[exim] Backslashes in addresses [Was: CVE-2019-10149: alread…

Top Page
Delete this message
Reply to this message
Author: Ian Zimmerman
Date:  
To: exim-users
Old-Topics: Re: [exim] CVE-2019-10149: already vulnerable ?
Subject: [exim] Backslashes in addresses [Was: CVE-2019-10149: already vulnerable ?]
On 2019-06-24 20:35, Cyborg wrote:

> Am 24.06.19 um 19:55 schrieb Ian Zimmerman via Exim-users:
> > On 2019-06-24 17:23, Jeremy Harris wrote:
> > For instance, if I say this in the -bh dialog:
> >
> > RCPT TO:<it\z@???>
> >
> > the local part being tested, according to the >>> output, is just "itz",
> > which of course ends up being accepted.
> >
> > I think this is a bug, do you agree?
> >
> try a real Escape Sequence like \x instead, as \z is no valid escape
> sequence. Exim may remove those as "bugs in your regex" before
> processsing it.


I think you have misunderstood what I wrote, maybe because I didn't show
the config syntax I tested. Here it is:

# Also prohibit backslashes.

  deny
    domains = +local_domains
    condition = ${if match{$local_part}{\N\\\N}}
    logwrite = acl_check_rcpt: backslashes in $local_part


I think this should match any backslash in the local part. The actual
local part is not a regex :-) It is just a string, right? Exim has no
business massaging it in any way.

--
Please don't Cc: me privately on mailing lists and Usenet,
if you also post the followup to the list or newsgroup.
To reply privately _only_ on Usenet and on broken lists
which rewrite From, fetch the TXT record for no-use.mooo.com.