Gitweb:
https://git.exim.org/exim.git/commitdiff/06b43f1b7f7319445d4a71b9a60e3f2f144cf7a2
Commit: 06b43f1b7f7319445d4a71b9a60e3f2f144cf7a2
Parent: 4da37662868dcfd8ec23ad9d7f643ef014b1a42b
Author: Jeremy Harris <jgh146exb@???>
AuthorDate: Sat Jan 13 15:24:12 2024 +0000
Committer: Jeremy Harris <jgh146exb@???>
CommitDate: Sat Jan 13 15:49:08 2024 +0000
Lookups: log warning for deprecated syntax. Bug 3068
---
doc/doc-docbook/spec.xfpt | 19 ++++++++++++++++---
doc/doc-txt/ChangeLog | 3 +++
src/src/lookups/lf_sqlperform.c | 4 +++-
test/stderr/2610 | 28 ++++++++++++++++++++++++++++
4 files changed, 50 insertions(+), 4 deletions(-)
diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index 57b242a4e..79bdb24e5 100644
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -8156,13 +8156,20 @@ option, you can still update it by a query of this form:
${lookup pgsql,servers=master/db/name/pw {UPDATE ...} }
.endd
-An older syntax places the servers specification before the query,
+.new
+A now-deprecated syntax places the servers specification before the query,
semicolon separated:
.code
${lookup mysql{servers=master; UPDATE ...} }
.endd
-The new version avoids potential issues with tainted
-arguments in the query, for explicit expansion.
+The new version avoids issues with tainted
+arguments explicitly expanded as part of the query.
+The entire string within the braces becomes tainted,
+including the server sepcification - which is not permissible.
+If the older sytax is used, a warning message will be logged.
+This syntax will be removed in a future release.
+.wen
+
&*Note*&: server specifications in list-style lookups are still problematic.
@@ -8339,6 +8346,9 @@ type of match and is given below as the &*value*& information.
.section "Expansion of lists" "SECTlistexpand"
.cindex "expansion" "of lists"
Each list is expanded as a single string before it is used.
+.cindex "tainted data" tracking
+&*Note*&: As a result, if any componend was tainted then the
+entire result string becomes tainted.
&'Exception: the router headers_remove option, where list-item
splitting is done before string-expansion.'&
@@ -9534,6 +9544,9 @@ start of a portion of the string that is interpreted and replaced as described
below in section &<<SECTexpansionitems>>& onwards. Backslash is used as an
escape character, as described in the following section.
+.cindex "tainted data" tracking
+If any porttion of the result string is tainted, the entire result is.
+
Whether a string is expanded depends upon the context. Usually this is solely
dependent upon the option for which a value is sought; in this documentation,
options for which string expansion is performed are marked with † after
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 6a0207f2a..40e8a9e7e 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -83,6 +83,9 @@ JH/17 Bug 3064: Fix combination of "-q<period> -R <recipients>". Introduction of
the multiple-queue-runners facility for 4.97 broking this, giving only
a one-time run of the queue.
+JH/18 Bug 3068: Log a warning for use of deprecated syntax in query-style
+ lookups.
+
Exim version 4.97
-----------------
diff --git a/src/src/lookups/lf_sqlperform.c b/src/src/lookups/lf_sqlperform.c
index ecb0a3221..d5bb8d297 100644
--- a/src/src/lookups/lf_sqlperform.c
+++ b/src/src/lookups/lf_sqlperform.c
@@ -2,7 +2,7 @@
* Exim - an Internet mail transport agent *
*************************************************/
-/* Copyright (c) The Exim Maintainers 2020 - 2022 */
+/* Copyright (c) The Exim Maintainers 2020 - 2024 */
/* Copyright (c) University of Cambridge 1995 - 2018 */
/* See the file NOTICE for conditions of use and distribution. */
/* SPDX-License-Identifier: GPL-2.0-or-later */
@@ -56,6 +56,8 @@ if (Ustrncmp(query, "servers", 7) == 0)
const uschar *qserverlist;
uschar *qserver;
+ log_write(0, LOG_MAIN|LOG_CONFIG_IN, "WARNING: obslete syntax used for lookup\n");
+
s = query + 7;
skip_whitespace(&s);
if (*s++ != '=')
diff --git a/test/stderr/2610 b/test/stderr/2610
index 6fedeb321..667d8bba9 100644
--- a/test/stderr/2610
+++ b/test/stderr/2610
@@ -135,6 +135,10 @@ dropping to exim gid; retaining priv uid
type=mysql key="servers=x:127.0.0.1::PORT_N; select name from them where id='ph10';" opts=NULL
database lookup required for servers=x:127.0.0.1::PORT_N; select name from them where id='ph10';
MySQL query: "servers=x:127.0.0.1::PORT_N; select name from them where id='ph10';" opts 'NULL'
+LOG: MAIN
+ Exim configuration error in line 87 of TESTSUITE/test-config:
+ WARNING: obslete syntax used for lookup
+
lookup deferred: MySQL server "x" not found in mysql_servers
search_open: mysql "NULL"
cached open
@@ -145,6 +149,10 @@ dropping to exim gid; retaining priv uid
type=mysql key="servers=127.0.0.1::PORT_N:x; select name from them where id='ph10';" opts=NULL
database lookup required for servers=127.0.0.1::PORT_N:x; select name from them where id='ph10';
MySQL query: "servers=127.0.0.1::PORT_N:x; select name from them where id='ph10';" opts 'NULL'
+LOG: MAIN
+ Exim configuration error in line 87 of TESTSUITE/test-config:
+ WARNING: obslete syntax used for lookup
+
MYSQL using cached connection for 127.0.0.1:PORT_N/test/root
creating new cache entry
lookup yielded: Philip Hazel
@@ -157,6 +165,10 @@ dropping to exim gid; retaining priv uid
type=mysql key="servers=127.0.0.1::PORT_N/test/root/:x; select name from them where id='ph10';" opts=NULL
database lookup required for servers=127.0.0.1::PORT_N/test/root/:x; select name from them where id='ph10';
MySQL query: "servers=127.0.0.1::PORT_N/test/root/:x; select name from them where id='ph10';" opts 'NULL'
+LOG: MAIN
+ Exim configuration error in line 87 of TESTSUITE/test-config:
+ WARNING: obslete syntax used for lookup
+
MYSQL using cached connection for 127.0.0.1:PORT_N/test/root
creating new cache entry
lookup yielded: Philip Hazel
@@ -169,6 +181,10 @@ dropping to exim gid; retaining priv uid
type=mysql key="servers=ip4.ip4.ip4.ip4::1223/test/root/:127.0.0.1::PORT_N; select name from them where id='ph10';" opts=NULL
database lookup required for servers=ip4.ip4.ip4.ip4::1223/test/root/:127.0.0.1::PORT_N; select name from them where id='ph10';
MySQL query: "servers=ip4.ip4.ip4.ip4::1223/test/root/:127.0.0.1::PORT_N; select name from them where id='ph10';" opts 'NULL'
+LOG: MAIN
+ Exim configuration error in line 87 of TESTSUITE/test-config:
+ WARNING: obslete syntax used for lookup
+
MYSQL new connection: host=ip4.ip4.ip4.ip4 port=PORT_N socket=NULL database=test user=root
creating new cache entry
lookup yielded: Philip Hazel
@@ -181,6 +197,10 @@ dropping to exim gid; retaining priv uid
type=mysql key="servers=localhost(TESTSUITE/mysql/sock)/test/root/pass; select name from them where id='ph10';" opts=NULL
database lookup required for servers=localhost(TESTSUITE/mysql/sock)/test/root/pass; select name from them where id='ph10';
MySQL query: "servers=localhost(TESTSUITE/mysql/sock)/test/root/pass; select name from them where id='ph10';" opts 'NULL'
+LOG: MAIN
+ Exim configuration error in line 87 of TESTSUITE/test-config:
+ WARNING: obslete syntax used for lookup
+
MYSQL new connection: host=localhost port=0 socket=TESTSUITE/mysql/sock database=test user=root
creating new cache entry
lookup yielded: Philip Hazel
@@ -348,6 +368,10 @@ check set acl_m0 = ok: ${lookup mysql,servers=127.0.0.1::PORT_N {select nam
database lookup required for servers=127.0.0.1::PORT_N/test/root/pass; select name from them where id = 'c'
(tainted, quoted:mysql)
MySQL query: "servers=127.0.0.1::PORT_N/test/root/pass; select name from them where id = 'c'" opts 'NULL'
+LOG: MAIN
+ Exim configuration error in line 87 of TESTSUITE/test-config:
+ WARNING: obslete syntax used for lookup
+
lookup deferred: MySQL server "127.0.0.1:PORT_N/test/root/pass" is tainted
warn: condition test deferred in ACL "check_recipient"
LOG: MAIN
@@ -388,6 +412,10 @@ host in "<& net-mysql;servers=127.0.0.1::PORT_N/test/root/pass; select * from th
database lookup required for servers=127.0.0.1::PORT_N/test/root/pass; select * from them where id='c'
(tainted, quoted:mysql)
MySQL query: "servers=127.0.0.1::PORT_N/test/root/pass; select * from them where id='c'" opts 'NULL'
+LOG: MAIN
+ Exim configuration error in line 87 of TESTSUITE/test-config:
+ WARNING: obslete syntax used for lookup
+
lookup deferred: MySQL server "127.0.0.1:PORT_N/test/root/pass" is tainted
host in "<& net-mysql;servers=127.0.0.1::PORT_N/test/root/pass; select * from them where id='c'"? list match deferred for net-mysql;servers=127.0.0.1::1223/test/root/pass; select * from them where id='c'
warn: condition test deferred in ACL "check_recipient"
--
## subscription configuration (requires account):
##
https://lists.exim.org/mailman3/postorius/lists/exim-cvs.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-cvs-unsubscribe@???
## Exim details at
http://www.exim.org/
## Please use the Wiki with this list -
http://wiki.exim.org/