diff options
| author | Jeremy Harris <jgh146exb@wizmail.org> | 2019-09-22 10:56:31 +0100 |
|---|---|---|
| committer | Jeremy Harris <jgh146exb@wizmail.org> | 2019-09-22 10:56:31 +0100 |
| commit | bcd69700de5abae9ece41aadd403b621c6869ed6 (patch) | |
| tree | 7f63c7292a66b718045d98ad14df5f6c452434c6 | |
| parent | a962e38cae6467bb10e1ece7d33adedcaa54adb4 (diff) | |
Fix taint-checking on Solaris
| -rw-r--r-- | src/src/dbfn.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/src/dbfn.c b/src/src/dbfn.c index 63a1aefe3..1f058ef72 100644 --- a/src/src/dbfn.c +++ b/src/src/dbfn.c @@ -206,7 +206,8 @@ if (created && geteuid() == root_uid) if (Ustrncmp(ent->d_name, name, namelen) == 0) { struct stat statbuf; - Ustrcpy(lastname, US ent->d_name); + /* Filenames from readdir() are trusted, so use a taint-nonchecking copy */ + strcpy(CS lastname, CCS ent->d_name); if (Ustat(filename, &statbuf) >= 0 && statbuf.st_uid != exim_uid) { DEBUG(D_hints_lookup) debug_printf_indent("ensuring %s is owned by exim\n", filename); |