From 46fa6b8a21e141c73c95300537d7e71d545d6e25 Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Fri, 5 Jun 2020 10:37:57 +0100 Subject: [PATCH] Docs: more info on taint --- doc/doc-docbook/spec.xfpt | 12 ++++++++++++ src/src/verify.c | 2 +- 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index 5915a3af3..ccfa4424a 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -9453,10 +9453,22 @@ the data type. ACL rules always expand strings. A couple of expansion conditions do not expand some of the brace-delimited branches, for security reasons, .cindex "tainted data" expansion +.cindex "tainted data" definition .cindex expansion "tainted data" and expansion of data deriving from the sender (&"tainted data"&) is not permitted. +.new +Common ways of obtaining untainted equivalents of variables with +tainted values +.cindex "tainted data" "de-tainting" +come down to using the tainted value as a lookup key in a trusted database. +This database could be the filestem structure, +or the password file, +or accessed via a DBMS. +Specific methods are indexed under &"de-tainting"&. +.wen + .section "Literal text in expanded strings" "SECTlittext" diff --git a/src/src/verify.c b/src/src/verify.c index 3a40cea26..82a7726de 100644 --- a/src/src/verify.c +++ b/src/src/verify.c @@ -4077,7 +4077,7 @@ const uschar * where = US"socketpair"; if (cached_quota_lookup(rcpt, &yield, pos_cache, neg_cache)) { - HDEBUG(D_verify) debug_printf_indent("quota cache: address record is %d\n", + HDEBUG(D_verify) debug_printf_indent("quota cache: address record is %s\n", yield == OK ? "positive" : "negative"); if (yield != OK) { -- 2.30.2