Re: [exim] Taint checking and exim 4.96rc0

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MJames at <-
MJames at ->
Delete this message
Reply to this message
Author: Jeremy Harris
Date:  
To: exim-users
Subject: Re: [exim] Taint checking and exim 4.96rc0
On 01/05/2022 10:58, James via Exim-users wrote:
>     set acl_m_greyhash = ${hash_32_62:$sender_helo_name$sender_address$local_part$domain}

If that subject string for the hash operator was less than
33 chars long, the operator returns it unchanged.
If an attacker slipped some SQL syntax in there, your lookup
would not do what you expected.

So it was already broken, lacking a quoting operation,
and 4.96 discovered this for you.
--
Cheers,
Jeremy

This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] exim-4.96rc0 Tainted argRe: [exim] Taint checking and exim 4.96rc0->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)