From bcd69700de5abae9ece41aadd403b621c6869ed6 Mon Sep 17 00:00:00 2001
From: Jeremy Harris <jgh146exb@wizmail.org>
Date: Sun, 22 Sep 2019 10:56:31 +0100
Subject: [PATCH] Fix taint-checking on Solaris

---
 src/src/dbfn.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/src/dbfn.c b/src/src/dbfn.c
index 63a1aefe3..1f058ef72 100644
--- a/src/src/dbfn.c
+++ b/src/src/dbfn.c
@@ -206,7 +206,8 @@ if (created && geteuid() == root_uid)
     if (Ustrncmp(ent->d_name, name, namelen) == 0)
       {
       struct stat statbuf;
-      Ustrcpy(lastname, US ent->d_name);
+      /* Filenames from readdir() are trusted, so use a taint-nonchecking copy */
+      strcpy(CS lastname, CCS ent->d_name);
       if (Ustat(filename, &statbuf) >= 0 && statbuf.st_uid != exim_uid)
         {
         DEBUG(D_hints_lookup) debug_printf_indent("ensuring %s is owned by exim\n", filename);
-- 
2.30.2