ACL: taint-enforce queue modifier

diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 368d37ec1e16e2487bffa3c760518cc309da47ac..29059ffa53dd8882c23452b4f23d88ce7dc82697 100644 (file)
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -92,6 +92,7 @@ JH/20 Taint checking: disallow use of tainted data for
       - the pipe transport command
       - the autoreply transport file, log and once options
       - file names used by the redirect router (including filter files)
+      - named-queue names
       Previously this was permitted.
 
 

diff --git a/src/src/acl.c b/src/src/acl.c
index 7284831a6ef881952d4a1c184329b7d83d6157a7..3166069baa46f7701addccad36a44e9f12cb5562 100644 (file)
--- a/src/src/acl.c
+++ b/src/src/acl.c
@@ -3590,6 +3590,12 @@ for (; cb; cb = cb->next)
     #endif
 
     case ACLC_QUEUE:
+    if (is_tainted(arg))
+      {
+      *log_msgptr = string_sprintf("Tainted name '%s' for queue not permitted",
+                                   arg);
+      return ERROR;
+      }
     if (Ustrchr(arg, '/'))
       {
       *log_msgptr = string_sprintf(

diff --git a/test/confs/0576 b/test/confs/0576
index b75b6780484e0eade9323fdaf437c656db622bd3..5b023d2801b3ff1122b5de2f374457eb1679a31a 100644 (file)
--- a/test/confs/0576
+++ b/test/confs/0576
@@ -16,7 +16,7 @@ begin acl
 
 rcpt:
   accept
-    queue = ${if eq {normal}{$local_part} {} {$local_part}}
+    queue = ${if eq {normal}{$local_part} {} {${bless:$local_part}}}
     logwrite = using queue '$queue_name'
 
 #---------------