{
const uschar * tlist = list;
int sep = 0;
-uschar dummy;
+/* Tainted mem for the throwaway element copies */
+uschar * dummy = store_get(2, TRUE);
if (field < 0)
{
- for (field++; string_nextinlist(&tlist, &sep, &dummy, 1); ) field++;
+ for (field++; string_nextinlist(&tlist, &sep, dummy, 1); ) field++;
sep = 0;
}
if (field == 0) return NULL;
-while (--field > 0 && (string_nextinlist(&list, &sep, &dummy, 1))) ;
+while (--field > 0 && (string_nextinlist(&list, &sep, dummy, 1))) ;
return string_nextinlist(&list, &sep, NULL, 0);
}
if (sender_host_name)
g = string_append(g, 3, US";\n\tiprev=pass (", sender_host_name, US")");
else if (host_lookup_deferred)
- g = string_catn(g, US";\n\tiprev=temperror", 19);
+ g = string_cat(g, US";\n\tiprev=temperror");
else if (host_lookup_failed)
- g = string_catn(g, US";\n\tiprev=fail", 13);
+ g = string_cat(g, US";\n\tiprev=fail");
else
return g;
{
expand_string_message =
string_sprintf("lookup of \"%s\" gave DEFER: %s",
- string_printing2(key, FALSE), search_error_message);
+ string_printing2(key, SP_TAB), search_error_message);
goto EXPAND_FAILED;
}
if (expand_setup > 0) expand_nmax = expand_setup;
while ((item = string_nextinlist(&list, &sep, NULL, 0)))
g = string_append_listele(g, ',', item);
- /* possibly plus an EOL string */
+ /* possibly plus an EOL string. Process with escapes, to protect
+ from list-processing. The only current user of eol= in search
+ options is the readsock expansion. */
+
if (sub_arg[3] && *sub_arg[3])
g = string_append_listele(g, ',',
- string_sprintf("eol=%s", sub_arg[3]));
-
+ string_sprintf("eol=%s",
+ string_printing2(sub_arg[3], SP_TAB|SP_SPACE)));
}
/* Gat a (possibly cached) handle for the connection */
git://git.exim.org / exim.git / blobdiff