appendfile: taint-enforce file & directory options

[exim.git] / src / src / transports / appendfile.c

diff --git a/src/src/transports/appendfile.c b/src/src/transports/appendfile.c
index d99a1795679c1d42681706de96d20e6187193753..de193db448bbf5cf5801313799e08e3c60fce43b 100644 (file)
--- a/src/src/transports/appendfile.c
+++ b/src/src/transports/appendfile.c
@@ -3,6 +3,7 @@
 *************************************************/
 
 /* Copyright (c) University of Cambridge 1995 - 2018 */
+/* Copyright (c) The Exim maintainers 2020 */
 /* See the file NOTICE for conditions of use and distribution. */
 
 
@@ -1342,6 +1343,12 @@ if (!(path = expand_string(fdname)))
     expand_string_message);
   goto ret_panic;
   }
+if (is_tainted(path))
+  {
+  addr->message = string_sprintf("Tainted '%s' (file or directory "
+    "name for %s transport) not permitted", path, tblock->name);
+  goto ret_panic;
+  }
 
 if (path[0] != '/')
   {