US"base62d",
US"base64",
US"base64d",
- US"bless",
US"domain",
US"escape",
US"escape8bit",
EOP_BASE62D,
EOP_BASE64,
EOP_BASE64D,
- EOP_BLESS,
EOP_DOMAIN,
EOP_ESCAPE,
EOP_ESCAPE8BIT,
f.expand_string_forcedfail = FALSE;
expand_string_message = US"";
-if (is_tainted(string))
+{ uschar *m;
+if ((m = is_tainted2(string, LOG_MAIN|LOG_PANIC, "Tainted string '%s' in expansion", s)))
{
- expand_string_message =
- string_sprintf("attempt to expand tainted string '%s'", s);
- log_write(0, LOG_MAIN|LOG_PANIC, "%s", expand_string_message);
+ expand_string_message = m;
goto EXPAND_FAILED;
}
+}
while (*s)
{
condition for real. For EITEM_MAP and EITEM_REDUCE, do the same, using
the normal internal expansion function. */
- if (item_type == EITEM_FILTER)
- {
- if ((temp = eval_condition(expr, &resetok, NULL)))
- s = temp;
- }
- else
+ if (item_type != EITEM_FILTER)
temp = expand_string_internal(s, TRUE, &s, TRUE, TRUE, &resetok);
+ else
+ if ((temp = eval_condition(expr, &resetok, NULL))) s = temp;
if (!temp)
{
goto EXPAND_FAILED;
}
- Uskip_whitespace(&s);
+ Uskip_whitespace(&s); /*{*/
if (*s++ != '}')
{ /*{*/
expand_string_message = string_sprintf("missing } at end of condition "
continue;
}
- case EOP_BLESS:
- /* This is purely for the convenience of the test harness. Do not enable
- it otherwise as it defeats the taint-checking security. */
-
- if (f.running_in_test_harness)
- yield = string_cat(yield, is_tainted(sub)
- ? string_copy_taint(sub, FALSE) : sub);
- else
- {
- DEBUG(D_expand) debug_printf_indent("bless operator not supported\n");
- yield = string_cat(yield, sub);
- }
- continue;
-
case EOP_EXPAND:
{
uschar *expanded = expand_string_internal(sub, FALSE, NULL, skipping, TRUE, &resetok);
/* Manually track tainting, as we deal in individual chars below */
if (is_tainted(sub))
+ {
if (yield->s && yield->ptr)
gstring_rebuffer(yield);
else
yield->s = store_get(yield->size = Ustrlen(sub), TRUE);
+ }
/* Check the UTF-8, byte-by-byte */
EXPAND_FAILED:
if (left) *left = s;
DEBUG(D_expand)
+ {
DEBUG(D_noutf8)
{
debug_printf_indent("|failed to expand: %s\n", string);
if (f.expand_string_forcedfail)
debug_printf_indent(UTF8_UP_RIGHT "failure was forced\n");
}
+ }
if (resetok_p && !resetok) *resetok_p = FALSE;
expand_level--;
return NULL;