From 0d2e392e281e96d9f9f2f3dd438affe3f2563c57 Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Sat, 11 Jan 2020 21:46:43 +0000 Subject: appendfile: taint-enforce file & directory options testsuite: bless facility --- src/src/expand.c | 16 ++++++++++++++++ src/src/rda.c | 3 ++- src/src/transports/appendfile.c | 7 +++++++ 3 files changed, 25 insertions(+), 1 deletion(-) (limited to 'src') diff --git a/src/src/expand.c b/src/src/expand.c index cec6efd54..fe5384ab8 100644 --- a/src/src/expand.c +++ b/src/src/expand.c @@ -213,6 +213,7 @@ static uschar *op_table_main[] = { US"base62d", US"base64", US"base64d", + US"bless", US"domain", US"escape", US"escape8bit", @@ -260,6 +261,7 @@ enum { EOP_BASE62D, EOP_BASE64, EOP_BASE64D, + EOP_BLESS, EOP_DOMAIN, EOP_ESCAPE, EOP_ESCAPE8BIT, @@ -7059,6 +7061,20 @@ while (*s != 0) continue; } + case EOP_BLESS: + /* This is purely for the convenience of the test harness. Do not enable + it otherwise as it defeats the taint-checking security. */ + + if (f.running_in_test_harness) + yield = string_cat(yield, is_tainted(sub) + ? string_copy_taint(sub, FALSE) : sub); + else + { + DEBUG(D_expand) debug_printf_indent("bless operator not supported\n"); + yield = string_cat(yield, sub); + } + continue; + case EOP_EXPAND: { uschar *expanded = expand_string_internal(sub, FALSE, NULL, skipping, TRUE, &resetok); diff --git a/src/src/rda.c b/src/src/rda.c index 5fa3d09b4..201e82d8b 100644 --- a/src/src/rda.c +++ b/src/src/rda.c @@ -557,7 +557,8 @@ if (!(data = expand_string(rdata->string))) } rdata->string = data; -DEBUG(D_route) debug_printf("expanded: '%s'\n", data); +DEBUG(D_route) + debug_printf("expanded: '%s'%s\n", data, is_tainted(data) ? " (tainted)":""); if (rdata->isfile && data[0] != '/') { diff --git a/src/src/transports/appendfile.c b/src/src/transports/appendfile.c index d99a17956..de193db44 100644 --- a/src/src/transports/appendfile.c +++ b/src/src/transports/appendfile.c @@ -3,6 +3,7 @@ *************************************************/ /* Copyright (c) University of Cambridge 1995 - 2018 */ +/* Copyright (c) The Exim maintainers 2020 */ /* See the file NOTICE for conditions of use and distribution. */ @@ -1342,6 +1343,12 @@ if (!(path = expand_string(fdname))) expand_string_message); goto ret_panic; } +if (is_tainted(path)) + { + addr->message = string_sprintf("Tainted '%s' (file or directory " + "name for %s transport) not permitted", path, tblock->name); + goto ret_panic; + } if (path[0] != '/') { -- cgit v1.2.3