+ if (!filename && is_tainted(keystring))
+ {
+ debug_printf_indent(" ");
+ debug_print_taint(keystring);
+ }
+ }
+
+ /* Check that the query, for query-style lookups,
+ is either untainted or properly quoted for the lookup type.
+
+ XXX Should we this move into lf_sqlperform() ? The server-taint check is there.
+ Also it already knows about looking for a "servers" spec in the query string.
+ Passing required_quoter_id down that far is an issue.
+ */
+
+ if ( !filename && li->quote
+ && is_tainted(keystring) && !is_quoted_like(keystring, li))
+ {
+ const uschar * ks = keystring;
+ uschar * loc = acl_current_verb();
+ if (!loc) loc = authenticator_current_name(); /* must be before transport */
+ if (!loc) loc = transport_current_name(); /* must be before router */
+ if (!loc) loc = router_current_name(); /* GCC ?: would be good, but not in clang */
+ if (!loc) loc = US"";
+
+ if (Ustrncmp(ks, "servers", 7) == 0) /* Avoid logging server/password */
+ if ((ks = Ustrchr(keystring, ';')))
+ while (isspace(*++ks))
+ ;
+ else
+ ks = US"";
+
+#ifdef enforce_quote_protection_notyet
+ search_error_message = string_sprintf(
+ "tainted search query is not properly quoted%s: %s%s",
+ loc, ks);
+ f.search_find_defer = TRUE;
+ goto out;
+#else
+ /* If we're called from a transport, no privs to open the paniclog;
+ the logging punts to using stderr - and that seems to stop the debug
+ stream. */
+ log_write(0,
+ transport_name ? LOG_MAIN : LOG_MAIN|LOG_PANIC,
+ "tainted search query is not properly quoted%s: %s", loc, ks);
+
+ DEBUG(D_lookup)
+ {
+ const uschar * quoter_name;
+ int q = quoter_for_address(ks, "er_name);
+
+ debug_printf_indent("required_quoter_id (%s) quoting %d (%s)\n",
+ li->name,
+ q, quoter_name);
+ }
+#endif