[exim-dev] [Bug 2506] taint issue in Sieve filter

Top Page
This message is part of the following thread:
M+\the complete thread tree sorted by date
MMMadmin at <-
 
Delete this message
Reply to this message
Author: admin
Date:  
To: exim-dev
Subject: [exim-dev] [Bug 2506] taint issue in Sieve filter
https://bugs.exim.org/show_bug.cgi?id=2506

Jeremy Harris <jgh146exb@???> changed: 

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|ASSIGNED                    |RESOLVED
         Resolution|---                         |INVALID


--- Comment #2 from Jeremy Harris <jgh146exb@???> ---
This turns out to be due to specifying the file option for a redirect router
using tainted data ($local_part). Fixed by using check_local_user and $home
instead.

The detection could be better, earlier in processing and indicating the mistake
-
but this complaint of tainted data use is not a bug. Closing on that basis.

--
You are receiving this mail because:
You are on the CC list for the bug.
This message was posted to the following mailing lists:
Exim-dev
Mailing List Info | Nearby Messages		<-[exim-dev] [Bug 2507] dlerror() incorrectly called twice thus losing error information in logs[exim-dev] [Bug 2501] fix missing parentheses in heimdal_gssapi.c->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)