[exim-dev] [Bug 2617] New: Taint mismatch in parse_fix_phras…

Top Page
Delete this message
Reply to this message
Author: admin
Date:  
To: exim-dev
Subject: [exim-dev] [Bug 2617] New: Taint mismatch in parse_fix_phrase
https://bugs.exim.org/show_bug.cgi?id=2617

            Bug ID: 2617
           Summary: Taint mismatch in parse_fix_phrase
           Product: Exim
           Version: N/A
          Hardware: x86
                OS: Linux
            Status: NEW
          Severity: bug
          Priority: medium
         Component: Delivery in general
          Assignee: unallocated@???
          Reporter: dpc22@???
                CC: exim-dev@???


We upgraded from 4.92.3 to 4.94 on Monday.

I needed to add three dsearch lookups to places where we use ${domain} in
filename lookups: No big deal.

That leaves a number of the following paniclog errors each day:

2020-07-09 01:07:08 +0100 Taint mismatch, Ustrncpy: parse_fix_phrase 1153

The timestamps look like a handful of messages retrying at regular intervals.

However I can't tell if these messages are internal or external, or determine
anything about the actual content of the messages: there is no obvious context
from adjacent entries in the Exim mainlog.

This is a completely vanilla 4.94 built from source. Line 1153 of parse.c
(which contains parse_fix_phrase()) appears to be the Ustrncpy in the middle
of:

          /* Comment does not contain unescaped quotes; include it in
          our quote. */


          else
            {
            if (ss >= end) ss--;
            *t++ = '(';
            Ustrncpy(t, s, ss-s);
            t += ss-s;
            s = ss;
            }
          }


This feels like a bug in Exim: I don't _think_ that I am trying to use the RFC
822 "phrase" from messages anywhere in my Exim configuration, certainly not in
filename lookups.

Any suggestions about how I can get to the bottom of what is going on here?
Thanks.

--
You are receiving this mail because:
You are on the CC list for the bug.