Re: [exim] $dnslist_domain tainted

Top Page
This message is part of the following thread:
M\the complete thread tree sorted by date
MMMartin Clayton at <-
MMMartin Clayton at ->
Delete this message
Reply to this message
Author: Jeremy Harris
Date:  
To: exim-users
Subject: Re: [exim] $dnslist_domain tainted
On 16/11/2022 14:06, Martin Clayton via Exim-users wrote:
> Removing the rhsbl services (i.e, $sender_address_domain) and all is well.
>
> Looks like I guessed wrong. I'm wondering why this taint error isn't widespread -- could it be $filter/exists specific?



Aha! (otherwise pronounced "Doh!")...

This item:
dbl.spamhaus.org!=127.0.1.255,127.255.255.252,127.255.255.254,127.255.255.255/$sender_address_domain

because it uses $sender_address_domain (which is tainted), taints the entire string
that is the list for ${filter...} (because string-expansion is done before list-expansion).
Therefore every $item for the filter is tainted, and so the filtered result list is also.
--
Cheers,
Jeremy


This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] $dnslist_domain taintedRe: [exim] $dnslist_domain tainted->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)