[exim-dev] [Bug 2646] New: taint error in ldap query paramet…

Top Page
This message is part of the following thread:
M+\the complete thread tree sorted by date
MMM 
admin at ->
Delete this message
Reply to this message
Author: admin
Date:  
To: exim-dev
Subject: [exim-dev] [Bug 2646] New: taint error in ldap query parameter
https://bugs.exim.org/show_bug.cgi?id=2646 

            Bug ID: 2646
           Summary: taint error in ldap query parameter
           Product: Exim
           Version: 4.94
          Hardware: x86-64
                OS: Linux
            Status: NEW
          Severity: bug
          Priority: medium
         Component: Lookups
          Assignee: unallocated@???
          Reporter: heiko@???
                CC: exim-dev@???


Exim fails with taint error if a server parameter is specified.

Reproduce:

Argument "-oMai" is used in the following example only to fill
$authenticated_id with an tained value.

$ exim -oMai example -be '${lookup ldap {ldap:///attr=$authenticated_id}}'
--> works as expected

but:

$ exim -oMai example -be '${lookup ldap {servers="localhost"
ldap:///attr=$authenticated_id}}'
2020-09-23 21:15:42 Taint mismatch, string_nextinlist: control_ldap_search 1257

That's not correct. Nothing in the added parameter (servers="localhost") should
cause a taint mismatch.

--
You are receiving this mail because:
You are on the CC list for the bug.
This message was posted to the following mailing lists:
Exim-dev
Mailing List Info | Nearby Messages		<-[exim-dev] [Bug 2643] ffdhe2048 modulus is wrong[exim-dev] [Bug 2648] New: Use of $authres in a router headers_add causes segmentation violation for local messages->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)