Re: [exim] Taint checking and exim 4.96rc0

Αρχική Σελίδα
Delete this message
Reply to this message
Συντάκτης: Jeremy Harris
Ημερομηνία:  
Προς: exim-users
Αντικείμενο: Re: [exim] Taint checking and exim 4.96rc0
On 01/05/2022 10:58, James via Exim-users wrote:
>     set acl_m_greyhash = ${hash_32_62:$sender_helo_name$sender_address$local_part$domain}


If that subject string for the hash operator was less than
33 chars long, the operator returns it unchanged.
If an attacker slipped some SQL syntax in there, your lookup
would not do what you expected.

So it was already broken, lacking a quoting operation,
and 4.96 discovered this for you.
--
Cheers,
Jeremy