X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/af0fd7f3c9e7bcf632309fcba36fc5f93d2a0044..8f2cf8f5adaa08ef84b47bf9bc2f71e39236c22d:/src/src/acl.c diff --git a/src/src/acl.c b/src/src/acl.c index fa1172331..46615ce24 100644 --- a/src/src/acl.c +++ b/src/src/acl.c @@ -3885,22 +3885,20 @@ for (; cb; cb = cb->next) #endif case ACLC_QUEUE: + if (is_tainted(arg)) { - uschar *m; - if ((m = is_tainted2(arg, 0, "Tainted name '%s' for queue not permitted", arg))) - { - *log_msgptr = m; - return ERROR; - } - if (Ustrchr(arg, '/')) - { - *log_msgptr = string_sprintf( - "Directory separator not permitted in queue name: '%s'", arg); - return ERROR; - } - queue_name = string_copy_perm(arg, FALSE); - break; + *log_msgptr = string_sprintf("Tainted name '%s' for queue not permitted", + arg); + return ERROR; } + if (Ustrchr(arg, '/')) + { + *log_msgptr = string_sprintf( + "Directory separator not permitted in queue name: '%s'", arg); + return ERROR; + } + queue_name = string_copy_perm(arg, FALSE); + break; case ACLC_RATELIMIT: rc = acl_ratelimit(arg, where, log_msgptr); @@ -4277,10 +4275,10 @@ while (isspace(*ss)) ss++; acl_text = ss; -if ( !f.running_in_test_harness - && is_tainted2(acl_text, LOG_MAIN|LOG_PANIC, - "Tainted ACL text \"%s\"", acl_text)) +if (is_tainted(acl_text) && !f.running_in_test_harness) { + log_write(0, LOG_MAIN|LOG_PANIC, + "attempt to use tainted ACL text \"%s\"", acl_text); /* Avoid leaking info to an attacker */ *log_msgptr = US"internal configuration error"; return ERROR; @@ -4309,12 +4307,6 @@ if (Ustrchr(ss, ' ') == NULL) else if (*ss == '/') { struct stat statbuf; - if (is_tainted2(ss, LOG_MAIN|LOG_PANIC, "Tainted ACL file name '%s'", ss)) - { - /* Avoid leaking info to an attacker */ - *log_msgptr = US"internal configuration error"; - return ERROR; - } if ((fd = Uopen(ss, O_RDONLY, 0)) < 0) { *log_msgptr = string_sprintf("failed to open ACL file \"%s\": %s", ss,