From: Jeremy Harris Date: Thu, 11 Jun 2020 23:46:34 +0000 (+0100) Subject: Taint: fix radius expansion condition X-Git-Url: https://git.exim.org/users/heiko/exim.git/commitdiff_plain/94d719d803caf2c0c902dceeb787795eac11a63b?ds=sidebyside Taint: fix radius expansion condition (cherry picked from commit f91219c114a3d95792d052555664a5a7a3984a8d) --- diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 612005803..41d8c6276 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -9,7 +9,7 @@ Since Exim version 4.94 JH/02 Bug 2587: Fix pam expansion condition. Tainted values are commonly used as arguments, so an implementation trying to copy these into a local buffer was taking a taint-enforcement trap. Fix by using dynamically - created buffers. + created buffers. Similar fix for radius expansion condition. JH/03 Bug 2586: Fix listcount expansion operator. Using tainted arguments is reasonable, eg. to count headers. Fix by using dynamically created diff --git a/src/src/auths/call_radius.c b/src/src/auths/call_radius.c index cc269dcd5..9d10b34c6 100644 --- a/src/src/auths/call_radius.c +++ b/src/src/auths/call_radius.c @@ -96,8 +96,7 @@ int sep = 0; #endif -user = string_nextinlist(&radius_args, &sep, big_buffer, big_buffer_size); -if (!user) user = US""; +if (!(user = string_nextinlist(&radius_args, &sep, NULL, 0))) user = US""; DEBUG(D_auth) debug_printf("Running RADIUS authentication for user \"%s\" " "and \"%s\"\n", user, radius_args);