X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/b7c6d0ccbc57c958954205b2c9d70528b9688c1a..a85c067ba6c6940512cf57ec213277a370d87e70:/src/src/parse.c

diff --git a/src/src/parse.c b/src/src/parse.c
index fcea2ea26..93b12bc77 100644
--- a/src/src/parse.c
+++ b/src/src/parse.c
@@ -2,9 +2,10 @@
 *     Exim - an Internet mail transport agent    *
 *************************************************/
 
+/* Copyright (c) The Exim Maintainers 2020 - 2022 */
 /* Copyright (c) University of Cambridge 1995 - 2018 */
-/* Copyright (c) The Exim Maintainers 2020 - 2021 */
 /* See the file NOTICE for conditions of use and distribution. */
+/* SPDX-License-Identifier: GPL-2.0-only */
 
 /* Functions for parsing addresses */
 
@@ -22,22 +23,25 @@ redundant apparatus. */
 
 #ifdef STAND_ALONE
 
-address_item *deliver_make_addr(uschar *address, BOOL copy)
+address_item *
+deliver_make_addr(uschar *address, BOOL copy)
 {
-address_item *addr = store_get(sizeof(address_item), FALSE);
+address_item *addr = store_get(sizeof(address_item), GET_UNTAINTED);
 addr->next = NULL;
 addr->parent = NULL;
 addr->address = address;
 return addr;
 }
 
-uschar *rewrite_address(uschar *recipient, BOOL dummy1, BOOL dummy2, rewrite_rule
+uschar *
+rewrite_address(uschar *recipient, BOOL dummy1, BOOL dummy2, rewrite_rule
   *dummy3, int dummy4)
 {
 return recipient;
 }
 
-uschar *rewrite_address_qualify(uschar *recipient, BOOL dummy1)
+uschar *
+rewrite_address_qualify(uschar *recipient, BOOL dummy1)
 {
 return recipient;
 }
@@ -627,7 +631,7 @@ uschar *
 parse_extract_address(const uschar *mailbox, uschar **errorptr, int *start, int *end,
   int *domain, BOOL allow_null)
 {
-uschar *yield = store_get(Ustrlen(mailbox) + 1, is_tainted(mailbox));
+uschar * yield = store_get(Ustrlen(mailbox) + 1, mailbox);
 const uschar *startptr, *endptr;
 const uschar *s = US mailbox;
 uschar *t = US yield;
@@ -655,7 +659,7 @@ followed by a route-addr (more words must follow). */
 
 if (*s != '@' && *s != '<')
   {
-  if (*s == 0 || *s == ';')
+  if (!*s || *s == ';')
     {
     if (!*t) FAILED(US"empty address");
     endptr = last_comment_position;
@@ -994,11 +998,9 @@ if (i < len)
 /* No non-printers; use the RFC 822 quoting rules */
 
 if (len <= 0 || len >= INT_MAX/4)
-  {
-  return string_copy_taint(CUS"", is_tainted(phrase));
-  }
+  return string_copy_taint(CUS"", phrase);
 
-buffer = store_get((len+1)*4, is_tainted(phrase));
+buffer = store_get((len+1)*4, phrase);
 
 s = phrase;
 end = s + len;
@@ -1414,16 +1416,22 @@ for (;;)
       return FF_ERROR;
       }
 
-    if ((*error = is_tainted2(filename, 0, "Tainted name '%s' for included file not permitted\n", filename)))
+    if (is_tainted(filename))
+      {
+      *error = string_sprintf("Tainted name '%s' for included file  not permitted\n",
+       filename);
       return FF_ERROR;
+      }
 
     /* Check file name if required */
 
     if (directory)
       {
       int len = Ustrlen(directory);
-      uschar * p = filename + len;
+      uschar * p;
 
+      while (len > 0 && directory[len-1] == '/') len--;		/* ignore trailing '/' */
+      p = filename + len;
       if (Ustrncmp(filename, directory, len) != 0 || *p != '/')
         {
         *error = string_sprintf("included file %s is not in directory %s",
@@ -1448,9 +1456,10 @@ for (;;)
 	{
 	uschar temp;
 	int fd2;
-	uschar * q = p;
+	uschar * q = p + 1;		/* skip dividing '/' */
 
-	while (*++p && *p != '/') ;
+	while (*q == '/') q++;		/* skip extra '/' */
+	while (*++p && *p != '/') ;	/* end of component */
 	temp = *p;
 	*p = '\0';
 
@@ -1538,7 +1547,7 @@ for (;;)
       return FF_ERROR;
       }
 
-    filebuf = store_get(statbuf.st_size + 1, is_tainted(filename));
+    filebuf = store_get(statbuf.st_size + 1, filename);
     if (fread(filebuf, 1, statbuf.st_size, f) != statbuf.st_size)
       {
       *error = string_sprintf("error while reading included file %s: %s",
@@ -1613,7 +1622,7 @@ for (;;)
 
     if ((*s_ltd == '|' || *s_ltd == '/') && (!recipient || domain == 0))
       {
-      uschar * t = store_get(Ustrlen(s_ltd) + 1, is_tainted(s_ltd));
+      uschar * t = store_get(Ustrlen(s_ltd) + 1, s_ltd);
       uschar * p = t, * q = s_ltd;
 
       while (*q)
@@ -1651,7 +1660,7 @@ for (;;)
 
         if (syntax_errors)
           {
-          error_block * e = store_get(sizeof(error_block), FALSE);
+          error_block * e = store_get(sizeof(error_block), GET_UNTAINTED);
           error_block * last = *syntax_errors;
           if (last)
             {
@@ -1731,7 +1740,7 @@ for the answer, but it may also be very long if we are processing a header
 line. Therefore, take care to release unwanted store afterwards. */
 
 reset_point = store_mark();
-id = *yield = store_get(Ustrlen(str) + 1, is_tainted(str));
+id = *yield = store_get(Ustrlen(str) + 1, str);
 *id++ = *str++;
 
 str = read_addr_spec(str, id, '>', error, &domain);