https://bugs.exim.org/show_bug.cgi?id=2491
Bug ID: 2491
Summary: taint issue in transport with DSN
Product: Exim
Version: N/A
Hardware: All
OS: All
Status: NEW
Severity: bug
Priority: medium
Component: Transports
Assignee: unallocated@???
Reporter: jgh146exb@???
CC: exim-dev@???
Taint mismatch, string_vformat: build_rcptcmd_options 3107
uschar * p = sx->buffer;
...
string_format(p, sizeof(sx->buffer) - (p-sx->buffer), " ORCPT=%s",
addr->dsn_orcpt);
Probably that smtp-context buffer (used for writing by the transport, here) can
be tainted; we're unlikely to want to ever be expanding from it, and there are
cases such as this one where we're wanting to put tainted items into it (the
OCRPT value was handed to us by a previous inbound).
--
You are receiving this mail because:
You are on the CC list for the bug.
