[exim-cvs] Fix taint-checking on Solaris

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MExim Git Commits Mailing List at <-
 
Delete this message
Reply to this message
Author: Exim Git Commits Mailing List
Date:  
To: exim-cvs
Subject: [exim-cvs] Fix taint-checking on Solaris
Gitweb: https://git.exim.org/exim.git/commitdiff/bcd69700de5abae9ece41aadd403b621c6869ed6
Commit:     bcd69700de5abae9ece41aadd403b621c6869ed6
Parent:     a962e38cae6467bb10e1ece7d33adedcaa54adb4
Author:     Jeremy Harris <jgh146exb@???>
AuthorDate: Sun Sep 22 10:56:31 2019 +0100
Committer:  Jeremy Harris <jgh146exb@???>
CommitDate: Sun Sep 22 10:56:31 2019 +0100


    Fix taint-checking on Solaris
---
 src/src/dbfn.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)


diff --git a/src/src/dbfn.c b/src/src/dbfn.c
index 63a1aef..1f058ef 100644
--- a/src/src/dbfn.c
+++ b/src/src/dbfn.c
@@ -206,7 +206,8 @@ if (created && geteuid() == root_uid)
     if (Ustrncmp(ent->d_name, name, namelen) == 0)
       {
       struct stat statbuf;
-      Ustrcpy(lastname, US ent->d_name);
+      /* Filenames from readdir() are trusted, so use a taint-nonchecking copy */
+      strcpy(CS lastname, CCS ent->d_name);
       if (Ustat(filename, &statbuf) >= 0 && statbuf.st_uid != exim_uid)
         {
         DEBUG(D_hints_lookup) debug_printf_indent("ensuring %s is owned by exim\n", filename);


This message was posted to the following mailing lists:
exim-cvs
Mailing List Info | Nearby Messages		<-[exim-cvs] Testsuite: comment future work[exim-cvs] Testsuite: strip trailing / from "pwd" output->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)