Gitweb:
https://git.exim.org/exim.git/commitdiff/1ea7f48754621db22ec40b6362823433d54bda62
Commit: 1ea7f48754621db22ec40b6362823433d54bda62
Parent: 3fc07bd5708d5b42e5a9a3bcf7ea1928a35eccb3
Author: Jeremy Harris <jgh146exb@???>
AuthorDate: Fri Jan 10 12:07:19 2020 +0000
Committer: Jeremy Harris <jgh146exb@???>
CommitDate: Sat Jan 11 17:02:48 2020 +0000
Docs: add explicit warnings for some variables likely tainted
---
doc/doc-docbook/spec.xfpt | 18 +++++++++++++++++-
1 file changed, 17 insertions(+), 1 deletion(-)
diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index 8b15227..241540c 100644
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -9815,6 +9815,12 @@ newline at the very end. For the &%header%& and &%bheader%& expansion, for
those headers that contain lists of addresses, a comma is also inserted at the
junctions between headers. This does not happen for the &%rheader%& expansion.
+.new
+.cindex "tainted data"
+When the headers are from an incoming message,
+the result of expanding any of these variables is tainted.
+.wen
+
.vitem &*${hmac{*&<&'hashname'&>&*}{*&<&'secret'&>&*}{*&<&'string'&>&*}}*&
.cindex "expansion" "hmac hashing"
@@ -12192,6 +12198,12 @@ When the &%smtp_etrn_command%& option is being expanded, &$domain$& contains
the complete argument of the ETRN command (see section &<<SECTETRN>>&).
.endlist
+.new
+.cindex "tainted data"
+If the origin of the data is an incoming message,
+the result of expanding this variable is tainted.
+.wen
+
.vitem &$domain_data$&
.vindex "&$domain_data$&"
@@ -12386,7 +12398,11 @@ because a message may have many recipients and the system filter is called just
once.
.new
-&*Warning*&: the content of this variable is provided by a potential attacker.
+.cindex "tainted data"
+If the origin of the data is an incoming message,
+the result of expanding this variable is tainted.
+
+&*Warning*&: the content of this variable is usually provided by a potential attacker.
Consider carefully the implications of using it unvalidated as a name
for file access.
This presents issues for users' &_.forward_& and filter files.
