[exim-cvs] acl

Αρχική Σελίδα
Delete this message
Reply to this message
Συντάκτης: Exim Git Commits Mailing List
Ημερομηνία:  
Προς: exim-cvs
Αντικείμενο: [exim-cvs] acl
Gitweb: https://git.exim.org/exim.git/commitdiff/ace68726852d08deec815a37f369a4e31be77813
Commit:     ace68726852d08deec815a37f369a4e31be77813
Parent:     2382cd3e81838709abd3b0c1b410f65274d90e25
Author:     Heiko Schlittermann (HS12-RIPE) <hs@???>
AuthorDate: Sun Mar 28 10:50:14 2021 +0200
Committer:  Heiko Schlittermann (HS12-RIPE) <hs@???>
CommitDate: Thu Jun 24 21:43:05 2021 +0200


    acl


    (cherry picked from commit 44fd80ad8abcd885fc1c8dbb294fc2140e4ef481)
---
 src/src/acl.c | 45 +++++++++++++++++++++------------------------
 1 file changed, 21 insertions(+), 24 deletions(-)


diff --git a/src/src/acl.c b/src/src/acl.c
index f358516..56d7468 100644
--- a/src/src/acl.c
+++ b/src/src/acl.c
@@ -3702,20 +3702,22 @@ for (; cb; cb = cb->next)
     #endif


     case ACLC_QUEUE:
-    if (is_tainted(arg))
       {
-      *log_msgptr = string_sprintf("Tainted name '%s' for queue not permitted",
-                    arg);
-      return ERROR;
-      }
-    if (Ustrchr(arg, '/'))
-      {
-      *log_msgptr = string_sprintf(
-          "Directory separator not permitted in queue name: '%s'", arg);
-      return ERROR;
+      uschar *m;
+      if (m = is_tainted2(arg, 0, "Tainted name '%s' for queue not permitted", arg))
+        {
+        *log_msgptr = m;
+        return ERROR;
+        }
+      if (Ustrchr(arg, '/'))
+        {
+        *log_msgptr = string_sprintf(
+                "Directory separator not permitted in queue name: '%s'", arg);
+        return ERROR;
+        }
+      queue_name = string_copy_perm(arg, FALSE);
+      break;
       }
-    queue_name = string_copy_perm(arg, FALSE);
-    break;


     case ACLC_RATELIMIT:
     rc = acl_ratelimit(arg, where, log_msgptr);
@@ -4088,25 +4090,14 @@ while (isspace(*ss)) ss++;


acl_text = ss;

-#ifdef notyet_taintwarn
 if (  !f.running_in_test_harness
    &&  is_tainted2(acl_text, LOG_MAIN|LOG_PANIC,
-              "attempt to use tainted ACL text \"%s\"", acl_text))
+              "Tainted ACL text \"%s\"", acl_text))
   {
   /* Avoid leaking info to an attacker */
   *log_msgptr = US"internal configuration error";
   return ERROR;
   }
-#else
-if (is_tainted(acl_text) && !f.running_in_test_harness)
-  {
-  log_write(0, LOG_MAIN|LOG_PANIC,
-    "attempt to use tainted ACL text \"%s\"", acl_text);
-  /* Avoid leaking info to an attacker */
-  *log_msgptr = US"internal configuration error";
-  return ERROR;
-  }
-#endif


 /* Handle the case of a string that does not contain any spaces. Look for a
 named ACL among those read from the configuration, or a previously read file.
@@ -4131,6 +4122,12 @@ if (Ustrchr(ss, ' ') == NULL)
   else if (*ss == '/')
     {
     struct stat statbuf;
+    if (is_tainted2(ss, LOG_MAIN|LOG_PANIC, "Tainted ACL file name '%s'", ss))
+      {
+      /* Avoid leaking info to an attacker */
+      *log_msgptr = US"internal configuration error";
+      return ERROR;
+      }
     if ((fd = Uopen(ss, O_RDONLY, 0)) < 0)
       {
       *log_msgptr = string_sprintf("failed to open ACL file \"%s\": %s", ss,