Re: [exim] Another strange log about tainting

Top Page
Delete this message
Reply to this message
Author: Jeremy Harris
Date:  
To: exim-users
Subject: Re: [exim] Another strange log about tainting
On 14/12/2019 17:27, Ian Zimmerman via Exim-users wrote:
> On 2019-12-11 14:20, Ian Zimmerman wrote:
>
>> const uschar* exim_version = expand_string(US "${exim_version}");
>> if (Ustrcmp(exim_version, EXIM_VERSION_STR)) {
>
> So, I have rewritten it as follows, and there is no more noise. Is this
> now the expected usage of constant strings?
>
> uschar *my_expando = string_copy_taint(US "${exim_version}", FALSE);
> uschar *my_version_string = expand_string(my_expando);
> if (Ustrcmp(my_version_string, EXIM_VERSION_STR))


No. Your previous should have worked. I'm not seeing why your
constant string is being regarded as tainted. Presumably calling
is_tainted() on it says yes, but why...

By the way - what platform are you building for?
I don't recall if I asked before.
--
Cheers,
Jeremy