Taint: enforce checking of directory creates

diff --git a/src/src/directory.c b/src/src/directory.c
index 2d4d565f4ede31504743571a5b1ded263d0ebc42..f54a781b7c22111016095251c23bf913977a8cd2 100644 (file)
--- a/src/src/directory.c
+++ b/src/src/directory.c
@@ -44,6 +44,9 @@ uschar c = 1;
 struct stat statbuf;
 uschar * path;
 
 struct stat statbuf;
 uschar * path;
 

+if (is_tainted(name)) 
+  { p = US"create"; path = US name; errno = ERRNO_TAINT; goto bad; }
+

 if (parent)
   {
   path = string_sprintf("%s%s%s", parent, US"/", name);
 if (parent)
   {
   path = string_sprintf("%s%s%s", parent, US"/", name);


@@ -85,7 +88,7 @@ return TRUE;
 
 bad:
   if (panic) log_write(0, LOG_MAIN|LOG_PANIC_DIE,
 
 bad:
   if (panic) log_write(0, LOG_MAIN|LOG_PANIC_DIE,

-    "Failed to %s directory \"%s\": %s\n", p, path, strerror(errno));
+    "Failed to %s directory \"%s\": %s\n", p, path, exim_errstr(errno));

   return FALSE;
 }
 
   return FALSE;
 }
 

diff --git a/src/src/spool_out.c b/src/src/spool_out.c
index 9a514b33134cab6c8bf7278c8f186aca5f64d279..4539e3c697f0f8d5149024d3b08e55db5f554c44 100644 (file)
--- a/src/src/spool_out.c
+++ b/src/src/spool_out.c
@@ -505,6 +505,9 @@ spool_move_message(uschar *id, uschar *subdir, uschar *from, uschar *to)
 {
 uschar * dest_qname = queue_name_dest ? queue_name_dest : queue_name;
 
 {
 uschar * dest_qname = queue_name_dest ? queue_name_dest : queue_name;
 

+/* Since we are working within the spool, de-taint the dest queue name */
+dest_qname = string_copy_taint(dest_qname, FALSE);
+

 /* Create any output directories that do not exist. */
 
 (void) directory_make(spool_directory,
 /* Create any output directories that do not exist. */
 
 (void) directory_make(spool_directory,