[exim-dev] [Bug 2491] New: taint issue in transport with DSN

Top Page
Delete this message
Reply to this message
Author: admin
Date:  
To: exim-dev
Subject: [exim-dev] [Bug 2491] New: taint issue in transport with DSN
https://bugs.exim.org/show_bug.cgi?id=2491

            Bug ID: 2491
           Summary: taint issue in transport with DSN
           Product: Exim
           Version: N/A
          Hardware: All
                OS: All
            Status: NEW
          Severity: bug
          Priority: medium
         Component: Transports
          Assignee: unallocated@???
          Reporter: jgh146exb@???
                CC: exim-dev@???


Taint mismatch, string_vformat: build_rcptcmd_options 3107

    uschar * p = sx->buffer;
    ...
    string_format(p, sizeof(sx->buffer) - (p-sx->buffer), " ORCPT=%s",
      addr->dsn_orcpt);


Probably that smtp-context buffer (used for writing by the transport, here) can
be tainted; we're unlikely to want to ever be expanding from it, and there are
cases such as this one where we're wanting to put tainted items into it (the
OCRPT value was handed to us by a previous inbound).

--
You are receiving this mail because:
You are on the CC list for the bug.