From 1745d310db8102be38db65401df57747e9beaf6a Mon Sep 17 00:00:00 2001
From: Jeremy Harris <jgh146exb@wizmail.org>
Date: Fri, 17 Mar 2023 18:39:46 +0000
Subject: ACL: patterns for remove_headers.  Bug 2985

---
 src/src/header.c     |  9 +++++----
 src/src/local_scan.h |  4 ++--
 src/src/receive.c    | 19 +++++++++++++------
 3 files changed, 20 insertions(+), 12 deletions(-)

(limited to 'src')

diff --git a/src/src/header.c b/src/src/header.c
index d5f1dcd6b..59a9a13b3 100644
--- a/src/src/header.c
+++ b/src/src/header.c
@@ -30,11 +30,12 @@ Returns:    TRUE or FALSE
 */
 
 BOOL
-header_testname(header_line *h, const uschar *name, int len, BOOL notdel)
+header_testname(const header_line * h, const uschar * name, int len,
+  BOOL notdel)
 {
 uschar *tt;
 if (h->type == '*' && notdel) return FALSE;
-if (h->text == NULL || strncmpic(h->text, name, len) != 0) return FALSE;
+if (!h->text || strncmpic(h->text, name, len) != 0) return FALSE;
 tt = h->text + len;
 while (*tt == ' ' || *tt == '\t') tt++;
 return *tt == ':';
@@ -46,11 +47,11 @@ return *tt == ':';
    header_testname() above. */
 
 BOOL
-header_testname_incomplete(header_line *h, const uschar *name,
+header_testname_incomplete(const header_line * h, const uschar * name,
     int len, BOOL notdel)
 {
 if (h->type == '*' && notdel) return FALSE;
-if (h->text == NULL || strncmpic(h->text, name, len) != 0) return FALSE;
+if (!h->text || strncmpic(h->text, name, len) != 0) return FALSE;
 return TRUE;
 }
 
diff --git a/src/src/local_scan.h b/src/src/local_scan.h
index c88994442..72f2ac47d 100644
--- a/src/src/local_scan.h
+++ b/src/src/local_scan.h
@@ -188,8 +188,8 @@ extern uschar *expand_string(uschar *);
 extern void    header_add(int, const char *, ...);
 extern void    header_add_at_position(BOOL, uschar *, BOOL, int, const char *, ...);
 extern void    header_remove(int, const uschar *);
-extern BOOL    header_testname(header_line *, const uschar *, int, BOOL);
-extern BOOL    header_testname_incomplete(header_line *, const uschar *, int, BOOL);
+extern BOOL    header_testname(const header_line *, const uschar *, int, BOOL);
+extern BOOL    header_testname_incomplete(const header_line *, const uschar *, int, BOOL);
 extern void    log_write(unsigned int, int, const char *format, ...) PRINTF_FUNCTION(3,4);
 extern int     lss_b64decode(uschar *, uschar **);
 extern uschar *lss_b64encode(uschar *, int);
diff --git a/src/src/receive.c b/src/src/receive.c
index 77665d89f..94fa6d5de 100644
--- a/src/src/receive.c
+++ b/src/src/receive.c
@@ -1230,9 +1230,9 @@ Returns:     nothing
 */
 
 static void
-add_acl_headers(int where, uschar *acl_name)
+add_acl_headers(int where, uschar * acl_name)
 {
-header_line *last_received = NULL;
+header_line * last_received = NULL;
 
 switch(where)
   {
@@ -1254,15 +1254,22 @@ if (acl_removed_headers)
 
   for (header_line * h = header_list; h; h = h->next) if (h->type != htype_old)
     {
-    const uschar * list = acl_removed_headers;
+    const uschar * list = acl_removed_headers, * s;
     int sep = ':';         /* This is specified as a colon-separated list */
-    uschar *s;
 
+    /* If a list element has a leading '^' then it is an RE for
+    the whole header, else just a header name. */
     while ((s = string_nextinlist(&list, &sep, NULL, 0)))
-      if (header_testname(h, s, Ustrlen(s), FALSE))
+      if (  (  *s == '^'
+	    && regex_match(
+		regex_must_compile(s, MCS_CACHEABLE, FALSE),
+		h->text, h->slen, NULL)
+            )
+	 || header_testname(h, s, Ustrlen(s), FALSE)
+	 )
 	{
 	h->type = htype_old;
-        DEBUG(D_receive|D_acl) debug_printf_indent("  %s", h->text);
+	DEBUG(D_receive|D_acl) debug_printf_indent("  %s", h->text);
 	}
     }
   acl_removed_headers = NULL;
-- 
cgit v1.2.1