Re: [exim] Taint checking and exim 4.96rc0

Páxina inicial
Borrar esta mensaxe
Responder a esta mensaxe
Autor: Jeremy Harris
Data:  
Para: exim-users
Asunto: Re: [exim] Taint checking and exim 4.96rc0
On 01/05/2022 10:58, James via Exim-users wrote:
>     set acl_m_greyhash = ${hash_32_62:$sender_helo_name$sender_address$local_part$domain}


If that subject string for the hash operator was less than
33 chars long, the operator returns it unchanged.
If an attacker slipped some SQL syntax in there, your lookup
would not do what you expected.

So it was already broken, lacking a quoting operation,
and 4.96 discovered this for you.
--
Cheers,
Jeremy