Re: [exim-dev] servers expansion

Pàgina inicial
Delete this message
Reply to this message
Autor: Andrew C Aitchison
Data:  
A: Jasen Betts
CC: exim-dev
Assumpte: Re: [exim-dev] servers expansion
On Sat, 12 Jun 2021, Jasen Betts via Exim-dev wrote:

>
> I'm wanting to be able to use expansion variables in the servers=
> parameter of query-style lookups.
>
> I can use variables if I put servers= inside the query, but if
> servers= is used there I can't use tainted variables in the query.
>
> I crawled around looking at the source code trying to
> backtrace to the caller code and finally came up with this patch:
>
> --- a/build/exim/src/lookups/lf_sqlperform.c
> +++ b/build/exim/src/lookups/lf_sqlperform.c
> @@ -129,7 +129,7 @@ else
>     uschar * ele;
>     for (int sep = ','; ele = string_nextinlist(&opts, &sep, NULL, 0); )
>       if (Ustrncmp(ele, "servers=", 8) == 0)
> -       { serverlist = ele + 8; break; }
> +       { serverlist = expand_string( ele + 8 ); break; }
>     }

>
> if (!serverlist)
> ---
>
> This seems to work for simple variables which is enough for me. Full
> brace expansion does not work (I think the parser gets confused).
>
> As I understand it this is not going to cause a memory leak.
>
> a few lines down from this serverlist is checked to be taint-free so
> this feels safe to me.


Isn't the idea to check a string is taint-free *before* expanding it ?

-- 
Andrew C. Aitchison                    Kendal, UK
             andrew@???