git://git.exim.org
/
exim.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
SPDX: license tags (mostly by guesswork)
[exim.git]
/
src
/
src
/
child.c
diff --git
a/src/src/child.c
b/src/src/child.c
index 267306ee3f0c3eee6173ce044f703fcb9d9a85ef..b94e814a1c12f7b5558141481882ad5cc2cef998 100644
(file)
--- a/
src/src/child.c
+++ b/
src/src/child.c
@@
-2,9
+2,10
@@
* Exim - an Internet mail transport agent *
*************************************************/
* Exim - an Internet mail transport agent *
*************************************************/
+/* Copyright (c) The Exim Maintainers 2020 - 2022 */
/* Copyright (c) University of Cambridge 1995 - 2015 */
/* Copyright (c) University of Cambridge 1995 - 2015 */
-/* Copyright (c) The Exim Maintainers 2020 - 2021 */
/* See the file NOTICE for conditions of use and distribution. */
/* See the file NOTICE for conditions of use and distribution. */
+/* SPDX-License-Identifier: GPL-2.0-only */
#include "exim.h"
#include "exim.h"
@@
-81,7
+82,7
@@
argv = store_get((extra + acount + MAX_CLMACROS + 24) * sizeof(char *), GET_UNTA
/* In all case, the list starts out with the path, any macros, and a changed
config file. */
/* In all case, the list starts out with the path, any macros, and a changed
config file. */
-argv[n++] = exim_path;
+argv[n++] = exim_path;
/* assume untainted */
if (clmacro_count > 0)
{
memcpy(argv + n, clmacros, clmacro_count * sizeof(uschar *));
if (clmacro_count > 0)
{
memcpy(argv + n, clmacros, clmacro_count * sizeof(uschar *));
@@
-343,6
+344,13
@@
int save_errno;
int inpfd[2], outpfd[2];
pid_t pid;
int inpfd[2], outpfd[2];
pid_t pid;
+if (is_tainted(argv[0]))
+ {
+ log_write(0, LOG_MAIN | LOG_PANIC, "Attempt to exec tainted path: '%s'", argv[0]);
+ errno = EPERM;
+ return (pid_t)(-1);
+ }
+
/* Create the pipes. */
if (pipe(inpfd) != 0) return (pid_t)(-1);
/* Create the pipes. */
if (pipe(inpfd) != 0) return (pid_t)(-1);