[exim-cvs] Taint: tweak internal documentation

Startseite
Diese Nachricht ist Teil des folgenden Threads:
MDer komplette Thread sortiert nach Datum
 
 
Nachricht löschen
Nachricht beantworten
Autor: Exim Git Commits Mailing List
Datum:  
To: exim-cvs
Betreff: [exim-cvs] Taint: tweak internal documentation
Gitweb: https://git.exim.org/exim.git/commitdiff/f0ed88dac3d0bb2ec10c3e799d4b410b3ec2c0c4
Commit:     f0ed88dac3d0bb2ec10c3e799d4b410b3ec2c0c4
Parent:     766c0c47840bcf05df030d33ae49ce90b2dab855
Author:     Jeremy Harris <jgh146exb@???>
AuthorDate: Wed Dec 11 10:07:08 2019 +0000
Committer:  Jeremy Harris <jgh146exb@???>
CommitDate: Wed Dec 11 10:07:08 2019 +0000


    Taint: tweak internal documentation
---
 src/src/local_scan.h | 5 ++++-
 src/src/store.c      | 8 +++++---
 2 files changed, 9 insertions(+), 4 deletions(-)


diff --git a/src/src/local_scan.h b/src/src/local_scan.h
index da9a891..548f70d 100644
--- a/src/src/local_scan.h
+++ b/src/src/local_scan.h
@@ -9,7 +9,10 @@
source for the local_scan.c() function. It contains definitions that are made
available for use in that function, and which are documented.

-This API is also used for functions called by the ${dlfunc expansion item. */
+This API is also used for functions called by the ${dlfunc expansion item.
+Coders of dlfunc routines should read the notes on tainting at the start of
+store.c
+*/


/* Some basic types that make some things easier, the Exim configuration
diff --git a/src/src/store.c b/src/src/store.c
index b65649f..61f9464 100644
--- a/src/src/store.c
+++ b/src/src/store.c
@@ -62,9 +62,11 @@ The following different types of store are recognized:
recopy a string being built into a tainted allocation if it meets a %s for a
tainted argument. Any intermediate-layer function that (can) return a new
allocation should behave this way; returning a tainted result if any tainted
- content is used. Users of functions that modify existing allocations should
- check if a tainted source and an untainted destination is used, and fail instead
- (sprintf() being the classic case).
+ content is used. Intermediate-layer functions (eg. Ustrncpy) that modify
+ existing allocations fail if tainted data is written into an untainted area.
+ Users of functions that modify existing allocations should check if a tainted
+ source and an untainted destination is used, and fail instead (sprintf() being
+ the classic case).
*/



Diese Nachricht wurde auf der folgenden Mailing-List gepostet:
exim-cvs
Mailing-List-Info | Nachrichten um die Zeit		<-[exim-cvs] Testsuite: more fastopen knockouts[exim-cvs] Fix taint issue in transport with DSN. Bug 2491->
Tahini and Hummus and Cumin Development Archives administriert von cumin AdminsLurker (Version 2.3)