SPDX: license tags (mostly by guesswork)

[exim.git] / src / src / lookups / mysql.c

diff --git a/src/src/lookups/mysql.c b/src/src/lookups/mysql.c
index b36ce0950f209c0c68ecb22e7b67c555df714984..a8dae4adee6b6a3cec10f80cb6c82f0cc8662ab3 100644 (file)
--- a/src/src/lookups/mysql.c
+++ b/src/src/lookups/mysql.c
@@ -2,9 +2,10 @@
 *     Exim - an Internet mail transport agent    *
 *************************************************/
 
+/* Copyright (c) The Exim Maintainers 2020 - 2022 */
 /* Copyright (c) University of Cambridge 1995 - 2018 */
-/* Copyright (c) The Exim Maintainers 2020 */
 /* See the file NOTICE for conditions of use and distribution. */
+/* SPDX-License-Identifier: GPL-2.0-only */
 
 /* Thanks to Paul Kelly for contributing the original code for these
 functions. */
@@ -231,7 +232,7 @@ if (!cn)
 
   /* Get store for a new handle, initialize it, and connect to the server */
 
-  mysql_handle = store_get(sizeof(MYSQL), FALSE);
+  mysql_handle = store_get(sizeof(MYSQL), GET_UNTAINTED);
   mysql_init(mysql_handle);
   mysql_options(mysql_handle, MYSQL_READ_DEFAULT_GROUP, CS group);
   if (mysql_real_connect(mysql_handle,
@@ -247,7 +248,7 @@ if (!cn)
 
   /* Add the connection to the cache */
 
-  cn = store_get(sizeof(mysql_connection), FALSE);
+  cn = store_get(sizeof(mysql_connection), GET_UNTAINTED);
   cn->server = server_copy;
   cn->handle = mysql_handle;
   cn->next = mysql_connections;
@@ -413,25 +414,26 @@ can't quote "on spec".
 Arguments:
   s          the string to be quoted
   opt        additional option text or NULL if none
+  idx       lookup type index
 
 Returns:     the processed string or NULL for a bad option
 */
 
 static uschar *
-mysql_quote(uschar * s, uschar * opt)
+mysql_quote(uschar * s, uschar * opt, unsigned idx)
 {
-register int c;
-int count = 0;
-uschar *t = s;
-uschar *quoted;
+int c, count = 0;
+uschar * t = s, * quoted;
 
 if (opt) return NULL;     /* No options recognized */
 
 while ((c = *t++))
   if (Ustrchr("\n\t\r\b\'\"\\", c) != NULL) count++;
 
-if (count == 0) return s;
-t = quoted = store_get(Ustrlen(s) + count + 1, is_tainted(s));
+/* Old code:  if (count == 0) return s;
+Now always allocate and copy, to track the quoted status. */
+
+t = quoted = store_get_quoted(Ustrlen(s) + count + 1, s, idx);
 
 while ((c = *s++))
   {
@@ -463,16 +465,19 @@ return quoted;
 
 #include "../version.h"
 
-void
-mysql_version_report(FILE *f)
+gstring *
+mysql_version_report(gstring * g)
 {
-fprintf(f, "Library version: MySQL: Compile: %lu %s [%s]\n"
-           "                        Runtime: %lu %s\n",
+g = string_fmt_append(g,
+  "Library version: MySQL: Compile: %lu %s [%s]\n"
+  "                        Runtime: %lu %s\n",
         (long)EXIM_MxSQL_VERSION_ID, EXIM_MxSQL_VERSION_STR, EXIM_MxSQL_BASE_STR,
         mysql_get_client_version(), mysql_get_client_info());
 #ifdef DYNLOOKUP
-fprintf(f, "                        Exim version %s\n", EXIM_VERSION_STR);
+g = string_fmt_append(g,
+  "                        Exim version %s\n", EXIM_VERSION_STR);
 #endif
+return g;
 }
 
 /* These are the lookup_info blocks for this driver */