carried on and emitted a BDAT command, even when PIPELINING was not
active.
+JH/43 Bug 2465: Fix taint-handling in dsearch lookup. Previously a nontainted
+ buffer was used for the filename, resulting in a trap when tainted
+ arguments (eg. $domain) were used.
+
Exim version 4.92
-----------------
scanning the directory, as it is hopefully faster to let the OS do the scanning
for us. */
-int
-static dsearch_find(void *handle, uschar *dirname, const uschar *keystring, int length,
+static int
+dsearch_find(void *handle, uschar *dirname, const uschar *keystring, int length,
uschar **result, uschar **errmsg, uint *do_cache)
{
struct stat statbuf;
int save_errno;
-uschar filename[PATH_MAX];
+uschar * filename;
handle = handle; /* Keep picky compilers happy */
length = length;
return DEFER;
}
-if (!string_format(filename, sizeof(filename), "%s/%s", dirname, keystring))
- {
- *errmsg = US"path name too long";
- return DEFER;
- }
-
+filename = string_sprintf("%s/%s", dirname, keystring);
if (Ulstat(filename, &statbuf) >= 0)
{
*result = string_copy(keystring);
*************************************************/
/* The formatting is done by string_vformat, which checks the length of
-everything.
+everything. Taint is taken from the worst of the arguments.
Arguments:
format a printf() format - deliberately char * rather than uschar *
git://git.exim.org / exim.git / commitdiff