git://git.exim.org
/
exim.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Taint enforce: directory open backstops, single-key search filename
[exim.git]
/
src
/
src
/
lookups
/
dsearch.c
diff --git
a/src/src/lookups/dsearch.c
b/src/src/lookups/dsearch.c
index 9f7dd8da0c0319050bfb8586a7eaf0e099d25207..3a0df303b6fe124316788842397c1406420e414b 100644
(file)
--- a/
src/src/lookups/dsearch.c
+++ b/
src/src/lookups/dsearch.c
@@
-27,8
+27,8
@@
actually scanning through the list of files. */
static void *
dsearch_open(uschar *dirname, uschar **errmsg)
{
static void *
dsearch_open(uschar *dirname, uschar **errmsg)
{
-DIR *
dp = opendir(CS
dirname);
-if (
dp == NULL
)
+DIR *
dp = exim_opendir(
dirname);
+if (
!dp
)
{
int save_errno = errno;
*errmsg = string_open_failed(errno, "%s for directory search", dirname);
{
int save_errno = errno;
*errmsg = string_open_failed(errno, "%s for directory search", dirname);
@@
-47,8
+47,8
@@
return (void *)(-1);
/* The handle will always be (void *)(-1), but don't try casting it to an
integer as this gives warnings on 64-bit systems. */
/* The handle will always be (void *)(-1), but don't try casting it to an
integer as this gives warnings on 64-bit systems. */
-BOOL
-
static
dsearch_check(void *handle, uschar *filename, int modemask, uid_t *owners,
+
static
BOOL
+dsearch_check(void *handle, uschar *filename, int modemask, uid_t *owners,
gid_t *owngroups, uschar **errmsg)
{
handle = handle;
gid_t *owngroups, uschar **errmsg)
{
handle = handle;
@@
-65,13
+65,13
@@
return lf_check_file(-1, filename, S_IFDIR, modemask, owners, owngroups,
scanning the directory, as it is hopefully faster to let the OS do the scanning
for us. */
scanning the directory, as it is hopefully faster to let the OS do the scanning
for us. */
-int
-
static
dsearch_find(void *handle, uschar *dirname, const uschar *keystring, int length,
+
static
int
+dsearch_find(void *handle, uschar *dirname, const uschar *keystring, int length,
uschar **result, uschar **errmsg, uint *do_cache)
{
struct stat statbuf;
int save_errno;
uschar **result, uschar **errmsg, uint *do_cache)
{
struct stat statbuf;
int save_errno;
-uschar
filename[PATH_MAX]
;
+uschar
* filename
;
handle = handle; /* Keep picky compilers happy */
length = length;
handle = handle; /* Keep picky compilers happy */
length = length;
@@
-84,15
+84,12
@@
if (Ustrchr(keystring, '/') != 0)
return DEFER;
}
return DEFER;
}
-if (!string_format(filename, sizeof(filename), "%s/%s", dirname, keystring))
- {
- *errmsg = US"path name too long";
- return DEFER;
- }
-
+filename = string_sprintf("%s/%s", dirname, keystring);
if (Ulstat(filename, &statbuf) >= 0)
{
if (Ulstat(filename, &statbuf) >= 0)
{
- *result = string_copy(keystring);
+ /* Since the filename exists in the filesystem, we can return a
+ non-tainted result. */
+ *result = string_copy_taint(keystring, FALSE);
return OK;
}
return OK;
}