Don't reveal SQL expansion failure details in SMTP.

author Phil Pennock <pdp@exim.org>

Sun, 13 Feb 2011 05:19:26 +0000 (00:19 -0500)

committer Phil Pennock <pdp@exim.org>

Sun, 13 Feb 2011 05:19:26 +0000 (00:19 -0500)
author Phil Pennock <pdp@exim.org>
Sun, 13 Feb 2011 05:19:26 +0000 (00:19 -0500)
committer Phil Pennock <pdp@exim.org>
Sun, 13 Feb 2011 05:19:26 +0000 (00:19 -0500)
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog

index 7aeba3d3c7a08ea6313c704ce86fa508be058349..439e80abaace8b27762b663e2e61b3da0c1dba07 100644 (file)
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -44,6 +44,10 @@ PP/05 Bugzilla 1083: when lookup expansion defers, escape the output which
  PP/06 Bugzilla 1042: implement freeze_signal on pipe transports.
        Patch from Jakob Hirsch.
  
+PP/07 Bugzilla 1061: restrict error messages sent over SMTP to not reveal
+      SQL string expansion failure details.
+      Patch from Andrey Oktyabrski.
+
  
  Exim version 4.74
  -----------------
diff --git a/src/src/deliver.c b/src/src/deliver.c

index 807f03817ca60cec756ea5cba4196cc857cc0b18..41e4a66f3b896ed3cc816f22fa4d5161c119fa66 100644 (file)
--- a/src/src/deliver.c
+++ b/src/src/deliver.c
@@ -744,17 +744,15 @@ malformed, it won't ever have gone near LDAP.) */
  if (addr->message != NULL)
    {
    addr->message = string_printing(addr->message);
-  if (Ustrstr(addr->message, "failed to expand") != NULL &&
-      (Ustrstr(addr->message, "ldap:") != NULL ||
+  if (((Ustrstr(addr->message, "failed to expand") != NULL) || (Ustrstr(addr->message, "expansion of ") != NULL)) &&
+      (Ustrstr(addr->message, "mysql") != NULL ||
+       Ustrstr(addr->message, "pgsql") != NULL ||
+       Ustrstr(addr->message, "sqlite") != NULL ||
+       Ustrstr(addr->message, "ldap:") != NULL ||
         Ustrstr(addr->message, "ldapdn:") != NULL ||
         Ustrstr(addr->message, "ldapm:") != NULL))
      {
-    uschar *p = Ustrstr(addr->message, "pass=");
-    if (p != NULL)
-      {
-      p += 5;
-      while (*p != 0 && !isspace(*p)) *p++ = 'x';
-      }
+      addr->message = string_sprintf("Temporary internal error");
      }
    }
  
diff --git a/src/src/route.c b/src/src/route.c

index 324de2ab8800c0bcb91dcce5789473cec67f28ea..346a7c6a72c5cdf5f17c1a7054d922cab49bbd32 100644 (file)
--- a/src/src/route.c
+++ b/src/src/route.c
@@ -1952,6 +1952,22 @@ if (unseen && r->next != NULL)
  /* Unset the address expansions, and return the final result. */
  
  ROUTE_EXIT:
+if (yield == DEFER) {
+  if (
+    ((Ustrstr(addr->message, "failed to expand") != NULL) || (Ustrstr(addr->message, "expansion of ") != NULL)) &&
+    (
+      Ustrstr(addr->message, "mysql") != NULL ||
+      Ustrstr(addr->message, "pgsql") != NULL ||
+      Ustrstr(addr->message, "sqlite") != NULL ||
+      Ustrstr(addr->message, "ldap:") != NULL ||
+      Ustrstr(addr->message, "ldapdn:") != NULL ||
+      Ustrstr(addr->message, "ldapm:") != NULL
+    )
+  ) {
+    addr->message = string_sprintf("Temporary internal error");
+  }
+}
+
  deliver_set_expansions(NULL);
  disable_logging = FALSE;
  return yield;
author	Phil Pennock <pdp@exim.org>
	Sun, 13 Feb 2011 05:19:26 +0000 (00:19 -0500)
committer	Phil Pennock <pdp@exim.org>
	Sun, 13 Feb 2011 05:19:26 +0000 (00:19 -0500)
doc/doc-txt/ChangeLog		patch \| blob \| history
src/src/deliver.c		patch \| blob \| history
src/src/route.c		patch \| blob \| history