X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=src%2Fsrc%2Fexim.c;h=8f33bde2642b0a873bfdc479d83432b04c6c1e8d;hb=38a522bdfc23e9a221b475891f954b0dd6f82eee;hp=25464f799a634469ceec25cd1172b396d4e2f94f;hpb=99ea5f6faeaf714e34bbcd75fdc50cc94dc7a1c8;p=user%2Fhenk%2Fcode%2Fexim.git

diff --git a/src/src/exim.c b/src/src/exim.c
index 25464f799..8f33bde26 100644
--- a/src/src/exim.c
+++ b/src/src/exim.c
@@ -2373,6 +2373,7 @@ on the second character (the one after '-'), to save some effort. */
       int len = Ustrlen(ALT_CONFIG_PREFIX);
       const uschar *list = argrest;
       uschar *filename;
+      /* The argv is untainted, so big_buffer (also untainted) is ok to use */
       while((filename = string_nextinlist(&list, &sep, big_buffer,
              big_buffer_size)))
         if (  (  Ustrlen(filename) < len
@@ -2813,10 +2814,22 @@ on the second character (the one after '-'), to save some effort. */
 	case 'S': smtp_peer_options |= OPTION_SIZE; break;
 
 #ifndef DISABLE_TLS
+    /* -MCs: used with -MCt; SNI was sent */
+    /* -MCr: ditto, DANE */
+
+	case 'r':
+	case 's': if (++i < argc)
+		    {
+		    continue_proxy_sni = string_copy_taint(argv[i], TRUE);
+		    if (argrest[1] == 'r') continue_proxy_dane = TRUE;
+		    }
+		  else badarg = TRUE;
+		  break;
+
     /* -MCt: similar to -MCT below but the connection is still open
     via a proxy process which handles the TLS context and coding.
     Require three arguments for the proxied local address and port,
-    and the TLS cipher.  */
+    and the TLS cipher. */
 
 	case 't': if (++i < argc)
 		    sending_ip_address = string_copy_taint(argv[i], TRUE);