[exim-dev] [Bug 2623] sqlite lookup taint problem

Top Page
Delete this message
Reply to this message
Author: admin
Date:  
To: exim-dev
Old-Topics: [exim-dev] [Bug 2623] New: sqlite_dbfile is ignored in list lookups
Subject: [exim-dev] [Bug 2623] sqlite lookup taint problem
https://bugs.exim.org/show_bug.cgi?id=2623

Jeremy Harris <jgh146exb@???> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |ALREADY_FIXED


--- Comment #2 from Jeremy Harris <jgh146exb@???> ---
No, it only fails when you specify the DB file with the lookup SQL, and there
is a tainted variable involved (anywhere in the whole string).

What's happened is that the word "select" has been taken as the filename for
the DB, overriding the sqlite_dbfile setting. To avoid this, reword the list
entry as a string-expansion lookup:

   sqlite_dbfile = /some/thing/sqlitedb
   domainlist relay_to_domains = ${lookup sqlite \
       {select '*' from relays where ip='$sender_host_address'}}



The coding in that area has already been changed, since 4.94, to require a
leading slash in specifying a filename. Without that change, the example as
given is unusable.

If you're building from source, you need at least commit 4a7dca5235.

Closing as already dealt with.

--
You are receiving this mail because:
You are on the CC list for the bug.