From 13d2ba0e1c1aaab62580d7e78589e8469f6809e5 Mon Sep 17 00:00:00 2001
From: Jeremy Harris <jgh146exb@wizmail.org>
Date: Sat, 19 Mar 2022 19:11:17 +0000
Subject: [PATCH] Tidying: explicit (de)tainting copies

---
 src/src/dmarc.c                 | 2 +-
 src/src/exim.c                  | 2 +-
 src/src/lookups/dsearch.c       | 2 +-
 src/src/route.c                 | 2 +-
 src/src/search.c                | 2 +-
 src/src/spool_out.c             | 2 +-
 src/src/transports/appendfile.c | 4 ++--
 src/src/verify.c                | 4 ++--
 8 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/src/src/dmarc.c b/src/src/dmarc.c
index f1b18bd59..1bbaa7718 100644
--- a/src/src/dmarc.c
+++ b/src/src/dmarc.c
@@ -231,7 +231,7 @@ if (rc == DNS_SUCCEED)
     if (rr->type == T_TXT && rr->size > 3)
       {
       store_free_dns_answer(dnsa);
-      return string_copyn_taint(US rr->data, rr->size, TRUE);
+      return string_copyn_taint(US rr->data, rr->size, GET_TAINTED);
       }
 store_free_dns_answer(dnsa);
 return NULL;
diff --git a/src/src/exim.c b/src/src/exim.c
index ade96fe20..40955a9da 100644
--- a/src/src/exim.c
+++ b/src/src/exim.c
@@ -5262,7 +5262,7 @@ if (expansion_test)
     message_id = US exim_str_fail_toolong(argv[msg_action_arg], MESSAGE_ID_LENGTH, "message-id");
     /* Checking the length of the ID is sufficient to validate it.
     Get an untainted version so file opens can be done. */
-    message_id = string_copy_taint(message_id, FALSE);
+    message_id = string_copy_taint(message_id, GET_UNTAINTED);
 
     spoolname = string_sprintf("%s-H", message_id);
     if ((deliver_datafile = spool_open_datafile(message_id)) < 0)
diff --git a/src/src/lookups/dsearch.c b/src/src/lookups/dsearch.c
index 80000f14a..2c4f13426 100644
--- a/src/src/lookups/dsearch.c
+++ b/src/src/lookups/dsearch.c
@@ -124,7 +124,7 @@ if (  Ulstat(filename, &statbuf) >= 0
   {
   /* Since the filename exists in the filesystem, we can return a
   non-tainted result. */
-  *result = string_copy_taint(flags & RET_FULL ? filename : keystring, FALSE);
+  *result = string_copy_taint(flags & RET_FULL ? filename : keystring, GET_UNTAINTED);
   return OK;
   }
 
diff --git a/src/src/route.c b/src/src/route.c
index ae04c7917..74a792258 100644
--- a/src/src/route.c
+++ b/src/src/route.c
@@ -1670,7 +1670,7 @@ for (r = addr->start_router ? addr->start_router : routers; r; r = nextr)
 	addr->prefix_v = string_copyn(addr->local_part, vlen);
 	}
       else
-	addr->prefix = string_copyn_taint(addr->local_part, plen, FALSE);
+	addr->prefix = string_copyn_taint(addr->local_part, plen, GET_UNTAINTED);
       addr->local_part += plen;
       DEBUG(D_route) debug_printf("stripped prefix %s\n", addr->prefix);
       }
diff --git a/src/src/search.c b/src/src/search.c
index 979dae739..bf709763c 100644
--- a/src/src/search.c
+++ b/src/src/search.c
@@ -959,7 +959,7 @@ than the result.  Return a de-tainted version of the key on the grounds that
 it have been validated by the lookup. */
 
 if (yield && ret_key)
-  yield = string_copy_taint(keystring, FALSE);
+  yield = string_copy_taint(keystring, GET_UNTAINTED);
 
 return yield;
 }
diff --git a/src/src/spool_out.c b/src/src/spool_out.c
index d5cad86d4..bfa935eb0 100644
--- a/src/src/spool_out.c
+++ b/src/src/spool_out.c
@@ -529,7 +529,7 @@ spool_move_message(uschar *id, uschar *subdir, uschar *from, uschar *to)
 uschar * dest_qname = queue_name_dest ? queue_name_dest : queue_name;
 
 /* Since we are working within the spool, de-taint the dest queue name */
-dest_qname = string_copy_taint(dest_qname, FALSE);
+dest_qname = string_copy_taint(dest_qname, GET_UNTAINTED);
 
 /* Create any output directories that do not exist. */
 
diff --git a/src/src/transports/appendfile.c b/src/src/transports/appendfile.c
index 43fe883f6..77115acc7 100644
--- a/src/src/transports/appendfile.c
+++ b/src/src/transports/appendfile.c
@@ -1347,7 +1347,7 @@ if (!isdirectory)
     if (is_tainted(path))
       {
       DEBUG(D_transport) debug_printf("de-tainting path '%s'\n", path);
-      path = string_copy_taint(path, FALSE);
+      path = string_copy_taint(path, GET_UNTAINTED);
       }
 
   if (is_tainted(path)) goto tainted_ret_panic;
@@ -2186,7 +2186,7 @@ else
     if (ob->create_file == create_belowhome)
       {
       DEBUG(D_transport) debug_printf("de-tainting path '%s'\n", path);
-      path = string_copy_taint(path, FALSE);
+      path = string_copy_taint(path, GET_UNTAINTED);
       }
     else
       goto tainted_ret_panic;
diff --git a/src/src/verify.c b/src/src/verify.c
index 12e39d603..d1c4af275 100644
--- a/src/src/verify.c
+++ b/src/src/verify.c
@@ -3546,13 +3546,13 @@ else
     if (n > 4)
       save_errno = (buf[1] << 24) | (buf[2] << 16) | (buf[3] << 8) | buf[4];
     if ((recipient_verify_failure = n > 5
-	? string_copyn_taint(buf+5, n-5, FALSE) : NULL))
+	? string_copyn_taint(buf+5, n-5, GET_UNTAINTED) : NULL))
       {
       int m;
       s = buf + 5 + Ustrlen(recipient_verify_failure) + 1;
       m = n - (s - buf);
       acl_verify_message = *msg =
-	m > 0 ? string_copyn_taint(s, m, FALSE) : NULL;
+	m > 0 ? string_copyn_taint(s, m, GET_UNTAINTED) : NULL;
       }
 
     DEBUG(D_verify) debug_printf_indent("verify call response:"
-- 
2.30.2