In principle our downstreams should be able to cope with this. But
maybe they haven't had the fixes, and dumping strange stuff into the
output file seems unfriendly.
So reimplement copyout as a function which reassembles the output line
from pieces, and checks that each Tainted word it is writing out has
been verified by someone to be OK.
As a side effect we normalise the whitespace including indentation.
We rename the input line variable in pline from `i' to `il', since it
contains possibly dangerous content. This makes sure we caught all of
the places it is used.
With these changes, it is necessary to add a couple of explicit calls
to Tainted methods for otherwise-unused parameters, notably the group
name in location() definitions in user-provided site fragments, and
the (optional) email address in an ssh1 rsa key.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
~ianmdlvl / secnet.git / commitdiff