Re: [exim] Another strange log about tainting

Página Inicial
Delete this message
Reply to this message
Autor: Ian Zimmerman
Data:  
Para: exim-users
Assunto: Re: [exim] Another strange log about tainting
On 2019-12-14 17:44, Jeremy Harris wrote:

> >> const uschar* exim_version = expand_string(US "${exim_version}");
> >> if (Ustrcmp(exim_version, EXIM_VERSION_STR)) {
> >
> > So, I have rewritten it as follows, and there is no more noise. Is this
> > now the expected usage of constant strings?
> >
> > uschar *my_expando = string_copy_taint(US "${exim_version}", FALSE);
> > uschar *my_version_string = expand_string(my_expando);
> > if (Ustrcmp(my_version_string, EXIM_VERSION_STR))
>
> No. Your previous should have worked. I'm not seeing why your
> constant string is being regarded as tainted. Presumably calling
> is_tainted() on it says yes, but why...
>
> By the way - what platform are you building for?
> I don't recall if I asked before.


devuan linux "ascii", kernel 4.9.0-9-amd64, libc 2.24-11+deb9u4, exim
self-built from 4.93 source.

Looking how is_tainted is implemented, I see that its answer on constant
strings would in any case depend on the order of heap versus initialized
memory virtual addresses, which doesn't sound like the best thing to
rely on.

--
Please don't Cc: me privately on mailing lists and Usenet,
if you also post the followup to the list or newsgroup.
To reply privately _only_ on Usenet and on broken lists
which rewrite From, fetch the TXT record for no-use.mooo.com.