[exim-dev] [Bug 2491] New: taint issue in transport with DSN

Top Page
This message is part of the following thread:
M+\the complete thread tree sorted by date
MMM 
admin at ->
Delete this message
Reply to this message
Author: admin
Date:  
To: exim-dev
Subject: [exim-dev] [Bug 2491] New: taint issue in transport with DSN
https://bugs.exim.org/show_bug.cgi?id=2491 

            Bug ID: 2491
           Summary: taint issue in transport with DSN
           Product: Exim
           Version: N/A
          Hardware: All
                OS: All
            Status: NEW
          Severity: bug
          Priority: medium
         Component: Transports
          Assignee: unallocated@???
          Reporter: jgh146exb@???
                CC: exim-dev@???


Taint mismatch, string_vformat: build_rcptcmd_options 3107 

    uschar * p = sx->buffer;
    ...
    string_format(p, sizeof(sx->buffer) - (p-sx->buffer), " ORCPT=%s",
      addr->dsn_orcpt);


Probably that smtp-context buffer (used for writing by the transport, here) can
be tainted; we're unlikely to want to ever be expanding from it, and there are
cases such as this one where we're wanting to put tainted items into it (the
OCRPT value was handed to us by a previous inbound).

--
You are receiving this mail because:
You are on the CC list for the bug.
This message was posted to the following mailing lists:
Exim-dev
Mailing List Info | Nearby Messages		<-[exim-dev] [Bug 2489] 4.93 segv in PAM auth[exim-dev] [Bug 2491] taint issue in transport with DSN->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)