Track tainted data and refuse to expand it

[exim.git] / src / src / environment.c

diff --git a/src/src/environment.c b/src/src/environment.c
index c394eb7e7b9f9b31b576857cbe27db5fc105c615..c29cc6c8dd9e6b945854fd5d80f82229117131fb 100644 (file)
--- a/src/src/environment.c
+++ b/src/src/environment.c
@@ -38,8 +38,8 @@ if (!keep_environment || *keep_environment == '\0')
   }
 else if (Ustrcmp(keep_environment, "*") != 0)
   {
-  uschar **p;
-  if (environ) for (p = USS environ; *p; /* see below */)
+  rmark reset_point = store_mark();
+  if (environ) for (uschar ** p = USS environ; *p; /* see below */)
     {
     /* It's considered broken if we do not find the '=', according to
     Florian Weimer. For now we ignore such strings. unsetenv() would complain,
@@ -55,18 +55,18 @@ else if (Ustrcmp(keep_environment, "*") != 0)
         if (os_unsetenv(name) < 0) return FALSE;
         else p = USS environ; /* RESTART from the beginning */
       else p++;
-      store_reset(name);
       }
     }
+  store_reset(reset_point);
   }
 if (add_environment)
   {
-    uschar * p;
-    int sep = 0;
-    const uschar * envlist = add_environment;
+  uschar * p;
+  int sep = 0;
+  const uschar * envlist = add_environment;
 
-    while ((p = string_nextinlist(&envlist, &sep, NULL, 0))) putenv(CS p);
+  while ((p = string_nextinlist(&envlist, &sep, NULL, 0))) putenv(CS p);
   }
 
-  return TRUE;
+return TRUE;
 }