[exim] $dnslist_domain tainted

[Martin Clayton via Exim-users]

Hi,

Moving an old system to exim 4.94.2 I'm hitting a taint error with 
$dnslist_domain. That's a bit surprising as it's 100% internally defined 
-- there's nothing the outside world can do to change its possible 
values. Well, at least in my mind ;)

warn    domains             = +vhost_domains
        dnslists            = $acl_m_dnslist1
        add_header          = X-Spam-Blacklisted: $dnslist_matched listed at 
$dnslist_domain ($dnslist_value)
        set acl_m105076_act = 
${lookup{tag}lsearch{VHOST_DIR/$domain_data/VHOST_CONFIG_DIR/blacklists/$dnslist_domain}{tag}{reject}}
        logwrite            = ACL#10/50/76: H=$sender_fullhost $dnslist_matched 
blacklisted at $dnslist_domain ($dnslist_value) - $domain_data set to 
$acl_m105076_act

deny    condition           = ${if eq {$acl_m105076_act}{reject}}
        message             = $dnslist_matched blacklisted at $dnslist_domain 
($dnslist_value) \
                                  ${if def:dnslist_text {\n$dnslist_text}}

When there's an rbl hit, the lsearch lookup triggers a taint error, e.g:

Tainted filename for search '/srv/example.com/config/blacklists/bl.mxrbl.com' 
failed to expand ACL string "${lookup{tag}lsearch{/srv/$domain_data/config/blacklists/$dnslist_domain}{tag}{reject}}"

(I haven't touched most of the config but $domain_data is innocent -- a 
quick test replacing $dnslist_domain with a hardcoded "bl.mxrbl.com" and 
all is well).

So, a bit of a dummy question (sorry), but how do I detaint 
$dnslist_domain? Presumably, with a simple lookup -- by definition it's 
in $acl_m_dnslist1 and the associated file will very likely still exist 
at VHOST_DIR/$domain_data/VHOST_CONFIG_DIR/blacklists/$dnslist_domain ...

In case it's relevant, $acl_m_dnslist1 is populated via a filter looking 
for the presence of various files, e.g:

warn    domains             = +vhost_domains
        set acl_m_dnslist1  = ${filter{ \
                                        b.barracudacentral.org                  
: \
                                        hostkarma.junkemailfilter.com=127.0.0.2 
: \
                                        bl.mxrbl.com                            
: \
                                        
dbl.spamhaus.org!=127.0.1.255,127.255.255.252,127.255.255.254,127.255.255.255/$sender_address_domain
 : \
                                        
hostkarma.junkemailfilter.com=127.0.0.2/$sender_address_domain       : \
                                        
dbl.nordspam.com==127.0.0.2/$sender_address_domain                     \
                                      } \
                                      
{exists{VHOST_DIR/$domain_data/VHOST_CONFIG_DIR/blacklists/${extract{1}{=!&/}{$item}{$value}{$item}}}}
 \
                               }

Hmm, I'm now wondering if $sender_address_domain has tainted dnslists, 
parent of $dnslist_domain. I guess not.

Meanwhile, thanks for exim - and any pointers!

M







--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/