git://git.exim.org / exim.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Add backstop check for taint of executable name when calling exec()
[exim.git] / src / src / smtp_in.c
diff --git a/src/src/smtp_in.c b/src/src/smtp_in.c
index 852148fcf594294dbe7944ea9773dcc69bccc0fb..3fe3dab82700acdebf162ac634795f56140465c8 100644 (file)
--- a/src/src/smtp_in.c
+++ b/src/src/smtp_in.c
@@ -5911,6 +5911,7 @@ while (done <= 0)
          {
          DEBUG(D_exec) debug_print_argv(argv);
          exim_nullstd();                   /* Ensure std{in,out,err} exist */
+         /* argv[0] should be untainted, from child_exec_exim() */
          execv(CS argv[0], (char *const *)argv);
          log_write(0, LOG_MAIN|LOG_PANIC_DIE, "exec of \"%s\" (ETRN) failed: %s",
            etrn_command, strerror(errno));
Master Exim source repository