[exim-cvs] taint-enforce DB filenames

Top Page
Delete this message
Reply to this message
Author: Exim Git Commits Mailing List
Date:  
To: exim-cvs
Subject: [exim-cvs] taint-enforce DB filenames
Gitweb: https://git.exim.org/exim.git/commitdiff/79bc02a3499931de53f5e9ea74795d691b3a9569
Commit:     79bc02a3499931de53f5e9ea74795d691b3a9569
Parent:     7d99cba1d36af854760c35100b29f0331f619fca
Author:     Jeremy Harris <jgh146exb@???>
AuthorDate: Sat Jan 11 21:50:05 2020 +0000
Committer:  Jeremy Harris <jgh146exb@???>
CommitDate: Sat Jan 11 21:50:05 2020 +0000


    taint-enforce DB filenames
---
 src/src/dbstuff.h | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)


diff --git a/src/src/dbstuff.h b/src/src/dbstuff.h
index bf5fa3f..a45874d 100644
--- a/src/src/dbstuff.h
+++ b/src/src/dbstuff.h
@@ -642,7 +642,13 @@ after reading data. */
       : (flags) == O_RDWR ? "O_RDWR"    \
       : (flags) == (O_RDWR|O_CREAT) ? "O_RDWR|O_CREAT"    \
       : "??");    \
-  EXIM_DBOPEN__(name, dirname, flags, mode, dbpp); \
+  if (is_tainted(name) || is_tainted(dirname)) \
+    { \
+    log_write(0, LOG_MAIN|LOG_PANIC, "Tainted name for DB file not permitted"); \
+    *dbpp = NULL; \
+    } \
+  else \
+    { EXIM_DBOPEN__(name, dirname, flags, mode, dbpp); } \
   DEBUG(D_hints_lookup) debug_printf_indent("returned from EXIM_DBOPEN: %p\n", *dbpp); \
   } while(0)
 #  define EXIM_DBCLOSE(db) \