[exim-cvs] Regard command-line recipients as tainted

Top Page
Delete this message
Reply to this message
Author: Exim Git Commits Mailing List
Date:  
To: exim-cvs
Subject: [exim-cvs] Regard command-line recipients as tainted
Gitweb: https://git.exim.org/exim.git/commitdiff/f0fe22cbc29ee4f887aa254f2590a9e72401e237
Commit:     f0fe22cbc29ee4f887aa254f2590a9e72401e237
Parent:     179ed8c31eb8c7f767ec0ef5e2856066d366515f
Author:     Jeremy Harris <jgh146exb@???>
AuthorDate: Fri Nov 8 22:30:04 2019 +0000
Committer:  Jeremy Harris <jgh146exb@???>
CommitDate: Fri Nov 8 22:30:04 2019 +0000


    Regard command-line recipients as tainted
---
 doc/doc-txt/ChangeLog |  2 ++
 src/src/exim.c        | 19 ++++++++++---------
 2 files changed, 12 insertions(+), 9 deletions(-)


diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index f9e39d2..f10e45c 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -22,6 +22,8 @@ JH/04 Support CHUNKING from an smtp transport using a transport_filter, when
       DKIM signing is being done.  Previously a transport_filter would always
       disable CHUNKING, falling back to traditional DATA.


+JH/05 Regard command-line receipients as tainted.
+

 Exim version 4.93
 -----------------
diff --git a/src/src/exim.c b/src/src/exim.c
index d6952ef..a30e35b 100644
--- a/src/src/exim.c
+++ b/src/src/exim.c
@@ -4809,8 +4809,9 @@ if (verify_address_mode || f.address_test_mode)
     {
     while (recipients_arg < argc)
       {
-      uschar *s = argv[recipients_arg++];
-      while (*s != 0)
+      /* Supplied addresses are tainted since they come from a user */
+      uschar * s = string_copy_taint(argv[recipients_arg++], TRUE);
+      while (*s)
         {
         BOOL finished = FALSE;
         uschar *ss = parse_find_address_end(s, FALSE);
@@ -4818,16 +4819,16 @@ if (verify_address_mode || f.address_test_mode)
         test_address(s, flags, &exit_value);
         s = ss;
         if (!finished)
-          while (*(++s) != 0 && (*s == ',' || isspace(*s)));
+          while (*++s == ',' || isspace(*s)) ;
         }
       }
     }


   else for (;;)
     {
-    uschar *s = get_stdinput(NULL, NULL);
-    if (s == NULL) break;
-    test_address(s, flags, &exit_value);
+    uschar * s = get_stdinput(NULL, NULL);
+    if (!s) break;
+    test_address(string_copy_taint(s, TRUE), flags, &exit_value);
     }


route_tidyup();
@@ -5321,13 +5322,13 @@ while (more)

     raw_sender = string_copy(sender_address);


-    /* Loop for each argument */
+    /* Loop for each argument (supplied by user hence tainted) */


     for (int i = 0; i < count; i++)
       {
       int start, end, domain;
-      uschar *errmess;
-      uschar *s = list[i];
+      uschar * errmess;
+      uschar * s = string_copy_taint(list[i], TRUE);


       /* Loop for each comma-separated address */