Re: [exim] ATTN: Re: CVE-2019-10149: already vulnerable ?

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MIan Zimmerman at <-
M+\Ian Zimmerman at ->
Delete this message
Reply to this message
Author: Jeremy Harris
Date:  
To: exim-users
Subject: Re: [exim] ATTN: Re: CVE-2019-10149: already vulnerable ?
On 24/06/2019 17:07, Ian Zimmerman via Exim-users wrote:
> I just want to prohibit any backslashes in local parts. I know this is
> totally safe to do im my case. So what it the appropriate number of
> backslashes to put in the regexp? Will this work:
>
> deny message = Restricted characters in address
> domains = +local_domains
> local_parts = ^[.] : ^.*[\$@%!/\\|]

I suggest quoting the entire list with \N for sanity.
Having done that I think you need a double backslash. I did when I
tested it. I suggest you test it yourself, using -bh.

As you have it, without \N-quoting, I think you don't have enough
backslashes.

--
Cheers,
Jeremy

This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] ATTN: Re: CVE-2019-10149: already vulnerable ?Re: [exim] CVE-2019-10149: already vulnerable ?->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)