https://bugs.exim.org/show_bug.cgi?id=2646
Bug ID: 2646
Summary: taint error in ldap query parameter
Product: Exim
Version: 4.94
Hardware: x86-64
OS: Linux
Status: NEW
Severity: bug
Priority: medium
Component: Lookups
Assignee: unallocated@???
Reporter: heiko@???
CC: exim-dev@???
Exim fails with taint error if a server parameter is specified.
Reproduce:
Argument "-oMai" is used in the following example only to fill
$authenticated_id with an tained value.
$ exim -oMai example -be '${lookup ldap {ldap:///attr=$authenticated_id}}'
--> works as expected
but:
$ exim -oMai example -be '${lookup ldap {servers="localhost"
ldap:///attr=$authenticated_id}}'
2020-09-23 21:15:42 Taint mismatch, string_nextinlist: control_ldap_search 1257
That's not correct. Nothing in the added parameter (servers="localhost") should
cause a taint mismatch.
--
You are receiving this mail because:
You are on the CC list for the bug.