Track tainted data and refuse to expand it

[exim.git] / src / src / routers / rf_get_munge_headers.c

diff --git a/src/src/routers/rf_get_munge_headers.c b/src/src/routers/rf_get_munge_headers.c
index bf8dc4a5d5ec95b45b048bb39a4b555f98455f54..5c95d2d1c957026f9f8ba93b501bb919062f909b 100644 (file)
--- a/src/src/routers/rf_get_munge_headers.c
+++ b/src/src/routers/rf_get_munge_headers.c
@@ -2,7 +2,7 @@
 *     Exim - an Internet mail transport agent    *
 *************************************************/
 
-/* Copyright (c) University of Cambridge 1995 - 2015 */
+/* Copyright (c) University of Cambridge 1995 - 2018 */
 /* See the file NOTICE for conditions of use and distribution. */
 
 #include "../exim.h"
@@ -44,7 +44,7 @@ if (rblock->extra_headers)
   while ((s = string_nextinlist(&list, &sep, NULL, 0)))
     if (!(s = expand_string(s)))
       {
-      if (!expand_string_forcedfail)
+      if (!f.expand_string_forcedfail)
        {
        addr->message = string_sprintf(
          "%s router failed to expand add_headers item \"%s\": %s",
@@ -59,7 +59,7 @@ if (rblock->extra_headers)
       shared with other addresses. The output function outputs them in reverse
       order. */
 
-      header_line *  h = store_get(sizeof(header_line));
+      header_line *  h = store_get(sizeof(header_line), FALSE);
 
       /* We used to use string_sprintf() to add the newline if needed, but that
       causes problems if the header line is exceedingly long (e.g. adding
@@ -69,7 +69,7 @@ if (rblock->extra_headers)
        h->text = s;
       else
        {
-       h->text = store_get(slen+2);
+       h->text = store_get(slen+2, is_tainted(s));
        memcpy(h->text, s, slen);
        h->text[slen++] = '\n';
        h->text[slen] = 0;
@@ -99,7 +99,7 @@ if (rblock->remove_headers)
   while ((s = string_nextinlist(&list, &sep, NULL, 0)))
     if (!(s = expand_string(s)))
       {
-      if (!expand_string_forcedfail)
+      if (!f.expand_string_forcedfail)
        {
        addr->message = string_sprintf(
          "%s router failed to expand remove_headers item \"%s\": %s",
@@ -109,8 +109,9 @@ if (rblock->remove_headers)
       }
     else if (*s)
       g = string_append_listele(g, ':', s);
-    if (g)
-      *remove_headers = g->s;
+
+  if (g)
+    *remove_headers = g->s;
   }
 
 return OK;