X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=src%2Fsrc%2Facl.c;h=f358516a1983afda619ef316850a08050db4b948;hb=7716610b7633eef29e598fb6728e3f7cba2c9aed;hp=2f20821c2ae4dabb086a597a126787ec2d86c3dd;hpb=92583637b25b6bde926f9ca6be7b085e5ac8b1e6;p=user%2Fhenk%2Fcode%2Fexim.git

diff --git a/src/src/acl.c b/src/src/acl.c
index 2f20821c2..f358516a1 100644
--- a/src/src/acl.c
+++ b/src/src/acl.c
@@ -486,7 +486,7 @@ static control_def controls_list[] = {
   { US"no_delay_flush",          FALSE,
 	  ACL_BIT_NOTSMTP | ACL_BIT_NOTSMTP_START
   },
-  
+
 [CONTROL_NO_ENFORCE_SYNC] =
   { US"no_enforce_sync",         FALSE,
 	  ACL_BIT_NOTSMTP | ACL_BIT_NOTSMTP_START
@@ -744,7 +744,7 @@ while ((s = (*func)()))
   int v, c;
   BOOL negated = FALSE;
   uschar *saveline = s;
-  uschar name[64];
+  uschar name[EXIM_DRIVERNAME_MAX];
 
   /* Conditions (but not verbs) are allowed to be negated by an initial
   exclamation mark. */
@@ -4088,6 +4088,26 @@ while (isspace(*ss)) ss++;
 
 acl_text = ss;
 
+#ifdef notyet_taintwarn
+if (  !f.running_in_test_harness
+   &&  is_tainted2(acl_text, LOG_MAIN|LOG_PANIC,
+			  "attempt to use tainted ACL text \"%s\"", acl_text))
+  {
+  /* Avoid leaking info to an attacker */
+  *log_msgptr = US"internal configuration error";
+  return ERROR;
+  }
+#else
+if (is_tainted(acl_text) && !f.running_in_test_harness)
+  {
+  log_write(0, LOG_MAIN|LOG_PANIC,
+    "attempt to use tainted ACL text \"%s\"", acl_text);
+  /* Avoid leaking info to an attacker */
+  *log_msgptr = US"internal configuration error";
+  return ERROR;
+  }
+#endif
+
 /* Handle the case of a string that does not contain any spaces. Look for a
 named ACL among those read from the configuration, or a previously read file.
 It is possible that the pointer to the ACL is NULL if the configuration
@@ -4111,14 +4131,6 @@ if (Ustrchr(ss, ' ') == NULL)
   else if (*ss == '/')
     {
     struct stat statbuf;
-    if (is_tainted(ss))
-      {
-      log_write(0, LOG_MAIN|LOG_PANIC,
-	"attempt to open tainted ACL file name \"%s\"", ss);
-      /* Avoid leaking info to an attacker */
-      *log_msgptr = US"internal configuration error";
-      return ERROR;
-      }
     if ((fd = Uopen(ss, O_RDONLY, 0)) < 0)
       {
       *log_msgptr = string_sprintf("failed to open ACL file \"%s\": %s", ss,