From c77d322c8c4dbca987c2942d9b0e9bd1559bdf7c Mon Sep 17 00:00:00 2001
From: "Alan T. DeKok" <aland@freeradius.org>
Date: Thu, 6 Mar 2025 14:38:54 -0500
Subject: [PATCH] set tainted / secret flag based on both inputs

---
 src/lib/unlang/xlat_builtin.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/lib/unlang/xlat_builtin.c b/src/lib/unlang/xlat_builtin.c
index ffa97d6088..5f59d0b1e4 100644
--- a/src/lib/unlang/xlat_builtin.c
+++ b/src/lib/unlang/xlat_builtin.c
@@ -3289,8 +3289,8 @@ static int xlat_func_subst_regex(TALLOC_CTX *ctx, fr_dcursor_t *out,
 		talloc_free(pattern);
 		return -1;
 	}
-	fr_value_box_bstrdup_buffer_shallow(NULL, vb, NULL, buff, subject_vb->tainted);
-	fr_value_box_set_secret(vb, fr_value_box_is_secret(subject_vb));
+	fr_value_box_bstrdup_buffer_shallow(NULL, vb, NULL, buff, subject_vb->tainted | rep_vb->tainted);
+	fr_value_box_set_secret(vb, fr_value_box_is_secret(subject_vb) || fr_value_box_is_secret(rep_vb));
 
 	fr_dcursor_append(out, vb);
 
@@ -3396,14 +3396,14 @@ static xlat_action_t xlat_func_subst(TALLOC_CTX *ctx, fr_dcursor_t *out,
 		p = q + pattern_len;
 	}
 
-	if (fr_value_box_bstrdup_buffer_shallow(NULL, vb, NULL, vb_str, subject_vb->tainted) < 0) {
+	if (fr_value_box_bstrdup_buffer_shallow(NULL, vb, NULL, vb_str, subject_vb->tainted | rep_vb->tainted) < 0) {
 		RPEDEBUG("Failed creating output box");
 		talloc_free(vb);
 		return XLAT_ACTION_FAIL;
 	}
 
 	fr_assert(vb && (vb->type != FR_TYPE_NULL));
-	fr_value_box_set_secret(vb, fr_value_box_is_secret(subject_vb));
+	fr_value_box_set_secret(vb, fr_value_box_is_secret(subject_vb) || fr_value_box_is_secret(rep_vb));
 	fr_dcursor_append(out, vb);
 
 	return XLAT_ACTION_DONE;
-- 
2.47.2