Mailing List Archive

https://bugs.exim.org/show_bug.cgi?id=2598

--- Comment #2 from martynas@mc2.dev ---
Glad to hear! I'll test it out when it's ready :)

--
You are receiving this mail because:
You are on the CC list for the bug.
--
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##

https://bugs.exim.org/show_bug.cgi?id=2598

--- Comment #3 from martynas@mc2.dev ---
I see your patches, tested them and receiving the following now:
Taint mismatch, string_nextinlist: acl_verify 1807

--
You are receiving this mail because:
You are on the CC list for the bug.
--
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##

https://bugs.exim.org/show_bug.cgi?id=2598

--- Comment #4 from Jeremy Harris <jgh146exb@wizmail.org> ---
What does your verify= line look like?

--
You are receiving this mail because:
You are on the CC list for the bug.
--
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##

https://bugs.exim.org/show_bug.cgi?id=2598

--- Comment #5 from martynas@mc2.dev ---
I'm not completely sure which one is the as we have couple of them:
accept !verify = sender=$acl_arg1/defer_ok/callout=10s,defer_ok

I also have:
!verify = recipient/defer_ok/BC_VERIFY_CALLOUT

Where:
BC_VERIFY_CALLOUT =callout=3s,maxwait=5s,connect=2s,defer_ok,use_sender,hold

--
You are receiving this mail because:
You are on the CC list for the bug.
--
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##

https://bugs.exim.org/show_bug.cgi?id=2598

--- Comment #6 from Jeremy Harris <jgh146exb@wizmail.org> ---
It'll be the first one. In your current source for acl.c, what is on line
number
1807 ? It's isn't a string_nextinlist() call in git HEAD.

--
You are receiving this mail because:
You are on the CC list for the bug.
--
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##

https://bugs.exim.org/show_bug.cgi?id=2598

--- Comment #7 from martynas@mc2.dev ---
That's:
while ((opt = string_nextinlist(&sublist, &optsep, buffer, sizeof(buffer))))

In this section:
else if (strncmpic(ss, US"callout", 7) == 0)

I guess it should be changed to:
while ((opt = string_nextinlist(&sublist, &optsep, NULL, 0)))

Just not so sure if it's safe to do it :) (would need approval from your side)

--
You are receiving this mail because:
You are on the CC list for the bug.
--
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##

https://bugs.exim.org/show_bug.cgi?id=2598

--- Comment #8 from Jeremy Harris <jgh146exb@wizmail.org> ---
That line already has "NULL, 0" in HEAD. I think it crept in with some other
changes so was no specifically noted as a bugfix.

--
You are receiving this mail because:
You are on the CC list for the bug.
--
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##

https://bugs.exim.org/show_bug.cgi?id=2598

--- Comment #9 from martynas@mc2.dev ---
Ah, great. I can confirm I'm not seeing any taint mismatches anymore. Thank you
for your quick assistance.

--
You are receiving this mail because:
You are on the CC list for the bug.
--
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##

https://bugs.exim.org/show_bug.cgi?id=2598

Git Commit <git@exim.org> changed:

What |Removed |Added
----------------------------------------------------------------------------
CC| |git@exim.org

--- Comment #10 from Git Commit <git@exim.org> ---
Git commit:
https://git.exim.org/exim.git/commitdiff/9eed571fd7c3236326cc6ea74f1455b027df7604

commit 9eed571fd7c3236326cc6ea74f1455b027df7604
Author: Jeremy Harris <jgh146exb@wizmail.org>
AuthorDate: Sun Jun 14 20:43:06 2020 +0100
Commit: Jeremy Harris <jgh146exb@wizmail.org>
CommitDate: Sun Jun 14 21:04:46 2020 +0100

taint: fix verify. bug 2598
----
doc/doc-txt/ChangeLog | 4 +++
src/src/acl.c | 2 +-
test/confs/0591 | 33 ++++++++++++++++++++++
test/scripts/0000-Basic/0087 | 2 +-
test/scripts/0000-Basic/0591 | 29 +++++++++++++++++++
test/stderr/0591 | 67 ++++++++++++++++++++++++++++++++++++++++++++
test/stdout/0591 | 39 ++++++++++++++++++++++++++
7 files changed, 174 insertions(+), 2 deletions(-)

--
You are receiving this mail because:
You are on the CC list for the bug.
--
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##

https://bugs.exim.org/show_bug.cgi?id=2598

Jeremy Harris <jgh146exb@wizmail.org> changed:

What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |FIXED
Status|ASSIGNED |RESOLVED

--- Comment #11 from Jeremy Harris <jgh146exb@wizmail.org> ---
Fix confirmed by reporter

--
You are receiving this mail because:
You are on the CC list for the bug.
--
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##