[exim-dev] [Bug 2646] New: taint error in ldap query paramet…

Page principale
Supprimer ce message
Répondre à ce message
Auteur: admin
Date:  
À: exim-dev
Sujet: [exim-dev] [Bug 2646] New: taint error in ldap query parameter
https://bugs.exim.org/show_bug.cgi?id=2646

            Bug ID: 2646
           Summary: taint error in ldap query parameter
           Product: Exim
           Version: 4.94
          Hardware: x86-64
                OS: Linux
            Status: NEW
          Severity: bug
          Priority: medium
         Component: Lookups
          Assignee: unallocated@???
          Reporter: heiko@???
                CC: exim-dev@???


Exim fails with taint error if a server parameter is specified.

Reproduce:

Argument "-oMai" is used in the following example only to fill
$authenticated_id with an tained value.

$ exim -oMai example -be '${lookup ldap {ldap:///attr=$authenticated_id}}'
--> works as expected

but:

$ exim -oMai example -be '${lookup ldap {servers="localhost"
ldap:///attr=$authenticated_id}}'
2020-09-23 21:15:42 Taint mismatch, string_nextinlist: control_ldap_search 1257

That's not correct. Nothing in the added parameter (servers="localhost") should
cause a taint mismatch.

--
You are receiving this mail because:
You are on the CC list for the bug.