1 /* 2 * Copyright (c) 1998-2006, 2008, 2023, 2024 Proofpoint, Inc. and its suppliers. 3 * All rights reserved. 4 * Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved. 5 * Copyright (c) 1988, 1993 6 * The Regents of the University of California. All rights reserved. 7 * 8 * By using this file, you agree to the terms and conditions set 9 * forth in the LICENSE file which can be found at the top level of 10 * the sendmail distribution. 11 * 12 */ 13 14 #include <sendmail.h> 15 16 SM_RCSID("@(#)$Id: collect.c,v 8.287 2013-11-22 20:51:55 ca Exp $") 17 18 #include <sm/sendmail.h> 19 20 static void eatfrom __P((char *volatile, ENVELOPE *)); 21 static void collect_doheader __P((ENVELOPE *)); 22 static SM_FILE_T *collect_dfopen __P((ENVELOPE *)); 23 static SM_FILE_T *collect_eoh __P((ENVELOPE *, int, int)); 24 25 /* 26 ** COLLECT_EOH -- end-of-header processing in collect() 27 ** 28 ** Called by collect() when it encounters the blank line 29 ** separating the header from the message body, or when it 30 ** encounters EOF in a message that contains only a header. 31 ** 32 ** Parameters: 33 ** e -- envelope 34 ** numhdrs -- number of headers 35 ** hdrslen -- length of headers 36 ** 37 ** Returns: 38 ** NULL, or handle to open data file 39 ** 40 ** Side Effects: 41 ** end-of-header check ruleset is invoked. 42 ** envelope state is updated. 43 ** headers may be added and deleted. 44 ** selects the queue. 45 ** opens the data file. 46 */ 47 48 static SM_FILE_T * 49 collect_eoh(e, numhdrs, hdrslen) 50 ENVELOPE *e; 51 int numhdrs; 52 int hdrslen; 53 { 54 char hnum[16]; 55 char hsize[16]; 56 57 /* call the end-of-header check ruleset */ 58 (void) sm_snprintf(hnum, sizeof(hnum), "%d", numhdrs); 59 (void) sm_snprintf(hsize, sizeof(hsize), "%d", hdrslen); 60 if (tTd(30, 10)) 61 sm_dprintf("collect: rscheck(\"check_eoh\", \"%s $| %s\")\n", 62 hnum, hsize); 63 (void) rscheck("check_eoh", hnum, hsize, e, RSF_UNSTRUCTURED|RSF_COUNT, 64 3, NULL, e->e_id, NULL, NULL); 65 66 /* 67 ** Process the header, 68 ** select the queue, open the data file. 69 */ 70 71 collect_doheader(e); 72 return collect_dfopen(e); 73 } 74 75 /* 76 ** COLLECT_DOHEADER -- process header in collect() 77 ** 78 ** Called by collect() after it has finished parsing the header, 79 ** but before it selects the queue and creates the data file. 80 ** The results of processing the header will affect queue selection. 81 ** 82 ** Parameters: 83 ** e -- envelope 84 ** 85 ** Returns: 86 ** none. 87 ** 88 ** Side Effects: 89 ** envelope state is updated. 90 ** headers may be added and deleted. 91 */ 92 93 static void 94 collect_doheader(e) 95 ENVELOPE *e; 96 { 97 /* 98 ** Find out some information from the headers. 99 ** Examples are who is the from person & the date. 100 */ 101 102 eatheader(e, true, false); 103 104 if (GrabTo && e->e_sendqueue == NULL) 105 usrerr("No recipient addresses found in header"); 106 107 /* 108 ** If we have a Return-Receipt-To:, turn it into a DSN. 109 */ 110 111 if (RrtImpliesDsn && hvalue("return-receipt-to", e->e_header) != NULL) 112 { 113 ADDRESS *q; 114 115 for (q = e->e_sendqueue; q != NULL; q = q->q_next) 116 if (!bitset(QHASNOTIFY, q->q_flags)) 117 q->q_flags |= QHASNOTIFY|QPINGONSUCCESS; 118 } 119 120 /* 121 ** Add an appropriate recipient line if we have none. 122 */ 123 124 if (hvalue("to", e->e_header) != NULL || 125 hvalue("cc", e->e_header) != NULL || 126 hvalue("apparently-to", e->e_header) != NULL) 127 { 128 /* have a valid recipient header -- delete Bcc: headers */ 129 e->e_flags |= EF_DELETE_BCC; 130 } 131 else if (hvalue("bcc", e->e_header) == NULL) 132 { 133 /* no valid recipient headers */ 134 register ADDRESS *q; 135 char *hdr = NULL; 136 137 /* create a recipient field */ 138 switch (NoRecipientAction) 139 { 140 case NRA_ADD_APPARENTLY_TO: 141 hdr = "Apparently-To"; 142 break; 143 144 case NRA_ADD_TO: 145 hdr = "To"; 146 break; 147 148 case NRA_ADD_BCC: 149 addheader("Bcc", " ", 0, e, true); 150 break; 151 152 case NRA_ADD_TO_UNDISCLOSED: 153 addheader("To", "undisclosed-recipients:;", 0, e, true); 154 break; 155 } 156 157 if (hdr != NULL) 158 { 159 for (q = e->e_sendqueue; q != NULL; q = q->q_next) 160 { 161 if (q->q_alias != NULL) 162 continue; 163 if (tTd(30, 3)) 164 sm_dprintf("Adding %s: %s\n", 165 hdr, q->q_paddr); 166 addheader(hdr, q->q_paddr, 0, e, true); 167 } 168 } 169 } 170 } 171 172 /* 173 ** COLLECT_DFOPEN -- open the message data file 174 ** 175 ** Called by collect() after it has finished processing the header. 176 ** Queue selection occurs at this point, possibly based on the 177 ** envelope's recipient list and on header information. 178 ** 179 ** Parameters: 180 ** e -- envelope 181 ** 182 ** Returns: 183 ** NULL, or a pointer to an open data file, 184 ** into which the message body will be written by collect(). 185 ** 186 ** Side Effects: 187 ** Calls syserr, sets EF_FATALERRS and returns NULL 188 ** if there is insufficient disk space. 189 ** Aborts process if data file could not be opened. 190 ** Otherwise, the queue is selected, 191 ** e->e_{dfino,dfdev,msgsize,flags} are updated, 192 ** and a pointer to an open data file is returned. 193 */ 194 195 static SM_FILE_T * 196 collect_dfopen(e) 197 ENVELOPE *e; 198 { 199 MODE_T oldumask = 0; 200 int dfd; 201 struct stat stbuf; 202 SM_FILE_T *df; 203 char *dfname; 204 205 if (!setnewqueue(e)) 206 return NULL; 207 208 dfname = queuename(e, DATAFL_LETTER); 209 if (bitset(S_IWGRP, QueueFileMode)) 210 oldumask = umask(002); 211 df = bfopen(dfname, QueueFileMode, DataFileBufferSize, 212 SFF_OPENASROOT); 213 if (bitset(S_IWGRP, QueueFileMode)) 214 (void) umask(oldumask); 215 if (df == NULL) 216 { 217 syserr("@Cannot create %s", dfname); 218 e->e_flags |= EF_NO_BODY_RETN; 219 flush_errors(true); 220 finis(false, true, ExitStat); 221 /* NOTREACHED */ 222 } 223 dfd = sm_io_getinfo(df, SM_IO_WHAT_FD, NULL); 224 if (dfd < 0 || fstat(dfd, &stbuf) < 0) 225 e->e_dfino = -1; 226 else 227 { 228 e->e_dfdev = stbuf.st_dev; 229 e->e_dfino = stbuf.st_ino; 230 } 231 e->e_flags |= EF_HAS_DF; 232 return df; 233 } 234 235 /* 236 ** INCBUFLEN -- increase buflen for the header buffer in collect() 237 ** 238 ** Parameters: 239 ** buflen -- current size of buffer 240 ** 241 ** Returns: 242 ** new buflen 243 */ 244 245 static int incbuflen __P((int)); 246 static int 247 incbuflen(buflen) 248 int buflen; 249 { 250 int newlen; 251 252 /* this also handles the case of MaxMessageSize == 0 */ 253 if (MaxMessageSize <= MEMCHUNKSIZE) 254 { 255 if (buflen < MEMCHUNKSIZE) 256 return buflen * 2; 257 else 258 return buflen + MEMCHUNKSIZE; 259 } 260 261 /* MaxMessageSize > MEMCHUNKSIZE */ 262 newlen = buflen * 2; 263 if (newlen > 0 && newlen < MaxMessageSize) 264 return newlen; 265 else 266 return MaxMessageSize; 267 } 268 269 #if _FFR_TESTS 270 /* just for testing/debug output */ 271 static const char * 272 makeprint(c) 273 char c; 274 { 275 static char prt[6]; 276 277 prt[1] = '\0'; 278 prt[2] = '\0'; 279 if (isprint((unsigned char)c)) 280 prt[0] = c; 281 else if ('\n' == c) 282 { 283 prt[0] = 'L'; 284 prt[1] = 'F'; 285 } 286 else if ('\r' == c) 287 { 288 prt[0] = 'C'; 289 prt[1] = 'R'; 290 } 291 else 292 snprintf(prt, sizeof(prt), "%o", c); 293 return prt; 294 } 295 #else /* _FFR_TESTS */ 296 # define makeprint(c) "X" 297 #endif /* _FFR_TESTS */ 298 299 /* 300 ** COLLECT -- read & parse message header & make temp file. 301 ** 302 ** Creates a temporary file name and copies the standard 303 ** input to that file. Leading UNIX-style "From" lines are 304 ** stripped off (after important information is extracted). 305 ** 306 ** Parameters: 307 ** fp -- file to read. 308 ** smtpmode -- if >= SMTPMODE_LAX we are running SMTP: 309 ** give an RFC821 style message to say we are 310 ** ready to collect input, and never ignore 311 ** a single dot to mean end of message. 312 ** hdrp -- the location to stash the header. 313 ** e -- the current envelope. 314 ** rsetsize -- reset e_msgsize? 315 ** 316 ** Returns: 317 ** none. 318 ** 319 ** Side Effects: 320 ** If successful, 321 ** - Data file is created and filled, and e->e_dfp is set. 322 ** - The from person may be set. 323 ** If the "enough disk space" check fails, 324 ** - syserr is called. 325 ** - e->e_dfp is NULL. 326 ** - e->e_flags & EF_FATALERRS is set. 327 ** - collect() returns. 328 ** If data file cannot be created, the process is terminated. 329 */ 330 331 /* values for input state machine */ 332 #define IS_NORM 0 /* middle of line */ 333 #define IS_BOL 1 /* beginning of line */ 334 #define IS_DOT 2 /* read "." at beginning of line */ 335 #define IS_DOTCR 3 /* read ".\r" at beginning of line */ 336 #define IS_CR 4 /* read "\r" */ 337 338 /* hack to enhance readability of debug output */ 339 static const char *istates[] = { "NORM", "BOL", "DOT", "DOTCR", "CR" }; 340 #define ISTATE istates[istate] 341 342 /* values for message state machine */ 343 #define MS_UFROM 0 /* reading Unix from line */ 344 #define MS_HEADER 1 /* reading message header */ 345 #define MS_BODY 2 /* reading message body */ 346 #define MS_DISCARD 3 /* discarding rest of message */ 347 #define BARE_LF_MSG "Bare linefeed (LF) not allowed" 348 #define BARE_CR_MSG "Bare carriage return (CR) not allowed" 349 350 void 351 collect(fp, smtpmode, hdrp, e, rsetsize) 352 SM_FILE_T *fp; 353 int smtpmode; 354 HDR **hdrp; 355 register ENVELOPE *e; 356 bool rsetsize; 357 { 358 register SM_FILE_T *df; 359 bool ignrdot; 360 int dbto; 361 register char *bp; 362 int c; 363 bool inputerr; 364 bool headeronly; 365 char *buf; 366 int buflen; 367 int istate; 368 int mstate; 369 int hdrslen; 370 int numhdrs; 371 int afd; 372 int old_rd_tmo; 373 unsigned char *pbp; 374 unsigned char peekbuf[8]; 375 char bufbuf[MAXLINE]; 376 #if _FFR_REJECT_NUL_BYTE 377 bool hasNUL; /* has at least one NUL input byte */ 378 #endif 379 int bare_lf, bare_cr; 380 381 #define SMTPMODE (smtpmode >= SMTPMODE_LAX) 382 #define SMTPMODE_STRICT ((smtpmode & SMTPMODE_CRLF) != 0) 383 #define BARE_LF_421 ((smtpmode & SMTPMODE_LF_421) != 0) 384 #define BARE_CR_421 ((smtpmode & SMTPMODE_CR_421) != 0) 385 #define BARE_LF_SP ((smtpmode & SMTPMODE_LF_SP) != 0) 386 #define BARE_CR_SP ((smtpmode & SMTPMODE_CR_SP) != 0) 387 388 /* for bare_{lf,cr} */ 389 #define BARE_IN_HDR 0x01 390 #define BARE_IN_BDY 0x02 391 #define BARE_WHERE ((MS_BODY == mstate) ? BARE_IN_BDY : BARE_IN_HDR) 392 393 df = NULL; 394 ignrdot = SMTPMODE ? false : IgnrDot; 395 bare_lf = bare_cr = 0; 396 397 /* timeout for I/O functions is in milliseconds */ 398 dbto = SMTPMODE ? ((int) TimeOuts.to_datablock * 1000) 399 : SM_TIME_FOREVER; 400 sm_io_setinfo(fp, SM_IO_WHAT_TIMEOUT, &dbto); 401 old_rd_tmo = set_tls_rd_tmo(TimeOuts.to_datablock); 402 c = SM_IO_EOF; 403 inputerr = false; 404 headeronly = hdrp != NULL; 405 hdrslen = 0; 406 numhdrs = 0; 407 HasEightBits = false; 408 #if _FFR_REJECT_NUL_BYTE 409 hasNUL = false; 410 #endif 411 buf = bp = bufbuf; 412 buflen = sizeof(bufbuf); 413 pbp = peekbuf; 414 istate = IS_BOL; 415 mstate = SaveFrom ? MS_HEADER : MS_UFROM; 416 417 /* 418 ** Tell ARPANET to go ahead. 419 */ 420 421 if (SMTPMODE) 422 message("354 End data with <CR><LF>.<CR><LF>"); 423 424 /* simulate an I/O timeout when used as sink */ 425 if (tTd(83, 101)) 426 sleep(319); 427 428 if (tTd(30, 2)) 429 sm_dprintf("collect, smtpmode=%#x\n", smtpmode); 430 431 /* 432 ** Read the message. 433 ** 434 ** This is done using two interleaved state machines. 435 ** The input state machine is looking for things like 436 ** hidden dots; the message state machine is handling 437 ** the larger picture (e.g., header versus body). 438 */ 439 440 if (rsetsize) 441 e->e_msgsize = 0; 442 for (;;) 443 { 444 if (tTd(30, 35)) 445 sm_dprintf("top, istate=%s, mstate=%d\n", ISTATE, 446 mstate); 447 for (;;) 448 { 449 if (pbp > peekbuf) 450 c = *--pbp; 451 else 452 { 453 while (!sm_io_eof(fp) && !sm_io_error(fp)) 454 { 455 errno = 0; 456 c = sm_io_getc(fp, SM_TIME_DEFAULT); 457 if (c == SM_IO_EOF && errno == EINTR) 458 { 459 /* Interrupted, retry */ 460 sm_io_clearerr(fp); 461 continue; 462 } 463 464 /* timeout? */ 465 if (c == SM_IO_EOF && errno == EAGAIN 466 && SMTPMODE) 467 { 468 /* 469 ** Override e_message in 470 ** usrerr() as this is the 471 ** reason for failure that 472 ** should be logged for 473 ** undelivered recipients. 474 */ 475 476 e->e_message = NULL; 477 errno = 0; 478 inputerr = true; 479 goto readabort; 480 } 481 break; 482 } 483 if (TrafficLogFile != NULL && !headeronly) 484 { 485 if (istate == IS_BOL) 486 (void) sm_io_fprintf(TrafficLogFile, 487 SM_TIME_DEFAULT, 488 "%05d <<< ", 489 (int) CurrentPid); 490 if (c == SM_IO_EOF) 491 (void) sm_io_fprintf(TrafficLogFile, 492 SM_TIME_DEFAULT, 493 "[EOF]\n"); 494 else 495 (void) sm_io_putc(TrafficLogFile, 496 SM_TIME_DEFAULT, 497 c); 498 } 499 #if _FFR_REJECT_NUL_BYTE 500 if (c == '\0') 501 hasNUL = true; 502 #endif 503 if (c == SM_IO_EOF) 504 goto readdone; 505 if (SevenBitInput || 506 bitset(EF_7BITBODY, e->e_flags)) 507 c &= 0x7f; 508 else 509 HasEightBits |= bitset(0x80, c); 510 } 511 if (tTd(30, 94)) 512 sm_dprintf("istate=%s, c=%s (0x%x)\n", 513 ISTATE, makeprint((char) c), c); 514 if ('\n' == c && SMTPMODE && 515 !(IS_CR == istate || IS_DOTCR == istate)) 516 { 517 bare_lf |= BARE_WHERE; 518 if (BARE_LF_421) 519 { 520 inputerr = true; 521 goto readabort; 522 } 523 if (BARE_LF_SP) 524 { 525 if (TTD(30, 64)) 526 sm_dprintf("LF: c=%s %#x\n", makeprint((char) c), c); 527 c = ' '; 528 } 529 } 530 switch (istate) 531 { 532 case IS_BOL: 533 if (c == '.') 534 { 535 istate = IS_DOT; 536 continue; 537 } 538 break; 539 540 case IS_DOT: 541 if (c == '\n' && !ignrdot && !SMTPMODE_STRICT) 542 goto readdone; 543 else if (c == '\r') 544 { 545 istate = IS_DOTCR; 546 continue; 547 } 548 else if (ignrdot || 549 (c != '.' && 550 OpMode != MD_SMTP && 551 OpMode != MD_DAEMON && 552 OpMode != MD_ARPAFTP)) 553 554 { 555 SM_ASSERT(pbp < peekbuf + 556 sizeof(peekbuf)); 557 *pbp++ = c; 558 c = '.'; 559 } 560 break; 561 562 case IS_DOTCR: 563 if (c == '\n' && !ignrdot) 564 goto readdone; 565 else 566 { 567 /* push back the ".\rx" */ 568 SM_ASSERT(pbp < peekbuf + 569 sizeof(peekbuf)); 570 *pbp++ = c; 571 if (OpMode != MD_SMTP && 572 OpMode != MD_DAEMON && 573 OpMode != MD_ARPAFTP) 574 { 575 SM_ASSERT(pbp < peekbuf + 576 sizeof(peekbuf)); 577 *pbp++ = '\r'; 578 c = '.'; 579 } 580 else 581 c = '\r'; 582 } 583 break; 584 585 case IS_CR: 586 if (c == '\n') 587 { 588 if (TTD(30, 64)) 589 sm_dprintf("state=CR, c=%s %#x -> BOL\n", makeprint((char) c), c); 590 istate = IS_BOL; 591 } 592 else 593 { 594 if (TTD(30, 64)) 595 sm_dprintf("state=CR, c=%s %#x -> NORM\n", makeprint((char) c), c); 596 if (SMTPMODE) 597 { 598 bare_cr |= BARE_WHERE; 599 if (BARE_CR_421) 600 { 601 inputerr = true; 602 goto readabort; 603 } 604 } 605 (void) sm_io_ungetc(fp, SM_TIME_DEFAULT, 606 c); 607 if (BARE_CR_SP) 608 c = ' '; 609 else 610 c = '\r'; 611 istate = IS_NORM; 612 } 613 goto bufferchar; 614 } 615 616 if (c == '\r') 617 { 618 istate = IS_CR; 619 continue; 620 } 621 else if (c == '\n' && !SMTPMODE_STRICT) 622 istate = IS_BOL; 623 else 624 istate = IS_NORM; 625 626 bufferchar: 627 if (!headeronly) 628 { 629 /* no overflow? */ 630 if (e->e_msgsize >= 0) 631 { 632 e->e_msgsize++; 633 if (MaxMessageSize > 0 && 634 !bitset(EF_TOOBIG, e->e_flags) && 635 e->e_msgsize > MaxMessageSize) 636 e->e_flags |= EF_TOOBIG; 637 } 638 } 639 switch (mstate) 640 { 641 case MS_BODY: 642 /* just put the character out */ 643 if (!bitset(EF_TOOBIG, e->e_flags)) 644 (void) sm_io_putc(df, SM_TIME_DEFAULT, 645 c); 646 if (TTD(30, 64)) 647 sm_dprintf("state=%s, put=%s %#x\n", ISTATE, makeprint((char) c), c); 648 /* FALLTHROUGH */ 649 650 case MS_DISCARD: 651 continue; 652 } 653 654 SM_ASSERT(mstate == MS_UFROM || mstate == MS_HEADER); 655 656 /* header -- buffer up */ 657 if (bp >= &buf[buflen - 2]) 658 { 659 char *obuf; 660 661 /* out of space for header */ 662 obuf = buf; 663 buflen = incbuflen(buflen); 664 if (tTd(30, 32)) 665 sm_dprintf("buflen=%d, hdrslen=%d\n", buflen, hdrslen); 666 if (buflen <= 0) 667 { 668 sm_syslog(LOG_NOTICE, e->e_id, 669 "header overflow from %s during message collect", 670 CURHOSTNAME); 671 errno = 0; 672 e->e_flags |= EF_CLRQUEUE; 673 e->e_status = "5.6.0"; 674 usrerrenh(e->e_status, 675 "552 Headers too large"); 676 goto discard; 677 } 678 buf = xalloc(buflen); 679 memmove(buf, obuf, bp - obuf); 680 bp = &buf[bp - obuf]; 681 if (obuf != bufbuf) 682 sm_free(obuf); /* XXX */ 683 } 684 685 if (c != '\0') 686 { 687 *bp++ = c; 688 ++hdrslen; 689 if (!headeronly && 690 MaxHeadersLength > 0 && 691 hdrslen > MaxHeadersLength) 692 { 693 sm_syslog(LOG_NOTICE, e->e_id, 694 "headers too large (%d max) from %s during message collect", 695 MaxHeadersLength, 696 CURHOSTNAME); 697 errno = 0; 698 e->e_flags |= EF_CLRQUEUE; 699 e->e_status = "5.6.0"; 700 usrerrenh(e->e_status, 701 "552 Headers too large (%d max)", 702 MaxHeadersLength); 703 discard: 704 mstate = MS_DISCARD; 705 } 706 } 707 if (istate == IS_BOL) 708 break; 709 } 710 *bp = '\0'; 711 712 nextstate: 713 if (tTd(30, 35)) 714 sm_dprintf("nextstate, istate=%s, mstate=%d, line=\"%s\"\n", 715 ISTATE, mstate, buf); 716 switch (mstate) 717 { 718 case MS_UFROM: 719 mstate = MS_HEADER; 720 #ifndef NOTUNIX 721 if (strncmp(buf, "From ", 5) == 0) 722 { 723 bp = buf; 724 eatfrom(buf, e); 725 continue; 726 } 727 #endif /* ! NOTUNIX */ 728 /* FALLTHROUGH */ 729 730 case MS_HEADER: 731 if (!isheader(buf)) 732 { 733 mstate = MS_BODY; 734 goto nextstate; 735 } 736 737 /* check for possible continuation line */ 738 do 739 { 740 sm_io_clearerr(fp); 741 errno = 0; 742 c = sm_io_getc(fp, SM_TIME_DEFAULT); 743 744 /* timeout? */ 745 if (c == SM_IO_EOF && errno == EAGAIN 746 && SMTPMODE) 747 { 748 /* 749 ** Override e_message in 750 ** usrerr() as this is the 751 ** reason for failure that 752 ** should be logged for 753 ** undelivered recipients. 754 */ 755 756 e->e_message = NULL; 757 errno = 0; 758 inputerr = true; 759 goto readabort; 760 } 761 } while (c == SM_IO_EOF && errno == EINTR); 762 if (c != SM_IO_EOF) 763 (void) sm_io_ungetc(fp, SM_TIME_DEFAULT, c); 764 if (c == ' ' || c == '\t') 765 { 766 /* yep -- defer this */ 767 continue; 768 } 769 770 SM_ASSERT(bp > buf); 771 772 /* guaranteed by isheader(buf) */ 773 SM_ASSERT(*(bp - 1) != '\n' || bp > buf + 1); 774 775 /* trim off trailing CRLF or LF */ 776 if (*--bp != '\n' || *--bp != '\r') 777 bp++; 778 *bp = '\0'; 779 780 if (bitset(H_EOH, chompheader(buf, 781 CHHDR_CHECK | CHHDR_USER, 782 hdrp, e))) 783 { 784 mstate = MS_BODY; 785 goto nextstate; 786 } 787 numhdrs++; 788 break; 789 790 case MS_BODY: 791 if (tTd(30, 1)) 792 sm_dprintf("EOH\n"); 793 794 if (headeronly) 795 goto readdone; 796 797 df = collect_eoh(e, numhdrs, hdrslen); 798 if (df == NULL) 799 e->e_flags |= EF_TOOBIG; 800 801 bp = buf; 802 803 /* toss blank line */ 804 if ((bp[0] == '\r' && bp[1] == '\n') || 805 (bp[0] == '\n')) 806 { 807 break; 808 } 809 810 /* if not a blank separator, write it out */ 811 if (!bitset(EF_TOOBIG, e->e_flags)) 812 { 813 while (*bp != '\0') 814 (void) sm_io_putc(df, SM_TIME_DEFAULT, 815 *bp++); 816 } 817 break; 818 } 819 bp = buf; 820 } 821 822 readdone: 823 if ((sm_io_eof(fp) && SMTPMODE) || sm_io_error(fp)) 824 { 825 const char *errmsg; 826 827 if (sm_io_eof(fp)) 828 errmsg = "unexpected close"; 829 else 830 errmsg = sm_errstring(errno); 831 if (tTd(30, 1)) 832 sm_dprintf("collect: premature EOM: %s\n", errmsg); 833 if (LogLevel > 1) 834 sm_syslog(LOG_WARNING, e->e_id, 835 "collect: premature EOM: %s", errmsg); 836 inputerr = true; 837 } 838 839 if (headeronly) 840 goto end; 841 842 if (mstate != MS_BODY) 843 { 844 /* no body or discard, so we never opened the data file */ 845 SM_ASSERT(df == NULL); 846 df = collect_eoh(e, numhdrs, hdrslen); 847 } 848 849 if (df == NULL) 850 { 851 /* skip next few clauses */ 852 /* EMPTY */ 853 } 854 else if (sm_io_flush(df, SM_TIME_DEFAULT) != 0 || sm_io_error(df)) 855 { 856 dferror(df, "sm_io_flush||sm_io_error", e); 857 flush_errors(true); 858 finis(true, true, ExitStat); 859 /* NOTREACHED */ 860 } 861 else if (SuperSafe == SAFE_NO || 862 SuperSafe == SAFE_INTERACTIVE || 863 (SuperSafe == SAFE_REALLY_POSTMILTER && SMTPMODE)) 864 { 865 /* skip next few clauses */ 866 /* EMPTY */ 867 /* Note: updfs() is not called in this case! */ 868 } 869 else if (sm_io_setinfo(df, SM_BF_COMMIT, NULL) < 0 && errno != EINVAL) 870 { 871 int save_errno = errno; 872 873 if (save_errno == EEXIST) 874 { 875 char *dfile; 876 struct stat st; 877 int dfd; 878 879 dfile = queuename(e, DATAFL_LETTER); 880 if (stat(dfile, &st) < 0) 881 st.st_size = -1; 882 errno = EEXIST; 883 syserr("@collect: bfcommit(%s): already on disk, size=%ld", 884 dfile, (long) st.st_size); 885 dfd = sm_io_getinfo(df, SM_IO_WHAT_FD, NULL); 886 if (dfd >= 0) 887 dumpfd(dfd, true, true); 888 } 889 errno = save_errno; 890 dferror(df, "bfcommit", e); 891 flush_errors(true); 892 finis(save_errno != EEXIST, true, ExitStat); 893 } 894 else if ((afd = sm_io_getinfo(df, SM_IO_WHAT_FD, NULL)) < 0) 895 { 896 dferror(df, "sm_io_getinfo", e); 897 flush_errors(true); 898 finis(true, true, ExitStat); 899 /* NOTREACHED */ 900 } 901 else if (fsync(afd) < 0) 902 { 903 dferror(df, "fsync", e); 904 flush_errors(true); 905 finis(true, true, ExitStat); 906 /* NOTREACHED */ 907 } 908 else if (sm_io_close(df, SM_TIME_DEFAULT) < 0) 909 { 910 dferror(df, "sm_io_close", e); 911 flush_errors(true); 912 finis(true, true, ExitStat); 913 /* NOTREACHED */ 914 } 915 else 916 { 917 /* everything is happily flushed to disk */ 918 df = NULL; 919 920 /* remove from available space in filesystem */ 921 updfs(e, 0, 1, "collect"); 922 } 923 924 /* An EOF when running SMTP is an error */ 925 readabort: 926 if (inputerr && (OpMode == MD_SMTP || OpMode == MD_DAEMON)) 927 { 928 char *problem; 929 ADDRESS *q; 930 931 if (sm_io_eof(fp)) 932 problem = "unexpected close"; 933 else if (sm_io_error(fp)) 934 problem = "I/O error"; 935 else if (0 != bare_lf) 936 problem = BARE_LF_MSG; 937 else if (0 != bare_cr) 938 problem = BARE_CR_MSG; 939 else 940 problem = "read timeout"; 941 942 #define LOG_CLT ((NULL != RealHostName) ? RealHostName: "localhost") 943 #define CONN_ERR_TXT "collect: relay=%s, from=%s, info=%s%s%s%s" 944 #define CONN_ERR_CODE "421 4.4.1 " 945 #define CONN_LOG_FROM shortenstring(e->e_from.q_paddr, MAXSHORTSTR) 946 #define CONN_ERR_BARE (0 != bare_lf) ? BARE_LF_MSG : ((0 != bare_cr) ? BARE_CR_MSG : "") 947 #define CONN_ERR_WHERE(bare_xy) (BARE_IN_HDR==(bare_xy) ? "header" : \ 948 (BARE_IN_BDY==(bare_xy) ? "body" : "header+body")) 949 950 #define HAS_BARE_XY (0 != (bare_lf | bare_cr)) 951 #define CONN_ERR_ARGS LOG_CLT, CONN_LOG_FROM, problem, \ 952 HAS_BARE_XY ? ", where=" : "", \ 953 HAS_BARE_XY ? CONN_ERR_WHERE(bare_lf|bare_cr) : "", \ 954 HAS_BARE_XY ? ", status=tempfail" : "" 955 956 if (LogLevel > 0 && (sm_io_eof(fp) || (0 != (bare_lf | bare_cr)))) 957 sm_syslog(LOG_NOTICE, e->e_id, 958 CONN_ERR_TXT, CONN_ERR_ARGS); 959 if (0 != (bare_lf | bare_cr)) 960 usrerr("421 4.5.0 %s", CONN_ERR_BARE); 961 else if (sm_io_eof(fp)) 962 usrerr(CONN_ERR_CODE CONN_ERR_TXT, CONN_ERR_ARGS); 963 else 964 syserr(CONN_ERR_CODE CONN_ERR_TXT, CONN_ERR_ARGS); 965 flush_errors(true); 966 967 /* don't return an error indication */ 968 e->e_to = NULL; 969 e->e_flags &= ~EF_FATALERRS; 970 e->e_flags |= EF_CLRQUEUE; 971 972 /* Don't send any message notification to sender */ 973 for (q = e->e_sendqueue; q != NULL; q = q->q_next) 974 { 975 if (QS_IS_DEAD(q->q_state)) 976 continue; 977 q->q_state = QS_FATALERR; 978 } 979 980 SM_CLOSE_FP(df); 981 finis(true, true, ExitStat); 982 /* NOTREACHED */ 983 } 984 985 /* Log collection information. */ 986 if (tTd(92, 2)) 987 sm_dprintf("collect: e_id=%s, EF_LOGSENDER=%d, LogLevel=%d\n", 988 e->e_id, bitset(EF_LOGSENDER, e->e_flags), LogLevel); 989 if (bitset(EF_LOGSENDER, e->e_flags) && LogLevel > 4) 990 { 991 logsender(e, e->e_msgid); 992 e->e_flags &= ~EF_LOGSENDER; 993 } 994 995 #define LOG_BARE_XY(bare_xy, bare_xy_sp, bare_xy_msg) \ 996 do \ 997 { \ 998 if ((0 != bare_xy) && LogLevel > 8) \ 999 sm_syslog(LOG_NOTICE, e->e_id, \ 1000 "collect: relay=%s, from=%s, info=%s, where=%s%s" \ 1001 , LOG_CLT, CONN_LOG_FROM, bare_xy_msg \ 1002 , CONN_ERR_WHERE(bare_xy) \ 1003 , bare_xy_sp ? ", status=replaced" : "" \ 1004 ); \ 1005 } while (0) 1006 1007 LOG_BARE_XY(bare_lf, BARE_LF_SP, BARE_LF_MSG); 1008 LOG_BARE_XY(bare_cr, BARE_CR_SP, BARE_CR_MSG); 1009 1010 /* check for message too large */ 1011 if (bitset(EF_TOOBIG, e->e_flags)) 1012 { 1013 e->e_flags |= EF_NO_BODY_RETN|EF_CLRQUEUE; 1014 if (!bitset(EF_FATALERRS, e->e_flags)) 1015 { 1016 e->e_status = "5.2.3"; 1017 usrerrenh(e->e_status, 1018 "552 Message exceeds maximum fixed size (%ld)", 1019 MaxMessageSize); 1020 if (LogLevel > 6) 1021 sm_syslog(LOG_NOTICE, e->e_id, 1022 "message size (%ld) exceeds maximum (%ld)", 1023 PRT_NONNEGL(e->e_msgsize), 1024 MaxMessageSize); 1025 } 1026 } 1027 1028 /* check for illegal 8-bit data */ 1029 if (HasEightBits) 1030 { 1031 e->e_flags |= EF_HAS8BIT; 1032 if (!bitset(MM_PASS8BIT|MM_MIME8BIT, MimeMode) && 1033 !bitset(EF_IS_MIME, e->e_flags)) 1034 { 1035 e->e_status = "5.6.1"; 1036 usrerrenh(e->e_status, "554 Eight bit data not allowed"); 1037 } 1038 } 1039 else 1040 { 1041 /* if it claimed to be 8 bits, well, it lied.... */ 1042 if (e->e_bodytype != NULL && 1043 SM_STRCASEEQ(e->e_bodytype, "8bitmime")) 1044 e->e_bodytype = "7BIT"; 1045 } 1046 1047 #if _FFR_REJECT_NUL_BYTE 1048 if (hasNUL && RejectNUL) 1049 { 1050 e->e_status = "5.6.1"; 1051 usrerrenh(e->e_status, "554 NUL byte not allowed"); 1052 } 1053 #endif /* _FFR_REJECT_NUL_BYTE */ 1054 1055 if (SuperSafe == SAFE_REALLY && !bitset(EF_FATALERRS, e->e_flags)) 1056 { 1057 char *dfname = queuename(e, DATAFL_LETTER); 1058 if ((e->e_dfp = sm_io_open(SmFtStdio, SM_TIME_DEFAULT, dfname, 1059 SM_IO_RDONLY_B, NULL)) == NULL) 1060 { 1061 /* we haven't acked receipt yet, so just chuck this */ 1062 syserr("@Cannot reopen %s", dfname); 1063 finis(true, true, ExitStat); 1064 /* NOTREACHED */ 1065 } 1066 } 1067 else 1068 e->e_dfp = df; 1069 1070 /* collect statistics */ 1071 if (OpMode != MD_VERIFY) 1072 { 1073 /* 1074 ** Recalculate e_msgpriority, it is done at in eatheader() 1075 ** which is called (in 8.12) after the header is collected, 1076 ** hence e_msgsize is (most likely) incorrect. 1077 */ 1078 1079 e->e_msgpriority = e->e_msgsize 1080 - e->e_class * WkClassFact 1081 + e->e_nrcpts * WkRecipFact; 1082 markstats(e, (ADDRESS *) NULL, STATS_NORMAL); 1083 } 1084 1085 end: 1086 (void) set_tls_rd_tmo(old_rd_tmo); 1087 if (buf != bufbuf) 1088 SM_FREE(buf); 1089 } 1090 1091 /* 1092 ** DFERROR -- signal error on writing the data file. 1093 ** 1094 ** Called by collect(). collect() always terminates the process 1095 ** immediately after calling dferror(), which means that the SMTP 1096 ** session will be terminated, which means that any error message 1097 ** issued by dferror must be a 421 error, as per RFC 821. 1098 ** 1099 ** Parameters: 1100 ** df -- the file pointer for the data file. 1101 ** msg -- detailed message. 1102 ** e -- the current envelope. 1103 ** 1104 ** Returns: 1105 ** none. 1106 ** 1107 ** Side Effects: 1108 ** Gives an error message. 1109 ** Arranges for following output to go elsewhere. 1110 */ 1111 1112 void 1113 dferror(df, msg, e) 1114 SM_FILE_T *volatile df; 1115 char *msg; 1116 register ENVELOPE *e; 1117 { 1118 char *dfname; 1119 1120 dfname = queuename(e, DATAFL_LETTER); 1121 setstat(EX_IOERR); 1122 if (errno == ENOSPC) 1123 { 1124 #if STAT64 > 0 1125 struct stat64 st; 1126 #else 1127 struct stat st; 1128 #endif 1129 long avail; 1130 long bsize; 1131 1132 e->e_flags |= EF_NO_BODY_RETN; 1133 1134 if ( 1135 #if STAT64 > 0 1136 fstat64(sm_io_getinfo(df, SM_IO_WHAT_FD, NULL), &st) 1137 #else 1138 fstat(sm_io_getinfo(df, SM_IO_WHAT_FD, NULL), &st) 1139 #endif 1140 < 0) 1141 st.st_size = 0; 1142 (void) sm_io_reopen(SmFtStdio, SM_TIME_DEFAULT, dfname, 1143 SM_IO_WRONLY_B, NULL, df); 1144 if (st.st_size <= 0) 1145 (void) sm_io_fprintf(df, SM_TIME_DEFAULT, 1146 "\n*** Mail could not be accepted"); 1147 else 1148 (void) sm_io_fprintf(df, SM_TIME_DEFAULT, 1149 "\n*** Mail of at least %llu bytes could not be accepted\n", 1150 (ULONGLONG_T) st.st_size); 1151 (void) sm_io_fprintf(df, SM_TIME_DEFAULT, 1152 "*** at %s due to lack of disk space for temp file.\n", 1153 MyHostName); 1154 avail = freediskspace(qid_printqueue(e->e_qgrp, e->e_qdir), 1155 &bsize); 1156 if (avail > 0) 1157 { 1158 if (bsize > 1024) 1159 avail *= bsize / 1024; 1160 else if (bsize < 1024) 1161 avail /= 1024 / bsize; 1162 (void) sm_io_fprintf(df, SM_TIME_DEFAULT, 1163 "*** Currently, %ld kilobytes are available for mail temp files.\n", 1164 avail); 1165 } 1166 #if 0 1167 /* Wrong response code; should be 421. */ 1168 e->e_status = "4.3.1"; 1169 usrerrenh(e->e_status, "452 Out of disk space for temp file"); 1170 #else /* 0 */ 1171 syserr("421 4.3.1 Out of disk space for temp file"); 1172 #endif /* 0 */ 1173 } 1174 else 1175 syserr("421 4.3.0 collect: Cannot write %s (%s, uid=%ld, gid=%ld)", 1176 dfname, msg, (long) geteuid(), (long) getegid()); 1177 if (sm_io_reopen(SmFtStdio, SM_TIME_DEFAULT, SM_PATH_DEVNULL, 1178 SM_IO_WRONLY, NULL, df) == NULL) 1179 sm_syslog(LOG_ERR, e->e_id, 1180 "dferror: sm_io_reopen(\"/dev/null\") failed: %s", 1181 sm_errstring(errno)); 1182 } 1183 /* 1184 ** EATFROM -- chew up a UNIX style from line and process 1185 ** 1186 ** This does indeed make some assumptions about the format 1187 ** of UNIX messages. 1188 ** 1189 ** Parameters: 1190 ** fm -- the from line. 1191 ** e -- envelope 1192 ** 1193 ** Returns: 1194 ** none. 1195 ** 1196 ** Side Effects: 1197 ** extracts what information it can from the header, 1198 ** such as the date. 1199 */ 1200 1201 #ifndef NOTUNIX 1202 1203 static char *DowList[] = 1204 { 1205 "Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat", NULL 1206 }; 1207 1208 static char *MonthList[] = 1209 { 1210 "Jan", "Feb", "Mar", "Apr", "May", "Jun", 1211 "Jul", "Aug", "Sep", "Oct", "Nov", "Dec", 1212 NULL 1213 }; 1214 1215 static void 1216 eatfrom(fm, e) 1217 char *volatile fm; 1218 register ENVELOPE *e; 1219 { 1220 register char *p; 1221 register char **dt; 1222 1223 if (tTd(30, 2)) 1224 sm_dprintf("eatfrom(%s)\n", fm); 1225 1226 /* find the date part */ 1227 p = fm; 1228 while (*p != '\0') 1229 { 1230 /* skip a word */ 1231 while (*p != '\0' && *p != ' ') 1232 p++; 1233 while (*p == ' ') 1234 p++; 1235 if (strlen(p) < 17) 1236 { 1237 /* no room for the date */ 1238 return; 1239 } 1240 if (!(isascii(*p) && isupper(*p)) || 1241 p[3] != ' ' || p[13] != ':' || p[16] != ':') 1242 continue; 1243 1244 /* we have a possible date */ 1245 for (dt = DowList; *dt != NULL; dt++) 1246 if (strncmp(*dt, p, 3) == 0) 1247 break; 1248 if (*dt == NULL) 1249 continue; 1250 1251 for (dt = MonthList; *dt != NULL; dt++) 1252 { 1253 if (strncmp(*dt, &p[4], 3) == 0) 1254 break; 1255 } 1256 if (*dt != NULL) 1257 break; 1258 } 1259 1260 if (*p != '\0') 1261 { 1262 char *q, buf[25]; 1263 1264 /* we have found a date */ 1265 (void) sm_strlcpy(buf, p, sizeof(buf)); 1266 q = arpadate(buf); 1267 macdefine(&e->e_macro, A_TEMP, 'a', q); 1268 } 1269 } 1270 #endif /* ! NOTUNIX */ 1271