From: Jeremy Harris <jgh146exb@wizmail.org>
Date: Sun, 22 Sep 2019 09:56:31 +0000 (+0100)
Subject: Fix taint-checking on Solaris
X-Git-Tag: exim-4.93-RC0~51
X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=bcd69700de5abae9ece41aadd403b621c6869ed6;p=exim.git

Fix taint-checking on Solaris
---

diff --git a/src/src/dbfn.c b/src/src/dbfn.c
index 63a1aefe3..1f058ef72 100644
--- a/src/src/dbfn.c
+++ b/src/src/dbfn.c
@@ -206,7 +206,8 @@ if (created && geteuid() == root_uid)
     if (Ustrncmp(ent->d_name, name, namelen) == 0)
       {
       struct stat statbuf;
-      Ustrcpy(lastname, US ent->d_name);
+      /* Filenames from readdir() are trusted, so use a taint-nonchecking copy */
+      strcpy(CS lastname, CCS ent->d_name);
       if (Ustat(filename, &statbuf) >= 0 && statbuf.st_uid != exim_uid)
         {
         DEBUG(D_hints_lookup) debug_printf_indent("ensuring %s is owned by exim\n", filename);