diff options
| -rw-r--r-- | doc/doc-txt/ChangeLog | 1 | ||||
| -rw-r--r-- | src/src/acl.c | 6 | ||||
| -rw-r--r-- | test/confs/0576 | 2 |
3 files changed, 8 insertions, 1 deletions
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 368d37ec1..29059ffa5 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -92,6 +92,7 @@ JH/20 Taint checking: disallow use of tainted data for - the pipe transport command - the autoreply transport file, log and once options - file names used by the redirect router (including filter files) + - named-queue names Previously this was permitted. diff --git a/src/src/acl.c b/src/src/acl.c index 7284831a6..3166069ba 100644 --- a/src/src/acl.c +++ b/src/src/acl.c @@ -3590,6 +3590,12 @@ for (; cb; cb = cb->next) #endif case ACLC_QUEUE: + if (is_tainted(arg)) + { + *log_msgptr = string_sprintf("Tainted name '%s' for queue not permitted", + arg); + return ERROR; + } if (Ustrchr(arg, '/')) { *log_msgptr = string_sprintf( diff --git a/test/confs/0576 b/test/confs/0576 index b75b67804..5b023d280 100644 --- a/test/confs/0576 +++ b/test/confs/0576 @@ -16,7 +16,7 @@ begin acl rcpt: accept - queue = ${if eq {normal}{$local_part} {} {$local_part}} + queue = ${if eq {normal}{$local_part} {} {${bless:$local_part}}} logwrite = using queue '$queue_name' #--------------- |