header, e, boundaries, flags, level) if (!putline("", mci)) goto writeerr; mci->mci_flags &= ~MCIF_INHEADER; - while (sm_io_fgets(e->e_dfp, SM_TIME_DEFAULT, buf, sizeof(buf)) - != NULL) + while ((blen = sm_io_fgets(e->e_dfp, SM_TIME_DEFAULT, buf, + sizeof(buf))) >= 0) { if (!bitset(MCIF_INLONGLINE, mci->mci_flags)) { @@ -531,7 +532,7 @@ mime8to7(mci, header, e, boundaries, flags, level) if (bt != MBT_NOTSEP) break; } - if (!putxline(buf, strlen(buf), mci, + if (!putxline(buf, blen, mci, PXLF_MAPFROM|PXLF_NOADDEOL)) goto writeerr; } @@ -1033,7 +1034,7 @@ mime7to8(mci, header, e) HDR *header; register ENVELOPE *e; { - int pxflags; + int pxflags, blen; register char *p; char *cte; char **pvp; @@ -1066,10 +1067,10 @@ mime7to8(mci, header, e) if (!putline("", mci)) goto writeerr; mci->mci_flags &= ~MCIF_INHEADER; - while (sm_io_fgets(e->e_dfp, SM_TIME_DEFAULT, buf, sizeof(buf)) - != NULL) + while ((blen = sm_io_fgets(e->e_dfp, SM_TIME_DEFAULT, buf, + sizeof(buf))) >= 0) { - if (!putline(buf, mci)) + if (!putxline(buf, blen, mci, PXLF_MAPFROM)) goto writeerr; } return true; @@ -1177,7 +1178,7 @@ mime7to8(mci, header, e) pxflags |= PXLF_NOADDEOL; fbufp = fbuf; while (sm_io_fgets(e->e_dfp, SM_TIME_DEFAULT, buf, - sizeof(buf)) != NULL) + sizeof(buf)) >= 0) { off = mime_fromqp((unsigned char *) buf, &fbufp, &fbuf[MAXLINE] - fbufp); diff --git a/contrib/sendmail/src/parseaddr.c b/contrib/sendmail/src/parseaddr.c index 930f61d..682a372 100644 --- a/contrib/sendmail/src/parseaddr.c +++ b/contrib/sendmail/src/parseaddr.c @@ -13,7 +13,7 @@ #include <sendmail.h> -SM_RCSID("@(#)$Id: parseaddr.c,v 8.405 2012/02/27 22:49:08 ca Exp $") +SM_RCSID("@(#)$Id: parseaddr.c,v 8.406 2013/04/17 16:53:01 ca Exp $") #include <sm/sendmail.h> #include "map.h" @@ -2350,6 +2350,14 @@ sameaddr(a, b) if (a->q_mailer != b->q_mailer) return false; + /* + ** Addresses resolving to error mailer + ** should not be considered identical + */ + + if (a->q_mailer == &errormailer) + return false; + /* if the user isn't the same, we can drop out */ if (strcmp(a->q_user, b->q_user) != 0) return false; diff --git a/contrib/sendmail/src/queue.c b/contrib/sendmail/src/queue.c index 70b2965..af60d5e 100644 --- a/contrib/sendmail/src/queue.c +++ b/contrib/sendmail/src/queue.c @@ -14,7 +14,7 @@ #include <sendmail.h> #include <sm/sem.h> -SM_RCSID("@(#)$Id: queue.c,v 8.997 2012/06/14 23:54:03 ca Exp $") +SM_RCSID("@(#)$Id: queue.c,v 8.998 2013/03/12 15:24:53 ca Exp $") #include <dirent.h> @@ -2746,7 +2746,7 @@ gatherq(qgrp, qdir, doall, full, more, pnentries) i |= NEED_QUARANTINE; while (cf != NULL && i != 0 && sm_io_fgets(cf, SM_TIME_DEFAULT, lbuf, - sizeof(lbuf)) != NULL) + sizeof(lbuf)) >= 0) { int c; time_t age; @@ -4981,7 +4981,7 @@ print_single_queue(qgrp, qdir) quarmsg[0] = '\0'; statmsg[0] = bodytype[0] = '\0'; qfver = 0; - while (sm_io_fgets(f, SM_TIME_DEFAULT, buf, sizeof(buf)) != NULL) + while (sm_io_fgets(f, SM_TIME_DEFAULT, buf, sizeof(buf)) >= 0) { register int i; register char *p; diff --git a/contrib/sendmail/src/readcf.c b/contrib/sendmail/src/readcf.c index 7bc70c2..2c8da0b 100644 --- a/contrib/sendmail/src/readcf.c +++ b/contrib/sendmail/src/readcf.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998-2006, 2008-2010 Sendmail, Inc. and its suppliers. + * Copyright (c) 1998-2006, 2008-2010, 2013 Sendmail, Inc. and its suppliers. * All rights reserved. * Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved. * Copyright (c) 1988, 1993 @@ -14,7 +14,7 @@ #include <sendmail.h> #include <sm/sendmail.h> -SM_RCSID("@(#)$Id: readcf.c,v 8.684 2011/03/15 17:29:29 guenther Exp $") +SM_RCSID("@(#)$Id: readcf.c,v 8.690 2013/03/15 17:54:12 ca Exp $") #if NETINET || NETINET6 # include <arpa/inet.h> @@ -1141,7 +1141,7 @@ fileclass(class, filename, fmt, ismap, safe, optional) return; } - while (sm_io_fgets(f, SM_TIME_DEFAULT, buf, sizeof(buf)) != NULL) + while (sm_io_fgets(f, SM_TIME_DEFAULT, buf, sizeof(buf)) >= 0) { #if SCANF char wordbuf[MAXLINE + 1]; @@ -2284,6 +2284,14 @@ static struct optioninfo # define O_INETQOS 0xe7 /* reserved for FFR_QOS */ { "InetQoS", O_INETQOS, OI_NONE }, #endif +#if STARTTLS && _FFR_FIPSMODE +# define O_FIPSMODE 0xe8 + { "FIPSMode", O_FIPSMODE, OI_NONE }, +#endif /* STARTTLS && _FFR_FIPSMODE */ +#if _FFR_REJECT_NUL_BYTE +# define O_REJECTNUL 0xe9 + { "RejectNUL", O_REJECTNUL, OI_SAFE }, +#endif /* _FFR_REJECT_NUL_BYTE */ { NULL, '\0', OI_NONE } }; @@ -3862,6 +3870,11 @@ setoption(opt, val, safe, sticky, e) break; #endif /* STARTTLS */ +#if STARTTLS && _FFR_FIPSMODE + case O_FIPSMODE: + FipsMode = atobool(val); + break; +#endif /* STARTTLS && _FFR_FIPSMODE */ case O_CLIENTPORT: setclientoptions(val); @@ -4016,6 +4029,12 @@ setoption(opt, val, safe, sticky, e) break; #endif /* _FFR_BADRCPT_SHUTDOWN */ +#if _FFR_REJECT_NUL_BYTE + case O_REJECTNUL: + RejectNUL = atobool(val); + break; +#endif /* _FFR_REJECT_NUL_BYTE */ + default: if (tTd(37, 1)) { diff --git a/contrib/sendmail/src/recipient.c b/contrib/sendmail/src/recipient.c index 4064632..9f4c3f6 100644 --- a/contrib/sendmail/src/recipient.c +++ b/contrib/sendmail/src/recipient.c @@ -13,7 +13,7 @@ #include <sendmail.h> -SM_RCSID("@(#)$Id: recipient.c,v 8.349 2007/07/10 17:01:22 ca Exp $") +SM_RCSID("@(#)$Id: recipient.c,v 8.350 2013/03/12 15:24:54 ca Exp $") static void includetimeout __P((int)); static ADDRESS *self_reference __P((ADDRESS *)); @@ -1824,7 +1824,7 @@ resetuid: LineNumber = 0; ctladdr->q_flags &= ~QSELFREF; nincludes = 0; - while (sm_io_fgets(fp, SM_TIME_DEFAULT, buf, sizeof(buf)) != NULL && + while (sm_io_fgets(fp, SM_TIME_DEFAULT, buf, sizeof(buf)) >= 0 && !maxreached) { fixcrlf(buf, true); diff --git a/contrib/sendmail/src/savemail.c b/contrib/sendmail/src/savemail.c index 2413281..33a897a 100644 --- a/contrib/sendmail/src/savemail.c +++ b/contrib/sendmail/src/savemail.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998-2003, 2006 Sendmail, Inc. and its suppliers. + * Copyright (c) 1998-2003, 2006, 2012, 2013 Sendmail, Inc. and its suppliers. * All rights reserved. * Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved. * Copyright (c) 1988, 1993 @@ -13,7 +13,7 @@ #include <sendmail.h> -SM_RCSID("@(#)$Id: savemail.c,v 8.315 2012/02/27 17:43:03 gshapiro Exp $") +SM_RCSID("@(#)$Id: savemail.c,v 8.318 2013/03/12 15:24:54 ca Exp $") static bool errbody __P((MCI *, ENVELOPE *, char *)); static bool pruneroute __P((char *)); @@ -204,7 +204,7 @@ savemail(e, sendbody) (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT, "Transcript follows:\r\n"); while (sm_io_fgets(e->e_xfp, SM_TIME_DEFAULT, - buf, sizeof(buf)) != NULL && + buf, sizeof(buf)) >= 0 && !sm_io_error(smioout)) (void) sm_io_fputs(smioout, SM_TIME_DEFAULT, @@ -866,7 +866,7 @@ errbody(mci, e, separator) if (xfile != NULL) { while (sm_io_fgets(xfile, SM_TIME_DEFAULT, buf, - sizeof(buf)) != NULL) + sizeof(buf)) >= 0) { int lbs; bool putok; @@ -1042,18 +1042,20 @@ errbody(mci, e, separator) } else { + int blen; + printheader = true; (void) bfrewind(e->e_parent->e_xfp); if (e->e_xfp != NULL) (void) sm_io_flush(e->e_xfp, SM_TIME_DEFAULT); - while (sm_io_fgets(e->e_parent->e_xfp, SM_TIME_DEFAULT, buf, - sizeof(buf)) != NULL) + while ((blen = sm_io_fgets(e->e_parent->e_xfp, SM_TIME_DEFAULT, + buf, sizeof(buf))) >= 0) { if (printheader && !putline(" ----- Transcript of session follows -----\n", mci)) goto writeerr; printheader = false; - if (!putline(buf, mci)) + if (!putxline(buf, blen, mci, PXLF_MAPFROM)) goto writeerr; } } @@ -1174,11 +1176,24 @@ errbody(mci, e, separator) /* Original-Recipient: -- passed from on high */ if (q->q_orcpt != NULL) { - (void) sm_snprintf(buf, sizeof(buf), - "Original-Recipient: %.800s", - q->q_orcpt); - if (!putline(buf, mci)) - goto writeerr; + p = strchr(q->q_orcpt, ';'); + + /* + ** p == NULL shouldn't happen due to + ** check in srvrsmtp.c + ** we could log an error in this case. + */ + + if (p != NULL) + { + *p = '\0'; + (void) sm_snprintf(buf, sizeof(buf), + "Original-Recipient: %.100s;%.700s", + q->q_orcpt, xuntextify(p + 1)); + *p = ';'; + if (!putline(buf, mci)) + goto writeerr; + } } /* Figure out actual recipient */ @@ -1682,6 +1697,34 @@ xtextok(s) } return true; } + +/* +** ISATOM -- check if a string is an "atom" +** +** Parameters: +** s -- the string to check. +** +** Returns: +** true -- iff s is an atom +*/ + +bool +isatom(s) + const char *s; +{ + int c; + + if (s == NULL || *s == '\0') + return false; + while ((c = *s++) != '\0') + { + if (strchr("()<>@,;:\\.[]\"", c) != NULL) + return false; + if (c < '!' || c > '~') + return false; + } + return true; +} /* ** PRUNEROUTE -- prune an RFC-822 source route ** diff --git a/contrib/sendmail/src/sendmail.h b/contrib/sendmail/src/sendmail.h index e114019..6704fda 100644 --- a/contrib/sendmail/src/sendmail.h +++ b/contrib/sendmail/src/sendmail.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998-2012 Sendmail, Inc. and its suppliers. + * Copyright (c) 1998-2013 Sendmail, Inc. and its suppliers. * All rights reserved. * Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved. * Copyright (c) 1988, 1993 @@ -52,7 +52,7 @@ #ifdef _DEFINE # ifndef lint -SM_UNUSED(static char SmailId[]) = "@(#)$Id: sendmail.h,v 8.1096 2012/11/16 20:25:03 ca Exp $"; +SM_UNUSED(static char SmailId[]) = "@(#)$Id: sendmail.h,v 8.1101 2013/03/15 17:54:12 ca Exp $"; # endif /* ! lint */ #endif /* _DEFINE */ @@ -124,7 +124,11 @@ SM_UNUSED(static char SmailId[]) = "@(#)$Id: sendmail.h,v 8.1096 2012/11/16 20:2 #if STARTTLS # include <openssl/ssl.h> # if !TLS_NO_RSA -# define RSA_KEYLENGTH 512 +# if _FFR_FIPSMODE +# define RSA_KEYLENGTH 1024 +# else /* _FFR_FIPSMODE */ +# define RSA_KEYLENGTH 512 +# endif /* _FFR_FIPSMODE */ # endif /* !TLS_NO_RSA */ #endif /* STARTTLS */ @@ -1941,14 +1945,14 @@ struct termescape #define TLS_AUTH_FAIL (-1) /* functions */ -extern bool init_tls_library __P((void)); +extern bool init_tls_library __P((bool _fipsmode)); extern bool inittls __P((SSL_CTX **, unsigned long, long, bool, char *, char *, char *, char *, char *)); extern bool initclttls __P((bool)); extern void setclttls __P((bool)); extern bool initsrvtls __P((bool)); extern int tls_get_info __P((SSL *, bool, char *, MACROS_T *, bool)); extern int endtls __P((SSL *, char *)); -extern void tlslogerr __P((const char *)); +extern void tlslogerr __P((int, const char *)); EXTERN char *CACertPath; /* path to CA certificates (dir. with hashes) */ @@ -2296,6 +2300,7 @@ EXTERN bool DontLockReadFiles; /* don't read lock support files */ EXTERN bool DontPruneRoutes; /* don't prune source routes */ EXTERN bool ForkQueueRuns; /* fork for each job when running the queue */ EXTERN bool FromFlag; /* if set, "From" person is explicit */ +EXTERN bool FipsMode; EXTERN bool GrabTo; /* if set, get recipients from msg */ EXTERN bool EightBitAddrOK; /* we'll let 8-bit addresses through */ EXTERN bool HasEightBits; /* has at least one eight bit input byte */ @@ -2310,6 +2315,9 @@ EXTERN bool NoAlias; /* suppress aliasing */ EXTERN bool NoConnect; /* don't connect to non-local mailers */ EXTERN bool OnlyOneError; /* .... or only want to give one SMTP reply */ EXTERN bool QuickAbort; /* .... but only if we want a quick abort */ +#if _FFR_REJECT_NUL_BYTE +EXTERN bool RejectNUL; /* reject NUL input byte? */ +#endif /* _FFR_REJECT_NUL_BYTE */ #if REQUIRES_DIR_FSYNC EXTERN bool RequiresDirfsync; /* requires fsync() for directory */ #endif /* REQUIRES_DIR_FSYNC */ @@ -2655,6 +2663,7 @@ extern void initmacros __P((ENVELOPE *)); extern void initsetproctitle __P((int, char **, char **)); extern void init_vendor_macros __P((ENVELOPE *)); extern SIGFUNC_DECL intsig __P((int)); +extern bool isatom __P((const char *)); extern bool isloopback __P((SOCKADDR sa)); extern void load_if_names __P((void)); extern bool lockfile __P((int, char *, char *, int)); diff --git a/contrib/sendmail/src/sfsasl.c b/contrib/sendmail/src/sfsasl.c index cad16db..ebea3f2 100644 --- a/contrib/sendmail/src/sfsasl.c +++ b/contrib/sendmail/src/sfsasl.c @@ -9,7 +9,7 @@ */ #include <sm/gen.h> -SM_RCSID("@(#)$Id: sfsasl.c,v 8.118 2008/07/22 15:12:48 ca Exp $") +SM_RCSID("@(#)$Id: sfsasl.c,v 8.120 2013/03/15 17:49:12 guenther Exp $") #include <stdlib.h> #include <sendmail.h> #include <sm/time.h> @@ -628,13 +628,14 @@ tls_retry(ssl, rfd, wfd, tlsstart, timeout, err, where) "STARTTLS=%s, error: fd %d/%d too large", where, rfd, wfd); if (LogLevel > 8) - tlslogerr(where); + tlslogerr(LOG_WARNING, where); } errno = EINVAL; } else if (err == SSL_ERROR_WANT_READ) { fd_set ssl_maskr, ssl_maskx; + int save_errno = errno; FD_ZERO(&ssl_maskr); FD_SET(rfd, &ssl_maskr); @@ -647,10 +648,12 @@ tls_retry(ssl, rfd, wfd, tlsstart, timeout, err, where) } while (ret < 0 && errno == EINTR); if (ret < 0 && errno > 0) ret = -errno; + errno = save_errno; } else if (err == SSL_ERROR_WANT_WRITE) { fd_set ssl_maskw, ssl_maskx; + int save_errno = errno; FD_ZERO(&ssl_maskw); FD_SET(wfd, &ssl_maskw); @@ -663,6 +666,7 @@ tls_retry(ssl, rfd, wfd, tlsstart, timeout, err, where) } while (ret < 0 && errno == EINTR); if (ret < 0 && errno > 0) ret = -errno; + errno = save_errno; } return ret; } @@ -770,8 +774,17 @@ tls_read(fp, buf, size) break; #endif /* DEAL_WITH_ERROR_SSL */ err = "generic SSL error"; + if (LogLevel > 9) - tlslogerr("read"); + { + int pri; + + if (errno == EAGAIN && try > 0) + pri = LOG_DEBUG; + else + pri = LOG_WARNING; + tlslogerr(pri, "read"); + } #if DEAL_WITH_ERROR_SSL /* avoid repeated calls? */ @@ -792,11 +805,19 @@ tls_read(fp, buf, size) "STARTTLS: read error=timeout"); } else if (LogLevel > 8) - sm_syslog(LOG_WARNING, NOQID, + { + int pri; + + if (save_errno == EAGAIN && try > 0) + pri = LOG_DEBUG; + else + pri = LOG_WARNING; + sm_syslog(pri, NOQID, "STARTTLS: read error=%s (%d), errno=%d, get_error=%s, retry=%d, ssl_err=%d", err, r, errno, ERR_error_string(ERR_get_error(), NULL), try, ssl_err); + } else if (LogLevel > 7) sm_syslog(LOG_WARNING, NOQID, "STARTTLS: read error=%s (%d), retry=%d, ssl_err=%d", @@ -878,7 +899,7 @@ tls_write(fp, buf, size) ERR_GET_REASON(ERR_peek_error())); */ if (LogLevel > 9) - tlslogerr("write"); + tlslogerr(LOG_WARNING, "write"); #if DEAL_WITH_ERROR_SSL /* avoid repeated calls? */ diff --git a/contrib/sendmail/src/srvrsmtp.c b/contrib/sendmail/src/srvrsmtp.c index c4c045b..0dfdf6b 100644 --- a/contrib/sendmail/src/srvrsmtp.c +++ b/contrib/sendmail/src/srvrsmtp.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998-2010, 2012 Sendmail, Inc. and its suppliers. + * Copyright (c) 1998-2010, 2012, 2013 Sendmail, Inc. and its suppliers. * All rights reserved. * Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved. * Copyright (c) 1988, 1993 @@ -17,7 +17,7 @@ # include <libmilter/mfdef.h> #endif /* MILTER */ -SM_RCSID("@(#)$Id: srvrsmtp.c,v 8.1011 2012/12/19 02:49:21 ca Exp $") +SM_RCSID("@(#)$Id: srvrsmtp.c,v 8.1015 2013/03/12 15:24:54 ca Exp $") #include <sm/time.h> #include <sm/fdset.h> @@ -1864,7 +1864,7 @@ smtp(nullserver, d_flags, e) { message("454 4.3.3 TLS not available: error generating SSL handle"); if (LogLevel > 8) - tlslogerr("server"); + tlslogerr(LOG_WARNING, "server"); goto tls_done; } @@ -1927,7 +1927,7 @@ smtp(nullserver, d_flags, e) ssl_err, errno, i, CurSmtpClient); if (LogLevel > 9) - tlslogerr("server"); + tlslogerr(LOG_WARNING, "server"); } tls_ok_srv = false; SSL_free(srv_ssl); @@ -4518,6 +4518,8 @@ rcpt_esmtp_args(a, kp, vp, e) } else if (sm_strcasecmp(kp, "orcpt") == 0) { + char *p; + if (!bitset(SRV_OFFER_DSN, e->e_features)) { usrerr("504 5.7.0 Sorry, ORCPT not supported, we do not allow DSN"); @@ -4528,16 +4530,25 @@ rcpt_esmtp_args(a, kp, vp, e) usrerr("501 5.5.2 ORCPT requires a value"); /* NOTREACHED */ } - if (strchr(vp, ';') == NULL || !xtextok(vp)) + if (a->q_orcpt != NULL) + { + usrerr("501 5.5.0 Duplicate ORCPT parameter"); + /* NOTREACHED */ + } + p = strchr(vp, ';'); + if (p == NULL) { usrerr("501 5.5.4 Syntax error in ORCPT parameter value"); /* NOTREACHED */ } - if (a->q_orcpt != NULL) + *p = '\0'; + if (!isatom(vp) || !xtextok(p + 1)) { - usrerr("501 5.5.0 Duplicate ORCPT parameter"); + *p = ';'; + usrerr("501 5.5.4 Syntax error in ORCPT parameter value"); /* NOTREACHED */ } + *p = ';'; a->q_orcpt = sm_rpool_strdup_x(e->e_rpool, vp); } else @@ -4923,7 +4934,7 @@ help(topic, e) len = strlen(topic); - while (sm_io_fgets(hf, SM_TIME_DEFAULT, buf, sizeof(buf)) != NULL) + while (sm_io_fgets(hf, SM_TIME_DEFAULT, buf, sizeof(buf)) >= 0) { if (buf[0] == '#') { diff --git a/contrib/sendmail/src/tls.c b/contrib/sendmail/src/tls.c index a57a05d..60d408e5 100644 --- a/contrib/sendmail/src/tls.c +++ b/contrib/sendmail/src/tls.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000-2006, 2008, 2009, 2011 Sendmail, Inc. and its suppliers. + * Copyright (c) 2000-2006, 2008, 2009, 2011, 2013 Sendmail, Inc. and its suppliers. * All rights reserved. * * By using this file, you agree to the terms and conditions set @@ -10,7 +10,7 @@ #include <sendmail.h> -SM_RCSID("@(#)$Id: tls.c,v 8.118 2011/03/07 23:20:47 ca Exp $") +SM_RCSID("@(#)$Id: tls.c,v 8.121 2013/01/02 23:54:17 ca Exp $") #if STARTTLS # include <openssl/err.h> @@ -267,15 +267,18 @@ tls_rand_init(randfile, logl) ** INIT_TLS_LIBRARY -- Calls functions which setup TLS library for global use. ** ** Parameters: -** none. +** fipsmode -- use FIPS? ** ** Returns: ** succeeded? */ bool -init_tls_library() +init_tls_library(fipsmode) + bool fipsmode; { + bool bv; + /* basic TLS initialization, ignore result for now */ SSL_library_init(); SSL_load_error_strings(); @@ -284,7 +287,30 @@ init_tls_library() SSLeay_add_ssl_algorithms(); # endif /* 0 */ - return tls_rand_init(RandFile, 7); + bv = tls_rand_init(RandFile, 7); +# if _FFR_FIPSMODE + if (bv && fipsmode) + { + if (!FIPS_mode_set(1)) + { + unsigned long err; + + err = ERR_get_error(); + if (LogLevel > 0) + sm_syslog(LOG_ERR, NOQID, + "STARTTLS=init, FIPSMode=%s", + ERR_error_string(err, NULL)); + return false; + } + else + { + if (LogLevel > 9) + sm_syslog(LOG_INFO, NOQID, + "STARTTLS=init, FIPSMode=ok"); + } + } +#endif /* _FFR_FIPSMODE */ + return bv; } /* ** TLS_SET_VERIFY -- request client certificate? @@ -709,7 +735,7 @@ inittls(ctx, req, options, srv, certfile, keyfile, cacertpath, cacertfile, dhpar "STARTTLS=%s, error: SSL_CTX_new(SSLv23_%s_method()) failed", who, who); if (LogLevel > 9) - tlslogerr(who); + tlslogerr(LOG_WARNING, who); return false; } @@ -808,7 +834,7 @@ inittls(ctx, req, options, srv, certfile, keyfile, cacertpath, cacertfile, dhpar "STARTTLS=%s, error: RSA_generate_key failed", who); if (LogLevel > 9) - tlslogerr(who); + tlslogerr(LOG_WARNING, who); } return false; } @@ -829,7 +855,7 @@ inittls(ctx, req, options, srv, certfile, keyfile, cacertpath, cacertfile, dhpar "STARTTLS=%s, error: SSL_CTX_use_PrivateKey_file(%s) failed", who, keyfile); if (LogLevel > 9) - tlslogerr(who); + tlslogerr(LOG_WARNING, who); } if (bitset(TLS_I_USE_KEY, req)) return false; @@ -846,7 +872,7 @@ inittls(ctx, req, options, srv, certfile, keyfile, cacertpath, cacertfile, dhpar "STARTTLS=%s, error: SSL_CTX_use_certificate_file(%s) failed", who, certfile); if (LogLevel > 9) - tlslogerr(who); + tlslogerr(LOG_WARNING, who); } if (bitset(TLS_I_USE_CERT, req)) return false; @@ -863,7 +889,7 @@ inittls(ctx, req, options, srv, certfile, keyfile, cacertpath, cacertfile, dhpar "STARTTLS=%s, error: SSL_CTX_check_private_key failed(%s): %d", who, keyfile, r); if (LogLevel > 9) - tlslogerr(who); + tlslogerr(LOG_WARNING, who); } if (bitset(TLS_I_USE_KEY, req)) return false; @@ -882,7 +908,7 @@ inittls(ctx, req, options, srv, certfile, keyfile, cacertpath, cacertfile, dhpar "STARTTLS=%s, error: SSL_CTX_use_PrivateKey_file(%s) failed", who, kf2); if (LogLevel > 9) - tlslogerr(who); + tlslogerr(LOG_WARNING, who); } } @@ -896,7 +922,7 @@ inittls(ctx, req, options, srv, certfile, keyfile, cacertpath, cacertfile, dhpar "STARTTLS=%s, error: SSL_CTX_use_certificate_file(%s) failed", who, cf2); if (LogLevel > 9) - tlslogerr(who); + tlslogerr(LOG_WARNING, who); } } @@ -911,7 +937,7 @@ inittls(ctx, req, options, srv, certfile, keyfile, cacertpath, cacertfile, dhpar "STARTTLS=%s, error: SSL_CTX_check_private_key 2 failed: %d", who, r); if (LogLevel > 9) - tlslogerr(who); + tlslogerr(LOG_WARNING, who); } } # endif /* _FFR_TLS_1 */ @@ -962,7 +988,7 @@ inittls(ctx, req, options, srv, certfile, keyfile, cacertpath, cacertfile, dhpar who, dhparam, ERR_error_string(err, NULL)); if (LogLevel > 9) - tlslogerr(who); + tlslogerr(LOG_WARNING, who); } } else @@ -973,7 +999,7 @@ inittls(ctx, req, options, srv, certfile, keyfile, cacertpath, cacertfile, dhpar "STARTTLS=%s, error: BIO_new_file(%s) failed", who, dhparam); if (LogLevel > 9) - tlslogerr(who); + tlslogerr(LOG_WARNING, who); } } } @@ -1089,7 +1115,7 @@ inittls(ctx, req, options, srv, certfile, keyfile, cacertpath, cacertfile, dhpar "STARTTLS=%s, error: load verify locs %s, %s failed: %d", who, cacertpath, cacertfile, r); if (LogLevel > 9) - tlslogerr(who); + tlslogerr(LOG_WARNING, who); } if (bitset(TLS_I_VRFY_LOC, req)) return false; @@ -1113,7 +1139,7 @@ inittls(ctx, req, options, srv, certfile, keyfile, cacertpath, cacertfile, dhpar who, CipherList); if (LogLevel > 9) - tlslogerr(who); + tlslogerr(LOG_WARNING, who); } /* failure if setting to this list is required? */ } @@ -1377,7 +1403,7 @@ endtls(ssl, side) sm_syslog(LOG_WARNING, NOQID, "STARTTLS=%s, SSL_shutdown failed: %d", side, r); - tlslogerr(side); + tlslogerr(LOG_WARNING, side); } ret = EX_SOFTWARE; } @@ -1426,7 +1452,7 @@ endtls(ssl, side) sm_syslog(LOG_WARNING, NOQID, "STARTTLS=%s, SSL_shutdown not done", side); - tlslogerr(side); + tlslogerr(LOG_WARNING, side); } ret = EX_SOFTWARE; } @@ -1659,6 +1685,7 @@ tls_verify_cb(ctx, unused) ** TLSLOGERR -- log the errors from the TLS error stack ** ** Parameters: +** level -- syslog level ** who -- server/client (for logging). ** ** Returns: @@ -1666,7 +1693,8 @@ tls_verify_cb(ctx, unused) */ void -tlslogerr(who) +tlslogerr(level, who) + int level; const char *who; { unsigned long l; @@ -1680,7 +1708,7 @@ tlslogerr(who) while ((l = ERR_get_error_line_data(CP &file, &line, CP &data, &flags)) != 0) { - sm_syslog(LOG_WARNING, NOQID, + sm_syslog(level, NOQID, "STARTTLS=%s: %lu:%s:%s:%d:%s", who, es, ERR_error_string(l, buf), file, line, diff --git a/contrib/sendmail/src/usersmtp.c b/contrib/sendmail/src/usersmtp.c index c5da512..6dafca0 100644 --- a/contrib/sendmail/src/usersmtp.c +++ b/contrib/sendmail/src/usersmtp.c @@ -13,7 +13,7 @@ #include <sendmail.h> -SM_RCSID("@(#)$Id: usersmtp.c,v 8.485 2010/07/23 21:09:38 ca Exp $") +SM_RCSID("@(#)$Id: usersmtp.c,v 8.486 2013/03/12 15:24:54 ca Exp $") #include <sysexits.h> @@ -801,7 +801,7 @@ readauth(filename, safe, sai, rpool) lc = 0; while (lc <= SASL_MECHLIST && - sm_io_fgets(f, SM_TIME_DEFAULT, buf, sizeof(buf)) != NULL) + sm_io_fgets(f, SM_TIME_DEFAULT, buf, sizeof(buf)) >= 0) { if (buf[0] != '#') { diff --git a/contrib/sendmail/src/util.c b/contrib/sendmail/src/util.c index 9bc28ec..8ea2620 100644 --- a/contrib/sendmail/src/util.c +++ b/contrib/sendmail/src/util.c @@ -13,7 +13,7 @@ #include <sendmail.h> -SM_RCSID("@(#)$Id: util.c,v 8.425 2012/03/03 00:10:43 ca Exp $") +SM_RCSID("@(#)$Id: util.c,v 8.426 2013/03/12 15:24:54 ca Exp $") #include <sm/sendmail.h> #include <sysexits.h> @@ -1285,8 +1285,7 @@ sfgets(buf, siz, fp, timeout, during) char *during; { register char *p; - int save_errno; - int io_timeout; + int save_errno, io_timeout, l; SM_REQUIRE(siz > 0); SM_REQUIRE(buf != NULL); @@ -1299,7 +1298,7 @@ sfgets(buf, siz, fp, timeout, during) } /* try to read */ - p = NULL; + l = -1; errno = 0; /* convert the timeout to sm_io notation */ @@ -1307,8 +1306,8 @@ sfgets(buf, siz, fp, timeout, during) while (!sm_io_eof(fp) && !sm_io_error(fp)) { errno = 0; - p = sm_io_fgets(fp, io_timeout, buf, siz); - if (p == NULL && errno == EAGAIN) + l = sm_io_fgets(fp, io_timeout, buf, siz); + if (l < 0 && errno == EAGAIN) { /* The sm_io_fgets() call timedout */ if (LogLevel > 1) @@ -1328,7 +1327,7 @@ sfgets(buf, siz, fp, timeout, during) errno = ETIMEDOUT; return NULL; } - if (p != NULL || errno != EINTR) + if (l >= 0 || errno != EINTR) break; (void) sm_io_clearerr(fp); } @@ -1336,7 +1335,7 @@ sfgets(buf, siz, fp, timeout, during) /* clean up the books and exit */ LineNumber++; - if (p == NULL) + if (l < 0) { buf[0] = '\0'; if (TrafficLogFile != NULL) diff --git a/contrib/sendmail/src/version.c b/contrib/sendmail/src/version.c index 2e9fe48..05ad66a 100644 --- a/contrib/sendmail/src/version.c +++ b/contrib/sendmail/src/version.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998-2012 Sendmail, Inc. and its suppliers. + * Copyright (c) 1998-2013 Sendmail, Inc. and its suppliers. * All rights reserved. * Copyright (c) 1983 Eric P. Allman. All rights reserved. * Copyright (c) 1988, 1993 @@ -13,6 +13,6 @@ #include <sm/gen.h> -SM_RCSID("@(#)$Id: version.c,v 8.235 2012/12/19 05:11:44 ca Exp $") +SM_RCSID("@(#)$Id: version.c,v 8.243 2013/04/18 15:07:17 ca Exp $") -char Version[] = "8.14.6"; +char Version[] = "8.14.7"; |