[exim-dev] [Bug 3066] tainted search query is not properly q…

Αρχική Σελίδα
Delete this message
Reply to this message
Συντάκτης: Exim Bugzilla
Ημερομηνία:  
Προς: exim-dev
Αντικείμενο: [exim-dev] [Bug 3066] tainted search query is not properly quoted discloses mysql password
https://bugs.exim.org/show_bug.cgi?id=3066

--- Comment #3 from Jeremy Harris <jgh146exb@???> ---
You really do have to move to the new syntax if you need a per-lookup
server spec, as otherwise the entire string in the braces enclosing the
query becomes tainted by the use of the tainted data parts of it.
That includes the server spec, and we do not permit use of a tainted one.

This is why the new syntax was introduced, in 4.94, moving the server spec
outside
those braces. This bug becomes moot.

--
You are receiving this mail because:
You are on the CC list for the bug.

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-dev.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-dev-unsubscribe@???
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/