git://git.exim.org
/
users
/
jgh
/
exim.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
appendfile: taint-enforce file & directory options
[users/jgh/exim.git]
/
src
/
src
/
transports
/
appendfile.c
diff --git
a/src/src/transports/appendfile.c
b/src/src/transports/appendfile.c
index d99a1795679c1d42681706de96d20e6187193753..de193db448bbf5cf5801313799e08e3c60fce43b 100644
(file)
--- a/
src/src/transports/appendfile.c
+++ b/
src/src/transports/appendfile.c
@@
-3,6
+3,7
@@
*************************************************/
/* Copyright (c) University of Cambridge 1995 - 2018 */
*************************************************/
/* Copyright (c) University of Cambridge 1995 - 2018 */
+/* Copyright (c) The Exim maintainers 2020 */
/* See the file NOTICE for conditions of use and distribution. */
/* See the file NOTICE for conditions of use and distribution. */
@@
-1342,6
+1343,12
@@
if (!(path = expand_string(fdname)))
expand_string_message);
goto ret_panic;
}
expand_string_message);
goto ret_panic;
}
+if (is_tainted(path))
+ {
+ addr->message = string_sprintf("Tainted '%s' (file or directory "
+ "name for %s transport) not permitted", path, tblock->name);
+ goto ret_panic;
+ }
if (path[0] != '/')
{
if (path[0] != '/')
{