X-Git-Url: http://pileus.org/git/?a=blobdiff_plain;f=transact.c;h=ec8013a516f03d1f66f83bf4af37a65e25ce0708;hb=d31db10231e9ed89f64fdf6e0fb7cae182aa377e;hp=dbf55f53d540f0d932bd27ee1e6468096c4e83a9;hpb=9f3c51765503431fd25174dbb946c3cac7bbbdf1;p=~andy%2Ffetchmail diff --git a/transact.c b/transact.c index dbf55f53..ec8013a5 100644 --- a/transact.c +++ b/transact.c @@ -1,16 +1,14 @@ -/* - * transact.c -- transaction primitives for the fetchmail driver loop +/** + * \file transact.c -- transaction primitives for the fetchmail driver loop * * Copyright 2001 by Eric S. Raymond * For license terms, see the file COPYING in this directory. - * - * */ #include "config.h" #include #include -#include /* isspace() */ +#include #ifdef HAVE_MEMORY_H #include #endif /* HAVE_MEMORY_H */ @@ -25,43 +23,77 @@ #else #include #endif +#include +#include #ifdef HAVE_NET_SOCKET_H #include #endif +#include +#include +#include "fm_md5.h" #include "i18n.h" #include "socket.h" #include "fetchmail.h" -#ifndef strstr /* glibc-2.1 declares this as a macro */ -extern char *strstr(); /* needed on sysV68 R3V7.1. */ -#endif /* strstr */ +/** Macro to clamp the argument so it is >= INT_MIN. */ +#define _FIX_INT_MIN(x) ((x) < INT_MIN ? INT_MIN : (x)) +/** Macro to clamp the argument so it is <= INT_MAX. */ +#define _FIX_INT_MAX(x) ((x) > INT_MAX ? INT_MAX : (x)) +/** Macro to clamp the argument so it is representable as an int. */ +#define CAST_TO_INT(x) ((int)(_FIX_INT_MIN(_FIX_INT_MAX(x)))) +/** Macro to clamp the unsigned argument so it is representable as an int. */ +#define UCAST_TO_INT(x) ((int)(_FIX_INT_MAX(x))) + +/* global variables: please reinitialize them explicitly for proper + * working in daemon mode */ + +/* session variables initialized in init_transact() */ +int suppress_tags = FALSE; /**< emit tags in the protocol? */ +char tag[TAGLEN]; /**< buffer for the tag */ +static int tagnum; /**< local counter for the tag */ +/** Macro to generate the tag and store it in #tag. */ +#define GENSYM (sprintf(tag, "A%04d", ++tagnum % TAGMOD), tag) +static const struct method *protocol; /**< description of the protocol used for the current poll */ +char shroud[PASSWORDLEN*2+3]; /**< string to shroud in debug output */ -int mytimeout; /* value of nonreponse timeout */ -int suppress_tags; /* emit tags? */ -char shroud[PASSWORDLEN*2+1]; /* string to shroud in debug output */ -struct msgblk msgblk; +/* session variables initialized in do_session() */ +int mytimeout; /**< value of nonreponse timeout */ -char tag[TAGLEN]; -static int tagnum; -#define GENSYM (sprintf(tag, "A%04d", ++tagnum % TAGMOD), tag) +/* mail variables initialized in readheaders() */ +struct msgblk msgblk; /**< stores attributes of the currently processed message */ +static int accept_count /** count of accepted recipients */, reject_count /** count of rejected recipients */; -static int accept_count, reject_count; -static struct method *protocol; +/** add given address to xmit_names if it exactly matches a full address + * \returns nonzero if matched */ +static int map_address(const char *addr,/**< address to match */ + struct query *ctl, /**< contains list of aliases */ + struct idlist **xmit_names /**< list of recipient names */) +{ + const char *lname; + lname = idpair_find(&ctl->localnames, addr); + if (lname) { + if (outlevel >= O_DEBUG) + report(stdout, GT_("mapped address %s to local %s\n"), addr, lname); + save_str(xmit_names, lname, XMIT_ACCEPT); + accept_count++; + } + return lname != NULL; +} + +/** add given name to xmit_names if it matches declared localnames */ static void map_name(const char *name, struct query *ctl, struct idlist **xmit_names) -/* add given name to xmit_names if it matches declared localnames */ -/* name: name to map */ -/* ctl: list of permissible aliases */ -/* xmit_names: list of recipient names parsed out */ +/** \param name name to map */ +/** \param ctl list of permissible aliases */ +/** \param xmit_names list of recipient names parsed out */ { const char *lname; - int off = 0; - - lname = idpair_find(&ctl->localnames, name+off); + + lname = idpair_find(&ctl->localnames, name); if (!lname && ctl->wildcard) - lname = name+off; + lname = name; if (lname != (char *)NULL) { @@ -75,10 +107,10 @@ static void map_name(const char *name, struct query *ctl, struct idlist **xmit_n static void find_server_names(const char *hdr, struct query *ctl, struct idlist **xmit_names) -/* parse names out of a RFC822 header into an ID list */ -/* hdr: RFC822 header in question */ -/* ctl: list of permissible aliases */ -/* xmit_names: list of recipient names parsed out */ +/** parse names out of a RFC822 header into an ID list */ +/** \param hdr RFC822 header in question */ +/** \param ctl list of permissible aliases */ +/** \param xmit_names list of recipient names parsed out */ { if (hdr == (char *)NULL) return; @@ -86,9 +118,7 @@ static void find_server_names(const char *hdr, { char *cp; - for (cp = nxtaddr(hdr); - cp != NULL; - cp = nxtaddr(NULL)) + for (cp = nxtaddr(hdr); cp != NULL; cp = nxtaddr(NULL)) { char *atsign; @@ -109,13 +139,18 @@ static void find_server_names(const char *hdr, { int sl = strlen(ctl->server.qvirtual); - if (!strncasecmp(cp, ctl->server.qvirtual, sl)) + if (!strncasecmp((char *)cp, ctl->server.qvirtual, sl)) cp += sl; } - if ((atsign = strchr(cp, '@'))) { + if ((atsign = strchr((char *)cp, '@'))) { struct idlist *idp; + /* try to match full address first, this takes + * precedence over localdomains and alias mappings */ + if (map_address(cp, ctl, xmit_names)) + goto nomap; + /* * Does a trailing segment of the hostname match something * on the localdomains list? If so, save the whole name @@ -132,7 +167,7 @@ static void find_server_names(const char *hdr, if (outlevel >= O_DEBUG) report(stdout, GT_("passed through %s matching %s\n"), cp, idp->id); - save_str(xmit_names, cp, XMIT_ACCEPT); + save_str(xmit_names, (const char *)cp, XMIT_ACCEPT); accept_count++; goto nomap; } @@ -147,7 +182,7 @@ static void find_server_names(const char *hdr, * not, skip this name. If it is, we'll keep * going and try to find a mapping to a client name. */ - if (!is_host_alias(atsign+1, ctl)) + if (!is_host_alias(atsign+1, ctl, &ai0)) { save_str(xmit_names, cp, XMIT_REJECT); reject_count++; @@ -162,33 +197,36 @@ static void find_server_names(const char *hdr, } } -/* +/** * Return zero on a syntactically invalid address, nz on a valid one. * * This used to be strchr(a, '.'), but it turns out that lines like this * - * Received: from punt-1.mail.demon.net by mailstore for markb@ordern.com + * Received: from punt-1.mail.demon.net by mailstore for markb@example.com * id 938765929:10:27223:2; Fri, 01 Oct 99 08:18:49 GMT * * are not uncommon. So now we just check that the following token is * not itself an email address. */ -#define VALID_ADDRESS(a) !strchr(a, '@') +#define VALID_ADDRESS(a) (!strchr((a), '@')) -static char *parse_received(struct query *ctl, char *bufp) -/* try to extract real address from the Received line */ -/* If a valid Received: line is found, we return the full address in - * a buffer which can be parsed from nxtaddr(). This is to ansure that +/** write \a value into \a rbuf, indexed by \a tp, if there is + * sufficient room left. */ +#define RBUF_WRITE(value) do { if (tp < rbuf+sizeof(rbuf)-1) *tp++=(value); } while(0) + +/** Try to extract real address from the Received line. + * If a valid Received: line is found, we return the full address in + * a buffer which can be parsed from nxtaddr(). This is to ensure that * the local domain part of the address can be passed along in * find_server_names() if it contains one. * Note: We should return a dummy header containing the address * which makes nxtaddr() behave correctly. */ +static char *parse_received(struct query *ctl, char *bufp) { char *base, *ok = (char *)NULL; static char rbuf[HOSTLEN + USERNAMELEN + 4]; - -#define RBUF_WRITE(value) if (tp < rbuf+sizeof(rbuf)-1) *tp++=value + struct addrinfo *ai0; /* * Try to extract the real envelope addressee. We look here @@ -206,17 +244,17 @@ static char *parse_received(struct query *ctl, char *bufp) { if (!(ok = strstr(base, "by"))) break; - else if (!isspace(ok[-1]) || !isspace(ok[2])) + else if (!isspace((unsigned char)ok[-1]) || !isspace((unsigned char)ok[2])) continue; else { char *sp, *tp; /* extract space-delimited token after "by" */ - for (sp = ok + 2; isspace(*sp); sp++) + for (sp = ok + 2; isspace((unsigned char)*sp); sp++) continue; tp = rbuf; - for (; !isspace(*sp); sp++) + for (; *sp && !isspace((unsigned char)*sp); sp++) RBUF_WRITE(*sp); *tp = '\0'; @@ -234,7 +272,7 @@ static char *parse_received(struct query *ctl, char *bufp) * recipient name after a following "for". Otherwise * punt. */ - if (is_host_alias(rbuf, ctl)) + if (is_host_alias(rbuf, ctl, &ai0)) { if (outlevel >= O_DEBUG) report(stdout, @@ -254,17 +292,17 @@ static char *parse_received(struct query *ctl, char *bufp) { if (!(ok = strstr(base, "for"))) break; - else if (!isspace(ok[-1]) || !isspace(ok[3])) + else if (!isspace((unsigned char)ok[-1]) || !isspace((unsigned char)ok[3])) continue; else { char *sp, *tp; /* extract space-delimited token after "for" */ - for (sp = ok + 3; isspace(*sp); sp++) + for (sp = ok + 3; isspace((unsigned char)*sp); sp++) continue; tp = rbuf; - for (; !isspace(*sp); sp++) + for (; !isspace((unsigned char)*sp); sp++) RBUF_WRITE(*sp); *tp = '\0'; @@ -280,7 +318,7 @@ static char *parse_received(struct query *ctl, char *bufp) char *sp, *tp; /* char after "for" could be space or a continuation newline */ - for (sp = ok + 4; isspace(*sp); sp++) + for (sp = ok + 4; isspace((unsigned char)*sp); sp++) continue; tp = rbuf; RBUF_WRITE(':'); /* Here is the hack. This is to be friends */ @@ -294,9 +332,9 @@ static char *parse_received(struct query *ctl, char *bufp) while (*sp && *sp++ != ':') continue; while (*sp - && (want_gt ? (*sp != '>') : !isspace(*sp)) + && (want_gt ? (*sp != '>') : !isspace((unsigned char)*sp)) && *sp != ';') - if (!isspace(*sp)) + if (!isspace((unsigned char)*sp)) { RBUF_WRITE(*sp); sp++; @@ -335,21 +373,51 @@ static char *parse_received(struct query *ctl, char *bufp) } /* shared by readheaders and readbody */ -static int sizeticker; +static int sizeticker; /**< internal state variable for print_ticker() */ + +/** Print ticker based on a amount of data transferred of \a bytes. + * Increments \a *tickervar by \a bytes, and if it exceeds + * \a SIZETICKER, print a dot and reduce *tickervar by \a SIZETICKER. */ +static void print_ticker(int *tickervar, int bytes) +{ + *tickervar += bytes; + while (*tickervar >= SIZETICKER) + { + if (want_progress()) + { + fputc('.', stdout); + fflush(stdout); + } + *tickervar -= SIZETICKER; + } +} -#define EMPTYLINE(s) ((s)[0] == '\r' && (s)[1] == '\n' && (s)[2] == '\0') +/** Check if \a s is equal to a LF or CR LF sequence, followed by a NUL + * byte. \todo FIXME merge this with end_of_header? */ +#define EMPTYLINE(s) (((s)[0] == '\r' && (s)[1] == '\n' && (s)[2] == '\0') \ + || ((s)[0] == '\n' && (s)[1] == '\0')) +/** Check if \a s is an empty line. Accept "\r*\n" as EOH in order to be bulletproof against broken survers */ +static int end_of_header (const char *s) +{ + while (s[0] == '\r') + s++; + return (s[0] == '\n' && s[1] == '\0'); +} + +/** read message headers and ship to SMTP or MDA */ int readheaders(int sock, long fetchlen, long reallen, struct query *ctl, - int num) -/* read message headers and ship to SMTP or MDA */ -/* sock: to which the server is connected */ -/* fetchlen: length of message according to fetch response */ -/* reallen: length of message according to getsizes */ -/* ctl: query control record */ -/* num: index of message */ + int num, + flag *suppress_readbody) +/** \param sock to which the server is connected */ +/** \param fetchlen length of message according to fetch response */ +/** \param reallen length of message according to getsizes */ +/** \param ctl query control record */ +/** \param num index of message */ +/** \param suppress_readbody output: whether call to readbody() should be supressed */ { struct addrblk { @@ -365,16 +433,20 @@ int readheaders(int sock, int from_offs, reply_to_offs, resent_from_offs; int app_from_offs, sender_offs, resent_sender_offs; int env_offs; - char *received_for, *rcv, *cp, *delivered_to; - int n, linelen, oldlen, ch, remaining, skipcount; + char *received_for, *rcv, *cp; + static char *delivered_to = NULL; + int n, oldlen, ch, remaining, skipcount; + size_t linelen; + int delivered_to_count; struct idlist *idp; flag no_local_matches = FALSE; - flag headers_ok, has_nuls; + flag has_nuls; int olderrs, good_addresses, bad_addresses; - int retain_mail = 0; + int retain_mail = 0, refuse_mail = 0; + flag already_has_return_path = FALSE; sizeticker = 0; - has_nuls = headers_ok = FALSE; + has_nuls = FALSE; msgblk.return_path[0] = '\0'; olderrs = ctl->errcount; @@ -387,96 +459,116 @@ int readheaders(int sock, * condition the code for sending bouncemail will actually look * at the freed storage and coredump... */ - if (msgblk.headers) - free(msgblk.headers); + xfree(msgblk.headers); free_str_list(&msgblk.recipients); + xfree(delivered_to); - /* initially, no message ID */ - if (ctl->thisid) - free(ctl->thisid); - ctl->thisid = NULL; + /* initially, no message digest */ + memset(ctl->digest, '\0', sizeof(ctl->digest)); - msgblk.headers = received_for = delivered_to = NULL; + received_for = NULL; from_offs = reply_to_offs = resent_from_offs = app_from_offs = sender_offs = resent_sender_offs = env_offs = -1; oldlen = 0; msgblk.msglen = 0; skipcount = 0; + delivered_to_count = 0; ctl->mimemsg = 0; - for (remaining = fetchlen; remaining > 0 || protocol->delimited; remaining -= linelen) + for (remaining = fetchlen; remaining > 0 || protocol->delimited; ) { - char *line; - int overlong = FALSE; + char *line, *rline; - line = xmalloc(sizeof(buf)); + line = (char *)xmalloc(sizeof(buf)); linelen = 0; line[0] = '\0'; do { - set_timeout(mytimeout); - if ((n = SockRead(sock, buf, sizeof(buf)-1)) == -1) { + do { + char *sp, *tp; + + set_timeout(mytimeout); + if ((n = SockRead(sock, buf, sizeof(buf)-1)) == -1) { + set_timeout(0); + free(line); + return(PS_SOCKET); + } set_timeout(0); - free(line); - free(msgblk.headers); - msgblk.headers = NULL; - return(PS_SOCKET); - } - set_timeout(0); - linelen += n; - msgblk.msglen += n; /* - * Try to gracefully handle the case, where the length of a - * line exceeds MSGBUFSIZE. + * Smash out any NULs, they could wreak havoc later on. + * Some network stacks seem to generate these at random, + * especially (according to reports) at the beginning of the + * first read. NULs are illegal in RFC822 format. */ - if ( n && buf[n-1] != '\n' ) { - unsigned int llen = strlen(line); - overlong = TRUE; - line = realloc(line, llen + n + 1); - strcpy(line + llen, buf); - ch = ' '; /* So the next iteration starts */ - continue; - } + for (sp = tp = buf; sp < buf + n; sp++) + if (*sp) + *tp++ = *sp; + *tp = '\0'; + n = tp - buf; + } while + (n == 0); - /* lines may not be properly CRLF terminated; fix this for qmail */ - if (ctl->forcecr) + remaining -= n; + linelen += n; + msgblk.msglen += n; + + /* + * Try to gracefully handle the case where the length of a + * line exceeds MSGBUFSIZE. + */ + if (n && buf[n-1] != '\n') { - cp = buf + strlen(buf) - 1; - if (*cp == '\n' && (cp == buf || cp[-1] != '\r')) + rline = (char *) realloc(line, linelen + 1); + if (rline == NULL) { - *cp++ = '\r'; - *cp++ = '\n'; - *cp++ = '\0'; + free (line); + return(PS_IOERR); } + line = rline; + memcpy(line + linelen - n, buf, n); + line[linelen] = '\0'; + ch = ' '; /* So the next iteration starts */ + continue; } - /* - * Decode MIME encoded headers. We MUST do this before - * looking at the Content-Type / Content-Transfer-Encoding - * headers (RFC 2046). - */ - if ( ctl->mimedecode && overlong ) { - /* - * If we received an overlong line, we have to decode the - * whole line at once. - */ - line = (char *) realloc(line, strlen(line) + strlen(buf) +1); - strcat(line, buf); - UnMimeHeader(line); + /* lines may not be properly CRLF terminated; fix this for qmail */ + /* we don't want to overflow the buffer here */ + if (ctl->forcecr && buf[n-1]=='\n' && (n==1 || buf[n-2]!='\r')) + { + char * tcp; + rline = (char *) realloc(line, linelen + 2); + if (rline == NULL) + { + free (line); + return(PS_IOERR); } - else { - if ( ctl->mimedecode ) - UnMimeHeader(buf); - - line = (char *) realloc(line, strlen(line) + strlen(buf) +1); - strcat(line, buf); + line = rline; + memcpy(line + linelen - n, buf, n - 1); + tcp = line + linelen - 1; + *tcp++ = '\r'; + *tcp++ = '\n'; + *tcp = '\0'; + /* n++; - not used later on */ + linelen++; + } + else + { + rline = (char *) realloc(line, linelen + 1); + if (rline == NULL) + { + free (line); + return(PS_IOERR); } + line = rline; + memcpy(line + linelen - n, buf, n + 1); + } /* check for end of headers */ - if (EMPTYLINE(line)) + if (end_of_header(line)) { - headers_ok = TRUE; - has_nuls = (linelen != strlen(line)); +eoh: + if (linelen != strlen (line)) + has_nuls = TRUE; free(line); goto process_headers; } @@ -488,25 +580,40 @@ int readheaders(int sock, */ if (protocol->delimited && line[0] == '.' && EMPTYLINE(line+1)) { - headers_ok = FALSE; - has_nuls = (linelen != strlen(line)); - free(line); - goto process_headers; + if (suppress_readbody) + *suppress_readbody = TRUE; + goto eoh; /* above */ } /* * At least one brain-dead website (netmind.com) is known to * send out robotmail that's missing the RFC822 delimiter blank * line before the body! Without this check fetchmail segfaults. - * With it, we treat such messages as though they had the missing - * blank line. + * With it, we treat such messages as spam and refuse them. + * + * Frederic Marchal reported in February 2006 that hotmail + * or something improperly wrapped a very long TO header + * (wrapped without inserting whitespace in the continuation + * line) and found that this code thus refused a message + * that should have been delivered. + * + * XXX FIXME: we should probably wrap the message up as + * message/rfc822 attachment and forward to postmaster (Rob + * MacGregor) */ - if (!isspace(line[0]) && !strchr(line, ':')) + if (!refuse_mail + && !ctl->server.badheader == BHACCEPT + && !isspace((unsigned char)line[0]) + && !strchr(line, ':')) { - headers_ok = FALSE; - has_nuls = (linelen != strlen(line)); - free(line); - goto process_headers; + if (linelen != strlen (line)) + has_nuls = TRUE; + if (outlevel > O_SILENT) + report(stdout, + GT_("incorrect header line found - see manpage for bad-header option\n")); + if (outlevel >= O_VERBOSE) + report (stdout, GT_("line: %s"), line); + refuse_mail = 1; } /* check for RFC822 continuations */ @@ -519,24 +626,37 @@ int readheaders(int sock, /* write the message size dots */ if ((outlevel > O_SILENT && outlevel < O_VERBOSE) && linelen > 0) { - sizeticker += linelen; - while (sizeticker >= SIZETICKER) - { - if ((!run.use_syslog && !isafile(1)) || run.showdots) - { - fputc('.', stdout); - fflush(stdout); - } - sizeticker -= SIZETICKER; - } + print_ticker(&sizeticker, linelen); } - /* we see an ordinary (non-header, non-message-delimiter line */ - has_nuls = (linelen != strlen(line)); + /* + * Decode MIME encoded headers. We MUST do this before + * looking at the Content-Type / Content-Transfer-Encoding + * headers (RFC 2046). + */ + if ( ctl->mimedecode ) + { + char *tcp; + UnMimeHeader(line); + /* the line is now shorter. So we retrace back till we find + * our terminating combination \n\0, we move backwards to + * make sure that we don't catch some \n\0 stored in the + * decoded part of the message */ + for (tcp = line + linelen - 1; tcp > line && (*tcp != 0 || tcp[-1] != '\n'); tcp--) { } + if (tcp > line) linelen = tcp - line; + } + + + /* skip processing if we are going to retain or refuse this mail */ + if (retain_mail || refuse_mail) + { + free(line); + continue; + } - /* save the message's ID, we may use it for killing duplicates later */ - if (MULTIDROP(ctl) && !strncasecmp(line, "Message-ID:", 11)) - ctl->thisid = xstrdup(line); + /* we see an ordinary (non-header, non-message-delimiter) line */ + if (linelen != strlen (line)) + has_nuls = TRUE; /* * The University of Washington IMAP server (the reference @@ -544,19 +664,38 @@ int readheaders(int sock, * on being able to keep base-UID information in a special * message at the head of the mailbox. This message should * neither be deleted nor forwarded. + * + * An example for such a message is (keep this in so people + * find it when looking where the special code is to handle the + * data): + * + * From MAILER-DAEMON Wed Nov 23 11:38:42 2005 + * Date: 23 Nov 2005 11:38:42 +0100 + * From: Mail System Internal Data + * Subject: DON'T DELETE THIS MESSAGE -- FOLDER INTERNAL DATA + * Message-ID: <1132742322@mail.example.org> + * X-IMAP: 1132742306 0000000001 + * Status: RO + * + * This text is part of the internal format of your mail folder, and is not + * a real message. It is created automatically by the mail system software. + * If deleted, important folder data will be lost, and it will be re-created + * with the data reset to initial values. + * + * This message is only visible if a POP3 server that is unaware + * of these UWIMAP messages is used besides UWIMAP or PINE. + * + * We will just check if the first message in the mailbox has an + * X-IMAP: header. */ #ifdef POP2_ENABLE /* * We disable this check under POP2 because there's no way to - * prevent deletion of the message. So at least we ought to + * prevent deletion of the message. So at least we ought to * forward it to the user so he or she will have some clue * that things have gone awry. */ -#if INET6_ENABLE - if (strncmp(protocol->service, "pop2", 4)) -#else /* INET6_ENABLE */ - if (protocol->port != 109) -#endif /* INET6_ENABLE */ + if (servport("pop2") != servport(protocol->service)) #endif /* POP2_ENABLE */ if (num == 1 && !strncasecmp(line, "X-IMAP:", 7)) { free(line); @@ -592,17 +731,24 @@ int readheaders(int sock, } /* - * We remove all Delivered-To: headers. - * - * This is to avoid false mail loops messages when delivering - * local messages to and from a Postfix/qmail mailserver. + * We remove all Delivered-To: headers if dropdelivered is set + * - special care must be taken if Delivered-To: is also used + * as envelope at the same time. + * + * This is to avoid false mail loops errors when delivering + * local messages to and from a Postfix or qmail mailserver. */ if (ctl->dropdelivered && !strncasecmp(line, "Delivered-To:", 13)) { - if (delivered_to) + if (delivered_to || + ctl->server.envelope == STRING_DISABLED || + !ctl->server.envelope || + strcasecmp(ctl->server.envelope, "Delivered-To") || + delivered_to_count != ctl->server.envskip) free(line); else delivered_to = line; + delivered_to_count++; continue; } @@ -621,17 +767,17 @@ int readheaders(int sock, * turns on the dropstatus flag. */ { - char *cp; + char *tcp; if (!strncasecmp(line, "Status:", 7)) - cp = line + 7; + tcp = line + 7; else if (!strncasecmp(line, "X-Mozilla-Status:", 17)) - cp = line + 17; + tcp = line + 17; else - cp = NULL; - if (cp) { - while (*cp && isspace(*cp)) cp++; - if (!*cp || ctl->dropstatus) + tcp = NULL; + if (tcp) { + while (*tcp && isspace((unsigned char)*tcp)) tcp++; + if (!*tcp || ctl->dropstatus) { free(line); continue; @@ -640,7 +786,7 @@ int readheaders(int sock, } if (ctl->rewrite) - line = reply_hack(line, ctl->server.truename); + line = reply_hack(line, ctl->server.truename, &linelen); /* * OK, this is messy. If we're forwarding by SMTP, it's the @@ -663,9 +809,18 @@ int readheaders(int sock, * not trigger bounces if delivery fails. What we *do* need to do is * make sure we never try to rewrite such a blank Return-Path. We * handle this with a check for <> in the rewrite logic above. + * + * Also, if an email has multiple Return-Path: headers, we only + * read the first occurance, as some spam email has more than one + * Return-Path. + * */ - if (!strncasecmp("Return-Path:", line, 12) && (cp = nxtaddr(line))) + if ((already_has_return_path==FALSE) && !strncasecmp("Return-Path:", line, 12) && (cp = nxtaddr(line))) { + char nulladdr[] = "<>"; + already_has_return_path = TRUE; + if (cp[0]=='\0') /* nxtaddr() strips the brackets... */ + cp=nulladdr; strncpy(msgblk.return_path, cp, sizeof(msgblk.return_path)); msgblk.return_path[sizeof(msgblk.return_path)-1] = '\0'; if (!ctl->mda) { @@ -676,9 +831,10 @@ int readheaders(int sock, if (!msgblk.headers) { - oldlen = strlen(line); - msgblk.headers = xmalloc(oldlen + 1); - (void) strcpy(msgblk.headers, line); + oldlen = linelen; + msgblk.headers = (char *)xmalloc(oldlen + 1); + (void) memcpy(msgblk.headers, line, linelen); + msgblk.headers[oldlen] = '\0'; free(line); line = msgblk.headers; } @@ -687,14 +843,15 @@ int readheaders(int sock, char *newhdrs; int newlen; - newlen = oldlen + strlen(line); + newlen = oldlen + linelen; newhdrs = (char *) realloc(msgblk.headers, newlen + 1); if (newhdrs == NULL) { free(line); return(PS_IOERR); } msgblk.headers = newhdrs; - strcpy(msgblk.headers + oldlen, line); + memcpy(msgblk.headers + oldlen, line, linelen); + msgblk.headers[newlen] = '\0'; free(line); line = msgblk.headers + oldlen; oldlen = newlen; @@ -721,10 +878,10 @@ int readheaders(int sock, * human user or a computer program) rather than a standard * address." That implies that the contents of the Sender * field don't need to be a legal email address at all So - * ignore any Sender or Resent-Semnder lines unless they + * ignore any Sender or Resent-Sender lines unless they * contain @. * - * (RFC2822 says the condents of Sender must be a valid mailbox + * (RFC2822 says the contents of Sender must be a valid mailbox * address, which is also what RFC822 4.4.4 implies.) */ else if (!strncasecmp("Sender:", line, 7) && (strchr(line, '@') || strchr(line, '!'))) @@ -743,8 +900,8 @@ int readheaders(int sock, sscanf(line+12, "%s", id); if (!str_find( &ctl->newsaved, num)) { - struct idlist *new = save_str(&ctl->newsaved,id,UID_SEEN); - new->val.status.num = num; + struct idlist *newl = save_str(&ctl->newsaved,id,UID_SEEN); + newl->val.status.num = num; } } } @@ -758,7 +915,7 @@ int readheaders(int sock, || !strncasecmp("Bcc:", line, 4) || !strncasecmp("Apparently-To:", line, 14)) { - *to_chainptr = xmalloc(sizeof(struct addrblk)); + *to_chainptr = (struct addrblk *)xmalloc(sizeof(struct addrblk)); (*to_chainptr)->offset = (line - msgblk.headers); to_chainptr = &(*to_chainptr)->next; *to_chainptr = NULL; @@ -768,7 +925,7 @@ int readheaders(int sock, || !strncasecmp("Resent-Cc:", line, 10) || !strncasecmp("Resent-Bcc:", line, 11)) { - *resent_to_chainptr = xmalloc(sizeof(struct addrblk)); + *resent_to_chainptr = (struct addrblk *)xmalloc(sizeof(struct addrblk)); (*resent_to_chainptr)->offset = (line - msgblk.headers); resent_to_chainptr = &(*resent_to_chainptr)->next; *resent_to_chainptr = NULL; @@ -798,15 +955,17 @@ int readheaders(int sock, } } - process_headers: +process_headers: - if (retain_mail) - { - free(msgblk.headers); - msgblk.headers = NULL; + if (retain_mail) { return(PS_RETAINED); } + + if (refuse_mail) + return(PS_REFUSED); /* + * This is the duplicate-message killer code. + * * When mail delivered to a multidrop mailbox on the server is * addressed to multiple people on the client machine, there will * be one copy left in the box for each recipient. This is not a @@ -818,11 +977,8 @@ int readheaders(int sock, * if the mail is addressed to N people, each recipient will * get N copies. This is bad when N > 1. * - * Foil this by suppressing all but one copy of a message with - * a given Message-ID. The accept_count test ensures that - * multiple pieces of email with the same Message-ID, each - * with a *single* addressee (the N == 1 case), won't be - * suppressed. + * Foil this by suppressing all but one copy of a message with a + * given set of headers. * * Note: This implementation only catches runs of successive * messages with the same ID, but that should be good @@ -834,32 +990,31 @@ int readheaders(int sock, * Don't mess with this code casually. It would be way too easy * to break it in a way that blackholed mail. Better to pass * the occasional duplicate than to do that... + * + * Matthias Andree: + * The real fix however is to insist on Delivered-To: or similar + * headers and require that one copy per recipient be dropped. + * Everything else breaks sooner or later. */ - if (!received_for && env_offs == -1 && !delivered_to) + if (MULTIDROP(ctl) && msgblk.headers) { - if (ctl->lastid && ctl->thisid && !strcasecmp(ctl->lastid, ctl->thisid)) + MD5_CTX context; + + MD5Init(&context); + MD5Update(&context, (unsigned char *)msgblk.headers, strlen(msgblk.headers)); + MD5Final(ctl->digest, &context); + + if (!received_for && env_offs == -1 && !delivered_to) { - if (accept_count > 1) + /* + * Hmmm...can MD5 ever yield all zeroes as a hash value? + * If so there is a one in 18-quadrillion chance this + * code will incorrectly nuke the first message. + */ + if (!memcmp(ctl->lastdigest, ctl->digest, DIGESTLEN)) return(PS_REFUSED); } - else - { - if (ctl->lastid) - free(ctl->lastid); - ctl->lastid = ctl->thisid; - ctl->thisid = NULL; - } - } - - /* - * We want to detect this early in case there are so few headers that the - * dispatch logic barfs. - */ - if (!headers_ok) - { - if (outlevel > O_SILENT) - report(stdout, - GT_("message delimiter found while scanning headers\n")); + memcpy(ctl->lastdigest, ctl->digest, DIGESTLEN); } /* @@ -873,12 +1028,10 @@ int readheaders(int sock, */ if (msgblk.headers == (char *)NULL) { -#ifdef HAVE_SNPRINTF snprintf(buf, sizeof(buf), -#else - sprintf(buf, -#endif /* HAVE_SNPRINTF */ - "From: FETCHMAIL-DAEMON\r\nTo: %s@%s\r\nSubject: Headerless mail from %s's mailbox on %s\r\n", + "From: FETCHMAIL-DAEMON\r\n" + "To: %s@%s\r\n" + "Subject: Headerless mail from %s's mailbox on %s\r\n", user, fetchmailhost, ctl->remotename, ctl->server.truename); msgblk.headers = xstrdup(buf); } @@ -897,7 +1050,7 @@ int readheaders(int sock, /* We have the real envelope return-path, stored out of band by * SDPS - that's more accurate than any header is going to be. */ - strcpy(msgblk.return_path, sdps_envfrom); + strlcpy(msgblk.return_path, sdps_envfrom, sizeof(msgblk.return_path)); free(sdps_envfrom); } else #endif /* SDPS_ENABLE */ @@ -923,7 +1076,7 @@ int readheaders(int sock, else if (resent_from_offs >= 0 && (ap = nxtaddr(msgblk.headers + resent_from_offs))); else if (from_offs >= 0 && (ap = nxtaddr(msgblk.headers + from_offs))); else if (reply_to_offs >= 0 && (ap = nxtaddr(msgblk.headers + reply_to_offs))); - else if (app_from_offs >= 0 && (ap = nxtaddr(msgblk.headers + app_from_offs))); + else if (app_from_offs >= 0 && (ap = nxtaddr(msgblk.headers + app_from_offs))) {} /* multi-line MAIL FROM addresses confuse SMTP terribly */ if (ap && !strchr(ap, '\n')) { strncpy(msgblk.return_path, ap, sizeof(msgblk.return_path)); @@ -947,15 +1100,25 @@ int readheaders(int sock, free(sdps_envto); } else #endif /* SDPS_ENABLE */ - if (env_offs > -1) /* We have the actual envelope addressee */ - find_server_names(msgblk.headers + env_offs, ctl, &msgblk.recipients); + if (env_offs > -1) { /* We have the actual envelope addressee */ + if (outlevel >= O_DEBUG) { + const char *tmps = msgblk.headers + env_offs; + size_t l = strcspn(tmps, "\r\n"); + report(stdout, GT_("Parsing envelope \"%s\" names \"%-.*s\"\n"), ctl->server.envelope, UCAST_TO_INT(l), tmps); + } + find_server_names(msgblk.headers + env_offs, ctl, &msgblk.recipients); + } else if (delivered_to && ctl->server.envelope != STRING_DISABLED && - ctl->server.envelope && !strcasecmp(ctl->server.envelope, "Delivered-To")) - { + ctl->server.envelope && !strcasecmp(ctl->server.envelope, "Delivered-To")) + { + if (outlevel >= O_DEBUG) { + const char *tmps = delivered_to + 2 + strlen(ctl->server.envelope); + size_t l = strcspn(tmps, "\r\n"); + report(stdout, GT_("Parsing envelope \"%s\" names \"%-.*s\"\n"), ctl->server.envelope, UCAST_TO_INT(l), tmps); + } find_server_names(delivered_to, ctl, &msgblk.recipients); - free(delivered_to); - } - else if (received_for) + xfree(delivered_to); + } else if (received_for) { /* * We have the Received for addressee. * It has to be a mailserver address, or we @@ -963,9 +1126,13 @@ int readheaders(int sock, * We use find_server_names() to let local * hostnames go through. */ + if (outlevel >= O_DEBUG) { + const char *tmps = received_for + 2; + size_t l = strcspn(tmps, "\r\n"); + report(stdout, GT_("Parsing Received names \"%-.*s\"\n"), UCAST_TO_INT(l), tmps); + } find_server_names(received_for, ctl, &msgblk.recipients); - else - { + } else { /* * We haven't extracted the envelope address. * So check all the "Resent-To" header addresses if @@ -973,6 +1140,8 @@ int readheaders(int sock, * the "To" addresses. */ register struct addrblk *nextptr; + if (outlevel >= O_DEBUG) + report(stdout, GT_("No envelope recipient found, resorting to header guessing.\n")); if (resent_to_addrchain) { /* delete the "To" chain and substitute it * with the "Resent-To" list @@ -987,6 +1156,12 @@ int readheaders(int sock, } /* now look for remaining adresses */ while (to_addrchain) { + if (outlevel >= O_DEBUG) { + const char *tmps = msgblk.headers+to_addrchain->offset; + size_t l = strcspn(tmps, "\r\n"); + report(stdout, GT_("Guessing from header \"%-.*s\".\n"), UCAST_TO_INT(l), tmps); + } + find_server_names(msgblk.headers+to_addrchain->offset, ctl, &msgblk.recipients); nextptr = to_addrchain->next; free(to_addrchain); @@ -1015,9 +1190,6 @@ int readheaders(int sock, if (outlevel >= O_DEBUG) report(stdout, GT_("forwarding and deletion suppressed due to DNS errors\n")); - free(msgblk.headers); - msgblk.headers = NULL; - free_str_list(&msgblk.recipients); return(PS_TRANSIENT); } else @@ -1026,9 +1198,6 @@ int readheaders(int sock, if ((n = open_sink(ctl, &msgblk, &good_addresses, &bad_addresses)) != PS_SUCCESS) { - free(msgblk.headers); - msgblk.headers = NULL; - free_str_list(&msgblk.recipients); return(n); } } @@ -1056,64 +1225,52 @@ int readheaders(int sock, { /* utter any per-message Received information we need here */ if (ctl->server.trueaddr) { -#ifdef HAVE_SNPRINTF + char saddr[50]; + int e; + + e = getnameinfo(ctl->server.trueaddr, ctl->server.trueaddr_len, + saddr, sizeof(saddr), NULL, 0, + NI_NUMERICHOST); + if (e) + snprintf(saddr, sizeof(saddr), "(%-.*s)", (int)(sizeof(saddr) - 3), gai_strerror(e)); snprintf(buf, sizeof(buf), -#else - sprintf(buf, -#endif /* HAVE_SNPRINTF */ - "Received: from %s [%u.%u.%u.%u]\r\n", - ctl->server.truename, - (unsigned char)ctl->server.trueaddr[0], - (unsigned char)ctl->server.trueaddr[1], - (unsigned char)ctl->server.trueaddr[2], - (unsigned char)ctl->server.trueaddr[3]); + "Received: from %s [%s]\r\n", + ctl->server.truename, saddr); } else { -#ifdef HAVE_SNPRINTF - snprintf(buf, sizeof(buf), -#else - sprintf(buf, -#endif /* HAVE_SNPRINTF */ + snprintf(buf, sizeof(buf), "Received: from %s\r\n", ctl->server.truename); } n = stuffline(ctl, buf); if (n != -1) { /* - * This header is technically invalid under RFC822. - * POP3, IMAP, etc. are not legal mail-parameter values. + * We SHOULD (RFC-2821 sec. 4.4/p. 53) make sure to only use + * IANA registered protocol names here. */ -#ifdef HAVE_SNPRINTF snprintf(buf, sizeof(buf), -#else - sprintf(buf, -#endif /* HAVE_SNPRINTF */ "\tby %s with %s (fetchmail-%s", fetchmailhost, protocol->name, VERSION); - if (ctl->tracepolls) + if (ctl->server.tracepolls) { - sprintf(buf + strlen(buf), " polling %s account %s", - ctl->server.pollname, + snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf), + " polling %s account %s", + ctl->server.pollname, ctl->remotename); + if (ctl->folder) + snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf), + " folder %s", + ctl->folder); } -#ifdef HAVE_SNPRINTF snprintf(buf+strlen(buf), sizeof(buf)-strlen(buf), ")\r\n"); -#else - strcat(buf, ")\r\n"); -#endif /* HAVE_SNPRINTF */ n = stuffline(ctl, buf); if (n != -1) { buf[0] = '\t'; if (good_addresses == 0) { -#ifdef HAVE_SNPRINTF - snprintf(buf+1, sizeof(buf)-1, -#else - sprintf(buf+1, -#endif /* HAVE_SNPRINTF */ - "for %s (by default); ", + snprintf(buf+1, sizeof(buf)-1, "for <%s> (by default); ", rcpt_address (ctl, run.postmaster, 0)); } else if (good_addresses == 1) @@ -1121,25 +1278,18 @@ int readheaders(int sock, for (idp = msgblk.recipients; idp; idp = idp->next) if (idp->val.status.mark == XMIT_ACCEPT) break; /* only report first address */ -#ifdef HAVE_SNPRINTF - snprintf(buf+1, sizeof(buf)-1, -#else - sprintf(buf+1, -#endif /* HAVE_SNPRINTF */ - "for %s", rcpt_address (ctl, idp->id, 1)); - sprintf(buf+strlen(buf), " (%s); ", + if (idp) + snprintf(buf+1, sizeof(buf)-1, + "for <%s>", rcpt_address (ctl, idp->id, 1)); + snprintf(buf+strlen(buf), sizeof(buf)-strlen(buf)-1, + " (%s); ", MULTIDROP(ctl) ? "multi-drop" : "single-drop"); } else buf[1] = '\0'; -#ifdef HAVE_SNPRINTF snprintf(buf+strlen(buf), sizeof(buf)-strlen(buf), "%s\r\n", rfc822timestamp()); -#else - strcat(buf, rfc822timestamp()); - strcat(buf, "\r\n"); -#endif /* HAVE_SNPRINTF */ n = stuffline(ctl, buf); } } @@ -1152,13 +1302,11 @@ int readheaders(int sock, { report(stdout, GT_("writing RFC822 msgblk.headers\n")); release_sink(ctl); - free(msgblk.headers); - msgblk.headers = NULL; - free_str_list(&msgblk.recipients); return(PS_IOERR); } - else if ((run.poll_interval == 0 || nodetach) && outlevel >= O_VERBOSE && !isafile(2)) - fputs("#", stdout); + + if (want_progress()) + fputc('#', stdout); /* write error notifications */ if (no_local_matches || has_nuls || bad_addresses) @@ -1167,21 +1315,17 @@ int readheaders(int sock, char errhd[USERNAMELEN + POPBUFSIZE], *errmsg; errmsg = errhd; - (void) strcpy(errhd, "X-Fetchmail-Warning: "); + strlcpy(errhd, "X-Fetchmail-Warning: ", sizeof(errhd)); if (no_local_matches) { if (reject_count != 1) - strcat(errhd, GT_("no recipient addresses matched declared local names")); + strlcat(errhd, GT_("no recipient addresses matched declared local names"), sizeof(errhd)); else { for (idp = msgblk.recipients; idp; idp = idp->next) if (idp->val.status.mark == XMIT_REJECT) break; -#ifdef HAVE_SNPRINTF snprintf(errhd+strlen(errhd), sizeof(errhd)-strlen(errhd), -#else - sprintf(errhd+strlen(errhd), -#endif /* HAVE_SNPRINTF */ GT_("recipient address %s didn't match any local name"), idp->id); } } @@ -1189,34 +1333,24 @@ int readheaders(int sock, if (has_nuls) { if (errhd[sizeof("X-Fetchmail-Warning: ")]) -#ifdef HAVE_SNPRINTF snprintf(errhd+strlen(errhd), sizeof(errhd)-strlen(errhd), "; "); snprintf(errhd+strlen(errhd), sizeof(errhd)-strlen(errhd), -#else - strcat(errhd, "; "); - strcat(errhd, -#endif /* HAVE_SNPRINTF */ GT_("message has embedded NULs")); } if (bad_addresses) { if (errhd[sizeof("X-Fetchmail-Warning: ")]) -#ifdef HAVE_SNPRINTF snprintf(errhd+strlen(errhd), sizeof(errhd)-strlen(errhd), "; "); snprintf(errhd+strlen(errhd), sizeof(errhd)-strlen(errhd), -#else - strcat(errhd, "; "); - strcat(errhd, -#endif /* HAVE_SNPRINTF */ GT_("SMTP listener rejected local recipient addresses: ")); errlen = strlen(errhd); for (idp = msgblk.recipients; idp; idp = idp->next) if (idp->val.status.mark == XMIT_RCPTBAD) errlen += strlen(idp->id) + 2; - xalloca(errmsg, char *, errlen+3); - (void) strcpy(errmsg, errhd); + errmsg = (char *)xmalloc(errlen + 3); + strcpy(errmsg, errhd); for (idp = msgblk.recipients; idp; idp = idp->next) if (idp->val.status.mark == XMIT_RCPTBAD) { @@ -1231,28 +1365,34 @@ int readheaders(int sock, /* ship out the error line */ stuffline(ctl, errmsg); + + if (errmsg != errhd) + free(errmsg); } /* issue the delimiter line */ cp = buf; *cp++ = '\r'; *cp++ = '\n'; - *cp++ = '\0'; - stuffline(ctl, buf); + *cp = '\0'; + n = stuffline(ctl, buf); - return(headers_ok ? PS_SUCCESS : PS_TRUNCATED); + if ((size_t)n == strlen(buf)) + return PS_SUCCESS; + else + return PS_SOCKET; } int readbody(int sock, struct query *ctl, flag forward, int len) -/* read and dispose of a message body presented on sock */ -/* ctl: query control record */ -/* sock: to which the server is connected */ -/* len: length of message */ -/* forward: TRUE to forward */ +/** read and dispose of a message body presented on \a sock */ +/** \param ctl query control record */ +/** \param sock to which the server is connected */ +/** \param forward TRUE to forward */ +/** \param len length of message */ { int linelen; - unsigned char buf[MSGBUFSIZE+4]; - unsigned char *inbufp = buf; + char buf[MSGBUFSIZE+4]; + char *inbufp = buf; flag issoftline = FALSE; /* @@ -1268,6 +1408,9 @@ int readbody(int sock, struct query *ctl, flag forward, int len) while (protocol->delimited || len > 0) { set_timeout(mytimeout); + /* XXX FIXME: for undelimited protocols that ship the size, such + * as IMAP, we might want to use the count of remaining characters + * instead of the buffer size -- not for fetchmail 6.3.X though */ if ((linelen = SockRead(sock, inbufp, sizeof(buf)-4-(inbufp-buf)))==-1) { set_timeout(0); @@ -1279,25 +1422,36 @@ int readbody(int sock, struct query *ctl, flag forward, int len) /* write the message size dots */ if (linelen > 0) { - sizeticker += linelen; - while (sizeticker >= SIZETICKER) - { - if (outlevel > O_SILENT && (((run.poll_interval == 0 || nodetach) && !isafile(1)) || run.showdots)) - { - fputc('.', stdout); - fflush(stdout); - } - sizeticker -= SIZETICKER; - } + print_ticker(&sizeticker, linelen); + } + + /* Mike Jones, Manchester University, 2006: + * "To fix IMAP MIME Messages in which fetchmail adds the remainder of + * the IMAP packet including the ')' character (part of the IMAP) + * Protocol causing the addition of an extra MIME boundary locally." + * + * However, we shouldn't do this for delimited protocols: + * many POP3 servers (Microsoft, qmail) goof up message sizes + * so we might end truncating messages prematurely. + */ + if (!protocol->delimited && linelen > len) { + /* FIXME: HACK ALERT! This \r\n is only here to make sure the + * \n\0 hunt works later on. The \n generated here was not + * part of the original message! + * The real fix will be to use buffer + length strings, + * rather than 0-terminated C strings. */ + inbufp[len++] = '\r'; + inbufp[len++] = '\n'; + inbufp[len] = '\0'; + linelen = len; } + len -= linelen; /* check for end of message */ if (protocol->delimited && *inbufp == '.') { - if (inbufp[1] == '\r' && inbufp[2] == '\n' && inbufp[3] == '\0') - break; - else if (inbufp[1] == '\n' && inbufp[2] == '\0') + if (EMPTYLINE(inbufp+1)) break; else msgblk.msglen--; /* subtract the size of the dot escape */ @@ -1336,11 +1490,11 @@ int readbody(int sock, struct query *ctl, flag forward, int len) if (n < 0) { - report(stdout, GT_("writing message text\n")); + report(stdout, GT_("error writing message text\n")); release_sink(ctl); return(PS_IOERR); } - else if (outlevel >= O_VERBOSE && !isafile(1)) + else if (want_progress()) { fputc('*', stdout); fflush(stdout); @@ -1352,15 +1506,17 @@ int readbody(int sock, struct query *ctl, flag forward, int len) } void init_transact(const struct method *proto) -/* initialize state for the send and receive functions */ +/** initialize state for the send and receive functions */ { + suppress_tags = FALSE; tagnum = 0; tag[0] = '\0'; /* nuke any tag hanging out from previous query */ - protocol = (struct method *)proto; + protocol = proto; + shroud[0] = '\0'; } +/** shroud a password in the given buffer */ static void enshroud(char *buf) -/* shroud a password in the given buffer */ { char *cp; @@ -1369,7 +1525,7 @@ static void enshroud(char *buf) char *sp; sp = cp + strlen(shroud); - *cp = '*'; + *cp++ = '*'; while (*sp) *cp++ = *sp++; *cp = '\0'; @@ -1377,20 +1533,20 @@ static void enshroud(char *buf) } #if defined(HAVE_STDARG_H) +/** assemble command in printf(3) style and send to the server */ void gen_send(int sock, const char *fmt, ... ) #else void gen_send(sock, fmt, va_alist) -int sock; /* socket to which server is connected */ -const char *fmt; /* printf-style format */ +int sock; /** socket to which server is connected */ +const char *fmt; /** printf-style format */ va_dcl #endif -/* assemble command in printf(3) style and send to the server */ { char buf [MSGBUFSIZE+1]; va_list ap; if (protocol->tagged && !suppress_tags) - (void) sprintf(buf, "%s ", GENSYM); + snprintf(buf, sizeof(buf) - 2, "%s ", GENSYM); else buf[0] = '\0'; @@ -1399,18 +1555,10 @@ va_dcl #else va_start(ap); #endif -#ifdef HAVE_VSNPRINTF - vsnprintf(buf + strlen(buf), sizeof(buf)-strlen(buf), fmt, ap); -#else - vsprintf(buf + strlen(buf), fmt, ap); -#endif + vsnprintf(buf + strlen(buf), sizeof(buf)-2-strlen(buf), fmt, ap); va_end(ap); -#ifdef HAVE_SNPRINTF snprintf(buf+strlen(buf), sizeof(buf)-strlen(buf), "\r\n"); -#else - strcat(buf, "\r\n"); -#endif /* HAVE_SNPRINTF */ SockWrite(sock, buf, strlen(buf)); if (outlevel >= O_MONITOR) @@ -1421,12 +1569,12 @@ va_dcl } } -int gen_recv(sock, buf, size) -/* get one line of input from the server */ -int sock; /* socket to which server is connected */ -char *buf; /* buffer to receive input */ -int size; /* length of buffer */ +/** get one line of input from the server */ +int gen_recv(int sock /** socket to which server is connected */, + char *buf /** buffer to receive input */, + int size /** length of buffer */) { + size_t n; int oldphase = phase; /* we don't have to be re-entrant */ phase = SERVER_WAIT; @@ -1435,15 +1583,22 @@ int size; /* length of buffer */ { set_timeout(0); phase = oldphase; - return(PS_SOCKET); + if(is_idletimeout()) + { + resetidletimeout(); + return(PS_IDLETIMEOUT); + } + else + return(PS_SOCKET); } else { set_timeout(0); - if (buf[strlen(buf)-1] == '\n') - buf[strlen(buf)-1] = '\0'; - if (buf[strlen(buf)-1] == '\r') - buf[strlen(buf)-1] = '\0'; + n = strlen(buf); + if (n > 0 && buf[n-1] == '\n') + buf[--n] = '\0'; + if (n > 0 && buf[n-1] == '\r') + buf[--n] = '\0'; if (outlevel >= O_MONITOR) report(stdout, "%s< %s\n", protocol->name, buf); phase = oldphase; @@ -1451,15 +1606,141 @@ int size; /* length of buffer */ } } +/** \addtogroup gen_recv_split + * @{ + * gen_recv_split() splits the response from a server which is too + * long to fit into the buffer into multiple lines. If the prefix is + * set as "MY FEATURES" and the response from the server is too long + * to fit in the buffer, as in: + * + * "MY FEATURES ABC DEF GHI JKLMNOPQRS TU VWX YZ" + * + * Repeated calls to gen_recv_split() may return: + * + * "MY FEATURES ABC DEF GHI" + * "MY FEATURES JKLMNOPQRS" + * "MY FEATURES TU VWX YZ" + * + * A response not beginning with the prefix "MY FEATURES" will not be + * split. + * + * To use: + * - Declare a variable of type struct RecvSplit + * - Call gen_recv_split_init() once + * - Call gen_recv_split() in a loop, preferably with the same buffer + * size as the "buf" array in struct RecvSplit + */ + +static void overrun(const char *f, size_t l) __attribute__((noreturn)); + +/** Internal error report function. If this happens, the calling site + * needs to be adjusted to set a shorter prefix, or the prefix capacity + * needs to be raised in struct RecvSplit. */ +static void overrun(const char *f, size_t l) +{ + report(stderr, GT_("Buffer too small. This is a bug in the caller of %s:%lu.\n"), f, (unsigned long)l); + abort(); +} + +/** Initialize \a rs for later use by gen_recv_split. */ +void gen_recv_split_init (const char *prefix /** prefix to match/repeat */, + struct RecvSplit *rs /** structure to be initialized */) +{ + if (strlcpy(rs->prefix, prefix, sizeof(rs->prefix)) > sizeof(rs->prefix)) + overrun(__FILE__, __LINE__); + rs->cached = 0; + rs->buf[0] = '\0'; +} + +/** Function to split replies at blanks, and duplicate prefix. + * gen_recv_split_init() must be called before this can be used. */ +int gen_recv_split(int sock /** socket to which server is connected */, + char *buf /** buffer to receive input */, + int size /** length of buffer, must be the same for all calls */, + struct RecvSplit *rs /** cached information across calls */) +{ + size_t n = 0; + int foundnewline = 0; + char *p; + int oldphase = phase; /* we don't have to be re-entrant */ + + assert(size > 0); + + /* if this is not our first call, prepare the buffer */ + if (rs->cached) + { + /* + * if this condition is not met, we lose data + * because the cached data does not fit into the buffer. + * this cannot happen if size is the same throughout all calls. + */ + assert(strlen(rs->prefix) + strlen(rs->buf) + 1 <= (size_t)size); + + if ((strlcpy(buf, rs->prefix, size) >= (size_t)size) + || (strlcat(buf, rs->buf, size) >= (size_t)size)) { + overrun(__FILE__, __LINE__); + } + + n = strlen(buf); + /* clear the cache for the next call */ + rs->cached = 0; + rs->buf[0] = '\0'; + } + + if ((size_t)size > n) { + int rr; + + phase = SERVER_WAIT; + set_timeout(mytimeout); + rr = SockRead(sock, buf + n, size - n); + set_timeout(0); + phase = oldphase; + if (rr == -1) + return PS_SOCKET; + } + + n = strlen(buf); + if (n > 0 && buf[n-1] == '\n') + { + buf[--n] = '\0'; + foundnewline = 1; + } + if (n > 0 && buf[n-1] == '\r') + buf[--n] = '\0'; + + if (foundnewline /* we have found a complete line */ + || strncasecmp(buf, rs->prefix, strlen(rs->prefix)) /* mismatch in prefix */ + || !(p = strrchr(buf, ' ')) /* no space found in response */ + || p < buf + strlen(rs->prefix)) /* space is at the wrong location */ + { + if (outlevel >= O_MONITOR) + report(stdout, "%s< %s\n", protocol->name, buf); + return(PS_SUCCESS); + } + + /* we are ready to cache some information now. */ + rs->cached = 1; + if (strlcpy(rs->buf, p, sizeof(rs->buf)) >= sizeof(rs->buf)) { + overrun(__FILE__, __LINE__); + } + *p = '\0'; /* chop off what we've cached */ + if (outlevel >= O_MONITOR) + report(stdout, "%s< %s\n", protocol->name, buf); + if (outlevel >= O_DEBUG) + report(stdout, "%s< %s%s...\n", protocol->name, rs->prefix, rs->buf); + return(PS_SUCCESS); +} +/** @} */ + #if defined(HAVE_STDARG_H) int gen_transact(int sock, const char *fmt, ... ) #else int gen_transact(int sock, fmt, va_alist) -int sock; /* socket to which server is connected */ -const char *fmt; /* printf-style format */ +int sock; /** socket to which server is connected */ +const char *fmt; /** printf-style format */ va_dcl #endif -/* assemble command in printf(3) style, send to server, accept a response */ +/** assemble command in printf(3) style, send to server, fetch a response */ { int ok; char buf [MSGBUFSIZE+1]; @@ -1469,7 +1750,7 @@ va_dcl phase = SERVER_WAIT; if (protocol->tagged && !suppress_tags) - (void) sprintf(buf, "%s ", GENSYM); + snprintf(buf, sizeof(buf) - 2, "%s ", GENSYM); else buf[0] = '\0'; @@ -1478,19 +1759,15 @@ va_dcl #else va_start(ap); #endif -#ifdef HAVE_VSNPRINTF - vsnprintf(buf + strlen(buf), sizeof(buf)-strlen(buf), fmt, ap); -#else - vsprintf(buf + strlen(buf), fmt, ap); -#endif + vsnprintf(buf + strlen(buf), sizeof(buf)-2-strlen(buf), fmt, ap); va_end(ap); -#ifdef HAVE_SNPRINTF snprintf(buf+strlen(buf), sizeof(buf)-strlen(buf), "\r\n"); -#else - strcat(buf, "\r\n"); -#endif /* HAVE_SNPRINTF */ - SockWrite(sock, buf, strlen(buf)); + ok = SockWrite(sock, buf, strlen(buf)); + if (ok == -1 || (size_t)ok != strlen(buf)) { + /* short write, bail out */ + return PS_SOCKET; + } if (outlevel >= O_MONITOR) {