X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=src%2Fsrc%2Frouters%2Frf_get_transport.c;h=4a43818ff45a745b42c000976888e2d3fc289828;hb=163144aab02a47427340d0ecc75e2abde675f4c9;hp=ad5cda8b05651573d00cb43e43e9bd3655c4cc78;hpb=3634fc257bd0667daef14d72005cd87c735bbb24;p=user%2Fhenk%2Fcode%2Fexim.git diff --git a/src/src/routers/rf_get_transport.c b/src/src/routers/rf_get_transport.c index ad5cda8b0..4a43818ff 100644 --- a/src/src/routers/rf_get_transport.c +++ b/src/src/routers/rf_get_transport.c @@ -44,11 +44,10 @@ rf_get_transport(uschar *tpname, transport_instance **tpptr, address_item *addr, { uschar *ss; BOOL expandable; -transport_instance *tp; -if (tpname == NULL) +if (!tpname) { - if (require_name == NULL) return TRUE; + if (!require_name) return TRUE; addr->basic_errno = ERRNO_BADTRANSPORT; addr->message = string_sprintf("%s unset in %s router", require_name, router_name); @@ -60,26 +59,33 @@ if (*tpptr != NULL && !expandable) return TRUE; if (expandable) { - ss = expand_string(tpname); - if (ss == NULL) + if (!(ss = expand_string(tpname))) { addr->basic_errno = ERRNO_BADTRANSPORT; addr->message = string_sprintf("failed to expand transport " "\"%s\" in %s router: %s", tpname, router_name, expand_string_message); return FALSE; } + if (is_tainted(ss)) + { + log_write(0, LOG_MAIN|LOG_PANIC, + "attempt to use tainted value '%s' from '%s' for transport", ss, tpname); + addr->basic_errno = ERRNO_BADTRANSPORT; + /* Avoid leaking info to an attacker */ + addr->message = US"internal configuration error"; + return FALSE; + } } -else ss = tpname; +else + ss = tpname; -for (tp = transports; tp != NULL; tp = tp->next) - { +for (transport_instance * tp = transports; tp; tp = tp->next) if (Ustrcmp(tp->name, ss) == 0) { DEBUG(D_route) debug_printf("set transport %s\n", ss); *tpptr = tp; return TRUE; } - } addr->basic_errno = ERRNO_BADTRANSPORT; addr->message = string_sprintf("transport \"%s\" not found in %s router", ss,