Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. exim>
  3. dev
[Bug 2727] New: Failure to expand due to taint in 4.94.2
exim-dev at exim
May 4, 2021, 8:34 AM
Post #1 of 1 (69 views)
Permalink
https://bugs.exim.org/show_bug.cgi?id=2727

Bug ID: 2727
Summary: Failure to expand due to taint in 4.94.2
Product: Exim
Version: 4.94
Hardware: x86
OS: All
Status: NEW
Severity: bug
Priority: medium
Component: String expansion
Assignee: unallocated@exim.org
Reporter: martynas@mc2.dev
CC: exim-dev@exim.org

With 4.94.2 we get the following (attaching comparison of how it worked in
4.94):
18:23:17 1707974 --------> virtual_aliases router <--------
18:23:17 1707974 local_part=asdads domain=domain.com
18:23:17 1707974 calling virtual_aliases router
18:23:17 1707974 rda_interpret (string): '${if
exists{/etc/virtual/$domain/aliases}{${lookup{$local_part}lsearch*{/etc/virtual/$domain/aliases}}}}'
18:23:17 1707974 ?considering: ${if
exists{/etc/virtual/$domain/aliases}{${lookup{$local_part}lsearch*{/etc/virtual/$domain/aliases}}}}
18:23:17 1707974 ?considering:
/etc/virtual/$domain/aliases}{${lookup{$local_part}lsearch*{/etc/virtual/$domain/aliases}}}}
18:23:17 1707974 ???expanding: /etc/virtual/$domain/aliases
18:23:17 1707974 ??????result: /etc/virtual/domain.com/aliases
18:23:17 1707974 ???(tainted)
18:23:17 1707974 ???condition: exists{/etc/virtual/$domain/aliases}
18:23:17 1707974 ??????result: true
18:23:17 1707974 ?considering:
${lookup{$local_part}lsearch*{/etc/virtual/$domain/aliases}}}}
18:23:17 1707974 ?considering:
$local_part}lsearch*{/etc/virtual/$domain/aliases}}}}
18:23:17 1707974 ???expanding: $local_part
18:23:17 1707974 ??????result: asdads
18:23:17 1707974 ???(tainted)
18:23:17 1707974 ?considering: /etc/virtual/$domain/aliases}}}}
18:23:17 1707974 ???expanding: /etc/virtual/$domain/aliases
18:23:17 1707974 ??????result: /etc/virtual/domain.com/aliases
18:23:17 1707974 ???(tainted)
18:23:17 1707974 LOG: MAIN PANIC
18:23:17 1707974 Tainted filename for search:
'/etc/virtual/domain.com/aliases'
18:23:17 1707974 ?failed to expand:
${lookup{$local_part}lsearch*{/etc/virtual/$domain/aliases}}}}
18:23:17 1707974 ????error message: NULL
18:23:17 1707974 ?failed to expand: ${if
exists{/etc/virtual/$domain/aliases}{${lookup{$local_part}lsearch*{/etc/virtual/$domain/aliases}}}}
18:23:17 1707974 ????error message: NULL
18:23:17 1707974 virtual_aliases router: defer for asdads@domain.com
18:23:17 1707974 message: failed to expand "${if
exists{/etc/virtual/$domain/aliases}{${lookup{$local_part}lsearch*{/etc/virtual/$domain/aliases}}}}":
NULL
18:23:17 1707974 ----------- end verify ------------
18:23:17 1707974 deny: condition test deferred in ACL "acl_check_recipient"
18:23:17 1707974 SMTP>> 451 Temporary local problem - please try later
18:23:17 1707974 LOG: MAIN REJECT
18:23:17 1707974 H=localhost (centos8.martynas.it) [::1]
F=<asdasd1@domain.com> temporarily rejected RCPT asdads@domain.com: failed to
expand "${if
exists{/etc/virtual/$domain/aliases}{${lookup{$local_part}lsearch*{/etc/virtual/$domain/aliases}}}}":
NULL

4.94:
18:28:50 1713224 --------> virtual_aliases router <--------
18:28:50 1713224 local_part=asdasd1 domain=domain.com
18:28:50 1713224 checking domains
18:28:50 1713224 search_open: lsearch "/etc/virtual/domainowners"
18:28:50 1713224 cached open
18:28:50 1713224 search_find: file="/etc/virtual/domainowners"
18:28:50 1713224 key="domain.com" partial=-1 affix=NULL starflags=0
opts="ret=key"
18:28:50 1713224 LRU list:
18:28:50 1713224 6/etc/virtual/domainowners
18:28:50 1713224 6/etc/virtual/domain.com/aliases
18:28:50 1713224 6/etc/virtual/domain.com/passwd
18:28:50 1713224 6/etc/virtual/domain.com/autoresponder.conf
18:28:50 1713224 6/etc/virtual/domain.com/majordomo/list.aliases
18:28:50 1713224 6/etc/virtual/domains
18:28:50 1713224 7/etc/virtual/blacklist_domains
18:28:50 1713224 7/etc/virtual/bad_sender_hosts
18:28:50 1713224 7/etc/virtual/blacklist_senders
18:28:50 1713224 7/etc/virtual/skip_rbl_domains
18:28:50 1713224 6/etc/virtual/use_rbl_domains
18:28:50 1713224 6/etc/passwd
18:28:50 1713224 7/etc/virtual/whitelist_senders
18:28:50 1713224 7/etc/virtual/whitelist_hosts
18:28:50 1713224 7/etc/virtual/whitelist_domains
18:28:50 1713224 5/etc/virtual/helo_data
18:28:50 1713224 End
18:28:50 1713224 internal_search_find: file="/etc/virtual/domainowners"
18:28:50 1713224 type=lsearch key="domain.com" opts="ret=key"
18:28:50 1713224 cached data used for lookup of domain.com
18:28:50 1713224 in /etc/virtual/domainowners
18:28:50 1713224 lookup yielded: bogdan8
18:28:50 1713224 lookup ret=key: domain.com
18:28:50 1713224 domain.com in "lsearch,ret=key;/etc/virtual/domainowners"? yes
(matched "lsearch,ret=key;/etc/virtual/domainowners")
18:28:50 1713224 calling virtual_aliases router
18:28:50 1713224 rda_interpret (string): '${if
exists{/etc/virtual/$domain_data/aliases}{${lookup{$local_part}lsearch*{/etc/virtual/$domain_data/aliases}}}}'
18:28:50 1713224 ?considering: ${if
exists{/etc/virtual/$domain_data/aliases}{${lookup{$local_part}lsearch*{/etc/virtual/$domain_data/aliases}}}}
18:28:50 1713224 ?considering:
/etc/virtual/$domain_data/aliases}{${lookup{$local_part}lsearch*{/etc/virtual/$domain_data/aliases}}}}
18:28:50 1713224 ???expanding: /etc/virtual/$domain_data/aliases
18:28:50 1713224 ??????result: /etc/virtual/domain.com/aliases
18:28:50 1713224 ???condition: exists{/etc/virtual/$domain_data/aliases}
18:28:50 1713224 ??????result: true
18:28:50 1713224 ?considering:
${lookup{$local_part}lsearch*{/etc/virtual/$domain_data/aliases}}}}
18:28:50 1713224 ?considering:
$local_part}lsearch*{/etc/virtual/$domain_data/aliases}}}}
18:28:50 1713224 ???expanding: $local_part
18:28:50 1713224 ??????result: asdasd1
18:28:50 1713224 ???(tainted)
18:28:50 1713224 ?considering: /etc/virtual/$domain_data/aliases}}}}
18:28:50 1713224 ???expanding: /etc/virtual/$domain_data/aliases
18:28:50 1713224 ??????result: /etc/virtual/domain.com/aliases
18:28:50 1713224 search_open: lsearch "/etc/virtual/domain.com/aliases"
18:28:50 1713224 cached open
18:28:50 1713224 search_find: file="/etc/virtual/domain.com/aliases"
18:28:50 1713224 key="asdasd1" partial=-1 affix=NULL starflags=1 opts=NULL
18:28:50 1713224 LRU list:
18:28:50 1713224 6/etc/virtual/domain.com/aliases
18:28:50 1713224 6/etc/virtual/domainowners
18:28:50 1713224 6/etc/virtual/domain.com/passwd
18:28:50 1713224 6/etc/virtual/domain.com/autoresponder.conf
18:28:50 1713224 6/etc/virtual/domain.com/majordomo/list.aliases
18:28:50 1713224 6/etc/virtual/domains
18:28:50 1713224 7/etc/virtual/blacklist_domains
18:28:50 1713224 7/etc/virtual/bad_sender_hosts
18:28:50 1713224 7/etc/virtual/blacklist_senders
18:28:50 1713224 7/etc/virtual/skip_rbl_domains
18:28:50 1713224 6/etc/virtual/use_rbl_domains
18:28:50 1713224 6/etc/passwd
18:28:50 1713224 7/etc/virtual/whitelist_senders
18:28:50 1713224 7/etc/virtual/whitelist_hosts
18:28:50 1713224 7/etc/virtual/whitelist_domains
18:28:50 1713224 5/etc/virtual/helo_data
18:28:50 1713224 End
18:28:50 1713224 internal_search_find: file="/etc/virtual/domain.com/aliases"
18:28:50 1713224 type=lsearch key="asdasd1" opts=NULL
18:28:50 1713224 cached data used for lookup of asdasd1
18:28:50 1713224 in /etc/virtual/domain.com/aliases
18:28:50 1713224 lookup yielded: bogdan@anotherdomain.com
18:28:50 1713224 ???expanding:
${lookup{$local_part}lsearch*{/etc/virtual/$domain_data/aliases}}
18:28:50 1713224 ??????result: bogdan@anotherdomain.com
18:28:50 1713224 ???expanding: ${if
exists{/etc/virtual/$domain_data/aliases}{${lookup{$local_part}lsearch*{/etc/virtual/$domain_data/aliases}}}}
18:28:50 1713224 ??????result: bogdan@anotherdomain.com
18:28:50 1713224 expanded: 'bogdan@anotherdomain.com'
18:28:50 1713224 file is not a filter file
18:28:50 1713224 parse_forward_list: bogdan@anotherdomain.com
18:28:50 1713224 extract item: bogdan@anotherdomain.com
18:28:50 1713224 virtual_aliases router generated bogdan@anotherdomain.com
18:28:50 1713224 errors_to=NULL transport=NULL
18:28:50 1713224 uid=unset gid=unset home=NULL
18:28:50 1713224 routed by virtual_aliases router
18:28:50 1713224 envelope to: asdasd1@domain.com
18:28:50 1713224 transport: <none>
18:28:50 1713224 >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
18:28:50 1713224 Considering bogdan@anotherdomain.com
18:28:50 1713224 >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
18:28:50 1713224 routing bogdan@anotherdomain.com
...

Did something change there? I don't see any changelog entries for hardened
taints.

--
You are receiving this mail because:
You are on the CC list for the bug.

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal