Jeremy Harris via Exim-users <exim-users@exim.org> wrote: > On 22/12/2021 07:33, Christian Balzer via Exim-users wrote: > > LOCALDOM = /etc/exim4/localdomains > > domainlist local_domains = > > @:localhost:LOCALDOM:ldap;ldap::///ou=mail,dc=do,dc=main?mailDomain?sub?mailDomain=$domain > > Doh. Ignore my previous question; I'd misread. > > This issue here is that the use of $domain in that string, > which happens to be a domain list, is tainting the entire string. > That includes the LOCALDOM element, after its macro-expansion, > so when that gets used as a filename, you trap. > > I'm not sure what you can do about this. How many places > is this local_domains being used (probably many). > Could you lose either the fixed file or the ldap?
It's over a decade ago since I dealt with ldap, but shouldn't this be quoted anyway using quote_ldap? As it is, a malicious $domain could have unwanted side effects on the query, because the query is parsed after expanding $domain. The taint check prevents that. Perhaps quote_ldap should return an untainted string? Michael -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
