From: Alan T. DeKok <aland@freeradius.org>
Date: Thu, 6 Mar 2025 19:38:54 +0000 (-0500)
Subject: set tainted / secret flag based on both inputs
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c77d322c8c4dbca987c2942d9b0e9bd1559bdf7c;p=thirdparty%2Ffreeradius-server.git

set tainted / secret flag based on both inputs
---

diff --git a/src/lib/unlang/xlat_builtin.c b/src/lib/unlang/xlat_builtin.c
index ffa97d6088..5f59d0b1e4 100644
--- a/src/lib/unlang/xlat_builtin.c
+++ b/src/lib/unlang/xlat_builtin.c
@@ -3289,8 +3289,8 @@ static int xlat_func_subst_regex(TALLOC_CTX *ctx, fr_dcursor_t *out,
 		talloc_free(pattern);
 		return -1;
 	}
-	fr_value_box_bstrdup_buffer_shallow(NULL, vb, NULL, buff, subject_vb->tainted);
-	fr_value_box_set_secret(vb, fr_value_box_is_secret(subject_vb));
+	fr_value_box_bstrdup_buffer_shallow(NULL, vb, NULL, buff, subject_vb->tainted | rep_vb->tainted);
+	fr_value_box_set_secret(vb, fr_value_box_is_secret(subject_vb) || fr_value_box_is_secret(rep_vb));
 
 	fr_dcursor_append(out, vb);
 
@@ -3396,14 +3396,14 @@ static xlat_action_t xlat_func_subst(TALLOC_CTX *ctx, fr_dcursor_t *out,
 		p = q + pattern_len;
 	}
 
-	if (fr_value_box_bstrdup_buffer_shallow(NULL, vb, NULL, vb_str, subject_vb->tainted) < 0) {
+	if (fr_value_box_bstrdup_buffer_shallow(NULL, vb, NULL, vb_str, subject_vb->tainted | rep_vb->tainted) < 0) {
 		RPEDEBUG("Failed creating output box");
 		talloc_free(vb);
 		return XLAT_ACTION_FAIL;
 	}
 
 	fr_assert(vb && (vb->type != FR_TYPE_NULL));
-	fr_value_box_set_secret(vb, fr_value_box_is_secret(subject_vb));
+	fr_value_box_set_secret(vb, fr_value_box_is_secret(subject_vb) || fr_value_box_is_secret(rep_vb));
 	fr_dcursor_append(out, vb);
 
 	return XLAT_ACTION_DONE;