[exim-dev] [Bug 3066] tainted search query is not properly q…

Top Page
This message is part of the following thread:
M++++++++\the complete thread tree sorted by date
MMMMMMMMMMExim Bugzilla at <-
Exim Bugzilla at ->
Delete this message
Reply to this message
Author: Exim Bugzilla
Date:  
To: exim-dev
Subject: [exim-dev] [Bug 3066] tainted search query is not properly quoted discloses mysql password
https://bugs.exim.org/show_bug.cgi?id=3066

--- Comment #3 from Jeremy Harris <jgh146exb@???> ---
You really do have to move to the new syntax if you need a per-lookup
server spec, as otherwise the entire string in the braces enclosing the
query becomes tainted by the use of the tainted data parts of it.
That includes the server spec, and we do not permit use of a tainted one.

This is why the new syntax was introduced, in 4.94, moving the server spec
outside
those braces. This bug becomes moot.

--
You are receiving this mail because:
You are on the CC list for the bug.

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-dev.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-dev-unsubscribe@???
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

This message was posted to the following mailing lists:
Exim-dev
Mailing List Info | Nearby Messages		<-[exim-dev] [Bug 3066] tainted search query is not properly quoted discloses mysql password[exim-dev] [Bug 3068] New: deprecate old syntax for query-style lookup per-lookup server->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)