Re: [exim] Tainting & rewrite rules

Página Principal
Apagar esta mensagem
Responder a esta mensagem
Autor: Evgeniy Berdnikov
Data:  
Para: Jeremy Harris via Exim-users
Assunto: Re: [exim] Tainting & rewrite rules
On Mon, Jan 13, 2020 at 01:21:13PM +0000, Jeremy Harris via Exim-users wrote:
> On 13/01/2020 12:38, Evgeniy Berdnikov via Exim-users wrote:
> > I have a rewrite rule for one client:
> >
> > *@XXX.msk.ru        ${lookup{$0}wildlsearch{/path/to/maps/XXX.msk.ru.map}{$value}{${sg{$local_part}{_}{.}}@???}} Fcbtrf

> >
> > After upgrade to 4.93 I found that mails from XXX.msk.ru are rejected
> > with "421 Unexpected failure", and panic.log contains records like
> >
> > 2020-01-13 14:55:25.279 [115431] 1iqyJZ-000U1n-8z Taint mismatch, Ustrncpy: rewrite_one_header 611
> >
> > 2020-01-13 14:58:45.412 [116160] 1iqyMn-000UDY-DI Taint mismatch, Ustrncpy: rewrite_one_header 611
> >
> > 2020-01-13 15:21:26.775 [118739] 1iqyik-000Ut9-Oz Taint mismatch, Ustrncpy: rewrite_one_header 611
> >
> > It's clear that reason is the presence of $local_part on the right side.
> > However, there are no file operations on the right side, so I'd expect
> > this operation is safe and should be permitted in this context.
> > Is it correct or not?
>
> At first glance that should be safe.
>
> The "mismatch" implies it is likely a bug - however, it could be your
> build. What platform is it, and did you do the build yourself?


Debian testing (bullseye/sid) with recent updates, from distro,
exim4 -bV shows:

Exim version 4.93 #3 built 03-Jan-2020 18:02:33
...

debian package exim4-daemon-heavy_4.93-5_i386.
--
Eugene Berdnikov