From: Jeremy Harris <jgh146exb@wizmail.org>
Date: Wed, 11 Dec 2019 10:07:08 +0000 (+0000)
Subject: Taint: tweak internal documentation
X-Git-Tag: exim-4_94_RC0~231
X-Git-Url: https://git.exim.org/exim.git/commitdiff_plain/f0ed88dac3d0bb2ec10c3e799d4b410b3ec2c0c4

Taint: tweak internal documentation
---

diff --git a/src/src/local_scan.h b/src/src/local_scan.h
index da9a8911a..548f70dbd 100644
--- a/src/src/local_scan.h
+++ b/src/src/local_scan.h
@@ -9,7 +9,10 @@
 source for the local_scan.c() function. It contains definitions that are made
 available for use in that function, and which are documented.
 
-This API is also used for functions called by the ${dlfunc expansion item. */
+This API is also used for functions called by the ${dlfunc expansion item.
+Coders of dlfunc routines should read the notes on tainting at the start of
+store.c
+*/
 
 
 /* Some basic types that make some things easier, the Exim configuration
diff --git a/src/src/store.c b/src/src/store.c
index b65649f4a..61f9464af 100644
--- a/src/src/store.c
+++ b/src/src/store.c
@@ -62,9 +62,11 @@ The following different types of store are recognized:
   recopy a string being built into a tainted allocation if it meets a %s for a
   tainted argument.  Any intermediate-layer function that (can) return a new
   allocation should behave this way; returning a tainted result if any tainted
-  content is used.  Users of functions that modify existing allocations should
-  check if a tainted source and an untainted destination is used, and fail instead
-  (sprintf() being the classic case).
+  content is used.  Intermediate-layer functions (eg. Ustrncpy) that modify
+  existing allocations fail if tainted data is written into an untainted area.
+  Users of functions that modify existing allocations should check if a tainted
+  source and an untainted destination is used, and fail instead (sprintf() being
+  the classic case).
 */