[exim-dev] [Bug 3066] tainted search query is not properly q…

Top Pagina
Delete this message
Reply to this message
Auteur: Exim Bugzilla
Datum:  
Aan: exim-dev
Onderwerp: [exim-dev] [Bug 3066] tainted search query is not properly quoted discloses mysql password
https://bugs.exim.org/show_bug.cgi?id=3066

--- Comment #5 from Jeremy Harris <jgh146exb@???> ---
That's odd; in testing that I get logged a "severs=" element that does
not include a password. Still a bug, but not quite so concerning as leaking
the password:


PARTIAL = 127.0.0.1::PORT_N
SSPEC = PARTIAL/test/root/pass
hide mysql_servers = SSPEC


          # oldstyle partial server spec, prepended to lookup string, indexing
main-option, but not quoted
  warn    set acl_m0 =  FAIL3: ${lookup mysql     {servers=PARTIAL; select name
from them where id = '$local_part'}}



11:20:54 42141 LOG: MAIN PANIC
11:20:54 42141 tainted search query is not properly quoted (ACL warn,
/home/jgh/git/exim/test/test-config 39): servers=127.0.0.1::1223; select name
from them where id = 'c'

--
You are receiving this mail because:
You are on the CC list for the bug.

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-dev.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-dev-unsubscribe@???
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/