Re: [exim] 4.96 simplegreylist taint

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MAndrew C Aitchison at <-
M 
Delete this message
Reply to this message
Author: jacob dahl pind
Date:  
To: exim-users
Subject: Re: [exim] 4.96 simplegreylist taint
On 8/4/22 18:56, Andrew C Aitchison via Exim-users wrote:

>
> Earlier in that page acl_m_greyident is defined as:
>   # Generate a hashed 'identity' for the mail, as described above.
>   warn set acl_m_greyident =
> ${hash{20}{62}{$sender_address$recipients$h_message-id:}}
> I don't know whether hash untaints ... but as I read the spec,
> if $sender_address$recipients$h_message-id: is less than 20 characters
> the hash returns this string, which should still be tainted.
> Other hash functions (md5, sha1, sha256 etc) which appear never to
> return the original string, and thus *may* not be tainted, are available.
>

You where right, I looked at source and the hash doesnt seem to have any
untaint , unlike the sha etc.

Change the line to
warn set acl_m_greyident =
${sha256:{$sender_address$recipients$h_message-id:}}

which did the trick.

regards

This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] 4.96 simplegreylist taint[exim] Problems with rewriting a domain->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)