X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/f3ebb786e451da973560f1c9d8cdb151d25108b5..d4c9963ace2b653f657c74abecfecb7546c722b1:/src/src/dbfn.c

diff --git a/src/src/dbfn.c b/src/src/dbfn.c
index 63a1aefe3..bbf20a1d5 100644
--- a/src/src/dbfn.c
+++ b/src/src/dbfn.c
@@ -3,6 +3,7 @@
 *************************************************/
 
 /* Copyright (c) University of Cambridge 1995 - 2018 */
+/* Copyright (c) The Exim Maintainers 2020 */
 /* See the file NOTICE for conditions of use and distribution. */
 
 
@@ -194,26 +195,29 @@ but creation of the database file failed. */
 
 if (created && geteuid() == root_uid)
   {
-  DIR *dd;
-  struct dirent *ent;
+  DIR * dd;
   uschar *lastname = Ustrrchr(filename, '/') + 1;
   int namelen = Ustrlen(name);
 
   *lastname = 0;
-  dd = opendir(CS filename);
 
-  while ((ent = readdir(dd)))
-    if (Ustrncmp(ent->d_name, name, namelen) == 0)
-      {
-      struct stat statbuf;
-      Ustrcpy(lastname, US ent->d_name);
-      if (Ustat(filename, &statbuf) >= 0 && statbuf.st_uid != exim_uid)
-        {
-        DEBUG(D_hints_lookup) debug_printf_indent("ensuring %s is owned by exim\n", filename);
-        if (exim_chown(filename, exim_uid, exim_gid))
-          DEBUG(D_hints_lookup) debug_printf_indent("failed setting %s to owned by exim\n", filename);
-        }
-      }
+  if ((dd = exim_opendir(filename)))
+    for (struct dirent *ent; ent = readdir(dd); )
+      if (Ustrncmp(ent->d_name, name, namelen) == 0)
+	{
+	struct stat statbuf;
+	/* Filenames from readdir() are trusted,
+	so use a taint-nonchecking copy */
+	strcpy(CS lastname, CCS ent->d_name);
+	if (Ustat(filename, &statbuf) >= 0 && statbuf.st_uid != exim_uid)
+	  {
+	  DEBUG(D_hints_lookup)
+	    debug_printf_indent("ensuring %s is owned by exim\n", filename);
+	  if (exim_chown(filename, exim_uid, exim_gid))
+	    DEBUG(D_hints_lookup)
+	      debug_printf_indent("failed setting %s to owned by exim\n", filename);
+	  }
+	}
 
   closedir(dd);
   }