Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. exim>
  3. dev
[Bug 3065] local_part_data and domain_data not set in autoreply transport once option
exim-dev at lists
Jan 9, 2024, 12:20 AM
Post #1 of 9 (197 views)
Permalink
https://bugs.exim.org/show_bug.cgi?id=3065

--- Comment #1 from David Saez <david@ols.es> ---
quote_dsearch does not untaint the variables, but it think it should
same for quote_local_part

--
You are receiving this mail because:
You are on the CC list for the bug.

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-dev.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-dev-unsubscribe@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
[Bug 3065] local_part_data and domain_data not set in autoreply transport once option [ In reply to ]
exim-dev at lists
Jan 9, 2024, 10:16 AM
Post #2 of 9 (197 views)
Permalink
https://bugs.exim.org/show_bug.cgi?id=3065

--- Comment #2 from Andreas Metzler <eximusers@bebt.de> ---
Subject says "and domain_data not set" however you are not using domain_data in
any of your examples:

/var/spool/exim/db/$local_part@$domain.vacation
/var/spool/exim/db/$local_part_data@$domain.vacation
/var/spool/exim/db/$local_part@$domain._data.vacation

--
You are receiving this mail because:
You are on the CC list for the bug.

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-dev.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-dev-unsubscribe@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
[Bug 3065] local_part_data and domain_data not set in autoreply transport once option [ In reply to ]
exim-dev at lists
Jan 12, 2024, 1:24 PM
Post #3 of 9 (191 views)
Permalink
https://bugs.exim.org/show_bug.cgi?id=3065

Jeremy Harris <jgh146exb@wizmail.org> changed:

What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |INVALID

--- Comment #3 from Jeremy Harris <jgh146exb@wizmail.org> ---
It's up to you in your config to obtain untainted data for use in various
situations.

Fundamentally this means using trusted data, stored on the system.
Using tainted values as index values for lookups in such local storage
is permitted and common. The lookup could be (eg.) in an SQL DB, for a file in
a
known directory, or in a list directly written in the config.

Using tainted data for a filename is one of those not-permissible things.


Try the Concept Index of the docs, under "detainting".

--
You are receiving this mail because:
You are on the CC list for the bug.

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-dev.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-dev-unsubscribe@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
[Bug 3065] local_part_data and domain_data not set in autoreply transport once option [ In reply to ]
exim-dev at lists
Jan 13, 2024, 12:01 AM
Post #4 of 9 (190 views)
Permalink
https://bugs.exim.org/show_bug.cgi?id=3065

--- Comment #4 from David Saez <david@ols.es> ---
Try the Concept Index of the docs, under "de-tainting"

--
You are receiving this mail because:
You are on the CC list for the bug.

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-dev.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-dev-unsubscribe@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
[Bug 3065] local_part_data and domain_data not set in autoreply transport once option [ In reply to ]
exim-dev at lists
Jan 13, 2024, 12:16 AM
Post #5 of 9 (190 views)
Permalink
https://bugs.exim.org/show_bug.cgi?id=3065

--- Comment #5 from David Saez <david@ols.es> ---
It's weird because if local address has already been verified to be an existant
local user this will require an extra sql query

Also, nothing prevents to use things like this:

once = /var/spool/exim/db/${lookup mysql {SELECT
'${quote_mysql:$local_part@$domain}'}}.vacation

--
You are receiving this mail because:
You are on the CC list for the bug.

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-dev.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-dev-unsubscribe@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
[Bug 3065] local_part_data and domain_data not set in autoreply transport once option [ In reply to ]
exim-dev at lists
Jan 13, 2024, 7:30 AM
Post #6 of 9 (190 views)
Permalink
https://bugs.exim.org/show_bug.cgi?id=3065

--- Comment #6 from David Saez <david@ols.es> ---
(In reply to Andreas Metzler from comment #2)
> Subject says "and domain_data not set" however you are not using domain_data
> in any of your examples:
>
> /var/spool/exim/db/$local_part@$domain.vacation
> /var/spool/exim/db/$local_part_data@$domain.vacation
> /var/spool/exim/db/$local_part@$domain._data.vacation

once = /var/spool/exim/db/$local_part@$domain._data.vacation

--
You are receiving this mail because:
You are on the CC list for the bug.

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-dev.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-dev-unsubscribe@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
[Bug 3065] local_part_data and domain_data not set in autoreply transport once option [ In reply to ]
exim-dev at lists
Jan 13, 2024, 7:31 AM
Post #7 of 9 (190 views)
Permalink
https://bugs.exim.org/show_bug.cgi?id=3065

--- Comment #7 from David Saez <david@ols.es> ---
anuway, i think the base problem is that the key used for "once" is not
configurable

--
You are receiving this mail because:
You are on the CC list for the bug.

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-dev.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-dev-unsubscribe@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: [Bug 3065] local_part_data and domain_data not set in autoreply transport once option [ In reply to ]
exim-dev at lists
Jan 13, 2024, 7:49 AM
Post #8 of 9 (190 views)
Permalink
On Sat, 13 Jan 2024, Exim Bugzilla via Exim-dev wrote:

> https://bugs.exim.org/show_bug.cgi?id=3065
>
> --- Comment #6 from David Saez <david@ols.es> ---
> (In reply to Andreas Metzler from comment #2)
>> Subject says "and domain_data not set" however you are not using domain_data
>> in any of your examples:
>>
>> /var/spool/exim/db/$local_part@$domain.vacation
>> /var/spool/exim/db/$local_part_data@$domain.vacation
>> /var/spool/exim/db/$local_part@$domain._data.vacation
>
> once = /var/spool/exim/db/$local_part@$domain._data.vacation

Yes, but that has a dot in domain_data
so you are still using the tainted variable $domain
not $domain_data

--
Andrew C. Aitchison Kendal, UK
andrew@aitchison.me.uk

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-dev.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-dev-unsubscribe@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
[Bug 3065] local_part_data and domain_data not set in autoreply transport once option [ In reply to ]
exim-dev at lists
Jan 13, 2024, 7:57 AM
Post #9 of 9 (190 views)
Permalink
https://bugs.exim.org/show_bug.cgi?id=3065

--- Comment #8 from David Saez <david@ols.es> ---
= /var/spool/exim/db/$local_part@$domain_data.vacation

--
You are receiving this mail because:
You are on the CC list for the bug.

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-dev.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-dev-unsubscribe@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal