On Tue, May 17, 2011 at 4:26 PM, Murray S. Kucherawy
<msk(_at_)cloudmark(_dot_)com> wrote:
There was some other macro expansion mechanism in there that was unchecked.
It wasn't a typical printf-style expansion but it did cause file accesses
and the like, meaning user-provided data could cause unauthorized file system
operations. Scary.
I originally assembled that particular acl segment when built-in DKIM
support was added to exim and posted that acl segment to the exim ML.
I mistakenly used the wrong function to do this check. This function
takes two arguments. It expands the second argument (to create a
list) and then compares the first argument to see if it is in the
list. Instead it should have been doing a simple check to see if
value1 was equal to value2, with no expansion being called. The
filename expansion is part of the function that I originally used. So
basically, if I don't need to compare something against the contents
of a text file, use the correct function :-/
--
Regards... Todd
"It is the nature of the human species to reject what is true but
unpleasant and to embrace what is obviously false but comforting."
"You might be a skeptic if you have pedantically argued the topic of pedantry."
_______________________________________________
dkim-ops mailing list
dkim-ops(_at_)mipassoc(_dot_)org
http://mipassoc.org/mailman/listinfo/dkim-ops