Re: [exim] Taint checking and exim 4.96rc0

Top Page
Delete this message
Reply to this message
Author: Jeremy Harris
Date:  
To: exim-users
Subject: Re: [exim] Taint checking and exim 4.96rc0
On 01/05/2022 10:58, James via Exim-users wrote:
>     set acl_m_greyhash = ${hash_32_62:$sender_helo_name$sender_address$local_part$domain}


If that subject string for the hash operator was less than
33 chars long, the operator returns it unchanged.
If an attacker slipped some SQL syntax in there, your lookup
would not do what you expected.

So it was already broken, lacking a quoting operation,
and 4.96 discovered this for you.
--
Cheers,
Jeremy