On 01/05/2022 11:19, Jeremy Harris via Exim-users wrote:
If that subject string for the hash operator was less than 33 chars long, the operator returns it unchanged. If an attacker slipped some SQL syntax in there, your lookup would not do what you expected.
The hash did not do what I expect. $ echo 1 | md5sum b026324c6904b2a9cb4b88d6d61c81d1 -
So it was already broken, lacking a quoting operation, and 4.96 discovered this for you.
Indeed, most grateful and I changed my config without complaint. All I was doing was answering the question "Do we have *new* taintchecks..."
-- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
