X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/6e48a63849cd3f1dfb3555fe57094954b3f7f092..a85c067ba6c6940512cf57ec213277a370d87e70:/src/src/child.c

diff --git a/src/src/child.c b/src/src/child.c
index 267306ee3..b94e814a1 100644
--- a/src/src/child.c
+++ b/src/src/child.c
@@ -2,9 +2,10 @@
 *     Exim - an Internet mail transport agent    *
 *************************************************/
 
+/* Copyright (c) The Exim Maintainers 2020 - 2022 */
 /* Copyright (c) University of Cambridge 1995 - 2015 */
-/* Copyright (c) The Exim Maintainers 2020 - 2021 */
 /* See the file NOTICE for conditions of use and distribution. */
+/* SPDX-License-Identifier: GPL-2.0-only */
 
 
 #include "exim.h"
@@ -81,7 +82,7 @@ argv = store_get((extra + acount + MAX_CLMACROS + 24) * sizeof(char *), GET_UNTA
 /* In all case, the list starts out with the path, any macros, and a changed
 config file. */
 
-argv[n++] = exim_path;
+argv[n++] = exim_path;		/* assume untainted */
 if (clmacro_count > 0)
   {
   memcpy(argv + n, clmacros, clmacro_count * sizeof(uschar *));
@@ -343,6 +344,13 @@ int save_errno;
 int inpfd[2], outpfd[2];
 pid_t pid;
 
+if (is_tainted(argv[0]))
+  {
+  log_write(0, LOG_MAIN | LOG_PANIC, "Attempt to exec tainted path: '%s'", argv[0]);
+  errno = EPERM;
+  return (pid_t)(-1);
+  }
+
 /* Create the pipes. */
 
 if (pipe(inpfd) != 0) return (pid_t)(-1);