From 36b600bb776d082be8cdd15c18daed3c29cfda7f Mon Sep 17 00:00:00 2001
From: Jeremy Harris <jgh146exb@wizmail.org>
Date: Sun, 22 Mar 2020 00:55:59 +0000
Subject: Taint: fix dsearch result to be untainted

---
 src/src/lookups/dsearch.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

(limited to 'src')

diff --git a/src/src/lookups/dsearch.c b/src/src/lookups/dsearch.c
index c27f5d6e6..1eb2924f0 100644
--- a/src/src/lookups/dsearch.c
+++ b/src/src/lookups/dsearch.c
@@ -28,7 +28,7 @@ static void *
 dsearch_open(uschar *dirname, uschar **errmsg)
 {
 DIR *dp = opendir(CS dirname);
-if (dp == NULL)
+if (!dp)
   {
   int save_errno = errno;
   *errmsg = string_open_failed(errno, "%s for directory search", dirname);
@@ -47,8 +47,8 @@ return (void *)(-1);
 /* The handle will always be (void *)(-1), but don't try casting it to an
 integer as this gives warnings on 64-bit systems. */
 
-BOOL
-static dsearch_check(void *handle, uschar *filename, int modemask, uid_t *owners,
+static BOOL
+dsearch_check(void *handle, uschar *filename, int modemask, uid_t *owners,
   gid_t *owngroups, uschar **errmsg)
 {
 handle = handle;
@@ -87,7 +87,9 @@ if (Ustrchr(keystring, '/') != 0)
 filename = string_sprintf("%s/%s", dirname, keystring);
 if (Ulstat(filename, &statbuf) >= 0)
   {
-  *result = string_copy(keystring);
+  /* Since the filename exists in the filesystem, we can return a
+  non-tainted result. */
+  *result = string_copy_taint(keystring, FALSE);
   return OK;
   }
 
-- 
cgit v1.2.3