git://git.exim.org
/
exim.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Fix build for OpenSSL 3.0.0 . Bug 2810
[exim.git]
/
src
/
src
/
bmi_spam.c
diff --git
a/src/src/bmi_spam.c
b/src/src/bmi_spam.c
index 546ac1e36837963c173d8e1618ec09973352ba38..6972bc3a7957bdac5f09028b0cd59448734974c6 100644
(file)
--- a/
src/src/bmi_spam.c
+++ b/
src/src/bmi_spam.c
@@
-190,8
+190,10
@@
uschar *bmi_process_message(header_line *header_list, int data_fd) {
return NULL;
};
return NULL;
};
- /* get store for the verdict string */
- verdicts = store_get(1);
+ /* Get store for the verdict string. Since we are processing message data, assume that
+ the verdict is tainted. XXX this should use a growable-string */
+
+ verdicts = store_get(1, TRUE);
*verdicts = '\0';
for ( err = bmiAccessFirstVerdict(message, &verdict);
*verdicts = '\0';
for ( err = bmiAccessFirstVerdict(message, &verdict);
@@
-200,7
+202,8
@@
uschar *bmi_process_message(header_line *header_list, int data_fd) {
char *verdict_str;
err = bmiCreateStrFromVerdict(verdict,&verdict_str);
char *verdict_str;
err = bmiCreateStrFromVerdict(verdict,&verdict_str);
- if (!store_extend(verdicts, Ustrlen(verdicts)+1, Ustrlen(verdicts)+1+strlen(verdict_str)+1)) {
+ if (!store_extend(verdicts, TRUE,
+ Ustrlen(verdicts)+1, Ustrlen(verdicts)+1+strlen(verdict_str)+1)) {
/* can't allocate more store */
return NULL;
};
/* can't allocate more store */
return NULL;
};
@@
-299,7
+302,7
@@
uschar *bmi_get_alt_location(uschar *base64_verdict) {
}
else {
/* deliver to alternate location */
}
else {
/* deliver to alternate location */
- rc = store_get(strlen(bmiVerdictAccessDestination(verdict))+1);
+ rc = store_get(strlen(bmiVerdictAccessDestination(verdict))+1
, TRUE
);
Ustrcpy(rc, bmiVerdictAccessDestination(verdict));
rc[strlen(bmiVerdictAccessDestination(verdict))] = '\0';
};
Ustrcpy(rc, bmiVerdictAccessDestination(verdict));
rc[strlen(bmiVerdictAccessDestination(verdict))] = '\0';
};
@@
-324,7
+327,7
@@
uschar *bmi_get_base64_verdict(uschar *bmi_local_part, uschar *bmi_domain) {
return NULL;
/* allocate room for the b64 verdict string */
return NULL;
/* allocate room for the b64 verdict string */
- verdict_buffer = store_get(Ustrlen(bmi_verdicts)+1);
+ verdict_buffer = store_get(Ustrlen(bmi_verdicts)+1
, TRUE
);
/* loop through verdicts */
verdict_ptr = bmi_verdicts;
/* loop through verdicts */
verdict_ptr = bmi_verdicts;
@@
-445,9
+448,11
@@
int bmi_check_rule(uschar *base64_verdict, uschar *option_list) {
}
/* loop through numbers */
}
/* loop through numbers */
+ /* option_list doesn't seem to be expanded so cannot be tainted. If it ever is we
+ will trap here */
rule_ptr = option_list;
while ((rule_num = string_nextinlist(&rule_ptr, &sep,
rule_ptr = option_list;
while ((rule_num = string_nextinlist(&rule_ptr, &sep,
- rule_buffer,
32)) != NULL
) {
+ rule_buffer,
sizeof(rule_buffer)))
) {
int rule_int = -1;
/* try to translate to int */
int rule_int = -1;
/* try to translate to int */