X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=src%2Fsrc%2Flookups%2Fdsearch.c;h=dba8422ccf1e07c65d919f38c62e5708ab57b4b7;hb=d447dbd160a0fb503ed1e763f3f23d28744b6ddd;hp=c27f5d6e65203f9d01d984012ab3566c067bb997;hpb=13e70f5530fc3fd376e1397c76e073a339e738aa;p=exim.git

diff --git a/src/src/lookups/dsearch.c b/src/src/lookups/dsearch.c
index c27f5d6e6..dba8422cc 100644
--- a/src/src/lookups/dsearch.c
+++ b/src/src/lookups/dsearch.c
@@ -25,10 +25,10 @@ it open, because the "search" can be done by a call to lstat() rather than
 actually scanning through the list of files. */
 
 static void *
-dsearch_open(uschar *dirname, uschar **errmsg)
+dsearch_open(const uschar * dirname, uschar ** errmsg)
 {
-DIR *dp = opendir(CS dirname);
-if (dp == NULL)
+DIR * dp = exim_opendir(dirname);
+if (!dp)
   {
   int save_errno = errno;
   *errmsg = string_open_failed(errno, "%s for directory search", dirname);
@@ -47,9 +47,9 @@ return (void *)(-1);
 /* The handle will always be (void *)(-1), but don't try casting it to an
 integer as this gives warnings on 64-bit systems. */
 
-BOOL
-static dsearch_check(void *handle, uschar *filename, int modemask, uid_t *owners,
-  gid_t *owngroups, uschar **errmsg)
+static BOOL
+dsearch_check(void * handle, const uschar * filename, int modemask,
+  uid_t * owners, gid_t * owngroups, uschar ** errmsg)
 {
 handle = handle;
 return lf_check_file(-1, filename, S_IFDIR, modemask, owners, owngroups,
@@ -66,8 +66,8 @@ scanning the directory, as it is hopefully faster to let the OS do the scanning
 for us. */
 
 static int
-dsearch_find(void *handle, uschar *dirname, const uschar *keystring, int length,
-  uschar **result, uschar **errmsg, uint *do_cache)
+dsearch_find(void * handle, const uschar * dirname, const uschar * keystring,
+  int length, uschar ** result, uschar ** errmsg, uint * do_cache)
 {
 struct stat statbuf;
 int save_errno;
@@ -87,7 +87,9 @@ if (Ustrchr(keystring, '/') != 0)
 filename = string_sprintf("%s/%s", dirname, keystring);
 if (Ulstat(filename, &statbuf) >= 0)
   {
-  *result = string_copy(keystring);
+  /* Since the filename exists in the filesystem, we can return a
+  non-tainted result. */
+  *result = string_copy_taint(keystring, FALSE);
   return OK;
   }