Track tainted data and refuse to expand it

[exim.git] / src / src / routers / rf_get_munge_headers.c

diff --git a/src/src/routers/rf_get_munge_headers.c b/src/src/routers/rf_get_munge_headers.c
index f08b55adcdf7f0608b278ef0475076705f81cf39..5c95d2d1c957026f9f8ba93b501bb919062f909b 100644 (file)
--- a/src/src/routers/rf_get_munge_headers.c
+++ b/src/src/routers/rf_get_munge_headers.c
@@ -59,7 +59,7 @@ if (rblock->extra_headers)
       shared with other addresses. The output function outputs them in reverse
       order. */
 
-      header_line *  h = store_get(sizeof(header_line));
+      header_line *  h = store_get(sizeof(header_line), FALSE);
 
       /* We used to use string_sprintf() to add the newline if needed, but that
       causes problems if the header line is exceedingly long (e.g. adding
@@ -69,7 +69,7 @@ if (rblock->extra_headers)
        h->text = s;
       else
        {
-       h->text = store_get(slen+2);
+       h->text = store_get(slen+2, is_tainted(s));
        memcpy(h->text, s, slen);
        h->text[slen++] = '\n';
        h->text[slen] = 0;