diff options
| author | Jeremy Harris <jgh146exb@wizmail.org> | 2022-03-03 22:23:42 +0000 |
|---|---|---|
| committer | Jeremy Harris <jgh146exb@wizmail.org> | 2022-03-03 22:23:42 +0000 |
| commit | 4191cb150300d310ab5fa22ce2cfb02b6f6051b0 (patch) | |
| tree | 501724c674333b636ce1a5a73f84dec708d35bcd /doc | |
| parent | 376d3790ba2756278e28d0ecaa1ed7c9b1a0ab00 (diff) | |
Check query strings of query-style lookups for quoting. Bug 2850
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/doc-docbook/spec.xfpt | 23 | ||||
| -rw-r--r-- | doc/doc-txt/NewStuff | 3 |
2 files changed, 21 insertions, 5 deletions
diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index 1bc63bff3..bfadeb10a 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -6839,6 +6839,12 @@ version of the lookup key. The &'query-style'& type accepts a generalized database query. No particular key value is assumed by Exim for query-style lookups. You can use whichever Exim variables you need to construct the database query. +.cindex "tainted data" "quoting for lookups" +.new +If tainted data is used in the query then it should be quuted by +using the &*${quote_*&<&'lookup-type'&>&*:*&<&'string'&>&*}*& expansion operator +appropriate for the lookup. +.wen .endlist The code for each lookup type is in a separate source file that is included in @@ -40994,8 +41000,18 @@ was received, in the conventional Unix form &-- the number of seconds since the start of the epoch. The second number is a count of the number of messages warning of delayed delivery that have been sent to the sender. -There follow a number of lines starting with a hyphen. These can appear in any -order, and are omitted when not relevant: +.new +There follow a number of lines starting with a hyphen. +These contain variables, can appear in any +order, and are omitted when not relevant. + +If there is a second hyphen after the first, +the corresponding data is tainted. +If there is a value in parentheses, the data is quoted for a lookup. + +The following word specifies a variable, +and the remainder of the item depends on the variable. +.wen .vlist .vitem "&%-acl%&&~<&'number'&>&~<&'length'&>" @@ -41151,9 +41167,6 @@ was received from the client, this records the Distinguished Name from that certificate. .endlist -Any of the above may have an extra hyphen prepended, to indicate the the -corresponding data is untrusted. - Following the options there is a list of those addresses to which the message is not to be delivered. This set of addresses is initialized from the command line when the &%-t%& option is used and &%extract_addresses_remove_arguments%& diff --git a/doc/doc-txt/NewStuff b/doc/doc-txt/NewStuff index 394eb144d..730508adc 100644 --- a/doc/doc-txt/NewStuff +++ b/doc/doc-txt/NewStuff @@ -19,6 +19,9 @@ Version 4.96 5. The ACL "debug" control gains options "stop", "pretrigger" and "trigger". + 6. Query-style lookups are now checked for quoting, if the query string is + built using untrusted data ("tainted"). For now lack of quoting is merely + logged; a future release will upgrade this to an error. Version 4.95 ------------ |