On 12/06/2021 20:56, Andrew C Aitchison via Exim-dev wrote: > On Sat, 12 Jun 2021, Jasen Betts via Exim-dev wrote:
>> I'm wanting to be able to use expansion variables in the servers=
>> parameter of query-style lookups.
This immediately sounds dangerous.
[suggested code change]
>> This seems to work for simple variables which is enough for me. Full
>> brace expansion does not work (I think the parser gets confused).
>>
>> As I understand it this is not going to cause a memory leak.
>>
>> a few lines down from this serverlist is checked to be taint-free so
>> this feels safe to me.
>
> Isn't the idea to check a string is taint-free *before* expanding it ?
Precisely. Consider what an attacker might present you with to get
expanded, and the extensive facilities that Exim expansion offers.
--
Cheers,
Jeremy
