https://bugs.exim.org/show_bug.cgi?id=2111
Bug ID: 2111
Summary: malware ACL: scanner "sock" doesn't handle whitespace
in command line format
Product: Exim
Version: 4.89
Hardware: All
OS: All
Status: NEW
Severity: bug
Priority: medium
Component: ACLs
Assignee: jgh146exb@???
Reporter: reed.meyer@???
CC: exim-dev@???
Hi there :)
We wrote software that communicates with exim via a socket, using the generic
"sock" scanner. As stated in Chapter 44 of the exim documentation,
http://www.exim.org/exim-html-current/doc/html/spec_html/ch-content_scanning_at_acl_time.html
,
the "sock" configuration takes four options, the second of which is "a
commandline to send (may include a single %s which will be replaced with the
path to the mail file to be scanned)", and which defaults to "%s\n". The
command line format is similar to C "printf"-style formatting, as is clear from
the exim source code.
Unfortunately, as we discovered in testing, whitespace characters can't be used
in this command line string. The relevant code is around line 1704 in
malware.c (
https://github.com/Exim/exim/blob/master/src/src/malware.c ). The
code calls string_nextinlist(), which is at lines 874-970 in string.c (
https://github.com/Exim/exim/blob/master/src/src/string.c ), to fetch the
command line string. Near the end of string_nextinlist(), whitespace
characters are stripped off the end of the string; note the call to isspace()
in line 962 of string.c:
while (ptr > 0 && isspace(buffer[ptr-1])) ptr--; .
This actually defeats the command line string that the exim documentation
considers the default, namely "%s\n"; the "\n" is stripped off and is therefore
never transmitted over the socket.
Furthermore, one cannot simply specify an empty command line string, and hope
that exim will replace it with the default, "%s\n", because of the behavior of
string_nextinlist(). When the input is an empty string, string_nextinlist()
returns US"", which is a non-null string; but the code in malware.c (line 1704)
only uses the default string "%s\n" when string_nextinlist() returns a null
string.
--
You are receiving this mail because:
You are on the CC list for the bug.
