diff options
author | Jeremy Harris <jgh146exb@wizmail.org> | 2021-07-07 22:19:07 +0100 |
---|---|---|
committer | Jeremy Harris <jgh146exb@wizmail.org> | 2021-07-10 15:36:51 +0100 |
commit | c819f3bcad02bcb06004ae2ad135b68fab0ae888 (patch) | |
tree | 417bfe8d75e3c08bf1717572bdce3c6f58be1083 | |
parent | 20812729e3e47a193a21d326ecd036d67a8b2724 (diff) | |
download | exim4-c819f3bcad02bcb06004ae2ad135b68fab0ae888.tar.gz |
Fix tainted message for fakereject
(cherry picked from commit a9ac2d7fc219e41a353abf1f599258b9b9d21b7e)
-rw-r--r-- | doc/doc-txt/ChangeLog | 4 | ||||
-rw-r--r-- | src/src/acl.c | 4 |
2 files changed, 7 insertions, 1 deletions
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index e60c1cad5..3e93f653f 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -227,6 +227,10 @@ JH/53 Bug 2743: fix immediate-delivery via named queue. Previously this would fail with a taint-check on the spoolfile name, and leave the message queued. +JH/57 Fix control=fakreject for a custom message containing tainted data. + Previously this resulted in a log complaint, due to a re-expansion present + since fakereject was originally introduced. + Exim version 4.94 ----------------- diff --git a/src/src/acl.c b/src/src/acl.c index 7061230b4..65324405c 100644 --- a/src/src/acl.c +++ b/src/src/acl.c @@ -3137,7 +3137,9 @@ for (; cb; cb = cb->next) { const uschar *pp = p + 1; while (*pp) pp++; - fake_response_text = expand_string(string_copyn(p+1, pp-p-1)); + /* The entire control= line was expanded at top so no need to expand + the part after the / */ + fake_response_text = string_copyn(p+1, pp-p-1); p = pp; } else /* Explicitly reset to default string */ |