[exim] value with colon in SQL lookup gets truncated

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Paul Slootman
Datum:  
To: exim list
Betreff: [exim] value with colon in SQL lookup gets truncated
I first thought I had forgotten to use the quote_mysql thing to
prevent SQL injection, but that's not the case. The debug output shows
that the string is expanded correctly, but when the expansion is
actually used, the colon and everything after it is removed:

# exim4 -bv -d+all '"E:Test"@???'
...
10:55:20 17646 --------> virtual_aliases router <--------
10:55:20 17646 local_part=e:test domain=example.com
10:55:20 17646 checking domains
10:55:20 17646 expanding: $local_part
10:55:20 17646    result: e:test
10:55:20 17646 expanding: $domain
10:55:20 17646    result: example.com
10:55:20 17646 expanding: mysql;SELECT domain FROM aliases LEFT JOIN
domains USING (domain_id) WHERE name='${quote_mysql:$local_part}' AND
domain='${quote_mysql:$domain}'
10:55:20 17646    result: mysql;SELECT domain FROM aliases LEFT JOIN
domains USING (domain_id) WHERE name='e:test' AND domain='example.com'
10:55:20 17646 search_open: mysql "NULL"
10:55:20 17646   cached open
10:55:20 17646 search_find: file="NULL"
10:55:20 17646   key="SELECT domain FROM aliases LEFT JOIN domains
USING (domain_id) WHERE name='e" partial=-1 affix=NULL starflags=0
10:55:20 17646 LRU list:
10:55:20 17646   :/etc/exim4/FORWARD
10:55:20 17646   :/etc/exim4/hubbed_hosts
10:55:20 17646   End
10:55:20 17646 internal_search_find: file="NULL"
10:55:20 17646   type=mysql key="SELECT domain FROM aliases LEFT JOIN
domains USING (domain_id) WHERE name='e"
10:55:20 17646 database lookup required for SELECT domain FROM aliases
LEFT JOIN domains USING (domain_id) WHERE name='e
10:55:20 17646 MySQL query: SELECT domain FROM aliases LEFT JOIN
domains USING (domain_id) WHERE name='e
10:55:20 17646 MYSQL using cached connection for localhost/email/exim
10:55:20 17646 MYSQL: query failed: You have an error in your SQL
syntax; check the manual that corresponds to your MySQL server version
for the right syntax to use near ''e' at line 1
10:55:20 17646
10:55:20 17646 lookup deferred: MYSQL: query failed: You have an error
in your SQL syntax; check the manual that corresponds to your MySQL
server version for the right syntax to use near ''e' at line 1
10:55:20 17646
10:55:20 17646 example.com in "mysql;SELECT domain FROM aliases LEFT
JOIN domains USING (domain_id) WHERE name='e:test' AND
domain='example.com'"? list match deferred for mysql;SELECT domain
FROM aliases LEFT JOIN domains USING (domain_id) WHERE name='e
10:55:20 17646 domains check lookup or other defer
"E:Test"@??? cannot be resolved at this time: domains check
lookup or other defer


Is there any workaround for this?


Paul