On 11/12/2019 14:31, Lena--- via Exim-users wrote: > uschar *dir = expand_string(US "$spool_directory/grey");
> size_t dir_len = strlen(dir);
> uschar *filename = US store_get(dir_len+257, FALSE);
If your intended use of the rest of the allocated store is safe, yes.
"Safe" means "no content provided by a potential attacker".
Otherwise use "TRUE" (but you'd be foolish to go on and use
that for a filename).
--
Cheers,
Jeremy
