Track tainted data and refuse to expand it

[exim.git] / src / src / routers / rf_get_munge_headers.c

diff --git a/src/src/routers/rf_get_munge_headers.c b/src/src/routers/rf_get_munge_headers.c
index 7f81e65585afbfa75161a4ee6643c39ed22beca0..5c95d2d1c957026f9f8ba93b501bb919062f909b 100644 (file)
--- a/src/src/routers/rf_get_munge_headers.c
+++ b/src/src/routers/rf_get_munge_headers.c
@@ -59,7 +59,7 @@ if (rblock->extra_headers)
       shared with other addresses. The output function outputs them in reverse
       order. */
 
-      header_line *  h = store_get(sizeof(header_line));
+      header_line *  h = store_get(sizeof(header_line), FALSE);
 
       /* We used to use string_sprintf() to add the newline if needed, but that
       causes problems if the header line is exceedingly long (e.g. adding
@@ -69,7 +69,7 @@ if (rblock->extra_headers)
        h->text = s;
       else
        {
-       h->text = store_get(slen+2);
+       h->text = store_get(slen+2, is_tainted(s));
        memcpy(h->text, s, slen);
        h->text[slen++] = '\n';
        h->text[slen] = 0;
@@ -109,8 +109,9 @@ if (rblock->remove_headers)
       }
     else if (*s)
       g = string_append_listele(g, ':', s);
-    if (g)
-      *remove_headers = g->s;
+
+  if (g)
+    *remove_headers = g->s;
   }
 
 return OK;