Track tainted data and refuse to expand it

[exim.git] / src / src / lookups / nisplus.c

diff --git a/src/src/lookups/nisplus.c b/src/src/lookups/nisplus.c
index 6a3351eccab09168b88117ffeae17903a754cbf7..98f3df303e4c2e06c80c5add7883cc6f79d6bba5 100644 (file)
--- a/src/src/lookups/nisplus.c
+++ b/src/src/lookups/nisplus.c
@@ -195,7 +195,7 @@ if (field_name)
   *errmsg = string_sprintf("NIS+ field %s not found for %s", field_name,
     query);
 else
-  store_reset(yield->s + yield->ptr + 1);
+  gstring_release_unused(yield);
 
 /* Free result store before finishing. */
 
@@ -240,7 +240,7 @@ if (opt != NULL) return NULL;    /* No options recognized */
 while (*t != 0) if (*t++ == '\"') count++;
 if (count == 0) return s;
 
-t = quoted = store_get(Ustrlen(s) + count + 1);
+t = quoted = store_get(Ustrlen(s) + count + 1, is_tainted(s));
 
 while (*s != 0)
   {