summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorJeremy Harris <jgh146exb@wizmail.org>2019-11-08 22:30:04 +0000
committerJeremy Harris <jgh146exb@wizmail.org>2019-11-08 22:30:04 +0000
commitf0fe22cbc29ee4f887aa254f2590a9e72401e237 (patch)
treef2108bbce5629265379d13495d9511a5b6f28895 /src
parent179ed8c31eb8c7f767ec0ef5e2856066d366515f (diff)
Regard command-line recipients as tainted
Diffstat (limited to 'src')
-rw-r--r--src/src/exim.c19
1 files changed, 10 insertions, 9 deletions
diff --git a/src/src/exim.c b/src/src/exim.c
index d6952ef2e..a30e35bca 100644
--- a/src/src/exim.c
+++ b/src/src/exim.c
@@ -4809,8 +4809,9 @@ if (verify_address_mode || f.address_test_mode)
{
while (recipients_arg < argc)
{
- uschar *s = argv[recipients_arg++];
- while (*s != 0)
+ /* Supplied addresses are tainted since they come from a user */
+ uschar * s = string_copy_taint(argv[recipients_arg++], TRUE);
+ while (*s)
{
BOOL finished = FALSE;
uschar *ss = parse_find_address_end(s, FALSE);
@@ -4818,16 +4819,16 @@ if (verify_address_mode || f.address_test_mode)
test_address(s, flags, &exit_value);
s = ss;
if (!finished)
- while (*(++s) != 0 && (*s == ',' || isspace(*s)));
+ while (*++s == ',' || isspace(*s)) ;
}
}
}
else for (;;)
{
- uschar *s = get_stdinput(NULL, NULL);
- if (s == NULL) break;
- test_address(s, flags, &exit_value);
+ uschar * s = get_stdinput(NULL, NULL);
+ if (!s) break;
+ test_address(string_copy_taint(s, TRUE), flags, &exit_value);
}
route_tidyup();
@@ -5321,13 +5322,13 @@ while (more)
raw_sender = string_copy(sender_address);
- /* Loop for each argument */
+ /* Loop for each argument (supplied by user hence tainted) */
for (int i = 0; i < count; i++)
{
int start, end, domain;
- uschar *errmess;
- uschar *s = list[i];
+ uschar * errmess;
+ uschar * s = string_copy_taint(list[i], TRUE);
/* Loop for each comma-separated address */