summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorJeremy Harris <jgh146exb@wizmail.org>2020-01-16 22:51:53 +0000
committerJeremy Harris <jgh146exb@wizmail.org>2020-01-16 23:34:18 +0000
commit677481d4fcf4811e193603d0e9970d1f62c74567 (patch)
tree431b24099ea48a619dc398ca7ddef0acb2283f6b /src
parent36eb5d3d77426d8cbf4243ea752f8d8cd1d5c682 (diff)
Fix taint hybrid-checking on BSD
Diffstat (limited to 'src')
-rw-r--r--src/src/functions.h7
-rw-r--r--src/src/store.c26
2 files changed, 27 insertions, 6 deletions
diff --git a/src/src/functions.h b/src/src/functions.h
index 2a2c0dbb8..57314a677 100644
--- a/src/src/functions.h
+++ b/src/src/functions.h
@@ -720,11 +720,14 @@ return ss;
string_copy_taint_trc((s), tainted, __FUNCTION__, __LINE__)
static inline uschar *
-string_copy(const uschar * s)
+string_copy_trc(const uschar * s, const char * func, int line)
{
-return string_copy_taint((s), is_tainted(s));
+return string_copy_taint_trc((s), is_tainted(s), func, line);
}
+#define string_copy(s) \
+ string_copy_trc((s), __FUNCTION__, __LINE__)
+
/*************************************************
* Copy, lowercase and save string *
diff --git a/src/src/store.c b/src/src/store.c
index aceb0e5d6..1fe97e6c9 100644
--- a/src/src/store.c
+++ b/src/src/store.c
@@ -199,16 +199,15 @@ BOOL
is_tainted_fn(const void * p)
{
storeblock * b;
-int pool;
-for (pool = POOL_TAINT_BASE; pool < nelem(chainbase); pool++)
+for (int pool = POOL_TAINT_BASE; pool < nelem(chainbase); pool++)
if ((b = current_block[pool]))
{
uschar * bc = US b + ALIGNED_SIZEOF_STOREBLOCK;
if (US p >= bc && US p <= bc + b->length) return TRUE;
}
-for (pool = POOL_TAINT_BASE; pool < nelem(chainbase); pool++)
+for (int pool = POOL_TAINT_BASE; pool < nelem(chainbase); pool++)
for (b = chainbase[pool]; b; b = b->next)
{
uschar * bc = US b + ALIGNED_SIZEOF_STOREBLOCK;
@@ -228,10 +227,28 @@ log_write(0, LOG_MAIN|LOG_PANIC_DIE, "Taint mismatch, %s: %s %d\n",
static void
use_slow_taint_check(void)
{
+#ifndef COMPILE_UTILITY
DEBUG(D_any) debug_printf("switching to slow-mode taint checking\n");
+#endif
f.taint_check_slow = TRUE;
}
+static void
+verify_all_untainted(void)
+{
+for (int pool = 0; pool < POOL_TAINT_BASE; pool++)
+ for (storeblock * b = chainbase[pool]; b; b = b->next)
+ {
+ uschar * bc = US b + ALIGNED_SIZEOF_STOREBLOCK;
+ if (is_tainted(bc))
+ {
+ use_slow_taint_check();
+ return;
+ }
+ }
+}
+
+
/*************************************************
* Get a block from the current pool *
@@ -765,7 +782,7 @@ int pool = tainted ? store_pool + POOL_TAINT_BASE : store_pool;
BOOL release_ok = !tainted && store_last_get[pool] == block;
uschar * newtext;
-#ifndef MACRO_PREDEF
+#if !defined(MACRO_PREDEF) && !defined(COMPILE_UTILITY)
if (is_tainted(block) != tainted)
die_tainted(US"store_newblock", CUS func, linenumber);
#endif
@@ -824,6 +841,7 @@ if (!(yield = mmap(NULL, (size_t)size,
if (yield < tainted_base) tainted_base = yield;
if ((top = US yield + size) > tainted_top) tainted_top = top;
+if (!f.taint_check_slow) use_slow_taint_check();
return store_alloc_tail(yield, size, func, line, US"Mmap");
}