修复 EXIM 中的受污染语句

修复 EXIM 中的受污染语句

我正在尝试理解并修复 exim 中的至少一个受污染的语句,但我不明白应该如何引用它。

我认为引起悲伤的那句话是:

domainlist local_domains = @:domain1.org:domain2.org:domain2.org:\
         pgsql;select domain from virtdomains where domain='$domain'

运行时提供的输出如下。exim -C /etc/exim/exim.conf -d+all -bv [email protected]

我确信这很简单,但我没有设置它,但现在尝试学习维护它,这阻止了我升级。

...
11:06:52 33945 routing [email protected]
11:06:52 33945 --------> dnslookup router <--------
11:06:52 33945 local_part=test domain=test.com
11:06:52 33945 checking domains
11:06:52 33945  ╭considering: @:domain1.org:domain2.org:domain3.org:pgsql;select domain from virtdomains where domain='$domain'
11:06:52 33945  ├───────text: @:domain1.org:domain2.org:domain3.org:pgsql;select domain from virtdomains where domain='
11:06:52 33945  ├considering: $domain'
11:06:52 33945  ├considering: '
11:06:52 33945  ├───────text: '
11:06:52 33945  ├──expanding: @:domain1.org:domain2.org:domain3.org:pgsql;select domain from virtdomains where domain='$domain'
11:06:52 33945  ╰─────result: @:domain1.org:domain2.org:domain3.org:pgsql;select domain from virtdomains where domain='test.com'
11:06:52 33945             ╰──(tainted)
11:06:52 33945 search_open: pgsql "NULL"
11:06:52 33945 search_find: file="NULL"
11:06:52 33945   key="select domain from virtdomains where domain='test.com'" partial=-1 affix=NULL starflags=0 opts=NULL
11:06:52 33945 LRU list:
11:06:52 33945 internal_search_find: file="NULL"
11:06:52 33945   type=pgsql key="select domain from virtdomains where domain='test.com'" opts=NULL
11:06:52 33945 database lookup required for select domain from virtdomains where domain='test.com'
11:06:52 33945                              (tainted)
11:06:52 33945 LOG: MAIN PANIC
11:06:52 33945   tainted search query is not properly quoted (router dnslookup, /etc/exim/exim.conf 746): select domain from virtdomains where domain='test.com'
11:06:52 33945 search_type 15 (pgsql) quoting -1 (none)
11:06:52 33945 PostgreSQL query: "select domain from virtdomains where domain='test.com'" opts 'NULL'11:06:52 33945   tainted search query is not properly quoted (router dnslookup, /etc/exim/exim.conf 746): select domain from virtdomains where domain='test.com'
11:06:52 33945 search_type 15 (pgsql) quoting -1 (none)
...

答案1

我希望四个月后你能解决这个问题,但以防万一......我现在正在使用 MySQL 查询来解决这个问题。您可以通过在 where 子句中引用“domain”参数来修复查询本身:

domainlist local_domains = @:domain1.org:domain2.org:domain2.org:\
         pgsql;select domain from virtdomains where domain='${quote_pgsql:$domain}'

我遇到的问题是结果本身被认为是有问题的:P

相关内容