[exim-dev] [Bug 3066] tainted search query is not properly q…

Pàgina inicial
Delete this message
Reply to this message
Autor: Exim Bugzilla
Data:  
A: exim-dev
Assumpte: [exim-dev] [Bug 3066] tainted search query is not properly quoted discloses mysql password
https://bugs.exim.org/show_bug.cgi?id=3066

--- Comment #7 from Jeremy Harris <jgh146exb@???> ---
The macro usage shouldn't make a difference; those are resolved as the
config is read in.  The hide only applies to the mysql_servers option
value being visible in "exim m-bP".  I'm *fairly* sure the dns name for
the server vs. an IP doesn't matter, nor the explicit port.

Can you get a debug run?  With -d+all, for the relevant section leading
up to the log line I get:

14:16:30 28330 processing "warn" (/home/jgh/git/exim/test/test-config 39)
14:16:30 28330  ╭considering: FAIL3: ${lookup mysql    
{servers=127.0.0.1::1223; select name from them where id = '$local_part'}}
14:16:30 28330  ├───────text: FAIL3: 
14:16:30 28330  ├considering: ${lookup mysql     {servers=127.0.0.1::1223;
select name from them where id = '$local_part'}}
14:16:30 28330   ╭considering: servers=127.0.0.1::1223; select name from them
where id = '$local_part'}}
14:16:30 28330   ├───────text: servers=127.0.0.1::1223; select name from them
where id = '
14:16:30 28330   ├considering: $local_part'}}
14:16:30 28330   ├──────value: c
14:16:30 28330              ╰──(tainted)
14:16:30 28330   ├considering: '}}
14:16:30 28330   ├───────text: '
14:16:30 28330   ├considering: }}
14:16:30 28330   ├──expanding: servers=127.0.0.1::1223; select name from them
where id = '$local_part'
14:16:30 28330   ╰─────result: servers=127.0.0.1::1223; select name from them
where id = 'c'
14:16:30 28330              ╰──(tainted)
14:16:30 28330  search_open: mysql "NULL"
14:16:30 28330    cached open
14:16:30 28330  search_find: file="NULL"
14:16:30 28330    key="servers=127.0.0.1::1223; select name from them where id
= 'c'" partial=-1 affix=NULL starflags=0 opts=NULL
14:16:30 28330  LRU list:
14:16:30 28330  internal_search_find: file="NULL"
14:16:30 28330    type=mysql key="servers=127.0.0.1::1223; select name from
them where id = 'c'" opts=NULL
14:16:30 28330  database lookup required for servers=127.0.0.1::1223; select
name from them where id = 'c'
14:16:30 28330                               (tainted)
14:16:30 28330 LOG: MAIN PANIC
14:16:30 28330   tainted search query is not properly quoted (ACL warn,
/home/jgh/git/exim/test/test-config 39): servers=127.0.0.1::1223; select name
from them where id = 'c'

-- 
You are receiving this mail because:
You are on the CC list for the bug.


--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-dev.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-dev-unsubscribe@???
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/