From: Jeremy Harris Date: Sat, 13 Jan 2024 15:24:12 +0000 (+0000) Subject: Lookups: log warning for deprecated syntax. Bug 3068 X-Git-Url: https://git.exim.org/exim.git/commitdiff_plain/06b43f1b7f7319445d4a71b9a60e3f2f144cf7a2 Lookups: log warning for deprecated syntax. Bug 3068 --- diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index 57b242a4e..79bdb24e5 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -8156,13 +8156,20 @@ option, you can still update it by a query of this form: ${lookup pgsql,servers=master/db/name/pw {UPDATE ...} } .endd -An older syntax places the servers specification before the query, +.new +A now-deprecated syntax places the servers specification before the query, semicolon separated: .code ${lookup mysql{servers=master; UPDATE ...} } .endd -The new version avoids potential issues with tainted -arguments in the query, for explicit expansion. +The new version avoids issues with tainted +arguments explicitly expanded as part of the query. +The entire string within the braces becomes tainted, +including the server sepcification - which is not permissible. +If the older sytax is used, a warning message will be logged. +This syntax will be removed in a future release. +.wen + &*Note*&: server specifications in list-style lookups are still problematic. @@ -8339,6 +8346,9 @@ type of match and is given below as the &*value*& information. .section "Expansion of lists" "SECTlistexpand" .cindex "expansion" "of lists" Each list is expanded as a single string before it is used. +.cindex "tainted data" tracking +&*Note*&: As a result, if any componend was tainted then the +entire result string becomes tainted. &'Exception: the router headers_remove option, where list-item splitting is done before string-expansion.'& @@ -9534,6 +9544,9 @@ start of a portion of the string that is interpreted and replaced as described below in section &<>& onwards. Backslash is used as an escape character, as described in the following section. +.cindex "tainted data" tracking +If any porttion of the result string is tainted, the entire result is. + Whether a string is expanded depends upon the context. Usually this is solely dependent upon the option for which a value is sought; in this documentation, options for which string expansion is performed are marked with † after diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 6a0207f2a..40e8a9e7e 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -83,6 +83,9 @@ JH/17 Bug 3064: Fix combination of "-q -R ". Introduction of the multiple-queue-runners facility for 4.97 broking this, giving only a one-time run of the queue. +JH/18 Bug 3068: Log a warning for use of deprecated syntax in query-style + lookups. + Exim version 4.97 ----------------- diff --git a/src/src/lookups/lf_sqlperform.c b/src/src/lookups/lf_sqlperform.c index ecb0a3221..d5bb8d297 100644 --- a/src/src/lookups/lf_sqlperform.c +++ b/src/src/lookups/lf_sqlperform.c @@ -2,7 +2,7 @@ * Exim - an Internet mail transport agent * *************************************************/ -/* Copyright (c) The Exim Maintainers 2020 - 2022 */ +/* Copyright (c) The Exim Maintainers 2020 - 2024 */ /* Copyright (c) University of Cambridge 1995 - 2018 */ /* See the file NOTICE for conditions of use and distribution. */ /* SPDX-License-Identifier: GPL-2.0-or-later */ @@ -56,6 +56,8 @@ if (Ustrncmp(query, "servers", 7) == 0) const uschar *qserverlist; uschar *qserver; + log_write(0, LOG_MAIN|LOG_CONFIG_IN, "WARNING: obslete syntax used for lookup\n"); + s = query + 7; skip_whitespace(&s); if (*s++ != '=') diff --git a/test/stderr/2610 b/test/stderr/2610 index 6fedeb321..667d8bba9 100644 --- a/test/stderr/2610 +++ b/test/stderr/2610 @@ -135,6 +135,10 @@ dropping to exim gid; retaining priv uid type=mysql key="servers=x:127.0.0.1::PORT_N; select name from them where id='ph10';" opts=NULL database lookup required for servers=x:127.0.0.1::PORT_N; select name from them where id='ph10'; MySQL query: "servers=x:127.0.0.1::PORT_N; select name from them where id='ph10';" opts 'NULL' +LOG: MAIN + Exim configuration error in line 87 of TESTSUITE/test-config: + WARNING: obslete syntax used for lookup + lookup deferred: MySQL server "x" not found in mysql_servers search_open: mysql "NULL" cached open @@ -145,6 +149,10 @@ dropping to exim gid; retaining priv uid type=mysql key="servers=127.0.0.1::PORT_N:x; select name from them where id='ph10';" opts=NULL database lookup required for servers=127.0.0.1::PORT_N:x; select name from them where id='ph10'; MySQL query: "servers=127.0.0.1::PORT_N:x; select name from them where id='ph10';" opts 'NULL' +LOG: MAIN + Exim configuration error in line 87 of TESTSUITE/test-config: + WARNING: obslete syntax used for lookup + MYSQL using cached connection for 127.0.0.1:PORT_N/test/root creating new cache entry lookup yielded: Philip Hazel @@ -157,6 +165,10 @@ dropping to exim gid; retaining priv uid type=mysql key="servers=127.0.0.1::PORT_N/test/root/:x; select name from them where id='ph10';" opts=NULL database lookup required for servers=127.0.0.1::PORT_N/test/root/:x; select name from them where id='ph10'; MySQL query: "servers=127.0.0.1::PORT_N/test/root/:x; select name from them where id='ph10';" opts 'NULL' +LOG: MAIN + Exim configuration error in line 87 of TESTSUITE/test-config: + WARNING: obslete syntax used for lookup + MYSQL using cached connection for 127.0.0.1:PORT_N/test/root creating new cache entry lookup yielded: Philip Hazel @@ -169,6 +181,10 @@ dropping to exim gid; retaining priv uid type=mysql key="servers=ip4.ip4.ip4.ip4::1223/test/root/:127.0.0.1::PORT_N; select name from them where id='ph10';" opts=NULL database lookup required for servers=ip4.ip4.ip4.ip4::1223/test/root/:127.0.0.1::PORT_N; select name from them where id='ph10'; MySQL query: "servers=ip4.ip4.ip4.ip4::1223/test/root/:127.0.0.1::PORT_N; select name from them where id='ph10';" opts 'NULL' +LOG: MAIN + Exim configuration error in line 87 of TESTSUITE/test-config: + WARNING: obslete syntax used for lookup + MYSQL new connection: host=ip4.ip4.ip4.ip4 port=PORT_N socket=NULL database=test user=root creating new cache entry lookup yielded: Philip Hazel @@ -181,6 +197,10 @@ dropping to exim gid; retaining priv uid type=mysql key="servers=localhost(TESTSUITE/mysql/sock)/test/root/pass; select name from them where id='ph10';" opts=NULL database lookup required for servers=localhost(TESTSUITE/mysql/sock)/test/root/pass; select name from them where id='ph10'; MySQL query: "servers=localhost(TESTSUITE/mysql/sock)/test/root/pass; select name from them where id='ph10';" opts 'NULL' +LOG: MAIN + Exim configuration error in line 87 of TESTSUITE/test-config: + WARNING: obslete syntax used for lookup + MYSQL new connection: host=localhost port=0 socket=TESTSUITE/mysql/sock database=test user=root creating new cache entry lookup yielded: Philip Hazel @@ -348,6 +368,10 @@ check set acl_m0 = ok: ${lookup mysql,servers=127.0.0.1::PORT_N {select nam database lookup required for servers=127.0.0.1::PORT_N/test/root/pass; select name from them where id = 'c' (tainted, quoted:mysql) MySQL query: "servers=127.0.0.1::PORT_N/test/root/pass; select name from them where id = 'c'" opts 'NULL' +LOG: MAIN + Exim configuration error in line 87 of TESTSUITE/test-config: + WARNING: obslete syntax used for lookup + lookup deferred: MySQL server "127.0.0.1:PORT_N/test/root/pass" is tainted warn: condition test deferred in ACL "check_recipient" LOG: MAIN @@ -388,6 +412,10 @@ host in "<& net-mysql;servers=127.0.0.1::PORT_N/test/root/pass; select * from th database lookup required for servers=127.0.0.1::PORT_N/test/root/pass; select * from them where id='c' (tainted, quoted:mysql) MySQL query: "servers=127.0.0.1::PORT_N/test/root/pass; select * from them where id='c'" opts 'NULL' +LOG: MAIN + Exim configuration error in line 87 of TESTSUITE/test-config: + WARNING: obslete syntax used for lookup + lookup deferred: MySQL server "127.0.0.1:PORT_N/test/root/pass" is tainted host in "<& net-mysql;servers=127.0.0.1::PORT_N/test/root/pass; select * from them where id='c'"? list match deferred for net-mysql;servers=127.0.0.1::1223/test/root/pass; select * from them where id='c' warn: condition test deferred in ACL "check_recipient"