X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/3857519629ca8fbcf3466c3fc761a5bb6ed32d53..3f77bd134b64c532748b83c3931df07058268b5e:/src/src/search.c diff --git a/src/src/search.c b/src/src/search.c index b00bc9ab0..d0eb84b3b 100644 --- a/src/src/search.c +++ b/src/src/search.c @@ -2,7 +2,7 @@ * Exim - an Internet mail transport agent * *************************************************/ -/* Copyright (c) The Exim Maintainers 2020 - 2022 */ +/* Copyright (c) The Exim Maintainers 2020 - 2023 */ /* Copyright (c) University of Cambridge 1995 - 2015 */ /* See the file NOTICE for conditions of use and distribution. */ /* SPDX-License-Identifier: GPL-2.0-or-later */ @@ -247,7 +247,7 @@ if (mac_islookup(search_type, lookup_absfilequery)) if (*query == '/') { uschar * s = query; - while (*query && !isspace(*query)) query++; + Uskip_nonwhite(&query); *fnamep = string_copyn(s, query - s); Uskip_whitespace(&query); } @@ -590,35 +590,48 @@ else is either untainted or properly quoted for the lookup type. XXX Should we this move into lf_sqlperform() ? The server-taint check is there. + Also it already knows about looking for a "servers" spec in the query string. + Passing search_type down that far is an issue. */ if ( !filename && lookup_list[search_type]->quote && is_tainted(keystring) && !is_quoted_like(keystring, search_type)) { - uschar * s = acl_current_verb(); - if (!s) s = authenticator_current_name(); /* must be before transport */ - if (!s) s = transport_current_name(); /* must be before router */ - if (!s) s = router_current_name(); /* GCC ?: would be good, but not in clang */ - if (!s) s = US""; + const uschar * ks = keystring; + uschar * loc = acl_current_verb(); + if (!loc) loc = authenticator_current_name(); /* must be before transport */ + if (!loc) loc = transport_current_name(); /* must be before router */ + if (!loc) loc = router_current_name(); /* GCC ?: would be good, but not in clang */ + if (!loc) loc = US""; + + if (Ustrncmp(ks, "servers", 7) == 0) /* Avoid logging server/password */ + if ((ks = Ustrchr(keystring, ';'))) + while (isspace(*++ks)) + ; + else + ks = US""; + #ifdef enforce_quote_protection_notyet search_error_message = string_sprintf( "tainted search query is not properly quoted%s: %s%s", - s, keystring); + loc, ks); f.search_find_defer = TRUE; + goto out; #else - { - int q = quoter_for_address(keystring); - /* If we're called from a transport, no privs to open the paniclog; - the logging punts to using stderr - and that seems to stop the debug - stream. */ - log_write(0, - transport_name ? LOG_MAIN : LOG_MAIN|LOG_PANIC, - "tainted search query is not properly quoted%s: %s", s, keystring); - - DEBUG(D_lookup) debug_printf_indent("search_type %d (%s) quoting %d (%s)\n", + /* If we're called from a transport, no privs to open the paniclog; + the logging punts to using stderr - and that seems to stop the debug + stream. */ + log_write(0, + transport_name ? LOG_MAIN : LOG_MAIN|LOG_PANIC, + "tainted search query is not properly quoted%s: %s", loc, ks); + + DEBUG(D_lookup) + { + int q = quoter_for_address(ks); + debug_printf_indent("search_type %d (%s) quoting %d (%s)\n", search_type, lookup_list[search_type]->name, q, is_real_quoter(q) ? lookup_list[q]->name : US"none"); - } + } #endif } @@ -669,10 +682,11 @@ pointer to NULL here, because we cannot release the store at this stage. */ } } +out: DEBUG(D_lookup) { if (data) - debug_printf_indent("lookup yielded: %s\n", data); + debug_printf_indent("lookup yielded: %W\n", data); else if (f.search_find_defer) debug_printf_indent("lookup deferred: %s\n", search_error_message); else debug_printf_indent("lookup failed\n"); @@ -966,9 +980,15 @@ than the result. Return a de-tainted version of the key on the grounds that it have been validated by the lookup. */ if (yield && ret_key) + { yield = string_copy_taint(keystring, GET_UNTAINTED); + DEBUG(D_lookup) + debug_printf_indent("lookup yield replace by key: %s\n", yield); + } return yield; } /* End of search.c */ +/* vi: aw ai sw=2 +*/