X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/8aa16eb712afac844fb28ed465c6076c6b0ea22b..7dd52d1ff8cd5e8914172d3131412bf1c2ceaf92:/src/src/string.c

diff --git a/src/src/string.c b/src/src/string.c
index fbdc0246d..5acee1b00 100644
--- a/src/src/string.c
+++ b/src/src/string.c
@@ -3,6 +3,7 @@
 *************************************************/
 
 /* Copyright (c) University of Cambridge 1995 - 2018 */
+/* Copyright (c) The Exim Maintainers 2020 */
 /* See the file NOTICE for conditions of use and distribution. */
 
 /* Miscellaneous string-handling functions. Some are not required for
@@ -12,7 +13,6 @@ utilities and tests, and are cut out by the COMPILE_UTILITY macro. */
 #include "exim.h"
 #include <assert.h>
 
-static void gstring_rebuffer(gstring * g);
 
 #ifndef COMPILE_UTILITY
 /*************************************************
@@ -575,18 +575,14 @@ uschar *ss = yield = store_get(Ustrlen(s) + 1, is_tainted(s));
 while (*s != 0)
   {
   if (*s != '\\')
-    {
     *ss++ = *s++;
-    }
   else if (isdigit(s[1]))
     {
     *ss++ = (s[1] - '0')*100 + (s[2] - '0')*10 + s[3] - '0';
     s += 4;
     }
   else if (*(++s) != 0)
-    {
     *ss++ = *s++;
-    }
   }
 
 *ss = 0;
@@ -864,7 +860,8 @@ Returns:     pointer to buffer, containing the next substring,
 */
 
 uschar *
-string_nextinlist(const uschar **listptr, int *separator, uschar *buffer, int buflen)
+string_nextinlist_trc(const uschar **listptr, int *separator, uschar *buffer, int buflen,
+ const uschar * func, int line)
 {
 int sep = *separator;
 const uschar *s = *listptr;
@@ -907,6 +904,8 @@ sep_is_special = iscntrl(sep);
 if (buffer)
   {
   int p = 0;
+  if (is_tainted(s) && !is_tainted(buffer))
+    die_tainted(US"string_nextinlist", func, line);
   for (; *s; s++)
     {
     if (*s == sep && (*(++s) != sep || sep_is_special)) break;
@@ -1243,22 +1242,26 @@ return !!gp;
 
 
 
-/* Copy the content of a string to tainted memory */
-static void
-gstring_rebuffer(gstring * g)
-{
-uschar * s = store_get(g->size, TRUE);
-memcpy(s, g->s, g->ptr);
-g->s = s;
-}
-
-
 
 /* Build or append to a growing-string, sprintf-style.
 
+Arguments:
+	g	a growable-string
+	func	called-from function name, for debug
+	line	called-from file line number, for debug
+	limit	maximum string size
+	flags	see below
+	format	printf-like format string
+	ap	variable-args pointer
+
+Flags:
+	SVFMT_EXTEND            buffer can be created or exteded as needed
+	SVFMT_REBUFFER          buffer can be recopied to tainted mem as needed
+	SVFMT_TAINT_NOCHK       do not check inputs for taint
+
 If the "extend" flag is true, the string passed in can be NULL,
 empty, or non-empty.  Growing is subject to an overall limit given
-by the size_limit argument.
+by the limit argument.
 
 If the "extend" flag is false, the string passed in may not be NULL,
 will not be grown, and is usable in the original place after return.
@@ -1635,7 +1638,7 @@ doesn't seem much we can do about that. */
 
 va_start(ap, format);
 (void) string_vformat_trc(g, func, line, STRING_SPRINTF_BUFFER_SIZE,
-	0, format, ap);
+	SVFMT_REBUFFER, format, ap);
 string_from_gstring(g);
 gstring_release_unused(g);
 va_end(ap);