int verify_amb(t_pipeline *line) { int pipe_found; int i; char *inhib; inhib = xmalloc((strlen(line->line) + 1) * sizeof(*inhib)); memset(inhib, 4, (strlen(line->line) + 1 + (pipe_found = 0))); i = -1; while (line->line[++i]) { if ((line->line[i] == '|') && (is_inhibited(line->line, inhib, i) == 0)) pipe_found++; if ((line->line[i] == '<') && (pipe_found) && (is_inhibited(line->line, inhib, i) == 0)) { my_putstr(AMB_L); FREE_RETURN(inhib, 0); } if ((line->line[i] == '>') && (pipe_found < line->nb_pipe) && (is_inhibited(line->line, inhib, i) == 0)) { my_putstr(AMB_R); FREE_RETURN(inhib, 0); } } FREE_RETURN(inhib, 1); }
int verify_pipe(char *s) { int i; int j; char *inhib; inhib = xmalloc((strlen(s) + 1) * sizeof(*inhib)); memset(inhib, 4, (strlen(s) + 2 + (i = -1))); while (s[++i]) if ((s[j = i] == '|') && (is_inhibited(s, inhib, i) == 0)) { while ((j >= 0) && ((s[j] == ' ') || (s[j] == '\t') || (s[j] == '|'))) j--; if (j == -1) { my_putstr(BAD_P); FREE_RETURN(inhib, 0); } while ((s[++i]) && ((s[i] == ' ') || (s[i] == '\t'))); if (((s[i] == '|') || (s[i] == '\n') || (s[i] == 0)) && (!is_inhibited(s, inhib, i) == 0)) { my_putstr(BAD_P); FREE_RETURN(inhib, 0); } } FREE_RETURN(inhib, 1); }
int verify_nbr(t_pipeline *line) { int i; char *inhib; inhib = xmalloc((strlen(line->line) + 1) * sizeof(*inhib)); memset(inhib, 4, (strlen(line->line) + 1)); i = 0; while (i < my_strlen(line->line) - 1) { if ((is_inhibited(line->line, inhib, i) == 0) && (line->line[i] == '>') && (line->line[i + 1] == '>') && (line->line[i + 2] == '>')) { my_putstr(BAD_R); FREE_RETURN(inhib, 0); } else if ((is_inhibited(line->line, inhib, i) == 0) && (line->line[i] == '<') && (line->line[i + 1] == '<') && (line->line[i + 2] == '<')) { my_putstr(BAD_L); FREE_RETURN(inhib, 0); } i++; } FREE_RETURN(inhib, 1); }
static int tls_policy_lookup_one(SMTP_SESSION *session, int *site_level, const char *site_name, const char *site_class) { const char *lookup; char *policy; char *saved_policy; char *tok; const char *err; char *name; char *val; static VSTRING *cbuf; #undef FREE_RETURN #define FREE_RETURN(x) do { myfree(saved_policy); return (x); } while (0) if ((lookup = maps_find(tls_policy, site_name, 0)) == 0) { if (tls_policy->error) { msg_fatal("%s: %s lookup error for %s", session->state->request->queue_id, tls_policy->title, site_name); /* XXX session->stream has no longjmp context yet. */ } return (0); } if (cbuf == 0) cbuf = vstring_alloc(10); #define WHERE \ vstring_str(vstring_sprintf(cbuf, "TLS policy table, %s \"%s\"", \ site_class, site_name)) saved_policy = policy = mystrdup(lookup); if ((tok = mystrtok(&policy, "\t\n\r ,")) == 0) { msg_warn("%s: invalid empty policy", WHERE); *site_level = TLS_LEV_INVALID; FREE_RETURN(1); /* No further lookups */ } *site_level = tls_level_lookup(tok); if (*site_level == TLS_LEV_INVALID) { /* tls_level_lookup() logs no warning. */ msg_warn("%s: invalid security level \"%s\"", WHERE, tok); FREE_RETURN(1); /* No further lookups */ } /* * Warn about ignored attributes when TLS is disabled. */ if (*site_level < TLS_LEV_MAY) { while ((tok = mystrtok(&policy, "\t\n\r ,")) != 0) msg_warn("%s: ignoring attribute \"%s\" with TLS disabled", WHERE, tok); FREE_RETURN(1); } /* * Errors in attributes may have security consequences, don't ignore * errors that can degrade security. */ while ((tok = mystrtok(&policy, "\t\n\r ,")) != 0) { if ((err = split_nameval(tok, &name, &val)) != 0) { *site_level = TLS_LEV_INVALID; msg_warn("%s: malformed attribute/value pair \"%s\": %s", WHERE, tok, err); break; } /* Only one instance per policy. */ if (!strcasecmp(name, "ciphers")) { if (*val == 0) { msg_warn("%s: attribute \"%s\" has empty value", WHERE, name); *site_level = TLS_LEV_INVALID; break; } if (session->tls_grade) { msg_warn("%s: attribute \"%s\" is specified multiple times", WHERE, name); *site_level = TLS_LEV_INVALID; break; } session->tls_grade = mystrdup(val); continue; } /* Only one instance per policy. */ if (!strcasecmp(name, "protocols")) { if (session->tls_protocols) { msg_warn("%s: attribute \"%s\" is specified multiple times", WHERE, name); *site_level = TLS_LEV_INVALID; break; } session->tls_protocols = mystrdup(val); continue; } /* Multiple instance(s) per policy. */ if (!strcasecmp(name, "match")) { char *delim = *site_level == TLS_LEV_FPRINT ? "|" : ":"; if (*site_level <= TLS_LEV_ENCRYPT) { msg_warn("%s: attribute \"%s\" invalid at security level \"%s\"", WHERE, name, policy_name(*site_level)); *site_level = TLS_LEV_INVALID; break; } if (*val == 0) { msg_warn("%s: attribute \"%s\" has empty value", WHERE, name); *site_level = TLS_LEV_INVALID; break; } if (session->tls_matchargv == 0) session->tls_matchargv = argv_split(val, delim); else argv_split_append(session->tls_matchargv, val, delim); continue; } /* Only one instance per policy. */ if (!strcasecmp(name, "exclude")) { if (session->tls_exclusions) { msg_warn("%s: attribute \"%s\" is specified multiple times", WHERE, name); *site_level = TLS_LEV_INVALID; break; } session->tls_exclusions = vstring_strcpy(vstring_alloc(10), val); continue; } else { msg_warn("%s: invalid attribute name: \"%s\"", WHERE, name); *site_level = TLS_LEV_INVALID; break; } } FREE_RETURN(1); }