From: Jeremy Harris Date: Thu, 11 Jun 2020 23:46:34 +0000 (+0100) Subject: Taint: fix radius expansion condition X-Git-Url: https://git.exim.org/users/heiko/exim.git/commitdiff_plain/f91219c114a3d95792d052555664a5a7a3984a8d?hp=e447a470aae2e45fc80bfb14a77b06e6f57f4d5c Taint: fix radius expansion condition --- diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 425264191..7284f9cfe 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -13,7 +13,7 @@ JH/01 Bug 1329: Fix format of Maildir-format filenames to match other mail- JH/02 Bug 2587: Fix pam expansion condition. Tainted values are commonly used as arguments, so an implementation trying to copy these into a local buffer was taking a taint-enforcement trap. Fix by using dynamically - created buffers. + created buffers. Similar fix for radius expansion condition. JH/03 Bug 2586: Fix listcount expansion operator. Using tainted arguments is reasonable, eg. to count headers. Fix by using dynamically created diff --git a/src/src/auths/call_radius.c b/src/src/auths/call_radius.c index cc269dcd5..9d10b34c6 100644 --- a/src/src/auths/call_radius.c +++ b/src/src/auths/call_radius.c @@ -96,8 +96,7 @@ int sep = 0; #endif -user = string_nextinlist(&radius_args, &sep, big_buffer, big_buffer_size); -if (!user) user = US""; +if (!(user = string_nextinlist(&radius_args, &sep, NULL, 0))) user = US""; DEBUG(D_auth) debug_printf("Running RADIUS authentication for user \"%s\" " "and \"%s\"\n", user, radius_args);