X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=src%2Fsrc%2Frouters%2Frf_get_transport.c;h=4a43818ff45a745b42c000976888e2d3fc289828;hb=3327394394a45c79cd48b2091536f6a6b8ba32a3;hp=9dd77618ebc15d5e92629cf8c9c8ab5edb8fad5c;hpb=0a49a7a4f1090b6f1ce1d0f9d969804c9226b53e;p=user%2Fhenk%2Fcode%2Fexim.git

diff --git a/src/src/routers/rf_get_transport.c b/src/src/routers/rf_get_transport.c
index 9dd77618e..4a43818ff 100644
--- a/src/src/routers/rf_get_transport.c
+++ b/src/src/routers/rf_get_transport.c
@@ -1,5 +1,3 @@
-/* $Cambridge: exim/src/src/routers/rf_get_transport.c,v 1.5 2009/11/16 19:50:38 nm4 Exp $ */
-
 /*************************************************
 *     Exim - an Internet mail transport agent    *
 *************************************************/
@@ -46,11 +44,10 @@ rf_get_transport(uschar *tpname, transport_instance **tpptr, address_item *addr,
 {
 uschar *ss;
 BOOL expandable;
-transport_instance *tp;
 
-if (tpname == NULL)
+if (!tpname)
   {
-  if (require_name == NULL) return TRUE;
+  if (!require_name) return TRUE;
   addr->basic_errno = ERRNO_BADTRANSPORT;
   addr->message = string_sprintf("%s unset in %s router", require_name,
     router_name);
@@ -62,26 +59,33 @@ if (*tpptr != NULL && !expandable) return TRUE;
 
 if (expandable)
   {
-  ss = expand_string(tpname);
-  if (ss == NULL)
+  if (!(ss = expand_string(tpname)))
     {
     addr->basic_errno = ERRNO_BADTRANSPORT;
     addr->message = string_sprintf("failed to expand transport "
       "\"%s\" in %s router: %s", tpname, router_name, expand_string_message);
     return FALSE;
     }
+  if (is_tainted(ss))
+    {
+    log_write(0, LOG_MAIN|LOG_PANIC,
+      "attempt to use tainted value '%s' from '%s' for transport", ss, tpname);
+    addr->basic_errno = ERRNO_BADTRANSPORT;
+    /* Avoid leaking info to an attacker */
+    addr->message = US"internal configuration error";
+    return FALSE;
+    }
   }
-else ss = tpname;
+else
+  ss = tpname;
 
-for (tp = transports; tp != NULL; tp = tp->next)
-  {
+for (transport_instance * tp = transports; tp; tp = tp->next)
   if (Ustrcmp(tp->name, ss) == 0)
     {
     DEBUG(D_route) debug_printf("set transport %s\n", ss);
     *tpptr = tp;
     return TRUE;
     }
-  }
 
 addr->basic_errno = ERRNO_BADTRANSPORT;
 addr->message = string_sprintf("transport \"%s\" not found in %s router", ss,