git://git.exim.org
/
exim.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Taint enforce: directory open backstops, single-key search filename
[exim.git]
/
src
/
src
/
search.c
diff --git
a/src/src/search.c
b/src/src/search.c
index 9d1a10a5a00f2f8f45c9903fac2c69917cedf806..dc90f53d5c6ed23868264c19880ed40fc2b277fd 100644
(file)
--- a/
src/src/search.c
+++ b/
src/src/search.c
@@
-335,6
+335,13
@@
lookup_info *lk = lookup_list[search_type];
uschar keybuffer[256];
int old_pool = store_pool;
uschar keybuffer[256];
int old_pool = store_pool;
+if (filename && is_tainted(filename))
+ {
+ log_write(0, LOG_MAIN|LOG_PANIC,
+ "Tainted filename for search: '%s'", filename);
+ return NULL;
+ }
+
/* Change to the search store pool and remember our reset point */
store_pool = POOL_SEARCH;
/* Change to the search store pool and remember our reset point */
store_pool = POOL_SEARCH;
@@
-353,8
+360,7
@@
sprintf(CS keybuffer, "%c%.254s", search_type + '0',
if ((t = tree_search(search_tree, keybuffer)))
{
if ((t = tree_search(search_tree, keybuffer)))
{
- c = (search_cache *)(t->data.ptr);
- if (c->handle)
+ if ((c = (search_cache *)t->data.ptr)->handle)
{
DEBUG(D_lookup) debug_printf_indent(" cached open\n");
store_pool = old_pool;
{
DEBUG(D_lookup) debug_printf_indent(" cached open\n");
store_pool = old_pool;
@@
-370,7
+376,6
@@
we are holding open in the cache. If the limit is reached, close the least
recently used one. */
if (lk->type == lookup_absfile && open_filecount >= lookup_open_max)
recently used one. */
if (lk->type == lookup_absfile && open_filecount >= lookup_open_max)
- {
if (!open_bot)
log_write(0, LOG_MAIN|LOG_PANIC, "too many lookups open, but can't find "
"one to close");
if (!open_bot)
log_write(0, LOG_MAIN|LOG_PANIC, "too many lookups open, but can't find "
"one to close");
@@
-387,7
+392,6
@@
if (lk->type == lookup_absfile && open_filecount >= lookup_open_max)
c->handle = NULL;
open_filecount--;
}
c->handle = NULL;
open_filecount--;
}
- }
/* If opening is successful, call the file-checking function if there is one,
and if all is still well, enter the open database into the tree. */
/* If opening is successful, call the file-checking function if there is one,
and if all is still well, enter the open database into the tree. */