Add backstop check for taint of executable name when calling exec()

[exim.git] / src / src / transport.c

diff --git a/src/src/transport.c b/src/src/transport.c
index 8b320ecc201f8c215e4dcbf8b4274986c286a6a9..37623ea1ab7e7717ebda580fba8d9d337d90b13c 100644 (file)
--- a/src/src/transport.c
+++ b/src/src/transport.c
@@ -1972,6 +1972,7 @@ if (socket_fd != 0)
 
 DEBUG(D_exec) debug_print_argv(argv);
 exim_nullstd();                          /* Ensure std{out,err} exist */
+/* argv[0] should be untainted, from child_exec_exim() */
 execv(CS argv[0], (char *const *)argv);
 
 DEBUG(D_any) debug_printf("execv failed: %s\n", strerror(errno));