Handle exim local_scan API version changes

2025-12-06 12:03:55 +01:00 · 2021-08-20 12:00:22 +02:00
parent 6b8e0d948d
commit 508b985b0e
1 changed files with 22 additions and 12 deletions
--- a/src/libexim-encrypt-dlfunc.c
+++ b/src/libexim-encrypt-dlfunc.c
@ -9,6 +9,16 @@
 /* Exim4 dlfunc API header */
 #include <local_scan.h>

+#if LOCAL_SCAN_ABI_VERSION_MAJOR < 3
+#define LOCAL_SCAN
+#define store_get_untainted(size) store_get(size)
+#define store_get_tainted(size) store_get(size)
+#else
+#define DLFUNC_IMPL
+#define store_get_untainted(size) store_get(size, FALSE)
+#define store_get_tainted(size) store_get(size, TRUE)
+#endif
+
 /*
 * Encrypt message using crypto_secretbox_easy().
 *
@ -48,7 +58,7 @@ int sodium_crypto_secretbox_encrypt_password(uschar **yield, int argc, uschar *a

    // prepare buffer for ciphertext
    unsigned int cipherlen = messagelen + crypto_secretbox_MACBYTES;
-    unsigned char *ciphertext = (unsigned char *) store_get(cipherlen);
+    unsigned char *ciphertext = (unsigned char *) store_get_untainted(cipherlen);
    sodium_memzero(ciphertext, cipherlen);

    // encrypt message
@ -61,14 +71,14 @@ int sodium_crypto_secretbox_encrypt_password(uschar **yield, int argc, uschar *a

    // combine nonce and ciphertext
    size_t combined_message_len = crypto_secretbox_NONCEBYTES + cipherlen;
-    unsigned char *combined_message = store_get(combined_message_len);
+    unsigned char *combined_message = store_get_untainted(combined_message_len);
    memcpy(combined_message, nonce, crypto_secretbox_NONCEBYTES);
    memcpy(&combined_message[crypto_secretbox_NONCEBYTES], ciphertext, cipherlen);

    // base64-encode the ciphertext
    unsigned int outputsize = sodium_base64_ENCODED_LEN(combined_message_len,
                                                        sodium_base64_VARIANT_ORIGINAL);
-    unsigned char *outstring = (unsigned char *) store_get(outputsize);
+    unsigned char *outstring = (unsigned char *) store_get_untainted(outputsize);
    //sodium_memzero(outstring, outputsize);
    sodium_bin2base64((char *const) outstring, outputsize,
                      combined_message, combined_message_len,
@ -115,7 +125,7 @@ int sodium_crypto_secretbox_decrypt_password(uschar **yield, int argc, uschar *a
    // base64-decode the ciphertext
    size_t combined_message_buf_len = ciphertextb64_len / 4 * 3;
    size_t combined_message_len;
-    unsigned char *combined_message = (unsigned char *) store_get(combined_message_buf_len);
+    unsigned char *combined_message = (unsigned char *) store_get_untainted(combined_message_buf_len);
    sodium_memzero(combined_message, combined_message_buf_len);
    int b64err = sodium_base642bin(combined_message, combined_message_buf_len,
                                   (const char *) ciphertextb64, ciphertextb64_len,
@ -132,7 +142,7 @@ int sodium_crypto_secretbox_decrypt_password(uschar **yield, int argc, uschar *a

    // prepare buffer for cleartext
    unsigned int cleartextlen = combined_message_len - crypto_secretbox_NONCEBYTES - crypto_secretbox_MACBYTES;
-    unsigned char *cleartext = (unsigned char *) store_get(cleartextlen + 1);
+    unsigned char *cleartext = (unsigned char *) store_get_untainted(cleartextlen + 1);
    sodium_memzero(cleartext, cleartextlen + 1);

    // decrypt message
@ -173,7 +183,7 @@ int sodium_crypto_box_seal(uschar **yield, int argc, uschar *argv[]) {
    size_t pkb64_len = strlen((const char *) pkb64);
    // reserve space for conversion
    unsigned int pk_buffer_len = crypto_box_PUBLICKEYBYTES; // pkb64_len / 4 * 3 + 1;
-    unsigned char *pk = (unsigned char *) store_get(pk_buffer_len);
+    unsigned char *pk = (unsigned char *) store_get_untainted(pk_buffer_len);
    sodium_memzero(pk, pk_buffer_len);
    // convert encoded key to raw form
    int b64err = sodium_base642bin(pk, pk_buffer_len,
@ -190,7 +200,7 @@ int sodium_crypto_box_seal(uschar **yield, int argc, uschar *argv[]) {

    // prepare buffer for ciphertext
    unsigned int cipherlen = messagelen + crypto_box_SEALBYTES;
-    unsigned char *ciphertext = store_get(cipherlen);
+    unsigned char *ciphertext = store_get_untainted(cipherlen);
    sodium_memzero(ciphertext, cipherlen);

    // encrypt message
@ -202,7 +212,7 @@ int sodium_crypto_box_seal(uschar **yield, int argc, uschar *argv[]) {
    // base64-encode the ciphertext
    unsigned int outputsize = sodium_base64_ENCODED_LEN(cipherlen,
                                                        sodium_base64_VARIANT_ORIGINAL);
-    unsigned char *outstring = store_get(outputsize);
+    unsigned char *outstring = store_get_untainted(outputsize);
    sodium_bin2base64((char *const) outstring, outputsize,
                      ciphertext, cipherlen,
                      sodium_base64_VARIANT_ORIGINAL);
@ -236,7 +246,7 @@ int sodium_crypto_box_seal_open(uschar **yield, int argc, uschar *argv[]) {
    size_t skb64_len = strlen((const char *) skb64);
    // reserve space for conversion
    unsigned int sk_buffer_len = crypto_box_SECRETKEYBYTES;// skb64_len / 4 * 3;
-    unsigned char *sk = (unsigned char *) store_get(sk_buffer_len);
+    unsigned char *sk = (unsigned char *) store_get_untainted(sk_buffer_len);
    sodium_memzero(sk, sk_buffer_len);
    // convert encoded key to raw form
    int b64err = sodium_base642bin(sk, sk_buffer_len,
@ -252,7 +262,7 @@ int sodium_crypto_box_seal_open(uschar **yield, int argc, uschar *argv[]) {
    size_t pkb64_len = strlen((const char *) pkb64);
    // reserve space for conversion
    unsigned int pk_buffer_len = crypto_box_PUBLICKEYBYTES; // pkb64_len / 4 * 3;
-    unsigned char *pk = (unsigned char *) store_get(pk_buffer_len);
+    unsigned char *pk = (unsigned char *) store_get_untainted(pk_buffer_len);
    sodium_memzero(pk, pk_buffer_len);
    // convert encoded key to raw form
    b64err = sodium_base642bin(pk, pk_buffer_len,
@ -269,7 +279,7 @@ int sodium_crypto_box_seal_open(uschar **yield, int argc, uschar *argv[]) {

    // base64-decode the ciphertext
    unsigned int ciphertextbuflen = ciphertextb64_len / 4 * 3;
-    unsigned char *ciphertext = (unsigned char *) store_get(ciphertextbuflen);
+    unsigned char *ciphertext = (unsigned char *) store_get_untainted(ciphertextbuflen);
    size_t ciphertextlen;
    sodium_memzero(ciphertext, ciphertextbuflen);
    b64err = sodium_base642bin(ciphertext, ciphertextbuflen,
@ -283,7 +293,7 @@ int sodium_crypto_box_seal_open(uschar **yield, int argc, uschar *argv[]) {

    // prepare buffer for cleartext
    unsigned int cleartextlen = ciphertextlen - crypto_box_SEALBYTES;
-    unsigned char *cleartext = (unsigned char *) store_get(cleartextlen + 1);
+    unsigned char *cleartext = (unsigned char *) store_get_untainted(cleartextlen + 1);
    sodium_memzero(cleartext, cleartextlen + 1);

    // decrypt message