Gitweb:
https://git.exim.org/exim.git/commitdiff/f0ed88dac3d0bb2ec10c3e799d4b410b3ec2c0c4
Commit: f0ed88dac3d0bb2ec10c3e799d4b410b3ec2c0c4
Parent: 766c0c47840bcf05df030d33ae49ce90b2dab855
Author: Jeremy Harris <jgh146exb@???>
AuthorDate: Wed Dec 11 10:07:08 2019 +0000
Committer: Jeremy Harris <jgh146exb@???>
CommitDate: Wed Dec 11 10:07:08 2019 +0000
Taint: tweak internal documentation
---
src/src/local_scan.h | 5 ++++-
src/src/store.c | 8 +++++---
2 files changed, 9 insertions(+), 4 deletions(-)
diff --git a/src/src/local_scan.h b/src/src/local_scan.h
index da9a891..548f70d 100644
--- a/src/src/local_scan.h
+++ b/src/src/local_scan.h
@@ -9,7 +9,10 @@
source for the local_scan.c() function. It contains definitions that are made
available for use in that function, and which are documented.
-This API is also used for functions called by the ${dlfunc expansion item. */
+This API is also used for functions called by the ${dlfunc expansion item.
+Coders of dlfunc routines should read the notes on tainting at the start of
+store.c
+*/
/* Some basic types that make some things easier, the Exim configuration
diff --git a/src/src/store.c b/src/src/store.c
index b65649f..61f9464 100644
--- a/src/src/store.c
+++ b/src/src/store.c
@@ -62,9 +62,11 @@ The following different types of store are recognized:
recopy a string being built into a tainted allocation if it meets a %s for a
tainted argument. Any intermediate-layer function that (can) return a new
allocation should behave this way; returning a tainted result if any tainted
- content is used. Users of functions that modify existing allocations should
- check if a tainted source and an untainted destination is used, and fail instead
- (sprintf() being the classic case).
+ content is used. Intermediate-layer functions (eg. Ustrncpy) that modify
+ existing allocations fail if tainted data is written into an untainted area.
+ Users of functions that modify existing allocations should check if a tainted
+ source and an untainted destination is used, and fail instead (sprintf() being
+ the classic case).
*/