static BOOL
match_tag(const uschar *s, const uschar *tag)
{
-for (; *tag != 0; s++, tag++)
+for (; *tag; s++, tag++)
if (*tag == ' ')
{
while (*s == ' ' || *s == '\t') s++;
int
rda_is_filter(const uschar *s)
{
-while (isspace(*s)) s++; /* Skips initial blank lines */
-if (match_tag(s, CUS"# exim filter")) return FILTER_EXIM;
- else if (match_tag(s, CUS"# sieve filter")) return FILTER_SIEVE;
- else return FILTER_FORWARD;
+Uskip_whitespace(&s); /* Skips initial blank lines */
+if (match_tag(s, CUS"# exim filter")) return FILTER_EXIM;
+else if (match_tag(s, CUS"# sieve filter")) return FILTER_SIEVE;
+else return FILTER_FORWARD;
}
/* Reading a file is a form of expansion; we wish to deny attackers the
capability to specify the file name. */
-if (is_tainted(filename))
+if ((*error = is_tainted2(filename, 0, "Tainted name '%s' for file read not permitted\n", filename)))
{
- *error = string_sprintf("Tainted name '%s' for file read not permitted\n",
- filename);
*yield = FF_ERROR;
return NULL;
}
DEFAULT_ERROR:
default:
- *error = string_open_failed(errno, "%s", filename);
+ *error = string_open_failed("%s", filename);
*yield = FF_ERROR;
return NULL;
}
oldsignal = signal(SIGCHLD, SIG_DFL);
search_tidyup();
-if ((pid = fork()) == 0)
+if ((pid = exim_fork(US"router-interpret")) == 0)
{
header_line *waslast = header_last; /* Save last header */
+ int fd_flags = -1;
fd = pfd[pipe_write];
(void)close(pfd[pipe_read]);
+
+ if ((fd_flags = fcntl(fd, F_GETFD)) == -1) goto bad;
+ if (fcntl(fd, F_SETFD, fd_flags | FD_CLOEXEC) == -1) goto bad;
+
exim_setugid(ugid->uid, ugid->gid, FALSE, rname);
/* Addresses can get rewritten in filters; if we are not root or the exim
out:
(void)close(fd);
search_tidyup();
- exim_underbar_exit(0);
+ exim_underbar_exit(EXIT_SUCCESS);
bad:
DEBUG(D_rewrite) debug_printf("rda_interpret: failed write to pipe\n");