summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/src/expand.c16
-rw-r--r--src/src/rda.c3
-rw-r--r--src/src/transports/appendfile.c7
3 files changed, 25 insertions, 1 deletions
diff --git a/src/src/expand.c b/src/src/expand.c
index cec6efd54..fe5384ab8 100644
--- a/src/src/expand.c
+++ b/src/src/expand.c
@@ -213,6 +213,7 @@ static uschar *op_table_main[] = {
US"base62d",
US"base64",
US"base64d",
+ US"bless",
US"domain",
US"escape",
US"escape8bit",
@@ -260,6 +261,7 @@ enum {
EOP_BASE62D,
EOP_BASE64,
EOP_BASE64D,
+ EOP_BLESS,
EOP_DOMAIN,
EOP_ESCAPE,
EOP_ESCAPE8BIT,
@@ -7059,6 +7061,20 @@ while (*s != 0)
continue;
}
+ case EOP_BLESS:
+ /* This is purely for the convenience of the test harness. Do not enable
+ it otherwise as it defeats the taint-checking security. */
+
+ if (f.running_in_test_harness)
+ yield = string_cat(yield, is_tainted(sub)
+ ? string_copy_taint(sub, FALSE) : sub);
+ else
+ {
+ DEBUG(D_expand) debug_printf_indent("bless operator not supported\n");
+ yield = string_cat(yield, sub);
+ }
+ continue;
+
case EOP_EXPAND:
{
uschar *expanded = expand_string_internal(sub, FALSE, NULL, skipping, TRUE, &resetok);
diff --git a/src/src/rda.c b/src/src/rda.c
index 5fa3d09b4..201e82d8b 100644
--- a/src/src/rda.c
+++ b/src/src/rda.c
@@ -557,7 +557,8 @@ if (!(data = expand_string(rdata->string)))
}
rdata->string = data;
-DEBUG(D_route) debug_printf("expanded: '%s'\n", data);
+DEBUG(D_route)
+ debug_printf("expanded: '%s'%s\n", data, is_tainted(data) ? " (tainted)":"");
if (rdata->isfile && data[0] != '/')
{
diff --git a/src/src/transports/appendfile.c b/src/src/transports/appendfile.c
index d99a17956..de193db44 100644
--- a/src/src/transports/appendfile.c
+++ b/src/src/transports/appendfile.c
@@ -3,6 +3,7 @@
*************************************************/
/* Copyright (c) University of Cambridge 1995 - 2018 */
+/* Copyright (c) The Exim maintainers 2020 */
/* See the file NOTICE for conditions of use and distribution. */
@@ -1342,6 +1343,12 @@ if (!(path = expand_string(fdname)))
expand_string_message);
goto ret_panic;
}
+if (is_tainted(path))
+ {
+ addr->message = string_sprintf("Tainted '%s' (file or directory "
+ "name for %s transport) not permitted", path, tblock->name);
+ goto ret_panic;
+ }
if (path[0] != '/')
{