Gitweb:
https://git.exim.org/exim.git/commitdiff/44a16f3a2720c33e8d1500fd2812ef91018c8a2c
Commit: 44a16f3a2720c33e8d1500fd2812ef91018c8a2c
Parent: 0bfae1bfbd555b87f1a032ee3d78c19caccdbe42
Author: Jeremy Harris <jgh146exb@???>
AuthorDate: Sat Aug 29 19:18:35 2020 +0100
Committer: Jeremy Harris <jgh146exb@???>
CommitDate: Mon Aug 31 13:21:50 2020 +0100
Taint: enforce checking of directory creates
---
src/src/directory.c | 5 ++++-
src/src/spool_out.c | 3 +++
2 files changed, 7 insertions(+), 1 deletion(-)
diff --git a/src/src/directory.c b/src/src/directory.c
index 2d4d565..f54a781 100644
--- a/src/src/directory.c
+++ b/src/src/directory.c
@@ -44,6 +44,9 @@ uschar c = 1;
struct stat statbuf;
uschar * path;
+if (is_tainted(name))
+ { p = US"create"; path = US name; errno = ERRNO_TAINT; goto bad; }
+
if (parent)
{
path = string_sprintf("%s%s%s", parent, US"/", name);
@@ -85,7 +88,7 @@ return TRUE;
bad:
if (panic) log_write(0, LOG_MAIN|LOG_PANIC_DIE,
- "Failed to %s directory \"%s\": %s\n", p, path, strerror(errno));
+ "Failed to %s directory \"%s\": %s\n", p, path, exim_errstr(errno));
return FALSE;
}
diff --git a/src/src/spool_out.c b/src/src/spool_out.c
index 9a514b3..4539e3c 100644
--- a/src/src/spool_out.c
+++ b/src/src/spool_out.c
@@ -505,6 +505,9 @@ spool_move_message(uschar *id, uschar *subdir, uschar *from, uschar *to)
{
uschar * dest_qname = queue_name_dest ? queue_name_dest : queue_name;
+/* Since we are working within the spool, de-taint the dest queue name */
+dest_qname = string_copy_taint(dest_qname, FALSE);
+
/* Create any output directories that do not exist. */
(void) directory_make(spool_directory,
