diff options
| author | Jeremy Harris <jgh146exb@wizmail.org> | 2022-03-03 22:23:42 +0000 |
|---|---|---|
| committer | Jeremy Harris <jgh146exb@wizmail.org> | 2022-03-03 22:23:42 +0000 |
| commit | 4191cb150300d310ab5fa22ce2cfb02b6f6051b0 (patch) | |
| tree | 501724c674333b636ce1a5a73f84dec708d35bcd /test | |
| parent | 376d3790ba2756278e28d0ecaa1ed7c9b1a0ab00 (diff) | |
Check query strings of query-style lookups for quoting. Bug 2850
Diffstat (limited to 'test')
| -rw-r--r-- | test/confs/2610 | 35 | ||||
| -rw-r--r-- | test/confs/2620 | 21 | ||||
| -rw-r--r-- | test/log/2610 | 2 | ||||
| -rw-r--r-- | test/paniclog/2610 | 1 | ||||
| -rwxr-xr-x | test/runtest | 2 | ||||
| -rw-r--r-- | test/scripts/2610-MySQL/2610 | 2 | ||||
| -rw-r--r-- | test/stderr/2200 | 2 | ||||
| -rw-r--r-- | test/stderr/2201 | 4 | ||||
| -rw-r--r-- | test/stderr/2202 | 1 | ||||
| -rw-r--r-- | test/stderr/2610 | 85 | ||||
| -rw-r--r-- | test/stderr/2620 | 103 |
11 files changed, 199 insertions, 59 deletions
diff --git a/test/confs/2610 b/test/confs/2610 index 98a93b63b..9b139d2b6 100644 --- a/test/confs/2610 +++ b/test/confs/2610 @@ -10,6 +10,7 @@ domainlist local_domains = @ hostlist relay_hosts = net-mysql;select * from them where id='$sender_host_address' acl_smtp_rcpt = check_recipient +acl_not_smtp = check_notsmtp PARTIAL = 127.0.0.1::PORT_N SSPEC = PARTIAL/test/root/pass @@ -23,31 +24,40 @@ begin acl check_recipient: # Tainted-data checks warn - # taint only in lookup string - set acl_m0 = ok: ${lookup mysql {select name from them where id = '$local_part'}} + # taint only in lookup string, properly quoted + set acl_m0 = ok: ${lookup mysql {select name from them where id = '${quote_mysql:$local_part}'}} + # taint only in lookup string, but not quoted + set acl_m0 = FAIL: ${lookup mysql,no_rd {select name from them where id = '$local_part'}} + warn # option on lookup type unaffected - set acl_m0 = ok: ${lookup mysql,servers=SSPEC {select name from them where id = '$local_part'}} + set acl_m0 = ok: ${lookup mysql,servers=SSPEC {select name from them where id = '${quote_mysql:$local_part}'}} # partial server-spec, indexing main-option, works - set acl_m0 = ok: ${lookup mysql,servers=PARTIAL {select name from them where id = '$local_part'}} + set acl_m0 = ok: ${lookup mysql,servers=PARTIAL {select name from them where id = '${quote_mysql:$local_part}'}} # oldstyle server spec, prepended to lookup string, fails with taint - set acl_m0 = FAIL: ${lookup mysql {servers=SSPEC; select name from them where id = '$local_part'}} + set acl_m0 = FAIL: ${lookup mysql {servers=SSPEC; select name from them where id = '${quote_mysql:$local_part}'}} - # In list-stle lookup, tainted lookup string is ok if server spec comes from main-option + # In list-style lookup, tainted lookup string is ok if server spec comes from main-option warn set acl_m0 = ok: hostlist - hosts = net-mysql;select * from them where id='$local_part' + hosts = net-mysql;select * from them where id='${quote_mysql:$local_part}' # ... but setting a per-query servers spec fails due to the taint warn set acl_m0 = FAIL: hostlist - hosts = <& net-mysql;servers=SSPEC; select * from them where id='$local_part' + hosts = <& net-mysql;servers=SSPEC; select * from them where id='${quote_mysql:$local_part}' # The newer server-list-as-option-to-lookup-type is not a solution to tainted data in the lookup, because # string-expansion is done before list-expansion so the taint contaminates the entire list. warn set acl_m0 = FAIL: hostlist - hosts = <& net-mysql,servers=SSPEC; select * from them where id='$local_part' + hosts = <& net-mysql,servers=SSPEC; select * from them where id='${quote_mysql:$local_part}' accept domains = +local_domains + # the quoted status of this var should survive being passed via spoolfile + set acl_m_qtest = ${quote_mysql:$local_part} accept hosts = +relay_hosts deny message = relay not permitted +check_notsmtp: + accept + # the quoted status of this var should survive being passed via spoolfile + set acl_m_qtest = ${quote_mysql:$recipients} # ----- Routers ----- @@ -55,7 +65,10 @@ begin routers r1: driver = accept - address_data = ${lookup mysql{select name from them where id='ph10'}} + debug_print = acl_m_qtest: <$acl_m_qtest> lkup: <${lookup mysql{select name from them where id='$acl_m_qtest'}}> + + # this tests the unquoted case, but will need enhancement when we enforce (vs. just logging), else no transport call + address_data = ${lookup mysql{select name from them where id='$local_part'}} transport = t1 @@ -66,7 +79,7 @@ begin transports t1: driver = appendfile file = DIR/test-mail/\ - ${lookup mysql{select id from them where id='ph10'}{$value}fail} + ${lookup mysql{select id from them where id='$local_part'}{$value}fail} user = CALLER diff --git a/test/confs/2620 b/test/confs/2620 index 85d25035f..70a460e24 100644 --- a/test/confs/2620 +++ b/test/confs/2620 @@ -25,26 +25,29 @@ begin acl check_recipient: # Tainted-data checks warn - # taint only in lookup string - set acl_m0 = ok: ${lookup pgsql {select name from them where id = '$local_part'}} + # taint only in lookup string, properly quoted + set acl_m0 = ok: ${lookup pgsql {select name from them where id = '${quote_pgsql:$local_part}'}} + # taint only in lookup string, but not quoted + set acl_m0 = FAIL: ${lookup pgsql,cache=no_rd {select name from them where id = '$local_part'}} + warn # option on lookup type unaffected - set acl_m0 = ok: ${lookup pgsql,servers=SERVERS {select name from them where id = '$local_part'}} + set acl_m0 = ok: ${lookup pgsql,servers=SERVERS {select name from them where id = '${quote_pgsql:$local_part}'}} # partial server-spec, indexing main-option, works - set acl_m0 = ok: ${lookup pgsql,servers=PARTIAL {select name from them where id = '$local_part'}} + set acl_m0 = ok: ${lookup pgsql,servers=PARTIAL {select name from them where id = '${quote_pgsql:$local_part}'}} # oldstyle server spec, prepended to lookup string, fails with taint - set acl_m0 = FAIL: ${lookup pgsql {servers=SERVERS; select name from them where id = '$local_part'}} + set acl_m0 = FAIL: ${lookup pgsql {servers=SERVERS; select name from them where id = '${quote_pgsql:$local_part}'}} - # In list-stle lookup, tainted lookup string is ok if server spec comes from main-option + # In list-style lookup, tainted lookup string is ok if server spec comes from main-option warn set acl_m0 = ok: hostlist - hosts = net-pgsql;select * from them where id='$local_part' + hosts = net-pgsql;select * from them where id='${quote_pgsql:$local_part}' # ... but setting a per-query servers spec fails due to the taint warn set acl_m0 = FAIL: hostlist - hosts = <& net-pgsql;servers=SERVERS; select * from them where id='$local_part' + hosts = <& net-pgsql;servers=SERVERS; select * from them where id='${quote_pgsql:$local_part}' # The newer server-list-as-option-to-lookup-type is not a solution to tainted data in the lookup, because # string-expansion is done before list-expansion so the taint contaminates the entire list. warn set acl_m0 = FAIL: hostlist - hosts = <& net-pgsql,servers=SERVERS; select * from them where id='$local_part' + hosts = <& net-pgsql,servers=SERVERS; select * from them where id='${quote_pgsql:$local_part}' accept domains = +local_domains accept hosts = +relay_hosts diff --git a/test/log/2610 b/test/log/2610 index 38ea30eb6..380c7a32d 100644 --- a/test/log/2610 +++ b/test/log/2610 @@ -1,3 +1,5 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss +1999-03-02 09:44:33 10HmaX-0005vi-00 tainted search query is not properly quoted (router r1, TESTSUITE/test-config 66): select name from them where id='ph10' +1999-03-02 09:44:33 10HmaX-0005vi-00 tainted search query is not properly quoted (transport t1, TESTSUITE/test-config 79): select id from them where id='ph10' 1999-03-02 09:44:33 10HmaX-0005vi-00 => ph10 <ph10@myhost.test.ex> R=r1 T=t1 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed diff --git a/test/paniclog/2610 b/test/paniclog/2610 new file mode 100644 index 000000000..920e2768a --- /dev/null +++ b/test/paniclog/2610 @@ -0,0 +1 @@ +1999-03-02 09:44:33 10HmaX-0005vi-00 tainted search query is not properly quoted (router r1, TESTSUITE/test-config 66): select name from them where id='ph10' diff --git a/test/runtest b/test/runtest index 6f1bd0add..2ac6198eb 100755 --- a/test/runtest +++ b/test/runtest @@ -1297,7 +1297,7 @@ RESET_AFTER_EXTRA_LINE_READ: } # Different builds will have different lookup types included - s/^search_type \K\d+ \((\w+)\) quoting -1 \(none\)$/NN ($1) quoting -1 (none)/; + s/^\s*search_type \K\d+ \((\w+)\) quoting -1 \(none\)$/NN ($1) quoting -1 (none)/; # DISABLE_OCSP next if /in hosts_requ(est|ire)_ocsp\? (no|yes)/; diff --git a/test/scripts/2610-MySQL/2610 b/test/scripts/2610-MySQL/2610 index 3065eac44..ba4a67bb0 100644 --- a/test/scripts/2610-MySQL/2610 +++ b/test/scripts/2610-MySQL/2610 @@ -87,6 +87,8 @@ mail from:<a@b> rcpt to:<c@d> quit **** +# Check the quote-tracking of tainted data. +# Currently this will log but continue. exim -odi -d ph10 Test message . diff --git a/test/stderr/2200 b/test/stderr/2200 index 9631e9b82..b37f75f93 100644 --- a/test/stderr/2200 +++ b/test/stderr/2200 @@ -35,6 +35,7 @@ search_tidyup called internal_search_find: file="NULL" type=dnsdb key="a=shorthost.test.ex" opts=NULL database lookup required for a=shorthost.test.ex + (tainted) dnsdb key: shorthost.test.ex creating new cache entry lookup yielded: 127.0.0.1 @@ -46,6 +47,7 @@ search_tidyup called internal_search_find: file="NULL" type=dnsdb key="a=shorthost.test.ex" opts=NULL cached data found but out-of-date; database lookup required for a=shorthost.test.ex + (tainted) dnsdb key: shorthost.test.ex replacing old cache entry lookup yielded: 127.0.0.1 diff --git a/test/stderr/2201 b/test/stderr/2201 index 229de2ce0..c1c39ef28 100644 --- a/test/stderr/2201 +++ b/test/stderr/2201 @@ -34,6 +34,7 @@ LRU list: internal_search_find: file="NULL" type=dnsdb key="test.ex" opts=NULL database lookup required for test.ex + (tainted) dnsdb key: test.ex DNS lookup of test.ex (TXT) using fakens DNS lookup of test.ex (TXT) succeeded @@ -96,6 +97,7 @@ LRU list: internal_search_find: file="NULL" type=dnsdb key="unknown" opts=NULL database lookup required for unknown + (tainted) dnsdb key: unknown DNS lookup of unknown (TXT) using fakens DNS lookup of unknown (TXT) gave HOST_NOT_FOUND @@ -161,6 +163,7 @@ LRU list: internal_search_find: file="NULL" type=dnsdb key="a=shorthost.test.ex" opts=NULL database lookup required for a=shorthost.test.ex + (tainted) dnsdb key: shorthost.test.ex creating new cache entry lookup yielded: 127.0.0.1 @@ -181,6 +184,7 @@ LRU list: internal_search_find: file="NULL" type=dnsdb key="a=shorthost.test.ex" opts=NULL cached data found but out-of-date; database lookup required for a=shorthost.test.ex + (tainted) dnsdb key: shorthost.test.ex replacing old cache entry lookup yielded: 127.0.0.1 diff --git a/test/stderr/2202 b/test/stderr/2202 index ad234c6af..dd9f2ff14 100644 --- a/test/stderr/2202 +++ b/test/stderr/2202 @@ -43,6 +43,7 @@ check hosts = +ignore_unknown : *.$sender_address_domain : $sender_address_domai internal_search_find: file="NULL" type=dnsdb key=">:defer_never,mxh=cioce.test.again.dns" opts=NULL database lookup required for >:defer_never,mxh=cioce.test.again.dns + (tainted) dnsdb key: cioce.test.again.dns DNS lookup of cioce.test.again.dns (MX) using fakens DNS lookup of cioce.test.again.dns (MX) gave TRY_AGAIN diff --git a/test/stderr/2610 b/test/stderr/2610 index 731952ed9..56ae41f8e 100644 --- a/test/stderr/2610 +++ b/test/stderr/2610 @@ -266,7 +266,7 @@ log directory space = nnnnnK inodes = nnnnn check_space = 10240K inodes = 100 SMTP>> 250 OK SMTP<< rcpt to:<c@d> using ACL "check_recipient" -processing "warn" (TESTSUITE/test-config 25) +processing "warn" (TESTSUITE/test-config 26) search_open: mysql "NULL" search_find: file="NULL" key="select name from them where id = 'c'" partial=-1 affix=NULL starflags=0 opts=NULL @@ -274,27 +274,50 @@ processing "warn" (TESTSUITE/test-config 25) internal_search_find: file="NULL" type=mysql key="select name from them where id = 'c'" opts=NULL database lookup required for select name from them where id = 'c' + (tainted, quoted:mysql) MySQL query: "select name from them where id = 'c'" opts 'NULL' MYSQL new connection: host=127.0.0.1 port=1223 socket=NULL database=test user=root MYSQL: no data found creating new cache entry lookup failed -check set acl_m0 = ok: ${lookup mysql {select name from them where id = '$local_part'}} +check set acl_m0 = ok: ${lookup mysql {select name from them where id = '${quote_mysql:$local_part}'}} = ok: search_open: mysql "NULL" cached open search_find: file="NULL" + key="select name from them where id = 'c'" partial=-1 affix=NULL starflags=0 opts="no_rd" + LRU list: + internal_search_find: file="NULL" + type=mysql key="select name from them where id = 'c'" opts="no_rd" + cached data found but wrong opts; database lookup required for select name from them where id = 'c' + (tainted) +LOG: MAIN PANIC + tainted search query is not properly quoted (ACL warn, TESTSUITE/test-config 26): select name from them where id = 'c' + search_type NN (mysql) quoting -1 (none) + MySQL query: "select name from them where id = 'c'" opts 'no_rd' + MYSQL using cached connection for 127.0.0.1:1223/test/root + MYSQL: no data found + replacing old cache entry + lookup failed +check set acl_m0 = FAIL: ${lookup mysql,no_rd {select name from them where id = '$local_part'}} + = FAIL: +warn: condition test succeeded in ACL "check_recipient" +processing "warn" (TESTSUITE/test-config 31) + search_open: mysql "NULL" + cached open + search_find: file="NULL" key="select name from them where id = 'c'" partial=-1 affix=NULL starflags=0 opts="servers=127.0.0.1::1223/test/root/pass" LRU list: internal_search_find: file="NULL" type=mysql key="select name from them where id = 'c'" opts="servers=127.0.0.1::1223/test/root/pass" cached data found but wrong opts; database lookup required for select name from them where id = 'c' + (tainted, quoted:mysql) MySQL query: "select name from them where id = 'c'" opts 'servers=127.0.0.1::1223/test/root/pass' MYSQL using cached connection for 127.0.0.1:1223/test/root MYSQL: no data found replacing old cache entry lookup failed -check set acl_m0 = ok: ${lookup mysql,servers=127.0.0.1::1223/test/root/pass {select name from them where id = '$local_part'}} +check set acl_m0 = ok: ${lookup mysql,servers=127.0.0.1::1223/test/root/pass {select name from them where id = '${quote_mysql:$local_part}'}} = ok: search_open: mysql "NULL" cached open @@ -304,12 +327,13 @@ check set acl_m0 = ok: ${lookup mysql,servers=127.0.0.1::1223/test/root/pass internal_search_find: file="NULL" type=mysql key="select name from them where id = 'c'" opts="servers=127.0.0.1::1223" cached data found but wrong opts; database lookup required for select name from them where id = 'c' + (tainted, quoted:mysql) MySQL query: "select name from them where id = 'c'" opts 'servers=127.0.0.1::1223' MYSQL using cached connection for 127.0.0.1:1223/test/root MYSQL: no data found replacing old cache entry lookup failed -check set acl_m0 = ok: ${lookup mysql,servers=127.0.0.1::1223 {select name from them where id = '$local_part'}} +check set acl_m0 = ok: ${lookup mysql,servers=127.0.0.1::1223 {select name from them where id = '${quote_mysql:$local_part}'}} = ok: search_open: mysql "NULL" cached open @@ -319,14 +343,15 @@ check set acl_m0 = ok: ${lookup mysql,servers=127.0.0.1::1223 {select name internal_search_find: file="NULL" type=mysql key="servers=127.0.0.1::1223/test/root/pass; select name from them where id = 'c'" opts=NULL database lookup required for servers=127.0.0.1::1223/test/root/pass; select name from them where id = 'c' + (tainted, quoted:mysql) MySQL query: "servers=127.0.0.1::1223/test/root/pass; select name from them where id = 'c'" opts 'NULL' lookup deferred: MySQL server "127.0.0.1:1223/test/root/pass" is tainted warn: condition test deferred in ACL "check_recipient" LOG: MAIN H=(test) [10.0.0.0] Warning: ACL "warn" statement skipped: condition test deferred: MySQL server "127.0.0.1:1223/test/root/pass" is tainted -processing "warn" (TESTSUITE/test-config 36) +processing "warn" (TESTSUITE/test-config 40) check set acl_m0 = ok: hostlist -check hosts = net-mysql;select * from them where id='$local_part' +check hosts = net-mysql;select * from them where id='${quote_mysql:$local_part}' search_open: mysql "NULL" cached open search_find: file="NULL" @@ -335,6 +360,7 @@ LRU list: internal_search_find: file="NULL" type=mysql key="select * from them where id='c'" opts=NULL database lookup required for select * from them where id='c' + (tainted, quoted:mysql) MySQL query: "select * from them where id='c'" opts 'NULL' MYSQL using cached connection for 127.0.0.1:1223/test/root MYSQL: no data found @@ -342,9 +368,9 @@ creating new cache entry lookup failed host in "net-mysql;select * from them where id='c'"? no (end of list) warn: condition test failed in ACL "check_recipient" -processing "warn" (TESTSUITE/test-config 39) +processing "warn" (TESTSUITE/test-config 43) check set acl_m0 = FAIL: hostlist -check hosts = <& net-mysql;servers=127.0.0.1::1223/test/root/pass; select * from them where id='$local_part' +check hosts = <& net-mysql;servers=127.0.0.1::1223/test/root/pass; select * from them where id='${quote_mysql:$local_part}' search_open: mysql "NULL" cached open search_find: file="NULL" @@ -353,15 +379,16 @@ LRU list: internal_search_find: file="NULL" type=mysql key="servers=127.0.0.1::1223/test/root/pass; select * from them where id='c'" opts=NULL database lookup required for servers=127.0.0.1::1223/test/root/pass; select * from them where id='c' + (tainted, quoted:mysql) MySQL query: "servers=127.0.0.1::1223/test/root/pass; select * from them where id='c'" opts 'NULL' lookup deferred: MySQL server "127.0.0.1:1223/test/root/pass" is tainted host in "<& net-mysql;servers=127.0.0.1::1223/test/root/pass; select * from them where id='c'"? list match deferred for net-mysql;servers=127.0.0.1::1223/test/root/pass; select * from them where id='c' warn: condition test deferred in ACL "check_recipient" LOG: MAIN H=(test) [10.0.0.0] Warning: ACL "warn" statement skipped: condition test deferred: MySQL server "127.0.0.1:1223/test/root/pass" is tainted -processing "warn" (TESTSUITE/test-config 44) +processing "warn" (TESTSUITE/test-config 48) check set acl_m0 = FAIL: hostlist -check hosts = <& net-mysql,servers=127.0.0.1::1223/test/root/pass; select * from them where id='$local_part' +check hosts = <& net-mysql,servers=127.0.0.1::1223/test/root/pass; select * from them where id='${quote_mysql:$local_part}' search_open: mysql "NULL" cached open search_find: file="NULL" @@ -370,18 +397,19 @@ LRU list: internal_search_find: file="NULL" type=mysql key=" select * from them where id='c'" opts="servers=127.0.0.1::1223/test/root/pass" database lookup required for select * from them where id='c' + (tainted, quoted:mysql) MySQL query: " select * from them where id='c'" opts 'servers=127.0.0.1::1223/test/root/pass' lookup deferred: MySQL server "127.0.0.1:1223/test/root/pass" is tainted host in "<& net-mysql,servers=127.0.0.1::1223/test/root/pass; select * from them where id='c'"? list match deferred for net-mysql,servers=127.0.0.1::1223/test/root/pass; select * from them where id='c' warn: condition test deferred in ACL "check_recipient" LOG: MAIN H=(test) [10.0.0.0] Warning: ACL "warn" statement skipped: condition test deferred: MySQL server "127.0.0.1:1223/test/root/pass" is tainted -processing "accept" (TESTSUITE/test-config 47) +processing "accept" (TESTSUITE/test-config 51) check domains = +local_domains d in "@"? no (end of list) d in "+local_domains"? no (end of list) accept: condition test failed in ACL "check_recipient" -processing "accept" (TESTSUITE/test-config 48) +processing "accept" (TESTSUITE/test-config 54) check hosts = +relay_hosts search_open: mysql "NULL" cached open @@ -399,7 +427,7 @@ lookup failed host in "net-mysql;select * from them where id='10.0.0.0'"? no (end of list) host in "+relay_hosts"? no (end of list) accept: condition test failed in ACL "check_recipient" -processing "deny" (TESTSUITE/test-config 49) +processing "deny" (TESTSUITE/test-config 55) message: relay not permitted deny: condition test succeeded in ACL "check_recipient" end of ACL "check_recipient": DENY @@ -452,6 +480,12 @@ P Received: from CALLER by myhost.test.ex with local (Exim x.yz) id 10HmaX-0005vi-00 for ph10@myhost.test.ex; Tue, 2 Mar 1999 09:44:33 +0000 +using ACL "check_notsmtp" +processing "accept" (TESTSUITE/test-config 58) +check set acl_m_qtest = ${quote_mysql:$recipients} + = ph10@myhost.test.ex +accept: condition test succeeded in ACL "check_notsmtp" +end of ACL "check_notsmtp": ACCEPT Writing spool header file: TESTSUITE/spool//input//hdr.10HmaX-0005vi-00 DSN: **** SPOOL_OUT - address: <ph10@myhost.test.ex> errorsto: <NULL> orcpt: <NULL> dsn_flags: 0x0 Renaming spool header file: TESTSUITE/spool//input//10HmaX-0005vi-00-H @@ -501,16 +535,35 @@ ph10@myhost.test.ex: queued for routing routing ph10@myhost.test.ex --------> r1 router <-------- local_part=ph10 domain=myhost.test.ex + search_open: mysql "NULL" + search_find: file="NULL" + key="select name from them where id='ph10@myhost.test.ex'" partial=-1 affix=NULL starflags=0 opts=NULL + LRU list: + internal_search_find: file="NULL" + type=mysql key="select name from them where id='ph10@myhost.test.ex'" opts=NULL + database lookup required for select name from them where id='ph10@myhost.test.ex' + (tainted, quoted:mysql) + MySQL query: "select name from them where id='ph10@myhost.test.ex'" opts 'NULL' + MYSQL new connection: host=127.0.0.1 port=1223 socket=NULL database=test user=root + MYSQL: no data found + creating new cache entry + lookup failed +acl_m_qtest: <ph10@myhost.test.ex> lkup: <> processing address_data search_open: mysql "NULL" + cached open search_find: file="NULL" key="select name from them where id='ph10'" partial=-1 affix=NULL starflags=0 opts=NULL LRU list: internal_search_find: file="NULL" type=mysql key="select name from them where id='ph10'" opts=NULL database lookup required for select name from them where id='ph10' + (tainted) +LOG: MAIN PANIC + tainted search query is not properly quoted (router r1, TESTSUITE/test-config 66): select name from them where id='ph10' + search_type NN (mysql) quoting -1 (none) MySQL query: "select name from them where id='ph10'" opts 'NULL' - MYSQL new connection: host=127.0.0.1 port=1223 socket=NULL database=test user=root + MYSQL using cached connection for 127.0.0.1:1223/test/root creating new cache entry lookup yielded: Philip Hazel calling r1 router @@ -554,6 +607,10 @@ appendfile transport entered internal_search_find: file="NULL" type=mysql key="select id from them where id='ph10'" opts=NULL database lookup required for select id from them where id='ph10' + (tainted) +LOG: MAIN + tainted search query is not properly quoted (transport t1, TESTSUITE/test-config 79): select id from them where id='ph10' + search_type NN (mysql) quoting -1 (none) MySQL query: "select id from them where id='ph10'" opts 'NULL' MYSQL new connection: host=127.0.0.1 port=1223 socket=NULL database=test user=root creating new cache entry diff --git a/test/stderr/2620 b/test/stderr/2620 index 991e61efa..dd3fa8844 100644 --- a/test/stderr/2620 +++ b/test/stderr/2620 @@ -260,27 +260,50 @@ processing "warn" (TESTSUITE/test-config 27) internal_search_find: file="NULL" type=pgsql key="select name from them where id = 'c'" opts=NULL database lookup required for select name from them where id = 'c' + (tainted, quoted:pgsql) PostgreSQL query: "select name from them where id = 'c'" opts 'NULL' PGSQL new connection: host=localhost port=1223 database=test user=CALLER PGSQL: no data found creating new cache entry lookup failed -check set acl_m0 = ok: ${lookup pgsql {select name from them where id = '$local_part'}} +check set acl_m0 = ok: ${lookup pgsql {select name from them where id = '${quote_pgsql:$local_part}'}} = ok: search_open: pgsql "NULL" cached open search_find: file="NULL" + key="select name from them where id = 'c'" partial=-1 affix=NULL starflags=0 opts="cache=no_rd" + LRU list: + internal_search_find: file="NULL" + type=pgsql key="select name from them where id = 'c'" opts=NULL + cached data found but no_rd option set; database lookup required for select name from them where id = 'c' + (tainted) +LOG: MAIN PANIC + tainted search query is not properly quoted (ACL warn, TESTSUITE/test-config 27): select name from them where id = 'c' + search_type NN (pgsql) quoting -1 (none) + PostgreSQL query: "select name from them where id = 'c'" opts 'NULL' + PGSQL using cached connection for localhost:1223/test/CALLER + PGSQL: no data found + replacing old cache entry + lookup failed +check set acl_m0 = FAIL: ${lookup pgsql,cache=no_rd {select name from them where id = '$local_part'}} + = FAIL: +warn: condition test succeeded in ACL "check_recipient" +processing "warn" (TESTSUITE/test-config 32) + search_open: pgsql "NULL" + cached open + search_find: file="NULL" key="select name from them where id = 'c'" partial=-1 affix=NULL starflags=0 opts="servers=localhost::1223/test/CALLER/" LRU list: internal_search_find: file="NULL" type=pgsql key="select name from them where id = 'c'" opts="servers=localhost::1223/test/CALLER/" cached data found but wrong opts; database lookup required for select name from them where id = 'c' + (tainted, quoted:pgsql) PostgreSQL query: "select name from them where id = 'c'" opts 'servers=localhost::1223/test/CALLER/' PGSQL using cached connection for localhost:1223/test/CALLER PGSQL: no data found replacing old cache entry lookup failed -check set acl_m0 = ok: ${lookup pgsql,servers=localhost::1223/test/CALLER/ {select name from them where id = '$local_part'}} +check set acl_m0 = ok: ${lookup pgsql,servers=localhost::1223/test/CALLER/ {select name from them where id = '${quote_pgsql:$local_part}'}} = ok: search_open: pgsql "NULL" cached open @@ -290,12 +313,13 @@ check set acl_m0 = ok: ${lookup pgsql,servers=localhost::1223/test/CALLER/ internal_search_find: file="NULL" type=pgsql key="select name from them where id = 'c'" opts="servers=localhost::1223" cached data found but wrong opts; database lookup required for select name from them where id = 'c' + (tainted, quoted:pgsql) PostgreSQL query: "select name from them where id = 'c'" opts 'servers=localhost::1223' PGSQL using cached connection for localhost:1223/test/CALLER PGSQL: no data found replacing old cache entry lookup failed -check set acl_m0 = ok: ${lookup pgsql,servers=localhost::1223 {select name from them where id = '$local_part'}} +check set acl_m0 = ok: ${lookup pgsql,servers=localhost::1223 {select name from them where id = '${quote_pgsql:$local_part}'}} = ok: search_open: pgsql "NULL" cached open @@ -305,14 +329,15 @@ check set acl_m0 = ok: ${lookup pgsql,servers=localhost::1223 {select name internal_search_find: file="NULL" type=pgsql key="servers=localhost::1223/test/CALLER/; select name from them where id = 'c'" opts=NULL database lookup required for servers=localhost::1223/test/CALLER/; select name from them where id = 'c' + (tainted, quoted:pgsql) PostgreSQL query: "servers=localhost::1223/test/CALLER/; select name from them where id = 'c'" opts 'NULL' lookup deferred: PostgreSQL server "localhost:1223/test/CALLER/" is tainted warn: condition test deferred in ACL "check_recipient" LOG: MAIN H=(test) [10.0.0.0] Warning: ACL "warn" statement skipped: condition test deferred: PostgreSQL server "localhost:1223/test/CALLER/" is tainted -processing "warn" (TESTSUITE/test-config 38) +processing "warn" (TESTSUITE/test-config 41) check set acl_m0 = ok: hostlist -check hosts = net-pgsql;select * from them where id='$local_part' +check hosts = net-pgsql;select * from them where id='${quote_pgsql:$local_part}' search_open: pgsql "NULL" cached open search_find: file="NULL" @@ -321,6 +346,7 @@ LRU list: internal_search_find: file="NULL" type=pgsql key="select * from them where id='c'" opts=NULL database lookup required for select * from them where id='c' + (tainted, quoted:pgsql) PostgreSQL query: "select * from them where id='c'" opts 'NULL' PGSQL using cached connection for localhost:1223/test/CALLER PGSQL: no data found @@ -328,9 +354,9 @@ creating new cache entry lookup failed host in "net-pgsql;select * from them where id='c'"? no (end of list) warn: condition test failed in ACL "check_recipient" -processing "warn" (TESTSUITE/test-config 41) +processing "warn" (TESTSUITE/test-config 44) check set acl_m0 = FAIL: hostlist -check hosts = <& net-pgsql;servers=localhost::1223/test/CALLER/; select * from them where id='$local_part' +check hosts = <& net-pgsql;servers=localhost::1223/test/CALLER/; select * from them where id='${quote_pgsql:$local_part}' search_open: pgsql "NULL" cached open search_find: file="NULL" @@ -339,15 +365,16 @@ LRU list: internal_search_find: file="NULL" type=pgsql key="servers=localhost::1223/test/CALLER/; select * from them where id='c'" opts=NULL database lookup required for servers=localhost::1223/test/CALLER/; select * from them where id='c' + (tainted, quoted:pgsql) PostgreSQL query: "servers=localhost::1223/test/CALLER/; select * from them where id='c'" opts 'NULL' lookup deferred: PostgreSQL server "localhost:1223/test/CALLER/" is tainted host in "<& net-pgsql;servers=localhost::1223/test/CALLER/; select * from them where id='c'"? list match deferred for net-pgsql;servers=localhost::1223/test/CALLER/; select * from them where id='c' warn: condition test deferred in ACL "check_recipient" LOG: MAIN H=(test) [10.0.0.0] Warning: ACL "warn" statement skipped: condition test deferred: PostgreSQL server "localhost:1223/test/CALLER/" is tainted -processing "warn" (TESTSUITE/test-config 46) +processing "warn" (TESTSUITE/test-config 49) check set acl_m0 = FAIL: hostlist -check hosts = <& net-pgsql,servers=localhost::1223/test/CALLER/; select * from them where id='$local_part' +check hosts = <& net-pgsql,servers=localhost::1223/test/CALLER/; select * from them where id='${quote_pgsql:$local_part}' search_open: pgsql "NULL" cached open search_find: file="NULL" @@ -356,18 +383,19 @@ LRU list: internal_search_find: file="NULL" type=pgsql key=" select * from them where id='c'" opts="servers=localhost::1223/test/CALLER/" database lookup required for select * from them where id='c' + (tainted, quoted:pgsql) PostgreSQL query: " select * from them where id='c'" opts 'servers=localhost::1223/test/CALLER/' lookup deferred: PostgreSQL server "localhost:1223/test/CALLER/" is tainted host in "<& net-pgsql,servers=localhost::1223/test/CALLER/; select * from them where id='c'"? list match deferred for net-pgsql,servers=localhost::1223/test/CALLER/; select * from them where id='c' warn: condition test deferred in ACL "check_recipient" LOG: MAIN H=(test) [10.0.0.0] Warning: ACL "warn" statement skipped: condition test deferred: PostgreSQL server "localhost:1223/test/CALLER/" is tainted -processing "accept" (TESTSUITE/test-config 49) +processing "accept" (TESTSUITE/test-config 52) check domains = +local_domains d in "@"? no (end of list) d in "+local_domains"? no (end of list) accept: condition test failed in ACL "check_recipient" -processing "accept" (TESTSUITE/test-config 50) +processing "accept" (TESTSUITE/test-config 53) check hosts = +relay_hosts search_open: pgsql "NULL" cached open @@ -385,7 +413,7 @@ lookup failed host in "net-pgsql;select * from them where id='10.0.0.0'"? no (end of list) host in "+relay_hosts"? no (end of list) accept: condition test failed in ACL "check_recipient" -processing "deny" (TESTSUITE/test-config 51) +processing "deny" (TESTSUITE/test-config 54) message: relay not permitted deny: condition test succeeded in ACL "check_recipient" end of ACL "check_recipient": DENY @@ -403,27 +431,50 @@ processing "warn" (TESTSUITE/test-config 27) internal_search_find: file="NULL" type=pgsql key="select name from them where id = 'c'" opts=NULL cached data found but wrong opts; database lookup required for select name from them where id = 'c' + (tainted, quoted:pgsql) PostgreSQL query: "select name from them where id = 'c'" opts 'NULL' PGSQL using cached connection for localhost:1223/test/CALLER PGSQL: no data found replacing old cache entry lookup failed -check set acl_m0 = ok: ${lookup pgsql {select name from them where id = '$local_part'}} +check set acl_m0 = ok: ${lookup pgsql {select name from them where id = '${quote_pgsql:$local_part}'}} = ok: search_open: pgsql "NULL" cached open search_find: file="NULL" + key="select name from them where id = 'c'" partial=-1 affix=NULL starflags=0 opts="cache=no_rd" + LRU list: + internal_search_find: file="NULL" + type=pgsql key="select name from them where id = 'c'" opts=NULL + cached data found but no_rd option set; database lookup required for select name from them where id = 'c' + (tainted) +LOG: MAIN PANIC + tainted search query is not properly quoted (ACL warn, TESTSUITE/test-config 27): select name from them where id = 'c' + search_type NN (pgsql) quoting -1 (none) + PostgreSQL query: "select name from them where id = 'c'" opts 'NULL' + PGSQL using cached connection for localhost:1223/test/CALLER + PGSQL: no data found + replacing old cache entry + lookup failed +check set acl_m0 = FAIL: ${lookup pgsql,cache=no_rd {select name from them where id = '$local_part'}} + = FAIL: +warn: condition test succeeded in ACL "check_recipient" +processing "warn" (TESTSUITE/test-config 32) + search_open: pgsql "NULL" + cached open + search_find: file="NULL" key="select name from them where id = 'c'" partial=-1 affix=NULL starflags=0 opts="servers=localhost::1223/test/CALLER/" LRU list: internal_search_find: file="NULL" type=pgsql key="select name from them where id = 'c'" opts="servers=localhost::1223/test/CALLER/" cached data found but wrong opts; database lookup required for select name from them where id = 'c' + (tainted, quoted:pgsql) PostgreSQL query: "select name from them where id = 'c'" opts 'servers=localhost::1223/test/CALLER/' PGSQL using cached connection for localhost:1223/test/CALLER PGSQL: no data found replacing old cache entry lookup failed -check set acl_m0 = ok: ${lookup pgsql,servers=localhost::1223/test/CALLER/ {select name from them where id = '$local_part'}} +check set acl_m0 = ok: ${lookup pgsql,servers=localhost::1223/test/CALLER/ {select name from them where id = '${quote_pgsql:$local_part}'}} = ok: search_open: pgsql "NULL" cached open @@ -433,12 +484,13 @@ check set acl_m0 = ok: ${lookup pgsql,servers=localhost::1223/test/CALLER/ internal_search_find: file="NULL" type=pgsql key="select name from them where id = 'c'" opts="servers=localhost::1223" cached data found but wrong opts; database lookup required for select name from them where id = 'c' + (tainted, quoted:pgsql) PostgreSQL query: "select name from them where id = 'c'" opts 'servers=localhost::1223' PGSQL using cached connection for localhost:1223/test/CALLER PGSQL: no data found replacing old cache entry lookup failed -check set acl_m0 = ok: ${lookup pgsql,servers=localhost::1223 {select name from them where id = '$local_part'}} +check set acl_m0 = ok: ${lookup pgsql,servers=localhost::1223 {select name from them where id = '${quote_pgsql:$local_part}'}} = ok: search_open: pgsql "NULL" cached open @@ -448,14 +500,15 @@ check set acl_m0 = ok: ${lookup pgsql,servers=localhost::1223 {select name internal_search_find: file="NULL" type=pgsql key="servers=localhost::1223/test/CALLER/; select name from them where id = 'c'" opts=NULL database lookup required for servers=localhost::1223/test/CALLER/; select name from them where id = 'c' + (tainted, quoted:pgsql) PostgreSQL query: "servers=localhost::1223/test/CALLER/; select name from them where id = 'c'" opts 'NULL' lookup deferred: PostgreSQL server "localhost:1223/test/CALLER/" is tainted warn: condition test deferred in ACL "check_recipient" LOG: MAIN H=(test) [10.0.0.0] Warning: ACL "warn" statement skipped: condition test deferred: PostgreSQL server "localhost:1223/test/CALLER/" is tainted -processing "warn" (TESTSUITE/test-config 38) +processing "warn" (TESTSUITE/test-config 41) check set acl_m0 = ok: hostlist -check hosts = net-pgsql;select * from them where id='$local_part' +check hosts = net-pgsql;select * from them where id='${quote_pgsql:$local_part}' search_open: pgsql "NULL" cached open search_find: file="NULL" @@ -467,9 +520,9 @@ cached data used for lookup of select * from them where id='c' lookup failed host in "net-pgsql;select * from them where id='c'"? no (end of list) warn: condition test failed in ACL "check_recipient" -processing "warn" (TESTSUITE/test-config 41) +processing "warn" (TESTSUITE/test-config 44) check set acl_m0 = FAIL: hostlist -check hosts = <& net-pgsql;servers=localhost::1223/test/CALLER/; select * from them where id='$local_part' +check hosts = <& net-pgsql;servers=localhost::1223/test/CALLER/; select * from them where id='${quote_pgsql:$local_part}' search_open: pgsql "NULL" cached open search_find: file="NULL" @@ -478,15 +531,16 @@ LRU list: internal_search_find: file="NULL" type=pgsql key="servers=localhost::1223/test/CALLER/; select * from them where id='c'" opts=NULL database lookup required for servers=localhost::1223/test/CALLER/; select * from them where id='c' + (tainted, quoted:pgsql) PostgreSQL query: "servers=localhost::1223/test/CALLER/; select * from them where id='c'" opts 'NULL' lookup deferred: PostgreSQL server "localhost:1223/test/CALLER/" is tainted host in "<& net-pgsql;servers=localhost::1223/test/CALLER/; select * from them where id='c'"? list match deferred for net-pgsql;servers=localhost::1223/test/CALLER/; select * from them where id='c' warn: condition test deferred in ACL "check_recipient" LOG: MAIN H=(test) [10.0.0.0] Warning: ACL "warn" statement skipped: condition test deferred: PostgreSQL server "localhost:1223/test/CALLER/" is tainted -processing "warn" (TESTSUITE/test-config 46) +processing "warn" (TESTSUITE/test-config 49) check set acl_m0 = FAIL: hostlist -check hosts = <& net-pgsql,servers=localhost::1223/test/CALLER/; select * from them where id='$local_part' +check hosts = <& net-pgsql,servers=localhost::1223/test/CALLER/; select * from them where id='${quote_pgsql:$local_part}' search_open: pgsql "NULL" cached open search_find: file="NULL" @@ -495,18 +549,19 @@ LRU list: internal_search_find: file="NULL" type=pgsql key=" select * from them where id='c'" opts="servers=localhost::1223/test/CALLER/" database lookup required for select * from them where id='c' + (tainted, quoted:pgsql) PostgreSQL query: " select * from them where id='c'" opts 'servers=localhost::1223/test/CALLER/' lookup deferred: PostgreSQL server "localhost:1223/test/CALLER/" is tainted host in "<& net-pgsql,servers=localhost::1223/test/CALLER/; select * from them where id='c'"? list match deferred for net-pgsql,servers=localhost::1223/test/CALLER/; select * from them where id='c' warn: condition test deferred in ACL "check_recipient" LOG: MAIN H=(test) [10.0.0.0] Warning: ACL "warn" statement skipped: condition test deferred: PostgreSQL server "localhost:1223/test/CALLER/" is tainted -processing "accept" (TESTSUITE/test-config 49) +processing "accept" (TESTSUITE/test-config 52) check domains = +local_domains d in "@"? no (end of list) d in "+local_domains"? no (end of list) accept: condition test failed in ACL "check_recipient" -processing "accept" (TESTSUITE/test-config 50) +processing "accept" (TESTSUITE/test-config 53) check hosts = +relay_hosts search_open: pgsql "NULL" cached open @@ -520,7 +575,7 @@ lookup failed host in "net-pgsql;select * from them where id='10.0.0.0'"? no (end of list) host in "+relay_hosts"? no (end of list) accept: condition test failed in ACL "check_recipient" -processing "deny" (TESTSUITE/test-config 51) +processing "deny" (TESTSUITE/test-config 54) message: relay not permitted deny: condition test succeeded in ACL "check_recipient" end of ACL "check_recipient": DENY |