[exim-dev] More taint fun (now 4.93.0.4/FreeBSD)

Top Page
Delete this message
Reply to this message
Author: Larry Rosenman
Date:  
To: Exim dev
Subject: [exim-dev] More taint fun (now 4.93.0.4/FreeBSD)
Upgraded to 4.93.0.4, and got the following:

<21>1 2020-02-24T12:59:20.956095-06:00 thebighonker.lerctr.org exim
24803 - - [1\83] 1j6Iwq-0006S3-LL H=malur.postgresql.org
[2a02:16a8:dc51::56]:59940 I=[2001:470:1f0f:3ad:bb:dcff:fe50:d900]:25
X=TLS1.2:ECDHE-RSA-AES256-SHA:256 CV=yes DN="/CN=lists.postgresql.org"
F=<pgsql-hackers-owner+M2386-215359@???> temporarily
rejected during MIME ACL checks: failed to expand ACL string
"${lookup{${lc:${sg{$mime_filename}{^.+\\.([a-zA-Z0-9]+)\$}{\$1}}}}lsearch{/usr/local/etc/exim/checkfiles/bad-exts}{yes}{no}}":
attempt to expand tainted string '$1'


which came from this (uncommented):
+#FILENAME_EXT =
${lc:${sg{$mime_filename}{^.+\\.([a-zA-Z0-9]+)\$}{\$1}}}

+  #deny  message = This message contains an unwanted file extension 
($mime_filename)
+  #    log_message = MALWARE: unwanted extension ($mime_filename)
+  #      condition = 
${lookup{FILENAME_EXT}lsearch{BLACKLIST_FILES}{yes}{no}}


I'm not sure how to make the taint stuff happy here.

What's a good work-around for this?



-- 
Larry Rosenman                     http://www.lerctr.org/~ler
Phone: +1 214-642-9640                 E-Mail: ler@???
US Mail: 5708 Sabbia Dr, Round Rock, TX 78665-2106