Re: [exim] Tainting & rewrite rules

Top Page
Delete this message
Reply to this message
Author: Jeremy Harris
Date:  
To: exim-users
Subject: Re: [exim] Tainting & rewrite rules
On 13/01/2020 12:38, Evgeniy Berdnikov via Exim-users wrote:
> I have a rewrite rule for one client:
>
> *@XXX.msk.ru        ${lookup{$0}wildlsearch{/path/to/maps/XXX.msk.ru.map}{$value}{${sg{$local_part}{_}{.}}@???}} Fcbtrf

>
> After upgrade to 4.93 I found that mails from XXX.msk.ru are rejected
> with "421 Unexpected failure", and panic.log contains records like
>
> 2020-01-13 14:55:25.279 [115431] 1iqyJZ-000U1n-8z Taint mismatch, Ustrncpy: rewrite_one_header 611
>
> 2020-01-13 14:58:45.412 [116160] 1iqyMn-000UDY-DI Taint mismatch, Ustrncpy: rewrite_one_header 611
>
> 2020-01-13 15:21:26.775 [118739] 1iqyik-000Ut9-Oz Taint mismatch, Ustrncpy: rewrite_one_header 611
>
> It's clear that reason is the presence of $local_part on the right side.
> However, there are no file operations on the right side, so I'd expect
> this operation is safe and should be permitted in this context.
> Is it correct or not?


At first glance that should be safe.

The "mismatch" implies it is likely a bug - however, it could be your
build. What platform is it, and did you do the build yourself?
--
Cheers,
Jeremy