https://bugs.exim.org/show_bug.cgi?id=2506
Bug ID: 2506
Summary: taint issue in Sieve filter
Product: Exim
Version: 4.93
Hardware: x86
OS: Linux
Status: NEW
Severity: bug
Priority: medium
Component: Filters
Assignee: unallocated@???
Reporter: jgh146exb@???
CC: exim-dev@???
Reported: header comparisons in Sieve fail due to tainted-expansion:
17:28:39 64561 Exim version 4.93.0.3 uid=0 gid=0 pid=64561 D=fff9ffff
# Sieve filter
require ["fileinto", "envelope"];
if header :contains ["From"] ["@someblacklisteddomain"] { discard; stop; }
if header :contains ["From"] ["@antoher junkmailer"] { discard; stop; }
# exim -bt klausman-gentoo@???
LOG: MAIN PANIC
attempt to expand tainted string '$rheader_From'
LOG: MAIN PANIC
attempt to expand tainted string '${if def:header_From {true}{false}}'
Sieve error: header string expansion failed in line 3
klausman-gentoo@??? -> inbox
transport = address_file
--
You are receiving this mail because:
You are on the CC list for the bug.
