summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPhil Pennock <pdp@exim.org>2011-02-13 00:19:26 -0500
committerPhil Pennock <pdp@exim.org>2011-02-13 00:19:26 -0500
commit76aa570c217ad2fad1e73fb91e2aa39ce5e3c4ff (patch)
tree73145e4fc8512d46d513dc0bade79a799715433a
parent2fe767453007d1b015f52313d16dc61635085621 (diff)
Don't reveal SQL expansion failure details in SMTP.
fixes bug 1061
-rw-r--r--doc/doc-txt/ChangeLog4
-rw-r--r--src/src/deliver.c14
-rw-r--r--src/src/route.c16
3 files changed, 26 insertions, 8 deletions
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 7aeba3d3c..439e80aba 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -44,6 +44,10 @@ PP/05 Bugzilla 1083: when lookup expansion defers, escape the output which
PP/06 Bugzilla 1042: implement freeze_signal on pipe transports.
Patch from Jakob Hirsch.
+PP/07 Bugzilla 1061: restrict error messages sent over SMTP to not reveal
+ SQL string expansion failure details.
+ Patch from Andrey Oktyabrski.
+
Exim version 4.74
-----------------
diff --git a/src/src/deliver.c b/src/src/deliver.c
index 807f03817..41e4a66f3 100644
--- a/src/src/deliver.c
+++ b/src/src/deliver.c
@@ -744,17 +744,15 @@ malformed, it won't ever have gone near LDAP.) */
if (addr->message != NULL)
{
addr->message = string_printing(addr->message);
- if (Ustrstr(addr->message, "failed to expand") != NULL &&
- (Ustrstr(addr->message, "ldap:") != NULL ||
+ if (((Ustrstr(addr->message, "failed to expand") != NULL) || (Ustrstr(addr->message, "expansion of ") != NULL)) &&
+ (Ustrstr(addr->message, "mysql") != NULL ||
+ Ustrstr(addr->message, "pgsql") != NULL ||
+ Ustrstr(addr->message, "sqlite") != NULL ||
+ Ustrstr(addr->message, "ldap:") != NULL ||
Ustrstr(addr->message, "ldapdn:") != NULL ||
Ustrstr(addr->message, "ldapm:") != NULL))
{
- uschar *p = Ustrstr(addr->message, "pass=");
- if (p != NULL)
- {
- p += 5;
- while (*p != 0 && !isspace(*p)) *p++ = 'x';
- }
+ addr->message = string_sprintf("Temporary internal error");
}
}
diff --git a/src/src/route.c b/src/src/route.c
index 324de2ab8..346a7c6a7 100644
--- a/src/src/route.c
+++ b/src/src/route.c
@@ -1952,6 +1952,22 @@ if (unseen && r->next != NULL)
/* Unset the address expansions, and return the final result. */
ROUTE_EXIT:
+if (yield == DEFER) {
+ if (
+ ((Ustrstr(addr->message, "failed to expand") != NULL) || (Ustrstr(addr->message, "expansion of ") != NULL)) &&
+ (
+ Ustrstr(addr->message, "mysql") != NULL ||
+ Ustrstr(addr->message, "pgsql") != NULL ||
+ Ustrstr(addr->message, "sqlite") != NULL ||
+ Ustrstr(addr->message, "ldap:") != NULL ||
+ Ustrstr(addr->message, "ldapdn:") != NULL ||
+ Ustrstr(addr->message, "ldapm:") != NULL
+ )
+ ) {
+ addr->message = string_sprintf("Temporary internal error");
+ }
+}
+
deliver_set_expansions(NULL);
disable_logging = FALSE;
return yield;