#endif
case ACLC_QUEUE:
+ if (is_tainted(arg))
{
- uschar *m;
- if ((m = is_tainted2(arg, 0, "Tainted name '%s' for queue not permitted", arg)))
- {
- *log_msgptr = m;
- return ERROR;
- }
- if (Ustrchr(arg, '/'))
- {
- *log_msgptr = string_sprintf(
- "Directory separator not permitted in queue name: '%s'", arg);
- return ERROR;
- }
- queue_name = string_copy_perm(arg, FALSE);
- break;
+ *log_msgptr = string_sprintf("Tainted name '%s' for queue not permitted",
+ arg);
+ return ERROR;
}
+ if (Ustrchr(arg, '/'))
+ {
+ *log_msgptr = string_sprintf(
+ "Directory separator not permitted in queue name: '%s'", arg);
+ return ERROR;
+ }
+ queue_name = string_copy_perm(arg, FALSE);
+ break;
case ACLC_RATELIMIT:
rc = acl_ratelimit(arg, where, log_msgptr);
acl_text = ss;
-if ( !f.running_in_test_harness
- && is_tainted2(acl_text, LOG_MAIN|LOG_PANIC,
- "Tainted ACL text \"%s\"", acl_text))
+if (is_tainted(acl_text) && !f.running_in_test_harness)
{
+ log_write(0, LOG_MAIN|LOG_PANIC,
+ "attempt to use tainted ACL text \"%s\"", acl_text);
/* Avoid leaking info to an attacker */
*log_msgptr = US"internal configuration error";
return ERROR;
else if (*ss == '/')
{
struct stat statbuf;
- if (is_tainted2(ss, LOG_MAIN|LOG_PANIC, "Tainted ACL file name '%s'", ss))
- {
- /* Avoid leaking info to an attacker */
- *log_msgptr = US"internal configuration error";
- return ERROR;
- }
if ((fd = Uopen(ss, O_RDONLY, 0)) < 0)
{
*log_msgptr = string_sprintf("failed to open ACL file \"%s\": %s", ss,
git://git.exim.org / exim.git / blobdiff