Re: [exim] Tainted filename for search in Exim 4.94-1

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
Mlesve at <-
MScott Ellis at ->
Delete this message
Reply to this message
Author: Jeremy Harris
Date:  
To: exim-users
Subject: Re: [exim] Tainted filename for search in Exim 4.94-1
On 19/06/2020 17:33, Patrick Porteous via Exim-users wrote:
> I'm having the same problem as Vladislav Georgiev after upgrading from
> 4.93.3 to 4.94-1.  After applying the update, I receive the following
> error when trying to send from any of my domains.  Is this a bug or is
> this something I need to change in my config file for the new version? 

> 2020-06-19 07:54:17 H=mail.example.com ([192.168.1.###]) [##.###.###.##]
> sender verify defer for <sender@???>: failed to expand
> "${extract{1}{:}{${lookup{$local_part@$domain}lsearch{/etc/exim/domains/$domain/aliases}}}}":
> NULL

It is something you need to change in your configuration.

You are using an unsafe construction for the
file in which you are doing an lsearch.

Consider that the domain, the result of expanding $domain,
is fully under the control of a potential attacker.
It could, for example, contain the letter sequence "../".
--
Cheers,
Jeremy

This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] Tainted filename for search in Exim 4.94-1[exim] De-tainting->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)