Gitweb:
https://git.exim.org/exim.git/commitdiff/f91219c114a3d95792d052555664a5a7a3984a8d
Commit: f91219c114a3d95792d052555664a5a7a3984a8d
Parent: e447a470aae2e45fc80bfb14a77b06e6f57f4d5c
Author: Jeremy Harris <jgh146exb@???>
AuthorDate: Fri Jun 12 00:46:34 2020 +0100
Committer: Jeremy Harris <jgh146exb@???>
CommitDate: Fri Jun 12 00:48:25 2020 +0100
Taint: fix radius expansion condition
---
doc/doc-txt/ChangeLog | 2 +-
src/src/auths/call_radius.c | 3 +--
2 files changed, 2 insertions(+), 3 deletions(-)
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 4252641..7284f9c 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -13,7 +13,7 @@ JH/01 Bug 1329: Fix format of Maildir-format filenames to match other mail-
JH/02 Bug 2587: Fix pam expansion condition. Tainted values are commonly used
as arguments, so an implementation trying to copy these into a local
buffer was taking a taint-enforcement trap. Fix by using dynamically
- created buffers.
+ created buffers. Similar fix for radius expansion condition.
JH/03 Bug 2586: Fix listcount expansion operator. Using tainted arguments is
reasonable, eg. to count headers. Fix by using dynamically created
diff --git a/src/src/auths/call_radius.c b/src/src/auths/call_radius.c
index cc269dc..9d10b34 100644
--- a/src/src/auths/call_radius.c
+++ b/src/src/auths/call_radius.c
@@ -96,8 +96,7 @@ int sep = 0;
#endif
-user = string_nextinlist(&radius_args, &sep, big_buffer, big_buffer_size);
-if (!user) user = US"";
+if (!(user = string_nextinlist(&radius_args, &sep, NULL, 0))) user = US"";
DEBUG(D_auth) debug_printf("Running RADIUS authentication for user \"%s\" "
"and \"%s\"\n", user, radius_args);
