Track tainted data and refuse to expand it

[exim.git] / src / src / auths / xtextencode.c

diff --git a/src/src/auths/xtextencode.c b/src/src/auths/xtextencode.c
index 4d189fc0668f5100709469a82928bd6aa1e87823..30ff8f11ddb039401f34d74c1e2ccfea0e1210ff 100644 (file)
--- a/src/src/auths/xtextencode.c
+++ b/src/src/auths/xtextencode.c
@@ -2,7 +2,7 @@
 *     Exim - an Internet mail transport agent    *
 *************************************************/
 
-/* Copyright (c) University of Cambridge 1995 - 2009 */
+/* Copyright (c) University of Cambridge 1995 - 2018 */
 /* See the file NOTICE for conditions of use and distribution. */
 
 #include "../exim.h"
@@ -40,7 +40,7 @@ in order to get the right amount of store. */
 while (c -- > 0)
   count += ((x = *p++) < 33 || x > 127 || x == '+' || x == '=')? 3 : 1;
 
-pp = code = store_get(count);
+pp = code = store_get(count, is_tainted(clear));
 
 p = US clear;
 c = len;