PR#14: Fix "tainted search query is not properly quoted" for greylist - rpms/exim

rpms / exim

#14 Fix "tainted search query is not properly quoted" for greylist

Merged 2 years ago by jskarvad. Opened 2 years ago by maha.

rpms/ maha/exim fix-greylisting into rawhide

Fix "tainted search query is not properly quoted" for greylist

mh • 2 years ago

1ca217e

exim-greylist.conf.inc

file modified

+1 -1

		`@@ -115,7 +115,7 @@`
		`# to change it.`
		`warn condition = ${if eq {$acl_m_greyexpiry}{} {1}}`
		`set acl_m_dontcare = ${lookup sqlite {INSERT INTO greylist \`
		`- VALUES ( '$acl_m_greyident', \`
		`+ VALUES ( '${quote_sqlite:$acl_m_greyident}', \`
		`'${eval10:$tod_epoch+300}', \`
		`'$sender_host_address', \`
		`'${quote_sqlite:$sender_helo_name}' );}}`

exim.spec

file modified

+4 -1

		`@@ -12,7 +12,7 @@`
		`Summary: The exim mail transfer agent`
		`Name: exim`
		`Version: 4.96`
		`- Release: 2%{?dist}`
		`+ Release: 3%{?dist}`
		`License: GPLv2+`
		`Url: https://www.exim.org/`

		`@@ -497,6 +497,9 @@`
		`%{_sysconfdir}/cron.daily/greylist-tidy.sh`

		`%changelog`
		`+ * Mon Sep 12 2022 Marcel Härry <mh+fedora@scrit.ch> - 4.96-3`
		`+ - Fix "tainted search query is not properly quoted" for greylisting`
		`+`
		`* Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 4.96-2`
		`- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild`

maha commented 2 years ago

$acl_m_greyident is everywhere quoted except in this query, this
leads to:

"tainted search query is not properly quoted (ACL warn, /etc/exim/exim-greylist.conf.inc 116): INSERT INTO greylist VALUES ( 'aWk1MYyRXIAtJujRTMJD', '1662972200', '1.2.3.4', 'mail.example.net' );"

Adding the quote fixes the error message