X-Git-Url: https://git.donarmstrong.com/?a=blobdiff_plain;f=spamass-milter.cpp;h=b3ba061b668514b763345e87c08dee8fbd662e48;hb=f01e810ec85d4b9927890c7541463bb6612a4cf8;hp=d4879f1b490490462bccb031f9279a04fe122d16;hpb=2ce36ef5fab81b4f8757f5efcfc9d21bd6cf37df;p=deb_pkgs%2Fspamass-milter.git

diff --git a/spamass-milter.cpp b/spamass-milter.cpp
index d4879f1..b3ba061 100644
--- a/spamass-milter.cpp
+++ b/spamass-milter.cpp
@@ -1,6 +1,6 @@
 // 
 //
-//  $Id: spamass-milter.cpp,v 1.90 2006/03/23 21:41:36 dnelson Exp $
+//  $Id: spamass-milter.cpp,v 1.94 2011/02/14 21:50:53 dnelson Exp $
 //
 //  SpamAss-Milter 
 //    - a rather trivial SpamAssassin Sendmail Milter plugin
@@ -127,7 +127,7 @@ int daemon(int nochdir, int noclose);
 
 // }}} 
 
-static const char Id[] = "$Id: spamass-milter.cpp,v 1.90 2006/03/23 21:41:36 dnelson Exp $";
+static const char Id[] = "$Id: spamass-milter.cpp,v 1.94 2011/02/14 21:50:53 dnelson Exp $";
 
 struct smfiDesc smfilter =
   {
@@ -169,20 +169,15 @@ bool flag_bucket_only = false;
 char *spambucket;
 bool flag_full_email = false;		/* pass full email address to spamc */
 bool flag_expand = false;	/* alias/virtusertable expansion */
-bool ignore_authenticated_senders = false;
 bool warnedmacro = false;	/* have we logged that we couldn't fetch a macro? */
 
-#if defined(__FreeBSD__) /* popen bug - see PR bin/50770 */
-static pthread_mutex_t popen_mutex = PTHREAD_MUTEX_INITIALIZER;
-#endif
-
 // {{{ main()
 
 int
 main(int argc, char* argv[])
 {
    int c, err = 0;
-   const char *args = "fd:mMp:P:r:u:D:i:Ib:B:e:x";
+   const char *args = "fd:mMp:P:r:u:D:i:b:B:e:x";
    char *sock = NULL;
    bool dofork = false;
    char *pidfilename = NULL;
@@ -214,10 +209,6 @@ main(int argc, char* argv[])
 				debug(D_MISC, "Parsing ignore list");
 				parse_networklist(optarg, &ignorenets);
 				break;
-			case 'I':
-				debug(D_MISC, "Ignore authenticated senders");
-				ignore_authenticated_senders = true;
-				break;
 			case 'm':
 				dontmodifyspam = true;
 				smfilter.xxfi_flags &= ~SMFIF_CHGBODY;
@@ -285,7 +276,7 @@ main(int argc, char* argv[])
       cout << PACKAGE_NAME << " - Version " << PACKAGE_VERSION << endl;
       cout << "SpamAssassin Sendmail Milter Plugin" << endl;
       cout << "Usage: spamass-milter -p socket [-b|-B bucket] [-d xx[,yy...]] [-D host]" << endl;
-      cout << "                      [-e defaultdomain] [-f] [-i networks] [-I] [-m] [-M]" << endl;
+      cout << "                      [-e defaultdomain] [-f] [-i networks] [-m] [-M]" << endl;
       cout << "                      [-P pidfile] [-r nn] [-u defaultuser] [-x]" << endl;
       cout << "                      [-- spamc args ]" << endl;
       cout << "   -p socket: path to create socket" << endl;
@@ -299,7 +290,6 @@ main(int argc, char* argv[])
       cout << "   -f: fork into background" << endl;
       cout << "   -i: skip (ignore) checks from these IPs or netblocks" << endl;
       cout << "          example: -i 192.168.12.5,10.0.0.0/8,172.16.0.0/255.255.0.0" << endl;
-      cout << "   -I: skip (ignore) checks if sender is authenticated" << endl;
       cout << "   -m: don't modify body, Content-type: or Subject:" << endl;
       cout << "   -M: don't modify the message at all" << endl;
       cout << "   -P pidfile: Put processid in pidfile" << endl;
@@ -467,59 +457,26 @@ assassinate(SMFICTX* ctx, SpamAssassin* assassin)
 			   send another copy.  The milter API will not let you send the
 			   message AND return a failure code to the sender, so this is
 			   the only way to do it. */
-#if defined(__FreeBSD__)
-			int rv;
-#endif
-			
-#if defined(HAVE_ASPRINTF)
-			char *buf;
-#else
-			char buf[1024];
-#endif
-			char *fmt="%s \"%s\"";
+			char *popen_argv[3];
 			FILE *p;
+			pid_t pid;
 
-#if defined(HAVE_ASPRINTF)
-			asprintf(&buf, fmt, SENDMAIL, spambucket);
-#else
-#if defined(HAVE_SNPRINTF)
-			snprintf(buf, sizeof(buf)-1, fmt, SENDMAIL, spambucket);
-#else
-			/* XXX possible buffer overflow here */
-			sprintf(buf, fmt, SENDMAIL, spambucket);
-#endif
-#endif
-
-			debug(D_COPY, "calling %s", buf);
-#if defined(__FreeBSD__) /* popen bug - see PR bin/50770 */
-			rv = pthread_mutex_lock(&popen_mutex);
-			if (rv)
-			{
-				debug(D_ALWAYS, "Could not lock popen mutex: %s", strerror(rv));
-				abort();
-			}		
-#endif
-			p = popen(buf, "w");
+			popen_argv[0] = SENDMAIL;
+			popen_argv[1] = spambucket;
+			popen_argv[2] = NULL;
+			
+			debug(D_COPY, "calling %s %s", SENDMAIL, spambucket);
+			p = popenv(popen_argv, "w", &pid);
 			if (!p)
 			{
-				debug(D_COPY, "popen failed(%s).  Will not send a copy to spambucket", strerror(errno));
+				debug(D_COPY, "popenv failed(%s).  Will not send a copy to spambucket", strerror(errno));
 			} else
 			{
 				// Send message provided by SpamAssassin
 				fwrite(assassin->d().c_str(), assassin->d().size(), 1, p);
-				pclose(p); p = NULL;
+				fclose(p); p = NULL;
+				waitpid(pid, NULL, 0);
 			}
-#if defined(__FreeBSD__)
-			rv = pthread_mutex_unlock(&popen_mutex);
-			if (rv)
-			{
-				debug(D_ALWAYS, "Could not unlock popen mutex: %s", strerror(rv));
-				abort();
-			}		
-#endif
-#if defined(HAVE_ASPRINTF)
-			free(buf);
-#endif 
 		}
 		return SMFIS_REJECT;
 	}
@@ -789,22 +746,6 @@ mlfi_envfrom(SMFICTX* ctx, char** envfrom)
   }
   /* debug(D_ALWAYS, "ZZZ got private context %p", sctx); */
 
-  if (ignore_authenticated_senders)
-  {
-    char *auth_authen;
-
-    auth_authen = smfi_getsymval(ctx, "{auth_authen}");
-    debug(D_MISC, "auth_authen=%s", auth_authen ?: "<unauthenticated>");
-
-    if (auth_authen)
-    {
-      debug(D_MISC, "sender authenticated (%s) - accepting message",
-	    auth_authen);
-      debug(D_FUNC, "mlfi_envfrom: exit ignore");
-      return SMFIS_ACCEPT;
-    }
-  }
-
   debug(D_FUNC, "mlfi_envfrom: enter");
   try {
     // launch new SpamAssassin
@@ -853,9 +794,6 @@ mlfi_envrcpt(SMFICTX* ctx, char** envrcpt)
 	struct context *sctx = (struct context*)smfi_getpriv(ctx);
 	SpamAssassin* assassin = sctx->assassin;
 	FILE *p;
-#if defined(__FreeBSD__)
-	int rv;
-#endif
 
 	debug(D_FUNC, "mlfi_envrcpt: enter");
 
@@ -864,30 +802,20 @@ mlfi_envrcpt(SMFICTX* ctx, char** envrcpt)
 		/* open a pipe to sendmail so we can do address expansion */
 
 		char buf[1024];
-		char *fmt="%s -bv \"%s\" 2>&1";
-
-#if defined(HAVE_SNPRINTF)
-		snprintf(buf, sizeof(buf)-1, fmt, SENDMAIL, envrcpt[0]);
-#else
-		/* XXX possible buffer overflow here */
-		sprintf(buf, fmt, SENDMAIL, envrcpt[0]);
-#endif
+		char *popen_argv[4];
+		pid_t pid;
+		
+		popen_argv[0] = SENDMAIL;
+		popen_argv[1] = "-bv";
+		popen_argv[2] = envrcpt[0];
+		popen_argv[3] = NULL;
 
-		debug(D_RCPT, "calling %s", buf);
+		debug(D_RCPT, "calling %s -bv %s", SENDMAIL, envrcpt[0]);
 
-#if defined(__FreeBSD__) /* popen bug - see PR bin/50770 */
-		rv = pthread_mutex_lock(&popen_mutex);
-		if (rv)
-		{
-			debug(D_ALWAYS, "Could not lock popen mutex: %s", strerror(rv));
-			abort();
-		}		
-#endif
-
-		p = popen(buf, "r");
+		p = popenv(popen_argv, "r", &pid);
 		if (!p)
 		{
-			debug(D_RCPT, "popen failed(%s).  Will not expand aliases", strerror(errno));
+			debug(D_RCPT, "popenv failed(%s).  Will not expand aliases", strerror(errno));
 			assassin->expandedrcpt.push_back(envrcpt[0]);
 		} else
 		{
@@ -912,16 +840,9 @@ mlfi_envrcpt(SMFICTX* ctx, char** envrcpt)
 					assassin->expandedrcpt.push_back(p+7);
 				}
 			}
-			pclose(p); p = NULL;
+			fclose(p); p = NULL;
+			waitpid(pid, NULL, 0);
 		}
-#if defined(__FreeBSD__)
-		rv = pthread_mutex_unlock(&popen_mutex);
-		if (rv)
-		{
-			debug(D_ALWAYS, "Could not unlock popen mutex: %s", strerror(rv));
-			abort();
-		}		
-#endif
 	} else
 	{
 		assassin->expandedrcpt.push_back(envrcpt[0]);
@@ -1024,7 +945,7 @@ mlfi_envrcpt(SMFICTX* ctx, char** envrcpt)
 
 		assassin->output((string)
 			"Received: from "+macro_s+" ("+macro__+")\r\n\t"+
-			"by "+macro_j+" ("+macro_v+"/"+macro_Z+") with "+macro_r+" id "+macro_i+"\r\n\t"+
+			"by "+macro_j+"("+macro_v+"/"+macro_Z+") with "+macro_r+" id "+macro_i+";\r\n\t"+
 			macro_b+"\r\n\t"+
 			"(envelope-from "+assassin->from()+")\r\n");
 
@@ -2179,5 +2100,72 @@ void warnmacro(char *macro, char *scope)
 	warnedmacro = true;
 }
 
+/*
+   untrusted-argument-safe popen function - only supports "r" and "w" modes
+   for simplicity, and always reads stdout and stderr in "r" mode.  Call
+   fclose to close the FILE, and waitpid to reap the child process (pid).
+*/
+FILE *popenv(char *const argv[], const char *type, pid_t *pid)
+{
+	FILE *iop;
+	int pdes[2];
+	int save_errno;
+
+	if ((*type != 'r' && *type != 'w') || type[1])
+	{
+		errno = EINVAL;
+		return (NULL);
+	}
+	if (pipe(pdes) < 0)
+		return (NULL);
+	switch (*pid = fork()) {
+	
+	case -1:			/* Error. */
+		save_errno = errno;
+		(void)close(pdes[0]);
+		(void)close(pdes[1]);
+		errno = save_errno;
+		return (NULL);
+		/* NOTREACHED */
+	case 0:				/* Child. */
+		if (*type == 'r') {
+			/*
+			 * The dup2() to STDIN_FILENO is repeated to avoid
+			 * writing to pdes[1], which might corrupt the
+			 * parent's copy.  This isn't good enough in
+			 * general, since the exit() is no return, so
+			 * the compiler is free to corrupt all the local
+			 * variables.
+			 */
+			(void)close(pdes[0]);
+			(void)dup2(pdes[1], STDOUT_FILENO);
+			(void)dup2(pdes[1], STDERR_FILENO);
+			if (pdes[1] != STDOUT_FILENO && pdes[1] != STDERR_FILENO) {
+				(void)close(pdes[1]);
+			} 
+		} else {
+			if (pdes[0] != STDIN_FILENO) {
+				(void)dup2(pdes[0], STDIN_FILENO);
+				(void)close(pdes[0]);
+			}
+			(void)close(pdes[1]);
+		}
+		execv(argv[0], argv);
+		exit(127);
+		/* NOTREACHED */
+	}
+
+	/* Parent; assume fdopen can't fail. */
+	if (*type == 'r') {
+		iop = fdopen(pdes[0], type);
+		(void)close(pdes[1]);
+	} else {
+		iop = fdopen(pdes[1], type);
+		(void)close(pdes[0]);
+	}
+
+	return (iop);
+}
+
 // }}}
 // vim6:ai:noexpandtab