taint-enforce DB filenames
authorJeremy Harris <jgh146exb@wizmail.org>
Sat, 11 Jan 2020 21:50:05 +0000 (21:50 +0000)
committerJeremy Harris <jgh146exb@wizmail.org>
Sat, 11 Jan 2020 21:50:05 +0000 (21:50 +0000)
src/src/dbstuff.h

index bf5fa3f6ea3a41b02e7abe54e1c3b3722f89723d..a45874dc9fcece2f04cb1d240ac2095e4a706bf8 100644 (file)
@@ -642,7 +642,13 @@ after reading data. */
       : (flags) == O_RDWR ? "O_RDWR"   \
       : (flags) == (O_RDWR|O_CREAT) ? "O_RDWR|O_CREAT" \
       : "??"); \
-  EXIM_DBOPEN__(name, dirname, flags, mode, dbpp); \
+  if (is_tainted(name) || is_tainted(dirname)) \
+    { \
+    log_write(0, LOG_MAIN|LOG_PANIC, "Tainted name for DB file not permitted"); \
+    *dbpp = NULL; \
+    } \
+  else \
+    { EXIM_DBOPEN__(name, dirname, flags, mode, dbpp); } \
   DEBUG(D_hints_lookup) debug_printf_indent("returned from EXIM_DBOPEN: %p\n", *dbpp); \
   } while(0)
 #  define EXIM_DBCLOSE(db) \