X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/163144aab02a47427340d0ecc75e2abde675f4c9..c8b050fd148ef06666c1f6feaa492d122f65e23e:/src/src/acl.c

diff --git a/src/src/acl.c b/src/src/acl.c
index 7284831a6..13cda1ab4 100644
--- a/src/src/acl.c
+++ b/src/src/acl.c
@@ -1022,8 +1022,8 @@ for (p = q; *p; p = q)
   if (!*hptr)
     {
     /* The header_line struct itself is not tainted, though it points to
-    tainted data. */
-    header_line *h = store_get(sizeof(header_line), FALSE);
+    possibly tainted data. */
+    header_line * h = store_get(sizeof(header_line), FALSE);
     h->text = hdr;
     h->next = NULL;
     h->type = newtype;
@@ -3590,6 +3590,12 @@ for (; cb; cb = cb->next)
     #endif
 
     case ACLC_QUEUE:
+    if (is_tainted(arg))
+      {
+      *log_msgptr = string_sprintf("Tainted name '%s' for queue not permitted",
+				    arg);
+      return ERROR;
+      }
     if (Ustrchr(arg, '/'))
       {
       *log_msgptr = string_sprintf(