[exim-dev] [Bug 2491] New: taint issue in transport with DSN

トップ ページ
このメッセージを削除
このメッセージに返信
著者: admin
日付:  
To: exim-dev
題目: [exim-dev] [Bug 2491] New: taint issue in transport with DSN
https://bugs.exim.org/show_bug.cgi?id=2491

            Bug ID: 2491
           Summary: taint issue in transport with DSN
           Product: Exim
           Version: N/A
          Hardware: All
                OS: All
            Status: NEW
          Severity: bug
          Priority: medium
         Component: Transports
          Assignee: unallocated@???
          Reporter: jgh146exb@???
                CC: exim-dev@???


Taint mismatch, string_vformat: build_rcptcmd_options 3107

    uschar * p = sx->buffer;
    ...
    string_format(p, sizeof(sx->buffer) - (p-sx->buffer), " ORCPT=%s",
      addr->dsn_orcpt);


Probably that smtp-context buffer (used for writing by the transport, here) can
be tainted; we're unlikely to want to ever be expanding from it, and there are
cases such as this one where we're wanting to put tainted items into it (the
OCRPT value was handed to us by a previous inbound).

--
You are receiving this mail because:
You are on the CC list for the bug.