https://bugs.exim.org/show_bug.cgi?id=2617
Bug ID: 2617
Summary: Taint mismatch in parse_fix_phrase
Product: Exim
Version: N/A
Hardware: x86
OS: Linux
Status: NEW
Severity: bug
Priority: medium
Component: Delivery in general
Assignee: unallocated@exim.org
Reporter: dpc22@cam.ac.uk
CC: exim-dev@exim.org
We upgraded from 4.92.3 to 4.94 on Monday.
I needed to add three dsearch lookups to places where we use ${domain} in
filename lookups: No big deal.
That leaves a number of the following paniclog errors each day:
2020-07-09 01:07:08 +0100 Taint mismatch, Ustrncpy: parse_fix_phrase 1153
The timestamps look like a handful of messages retrying at regular intervals.
However I can't tell if these messages are internal or external, or determine
anything about the actual content of the messages: there is no obvious context
from adjacent entries in the Exim mainlog.
This is a completely vanilla 4.94 built from source. Line 1153 of parse.c
(which contains parse_fix_phrase()) appears to be the Ustrncpy in the middle
of:
/* Comment does not contain unescaped quotes; include it in
our quote. */
else
{
if (ss >= end) ss--;
*t++ = '(';
Ustrncpy(t, s, ss-s);
t += ss-s;
s = ss;
}
}
This feels like a bug in Exim: I don't _think_ that I am trying to use the RFC
822 "phrase" from messages anywhere in my Exim configuration, certainly not in
filename lookups.
Any suggestions about how I can get to the bottom of what is going on here?
Thanks.
--
You are receiving this mail because:
You are on the CC list for the bug.
--
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
Bug ID: 2617
Summary: Taint mismatch in parse_fix_phrase
Product: Exim
Version: N/A
Hardware: x86
OS: Linux
Status: NEW
Severity: bug
Priority: medium
Component: Delivery in general
Assignee: unallocated@exim.org
Reporter: dpc22@cam.ac.uk
CC: exim-dev@exim.org
We upgraded from 4.92.3 to 4.94 on Monday.
I needed to add three dsearch lookups to places where we use ${domain} in
filename lookups: No big deal.
That leaves a number of the following paniclog errors each day:
2020-07-09 01:07:08 +0100 Taint mismatch, Ustrncpy: parse_fix_phrase 1153
The timestamps look like a handful of messages retrying at regular intervals.
However I can't tell if these messages are internal or external, or determine
anything about the actual content of the messages: there is no obvious context
from adjacent entries in the Exim mainlog.
This is a completely vanilla 4.94 built from source. Line 1153 of parse.c
(which contains parse_fix_phrase()) appears to be the Ustrncpy in the middle
of:
/* Comment does not contain unescaped quotes; include it in
our quote. */
else
{
if (ss >= end) ss--;
*t++ = '(';
Ustrncpy(t, s, ss-s);
t += ss-s;
s = ss;
}
}
This feels like a bug in Exim: I don't _think_ that I am trying to use the RFC
822 "phrase" from messages anywhere in my Exim configuration, certainly not in
filename lookups.
Any suggestions about how I can get to the bottom of what is going on here?
Thanks.
--
You are receiving this mail because:
You are on the CC list for the bug.
--
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##