On 22/12/2021 13:48, Michael Haardt via Exim-users wrote:
LOCALDOM = /etc/exim4/localdomains domainlist d1 = @:localhost:LOCALDOM domainlist d2 = ldap;ldap::///ou=mail,dc=do,dc=main?mailDomain?sub?mailDomain=$domain domainlist local_domains = +d1 : +d2
Why would that not be tainted? The $domain string "*" would still be good for a surprise, so taint checking is really needed here, as is quoting.
Unsure which "that" you mean. Yes, $domain will be tainted. Using it as part of the conditions in a lookup is still permitted; the taint-tracking is not intended to stop that (because it is in general a useful facility). But *that* domainlist, d2, does not also have a file as a list-element - so the string-expansion of the definition string (which becomes tainted) does not affect one. The hope is that the string-expansion phases for the sub-lists making up local_domains are done lazily. I could go look at the coding, but I'm also lazy. Yes, for the ldap lookup here, quoting should be done. -- Cheers, Jeremy -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
