buffer was taking a taint-enformance trap. Fix by using dynamically
created buffers.
+JH/03 Bug 2586: Fix listcount expansion operator. Using tainted arguments is
+ reasonable, eg. to count headers. Fix by using dynamically created
+ buffers rather than a local,
+
Exim version 4.94
-----------------
{
int cnt = 0;
int sep = 0;
- uschar buffer[256];
- while (string_nextinlist(CUSS &sub, &sep, buffer, sizeof(buffer))) cnt++;
+ while (string_nextinlist(CUSS &sub, &sep, NULL, 0)) cnt++;
yield = string_fmt_append(yield, "%d", cnt);
continue;
}