Dsearch: Fix taint-handling in lookup. Bug 2465

(cherry picked from commit 13e70f5530fc3fd376e1397c76e073a339e738aa)

2 files changed, 5 insertions, 10 deletions

diff --git a/src/src/lookups/dsearch.c b/src/src/lookups/dsearch.c
index 9f7dd8da0..c27f5d6e6 100644
--- a/src/src/lookups/dsearch.c
+++ b/src/src/lookups/dsearch.c
@@ -65,13 +65,13 @@ return lf_check_file(-1, filename, S_IFDIR, modemask, owners, owngroups,
 scanning the directory, as it is hopefully faster to let the OS do the scanning
 for us. */
 
-int
-static dsearch_find(void *handle, uschar *dirname, const uschar *keystring, int length,
+static int
+dsearch_find(void *handle, uschar *dirname, const uschar *keystring, int length,
   uschar **result, uschar **errmsg, uint *do_cache)
 {
 struct stat statbuf;
 int save_errno;
-uschar filename[PATH_MAX];
+uschar * filename;
 
 handle = handle;  /* Keep picky compilers happy */
 length = length;
@@ -84,12 +84,7 @@ if (Ustrchr(keystring, '/') != 0)
   return DEFER;
   }
 
-if (!string_format(filename, sizeof(filename), "%s/%s", dirname, keystring))
-  {
-  *errmsg = US"path name too long";
-  return DEFER;
-  }
-
+filename = string_sprintf("%s/%s", dirname, keystring);
 if (Ulstat(filename, &statbuf) >= 0)
   {
   *result = string_copy(keystring);
diff --git a/src/src/string.c b/src/src/string.c
index ced1ad8c7..007ec877e 100644
--- a/src/src/string.c
+++ b/src/src/string.c
@@ -664,7 +664,7 @@ return yield;
 *************************************************/
 
 /* The formatting is done by string_vformat, which checks the length of
-everything.
+everything.  Taint is taken from the worst of the arguments.
 
 Arguments:
   format    a printf() format - deliberately char * rather than uschar *