Marc Haber via Exim-users <exim-users@???> (Mi 03 Jul 2019 18:17:24 CEST):
> On Sun, 23 Jun 2019 20:02:33 +0100, Jeremy Harris via Exim-users
> <exim-users@???> wrote:
> > deny local_parts = \N ^.*$ : ^.*\\x24 : ^.*\\0?44 \N
> > message = no mate
>
> This might be a really stupid question, but what exactly does that do?
>
> ^.*$ blocks local_parts containing a $
> ^.\\x24 does the same?
> but I'm stymied about the \\0.44 notation, what's that?
From my POV ^.*$ matches *any* local_part, as $ is the string's end anchor, isn't it?.
But I can't imagine that such mistake happens to Jeremy, so I assume, I'm missing the point here.
\\x24 should match the literal \x24, which may be used to encode the
dollar sign for the unintended local_part expansion in the vulnerable
code.
\\044 and \\44 may encode the dollar sign in base8 notation, with and
w/o the leading zero. Both are collapsed into \\0?44
But I may be totally wrong here.
--
Heiko
