[exim-dev] [Bug 894] New: Data after 4096 byte of comment ap…

Pàgina inicial
Delete this message
Reply to this message
Autor: Stuart Rowan
Data:  
A: exim-dev
Assumpte: [exim-dev] [Bug 894] New: Data after 4096 byte of comment appended to previous expansion list
------- You are receiving this mail because: -------
You are on the CC list for the bug.

http://bugs.exim.org/show_bug.cgi?id=894
           Summary: Data after 4096 byte of comment appended to previous
                    expansion list
           Product: Exim
           Version: 4.69
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: security
          Priority: critical
         Component: Lookups
        AssignedTo: nigel@???
        ReportedBy: strr-exim@???
                CC: exim-dev@???



Created an attachment (id=328)
--> (http://bugs.exim.org/attachment.cgi?id=328)
An aliases file demonstrating the bug

On our company mail server we had a simple aliases file based expansion
mechanism ... i.e.:

system_aliases:
driver = redirect
allow_fail
allow_defer
data = ${lookup{$local_part}lsearch{/etc/aliases}}
file_transport = address_file
pipe_transport = address_pipe


Some of the lines in the aliases file were longer than 4kB.
However they were commented out with a '#' at the front

It appears that in this situation characters after 4096 in the line are
appended to the preceding non-comment, non-whitespace line.

For example, install the attached aliases file as /etc/aliases and run:

$ exim -bt c
xsomeoneelse@???
    <-- c@???


In this case 'c' should expand to just 'x', but the characters beyond 4096 in
the commented line are appended erroneously resulting in 'xsomeonelse'.

If the commented line contains complete, valid email addresses beyond the
4096th character then they will be incorrectly included in the expansion hence
the 'security' classification on this bug. In our situation this means an
expansion destined for four company-internal recipients ended up being sent to
rather a lot of unintended third parties.


--
Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email