respect escape rules for tainted inputs

when concatenating a value-box list to a string

diff --git a/src/lib/util/value.c b/src/lib/util/value.c
index a38278ba75de1ce31312bb74005dafe4d0b19f46..4c004a63e95baeb66fb5f775bed09aa9b23f51c9 100644 (file)
--- a/src/lib/util/value.c
+++ b/src/lib/util/value.c
@@ -5318,10 +5318,14 @@ ssize_t fr_value_box_list_concat_as_string(bool *tainted, fr_sbuff_t *sbuff, fr_
                        break;
 
                case FR_TYPE_OCTETS:
+                       if (vb->tainted && e_rules) goto cast;
+
                        slen = fr_sbuff_in_bstrncpy(&our_sbuff, (char const *)vb->vb_strvalue, vb->vb_length);
                        break;
 
                case FR_TYPE_STRING:
+                       if (vb->tainted && e_rules) goto cast;
+
                        slen = fr_sbuff_in_bstrncpy(&our_sbuff, vb->vb_strvalue, vb->vb_length);
                        break;