Autor: James Data: Para: exim-users Assunto: Re: [exim] Taint checking and exim 4.96rc0
On 01/05/2022 11:19, Jeremy Harris via Exim-users wrote: > If that subject string for the hash operator was less than
> 33 chars long, the operator returns it unchanged.
> If an attacker slipped some SQL syntax in there, your lookup
> would not do what you expected.
The hash did not do what I expect.
$ echo 1 | md5sum
b026324c6904b2a9cb4b88d6d61c81d1 -
> So it was already broken, lacking a quoting operation,
> and 4.96 discovered this for you.
Indeed, most grateful and I changed my config without complaint. All I
was doing was answering the question "Do we have *new* taintchecks..."