From: Alan T. DeKok <aland@freeradius.org>
Date: Wed, 22 Jun 2022 15:22:22 +0000 (-0400)
Subject: respect escape rules for tainted inputs
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=693a44d7fc92868315dec3e1d8eef5bd3e2150dc;p=thirdparty%2Ffreeradius-server.git

respect escape rules for tainted inputs

when concatenating a value-box list to a string
---

diff --git a/src/lib/util/value.c b/src/lib/util/value.c
index a38278ba75d..4c004a63e95 100644
--- a/src/lib/util/value.c
+++ b/src/lib/util/value.c
@@ -5318,10 +5318,14 @@ ssize_t fr_value_box_list_concat_as_string(bool *tainted, fr_sbuff_t *sbuff, fr_
 			break;
 
 		case FR_TYPE_OCTETS:
+			if (vb->tainted && e_rules) goto cast;
+
 			slen = fr_sbuff_in_bstrncpy(&our_sbuff, (char const *)vb->vb_strvalue, vb->vb_length);
 			break;
 
 		case FR_TYPE_STRING:
+			if (vb->tainted && e_rules) goto cast;
+
 			slen = fr_sbuff_in_bstrncpy(&our_sbuff, vb->vb_strvalue, vb->vb_length);
 			break;