Taint: enforce checking of directory creates

[users/heiko/exim.git] / src / src / spool_out.c

diff --git a/src/src/spool_out.c b/src/src/spool_out.c
index 4b6539ecd999bf2d69deaf0bb5a6ad84ab7dec1e..4539e3c697f0f8d5149024d3b08e55db5f554c44 100644 (file)
--- a/src/src/spool_out.c
+++ b/src/src/spool_out.c
@@ -261,7 +261,7 @@ if (tls_in.ourcert)
     fprintf(fp, "-tls_ourcert %s\n", CS big_buffer);
   }
 if (tls_in.ocsp)        fprintf(fp, "-tls_ocsp %d\n",   tls_in.ocsp);
-# ifdef EXPERIMENTAL_TLS_RESUME
+# ifndef DISABLE_TLS_RESUME
 fprintf(fp, "-tls_resumption %c\n", 'A' + tls_in.resumption);
 # endif
 if (tls_in.ver) spool_var_write(fp, US"tls_ver", tls_in.ver);
@@ -505,6 +505,9 @@ spool_move_message(uschar *id, uschar *subdir, uschar *from, uschar *to)
 {
 uschar * dest_qname = queue_name_dest ? queue_name_dest : queue_name;
 
+/* Since we are working within the spool, de-taint the dest queue name */
+dest_qname = string_copy_taint(dest_qname, FALSE);
+
 /* Create any output directories that do not exist. */
 
 (void) directory_make(spool_directory,