On 29/01/2021 13:27, Adam via Exim-users wrote:
On 2021-01-29 11:25, Jeremy Harris via Exim-users wrote:
On 28/01/2021 03:20, Adam via Exim-users wrote:
There's an issue here with $local_part. Isn't it detainted by the use of
local_parts to only run this if $local_part was found in the file?
No. The "lookup" (in a general sense including, relevant here, a
search in a list
that happens be one element that indirects to a file) done by the "localparts="
option sets a variable called "local_part_data" with an untainted value.
The variable "local_part" is unchanged, carrying tainted data.
$local_part_data is blank.
You've found a bug. The list-lookup-result doesn't work right when a file
is used like this. I'm working on it; it seem that an ancient compare
routine is being called with swapped args, which wouldn't have mattered
were it only returning match/not - but these days it's returning the
match string also. Fix shouldn't take long.
--
Cheers,
Jeremy
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
