Re: [exim] CVE-2019-10149: already vulnerable ?

Αρχική Σελίδα
Delete this message
Reply to this message
Συντάκτης: Jeremy Harris
Ημερομηνία:  
Προς: exim-users
Αντικείμενο: Re: [exim] CVE-2019-10149: already vulnerable ?
On 24/06/2019 18:55, Ian Zimmerman via Exim-users wrote:
> RCPT TO:<it\z@???>
>
> the local part being tested, according to the >>> output, is just "itz",
> which of course ends up being accepted.
>
> I think this is a bug, do you agree?


This turns out to be deliberate, with the following code comment:

/* The implication in the RFCs (though I can't say I've seen it spelled out
explicitly) is that quoting should be removed from local parts at the point
where they are locally interpreted. [The new draft "821" is more explicit on
this, Jan 1999.] We know the syntax is valid, so this can be done by simply
removing quoting backslashes and any unquoted doublequotes. */

( function "deliver_split_address" )

So, to get a backslash into a local-part you have to double it in the SMTP
RCPT line:

RCPT TO:<it\\z@???>

--
Cheers,
Jeremy