Gitweb:
https://git.exim.org/exim.git/commitdiff/ed1620555d261c5e970dbbe873bf4b19026b0e48
Commit: ed1620555d261c5e970dbbe873bf4b19026b0e48
Parent: 481e63ca2bbd7b603e5bb84f6582ab4be5e3300d
Author: Jeremy Harris <jgh146exb@???>
AuthorDate: Sat Jan 11 21:51:42 2020 +0000
Committer: Jeremy Harris <jgh146exb@???>
CommitDate: Sat Jan 11 21:51:42 2020 +0000
ACL: taint-enforce queue modifier
---
doc/doc-txt/ChangeLog | 1 +
src/src/acl.c | 6 ++++++
test/confs/0576 | 2 +-
3 files changed, 8 insertions(+), 1 deletion(-)
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 368d37e..29059ff 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -92,6 +92,7 @@ JH/20 Taint checking: disallow use of tainted data for
- the pipe transport command
- the autoreply transport file, log and once options
- file names used by the redirect router (including filter files)
+ - named-queue names
Previously this was permitted.
diff --git a/src/src/acl.c b/src/src/acl.c
index 7284831..3166069 100644
--- a/src/src/acl.c
+++ b/src/src/acl.c
@@ -3590,6 +3590,12 @@ for (; cb; cb = cb->next)
#endif
case ACLC_QUEUE:
+ if (is_tainted(arg))
+ {
+ *log_msgptr = string_sprintf("Tainted name '%s' for queue not permitted",
+ arg);
+ return ERROR;
+ }
if (Ustrchr(arg, '/'))
{
*log_msgptr = string_sprintf(
diff --git a/test/confs/0576 b/test/confs/0576
index b75b678..5b023d2 100644
--- a/test/confs/0576
+++ b/test/confs/0576
@@ -16,7 +16,7 @@ begin acl
rcpt:
accept
- queue = ${if eq {normal}{$local_part} {} {$local_part}}
+ queue = ${if eq {normal}{$local_part} {} {${bless:$local_part}}}
logwrite = using queue '$queue_name'
#---------------
