On Mon, 13 Jan 2020, Evgeniy Berdnikov via Exim-users wrote:
Hello.
I have a rewrite rule for one client:
*@XXX.msk.ru
${lookup{$0}wildlsearch{/path/to/maps/XXX.msk.ru.map}{$value}{
${sg{$local_part}{_}{.}}@XXX.ru}} Fcbtrf
After upgrade to 4.93 I found that mails from XXX.msk.ru are rejected
with "421 Unexpected failure", and panic.log contains records like
2020-01-13 14:55:25.279 [115431] 1iqyJZ-000U1n-8z Taint mismatch, Ustrncpy:
rewrite_one_header 611
2020-01-13 14:58:45.412 [116160] 1iqyMn-000UDY-DI Taint mismatch, Ustrncpy:
rewrite_one_header 611
2020-01-13 15:21:26.775 [118739] 1iqyik-000Ut9-Oz Taint mismatch, Ustrncpy:
rewrite_one_header 611
It's clear that reason is the presence of $local_part on the right side.
However, there are no file operations on the right side, so I'd expect
this operation is safe and should be permitted in this context.
Is it correct or not?
If it's not a bug, how arbitrary address substitutions can be done
in similar cases? Should we use some external script?
What happens if you replace $local_part with $1, ie:
*@XXX.msk.ru
${lookup{$0}wildlsearch{/path/to/maps/XXX.msk.ru.map}{$value}{${sg{$1}{_}{.}}@XXX.ru}}
Fcbtrf
?
--
Andrew C. Aitchison Kendal, UK
[email protected]
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
