1
0
mirror of https://git.FreeBSD.org/src.git synced 2024-12-11 09:50:12 +00:00
Commit Graph

24 Commits

Author SHA1 Message Date
Ed Maste
692b19255c dma: use OpenSSL 1.1 init API
> The SSL_library_init() and OpenSSL_add_ssl_algorithms() functions were
> deprecated in OpenSSL 1.1.0 by OPENSSL_init_ssl().

and

> The ERR_load_crypto_strings(), SSL_load_error_strings(), and
> ERR_free_strings() functions were deprecated in OpenSSL 1.1.0 by
> OPENSSL_init_crypto() and OPENSSL_init_ssl() and should not be used.

Reviewed by:	ngie
Sponsored by:	The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D40065
2023-05-11 19:03:34 -04:00
Ed Maste
1694872231 dma: restore addition of newline when missing from input
If input mail does not have a newline on the last line dma must add
one.  This was broken by the addition of long-line splitting, with the
switch from strlen(line) to linelen returned by getline().

PR:		266629
Reviewed by:	bapt, Mikko Lehto
Tested by:	Mikko Lehto
MFC after:	1 week
Fixes:		b0b2d05fd0 ("Split body of mails not respecting...")
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D36763
2022-10-12 11:59:01 -04:00
Ed Maste
d21e71efce dma: use canonical getline() loop
getline() returns -1 on erorr or EOF, so use that condition instead of
feof() and check that there was no error after the loop exits.

Reviewed by:	bapt, kevans (both earlier)
MFC after:	3 weeks
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D34159
2022-02-05 21:55:03 -05:00
Ed Maste
1c91aedf25 dma: exit if invoked with invalid (zero) argc
This was prompted by the recent pkexec vulnerability (CVE-2021-4034).
This change is being made on general principle for setuid/setgid
binaries and is not in response to an actual issue.

Reviewed by:	kevans, markj (both earlier)
MFC after:	1 week
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D34087
2022-01-28 17:49:45 -05:00
Ed Maste
1a0dde338d dma: limit lines to 998 characters
Per RFC2822 the maximum transmitted line length is "998 characters...
excluding the CRLF."  In a file the maximum is 999 with the \n included.

Previously mail containing a line with exactly 999 characters would
bounce.

PR:		208261
Reported by:	Helge Oldach
MFC after:	1 week
Sponsored by:	The FreeBSD Foundation
2022-01-28 10:02:43 -05:00
Ed Maste
d045091ea2 dma: update to 2022-01-27 snapshot 2022-01-27 14:35:07 -05:00
Baptiste Daroussin
fbe95b885f dma: import snapshot 2021-07-10 2021-09-22 11:10:58 +02:00
Jung-uk Kim
b86d13984b Make dma(8) buildable. 2018-09-19 06:42:05 +00:00
Mariusz Zaborski
7672a0148f Convert cap_enter() < 0 && errno != ENOSYS to caph_enter() < 0.
No functional change intended.
2018-06-19 23:43:14 +00:00
Baptiste Daroussin
b0b2d05fd0 Split body of mails not respecting RFC2822
For mails which has a body not respecting RFC2822 (which often happen with
crontabs) try to split by words finding the last space before 1000's character

If no spaces are found then consider the mail to be malformed anyway

PR:		208261
2017-12-06 22:08:35 +00:00
Ed Maste
8448a47dcb dma: fix use-after-free
Sponsored by:	The FreeBSD Foundation
2017-10-27 20:21:09 +00:00
Eric van Gyzen
d7b1cc206c dma.8: fix problems reported by igor and 'mandoc -Tlint'
dma.8:77:contraction:Queue the mail, but [don't] attempt to deliver it.
dma.8:85:repeated:s [are are] ignored.
dma.8:87:contraction:[Don't] run in the background.
dma.8:201:contraction:Use the catch-all alias only if you [don't] want any local mail to be

mandoc: dma.8:308:5: WARNING: macro neither callable nor escaped: Sm

MFC after:	3 days
2017-05-20 17:42:58 +00:00
Eric van Gyzen
7e9a704046 dma.8: use the correct name for 'SECURETRANSFER'
The code uses 'SECURETRANS', but the config file uses 'SECURETRANSFER'.

MFC after:	3 days
2017-05-20 17:39:23 +00:00
Baptiste Daroussin
5adcb2b96d Import dma snapshot from git 2017-02-10
The only change is:
use basename to select executable identity

PR:		216910
Submitted by:	Andrej Ebert <andrej@ebert.su>
2017-03-01 21:42:22 +00:00
Baptiste Daroussin
b4b4b5304b Revert crap accidentally committed 2017-01-28 16:31:23 +00:00
Baptiste Daroussin
814aaaa7da Revert r312923 a better approach will be taken later 2017-01-28 16:30:14 +00:00
Conrad Meyer
9716e7d4e4 dma-mbox-create: Restrict with Capsicum
The restriction here is pretty late and pretty minimal. We need a lot
of authority to open password databases, and don't do much after that
point.

Feedback from:	lifanov at mail.lifanov.com (earlier version), emaste (earlier version)
Sponsored by:	Dell EMC Isilon
Differential Revision:	https://reviews.freebsd.org/D7988
2016-12-16 01:48:55 +00:00
Baptiste Daroussin
b72aa29052 Import dma 20160929
MFC after:	1 week
2016-09-30 23:38:26 +00:00
Baptiste Daroussin
2382c29e5f Import Dragonfly Mail Agent snapshort from 20160806 aka v0.11+
Most important change being:
dma - Fix security hole (#46)

Affecting DragonFly 4.6 and earlier, Matt Dillon fixed this in base after
finding out from BSDNow Episode 152. Comments following were from his commit
which explains better than I. Just taking his change and putting it here as well.

* dma makes an age-old mistake of not properly checking whether a file
owned by a user is a symlink or not, a bug which the original mail.local
also had.

* Add O_NOFOLLOW to disallow symlinks.

Thanks-to: BSDNow Episode 152, made me dive dma to check when they talked
about the mail.local bug.

MFC After:	2 days
2016-08-20 16:36:05 +00:00
Baptiste Daroussin
eaccd9b323 Fix build with gcc 4.2 2015-10-11 17:45:20 +00:00
Baptiste Daroussin
e56bad4a94 Update Dragonfly Mail Agent to v0.10 2015-10-10 23:31:47 +00:00
Baptiste Daroussin
461918e205 Fix build on i386 2014-02-21 16:14:40 +00:00
Baptiste Daroussin
22354f09c8 Fix build with gcc 2014-02-21 13:17:10 +00:00
Baptiste Daroussin
a9e8641da9 Import Dragonfly Mail Agent into base system
It is a small and lightweight Mail Transport Agent.
It accepts mails from locally installed Mail User Agents (MUA) and delivers the
mails either locally or to a remote destination. Remote delivery includes
several features like TLS/SSL support, SMTP authentication and NULLCLIENT.

Make dma conditional to new WITHOUT_DMA option and make it respect WITHOUT_MAIL

Reviewed by:	peter
Discussed with:	emaste, bz, peter
2014-02-21 07:26:49 +00:00