Re: [exim] $dnslist_domain tainted

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MMartin Clayton at <-
MMartin Clayton at ->
Delete this message
Reply to this message
Author: Jeremy Harris
Date:  
To: exim-users
Subject: Re: [exim] $dnslist_domain tainted
On 17/11/2022 16:36, Martin Clayton via Exim-users wrote:
> So, sorry to be a tainted dummy, but I'm still left wondering how to deal with this.

Look at your line:

{exists{VHOST_DIR/$domain_data/VHOST_CONFIG_DIR/blacklists/${extract{1}{=!&/}{$item}{$value}{$item}}}}

The filename there is built from a directory path which is not tainted,
and a filename which is. This is a standard pattern for detainting
using a dsearch lookup - which as a bonus does the equivalent of "exists"
also. As the docs say (file & database lookups chapter, on dsearch)
"If lstat() succeeds then so does the lookup. The result is regarded as untainted."

So, use a ${lookup {tainted_thing} dsearch {untainted_path} {found} {not_found}}.
--
Cheers,
Jeremy


This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] $dnslist_domain taintedRe: [exim] $dnslist_domain tainted->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)