[exim-cvs] Fix taint hybrid-checking on BSD

Top Page
Delete this message
Reply to this message
Author: Exim Git Commits Mailing List
Date:  
To: exim-cvs
Subject: [exim-cvs] Fix taint hybrid-checking on BSD
Gitweb: https://git.exim.org/exim.git/commitdiff/677481d4fcf4811e193603d0e9970d1f62c74567
Commit:     677481d4fcf4811e193603d0e9970d1f62c74567
Parent:     36eb5d3d77426d8cbf4243ea752f8d8cd1d5c682
Author:     Jeremy Harris <jgh146exb@???>
AuthorDate: Thu Jan 16 22:51:53 2020 +0000
Committer:  Jeremy Harris <jgh146exb@???>
CommitDate: Thu Jan 16 23:34:18 2020 +0000


    Fix taint hybrid-checking on BSD
---
 src/src/functions.h |  7 +++++--
 src/src/store.c     | 26 ++++++++++++++++++++++----
 2 files changed, 27 insertions(+), 6 deletions(-)


diff --git a/src/src/functions.h b/src/src/functions.h
index 2a2c0db..57314a6 100644
--- a/src/src/functions.h
+++ b/src/src/functions.h
@@ -720,11 +720,14 @@ return ss;
     string_copy_taint_trc((s), tainted, __FUNCTION__, __LINE__)


static inline uschar *
-string_copy(const uschar * s)
+string_copy_trc(const uschar * s, const char * func, int line)
{
-return string_copy_taint((s), is_tainted(s));
+return string_copy_taint_trc((s), is_tainted(s), func, line);
}

+#define string_copy(s) \
+    string_copy_trc((s), __FUNCTION__, __LINE__)
+


 /*************************************************
 *       Copy, lowercase and save string          *
diff --git a/src/src/store.c b/src/src/store.c
index aceb0e5..1fe97e6 100644
--- a/src/src/store.c
+++ b/src/src/store.c
@@ -199,16 +199,15 @@ BOOL
 is_tainted_fn(const void * p)
 {
 storeblock * b;
-int pool;


-for (pool = POOL_TAINT_BASE; pool < nelem(chainbase); pool++)
+for (int pool = POOL_TAINT_BASE; pool < nelem(chainbase); pool++)
   if ((b = current_block[pool]))
     {
     uschar * bc = US b + ALIGNED_SIZEOF_STOREBLOCK;
     if (US p >= bc && US p <= bc + b->length) return TRUE;
     }


-for (pool = POOL_TAINT_BASE; pool < nelem(chainbase); pool++)
+for (int pool = POOL_TAINT_BASE; pool < nelem(chainbase); pool++)
   for (b = chainbase[pool]; b; b = b->next)
     {
     uschar * bc = US b + ALIGNED_SIZEOF_STOREBLOCK;
@@ -228,10 +227,28 @@ log_write(0, LOG_MAIN|LOG_PANIC_DIE, "Taint mismatch, %s: %s %d\n",
 static void
 use_slow_taint_check(void)
 {
+#ifndef COMPILE_UTILITY
 DEBUG(D_any) debug_printf("switching to slow-mode taint checking\n");
+#endif
 f.taint_check_slow = TRUE;
 }


+static void
+verify_all_untainted(void)
+{
+for (int pool = 0; pool < POOL_TAINT_BASE; pool++)
+  for (storeblock * b = chainbase[pool]; b; b = b->next)
+    {
+    uschar * bc = US b + ALIGNED_SIZEOF_STOREBLOCK;
+    if (is_tainted(bc))
+      {
+      use_slow_taint_check();
+      return;
+      }
+    }
+}
+
+


 /*************************************************
 *       Get a block from the current pool        *
@@ -765,7 +782,7 @@ int pool = tainted ? store_pool + POOL_TAINT_BASE : store_pool;
 BOOL release_ok = !tainted && store_last_get[pool] == block;
 uschar * newtext;


-#ifndef MACRO_PREDEF
+#if !defined(MACRO_PREDEF) && !defined(COMPILE_UTILITY)
if (is_tainted(block) != tainted)
die_tainted(US"store_newblock", CUS func, linenumber);
#endif
@@ -824,6 +841,7 @@ if (!(yield = mmap(NULL, (size_t)size,

if (yield < tainted_base) tainted_base = yield;
if ((top = US yield + size) > tainted_top) tainted_top = top;
+if (!f.taint_check_slow) use_slow_taint_check();

return store_alloc_tail(yield, size, func, line, US"Mmap");
}