taint SNI values supplied by client

[exim.git] / src / src / arc.c

diff --git a/src/src/arc.c b/src/src/arc.c
index 6c4bcc641e924e17bb8b37aeeb03180ccc213788..c266849ca5d6514333735070f5119d545ed4a898 100644 (file)
--- a/src/src/arc.c
+++ b/src/src/arc.c
@@ -143,7 +143,7 @@ for (pas = &ctx->arcset_chain, prev = NULL, next = ctx->arcset_chain;
   }
 
 DEBUG(D_acl) debug_printf("ARC: new instance %u\n", i);
-*pas = as = store_get(sizeof(arc_set));
+*pas = as = store_get(sizeof(arc_set), FALSE);
 memset(as, 0, sizeof(arc_set));
 as->next = next;
 as->prev = prev;
@@ -201,7 +201,7 @@ al->complete = h;
 
 if (!instance_only)
   {
-  al->rawsig_no_b_val.data = store_get(h->slen + 1);
+  al->rawsig_no_b_val.data = store_get(h->slen + 1, TRUE);     /* tainted */
   memcpy(al->rawsig_no_b_val.data, h->text, off);      /* copy the header name blind */
   r = al->rawsig_no_b_val.data + off;
   al->rawsig_no_b_val.len = off;
@@ -260,9 +260,10 @@ while ((c = *s))
          while ((c = *++s) && c != ';')
            if (c != ' ' && c != '\t' && c != '\n' && c != '\r')
              g = string_catn(g, s, 1);
+         if (!g) return US"no b= value";
          al->b.data = string_from_gstring(g);
          al->b.len = g->ptr;
-         gstring_reset_unused(g);
+         gstring_release_unused(g);
          bend = s;
          break;
        case 'h':                       /* bh= AMS body hash */
@@ -276,9 +277,10 @@ while ((c = *s))
          while ((c = *++s) && c != ';')
            if (c != ' ' && c != '\t' && c != '\n' && c != '\r')
              g = string_catn(g, s, 1);
+         if (!g) return US"no bh= value";
          al->bh.data = string_from_gstring(g);
          al->bh.len = g->ptr;
-         gstring_reset_unused(g);
+         gstring_release_unused(g);
          break;
        default:
          return US"b? tag";
@@ -385,7 +387,7 @@ arc_insert_hdr(arc_ctx * ctx, header_line * h, unsigned off, unsigned hoff,
 {
 unsigned i;
 arc_set * as;
-arc_line * al = store_get(sizeof(arc_line)), ** alp;
+arc_line * al = store_get(sizeof(arc_line), FALSE), ** alp;
 uschar * e;
 
 memset(al, 0, sizeof(arc_line));
@@ -497,7 +499,7 @@ const uschar * e;
 DEBUG(D_acl) debug_printf("ARC: collecting arc sets\n");
 for (h = header_list; h; h = h->next)
   {
-  r = store_get(sizeof(hdr_rlist));
+  r = store_get(sizeof(hdr_rlist), FALSE);
   r->prev = rprev;
   r->used = FALSE;
   r->h = h;
@@ -1098,7 +1100,7 @@ out:
 static hdr_rlist *
 arc_rlist_entry(hdr_rlist * list, const uschar * s, int len)
 {
-hdr_rlist * r = store_get(sizeof(hdr_rlist) + sizeof(header_line));
+hdr_rlist * r = store_get(sizeof(hdr_rlist) + sizeof(header_line), FALSE);
 header_line * h = r->h = (header_line *)(r+1);
 
 r->prev = list;
@@ -1189,7 +1191,8 @@ arc_sign_append_aar(gstring * g, arc_ctx * ctx,
   const uschar * identity, int instance, blob * ar)
 {
 int aar_off = g ? g->ptr : 0;
-arc_set * as = store_get(sizeof(arc_set) + sizeof(arc_line) + sizeof(header_line));
+arc_set * as =
+  store_get(sizeof(arc_set) + sizeof(arc_line) + sizeof(header_line), FALSE);
 arc_line * al = (arc_line *)(as+1);
 header_line * h = (header_line *)(al+1);
 
@@ -1280,7 +1283,7 @@ for (;;)
   g = string_catn(g, US"\r\n\t  ", 5);
   }
 g = string_catn(g, US";\r\n", 3);
-gstring_reset_unused(g);
+gstring_release_unused(g);
 string_from_gstring(g);
 return g;
 }
@@ -1299,7 +1302,7 @@ int col;
 int hashtype = pdkim_hashname_to_hashtype(US"sha256", 6);      /*XXX hardwired */
 blob sig;
 int ams_off;
-arc_line * al = store_get(sizeof(header_line) + sizeof(arc_line));
+arc_line * al = store_get(sizeof(header_line) + sizeof(arc_line), FALSE);
 header_line * h = (header_line *)(al+1);
 
 /* debug_printf("%s\n", __FUNCTION__); */
@@ -1415,7 +1418,7 @@ arc_sign_prepend_as(gstring * arcset_interim, arc_ctx * ctx,
 gstring * arcset;
 arc_set * as;
 uschar * status = arc_ar_cv_status(ar);
-arc_line * al = store_get(sizeof(header_line) + sizeof(arc_line));
+arc_line * al = store_get(sizeof(header_line) + sizeof(arc_line), FALSE);
 header_line * h = (header_line *)(al+1);
 
 gstring * hdata = NULL;
@@ -1698,7 +1701,7 @@ if (g)
 
 if (sigheaders) g = string_catn(g, sigheaders->s, sigheaders->ptr);
 (void) string_from_gstring(g);
-gstring_reset_unused(g);
+gstring_release_unused(g);
 return g;
 }