Re: [exim] tainted string in 4.93

Top Page
Delete this message
Reply to this message
Author: Max Kostikov
Date:  
To: exim-users
Subject: Re: [exim] tainted string in 4.93
Some debug on this issue (FreeBSD 12.1)

12:58:46 22061   exim 4.93.0.4 daemon started: pid=22061, -q15m, 
listening for SMTP on [1.2.3.4]:{25,465,587} 
[2001:2:3:4::1]:{25,465,587} [127.0.0.1]:{25,465,587} [::1]:25 ... ...
12:58:46 22061 set_process_info: 22061 daemon(4.93.0.4): -q15m, 
listening for SMTP on [1.2.3.4]:{25,465,587} 
[2001:2:3:4::1]:{25,465,587} [127.0.0.1]:{25,465,587} [::1]:25 ... ...
12:58:46 22061 SPF_dns_exim_new
spf_compile.c:523    Debug: Parsing macro starting at 
Please%_see%_http://www.openspf.org/Why?id=%{S}&ip=%{C}&receiver=%{R}
spf_compile.c:1210   Debug: Compiling record v=spf1
spf_compile.c:523    Debug: Parsing macro starting at 
Please%_see%_http://www.open-spf.org/Why?id=%{S}&ip=%{C}&receiver=%{R}
12:58:46 22061 daemon running with uid=26 gid=6 euid=26 egid=6
12:58:46 22061 SIGALRM received
12:58:46 22061 1 queue-runner process running
12:58:46 22061 Listening...
12:58:46 32950 Starting queue-runner: pid 32950
12:58:46 32950 exec /usr/local/sbin/exim -qG
2020-02-26 12:58:46 1j6uLP-0008su-Lw attempt to expand tainted string 
'$local_part@$domain'
2020-02-26 12:58:46 1j6uLP-0008su-Lw == foo@??? 
R=spamassassin_router T=spamassassin_local defer (-1): Expansion of 
"$local_part@$domain" from command "/usr/local/bin/spamc -s 2097152 -u 
$local_part@$domain" in transport filter failed: attempt to expand 
tainted string '$local_part@$domain'
12:58:46 22061 child 32950 ended: status=0x0
12:58:46 22061   normal exit, 0



Max Kostikov via Exim-users писал 2020-02-25 22:44:
> With latest Exim (4.93.0.4) FreeBSD ports and fixes I still have
>
> 2020-02-24 19:48:02 1j6Hpq-000KXu-9y Taint mismatch, Ustrncpy:
> ip_unixsocket 518
>
> and no incoming mail.
> Apparently it is related to "pipe" command in filters.
>
> Jeremy Harris via Exim-users писал 2020-02-25 12:31:
>> On 24/02/2020 23:05, Aristedes Maniatis via Exim-users wrote:
>>> After an upgrade to 4.93 from 4.92 (FreeBSD ports), I am getting
>>
>> Multiple people are reporting issues with FreeBSD. Please contact
>> the FreeBSD maintainer and check if the +patches branch is being
>> tracked.
>> --
>> Cheers,
>> Jeremy


--
With best regards,
Max Kostikov

W: https://kostikov.co | DeltaChat: mk@???