Re: [exim] Exim 4.93 published.

Top Page
This message is part of the following thread:
M\the complete thread tree sorted by date
MMLena at <-
M 
Delete this message
Reply to this message
Author: Jeremy Harris
Date:  
To: exim-users
Subject: Re: [exim] Exim 4.93 published.
On 11/12/2019 14:31, Lena--- via Exim-users wrote:
> uschar *dir = expand_string(US "$spool_directory/grey");
> size_t dir_len = strlen(dir);
> uschar *filename = US store_get(dir_len+257, FALSE);

If your intended use of the rest of the allocated store is safe, yes.

"Safe" means "no content provided by a potential attacker".
Otherwise use "TRUE" (but you'd be foolish to go on and use
that for a filename).
--
Cheers,
Jeremy

This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] Exim 4.93 published.Re: [exim] Another strange log about tainting->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)