Jay Sekora <js@???> (Fr 06 Sep 2019 22:17:31 CEST):
> > According the the Git log, the $tls_in_sni variable should be available
> > for >= 4.81. For <4.81 $tls_sni was the name.
> Thansk! I saw that, but this is 4.82, and I get the same error with $tls_sni .
>
> > Does "exim -be '$tls_in_sni'" complain too? And "exim -be '$tls_sni'"?
>
> Yes:
>
> $ exim -be '$tls_in_sni'
> Failed: unknown variable name "tls_in_sni"
>
> $ exim -be '$tls_sni'
> Failed: unknown variable name "tls_sni"
>
> $ exim -bV
> Exim version 4.82 #2 built 10-Feb-2018 19:43:30
> Copyright (c) University of Cambridge, 1995 - 2013
> (c) The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007 - 2013
> Berkeley DB: Berkeley DB 5.3.28: (September 9, 2013)
> Support for: crypteq iconv() IPv6 PAM Perl Expand_dlfunc GnuTLS move_frozen_messages Content_Scanning DKIM Old_Demime
May be an issue with GnuTLS?
I just downloaded the Ubuntu package source from launchpad and built
Exim with a minimal build configuration. And - voila - the variable does
not exist! I'm not able to build it with OpenSSL, as my installed -dev
libraries are not compatible with the old sources.
… some more checking.
src/exand.c:
#if defined(SUPPORT_TLS) && !defined(USE_GNUTLS)
{ "tls_sni", vtype_stringptr, &tls_in.sni }, /* mind the alphabetical order! */
#endif
But nevertheless, your Exim is vulnerable. Unfortunnatly the ACL trick
doesn't work. You can do "binary patching".
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---------------------------- internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are welcome --------------- key ID: F69376CE -
! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ -
