Fixing a tainted statement in EXIM

Question

I'm trying to understand and fix at least one tainted statement within exim and I don't understand how it is supposed to be quoted.

The line I believe is causing the grief is:

domainlist local_domains = @:domain1.org:domain2.org:domain2.org:\
         pgsql;select domain from virtdomains where domain='$domain'

The output it provides when running exim -C /etc/exim/exim.conf -d+all -bv test@test.com is below.

I'm sure it is something simple, but I didn't set this up but now trying to learn now to maintain it and this is preventing me from upgrading.

...
11:06:52 33945 routing test@test.com
11:06:52 33945 --------> dnslookup router <--------
11:06:52 33945 local_part=test domain=test.com
11:06:52 33945 checking domains
11:06:52 33945  ╭considering: @:domain1.org:domain2.org:domain3.org:pgsql;select domain from virtdomains where domain='$domain'
11:06:52 33945  ├───────text: @:domain1.org:domain2.org:domain3.org:pgsql;select domain from virtdomains where domain='
11:06:52 33945  ├considering: $domain'
11:06:52 33945  ├considering: '
11:06:52 33945  ├───────text: '
11:06:52 33945  ├──expanding: @:domain1.org:domain2.org:domain3.org:pgsql;select domain from virtdomains where domain='$domain'
11:06:52 33945  ╰─────result: @:domain1.org:domain2.org:domain3.org:pgsql;select domain from virtdomains where domain='test.com'
11:06:52 33945             ╰──(tainted)
11:06:52 33945 search_open: pgsql "NULL"
11:06:52 33945 search_find: file="NULL"
11:06:52 33945   key="select domain from virtdomains where domain='test.com'" partial=-1 affix=NULL starflags=0 opts=NULL
11:06:52 33945 LRU list:
11:06:52 33945 internal_search_find: file="NULL"
11:06:52 33945   type=pgsql key="select domain from virtdomains where domain='test.com'" opts=NULL
11:06:52 33945 database lookup required for select domain from virtdomains where domain='test.com'
11:06:52 33945                              (tainted)
11:06:52 33945 LOG: MAIN PANIC
11:06:52 33945   tainted search query is not properly quoted (router dnslookup, /etc/exim/exim.conf 746): select domain from virtdomains where domain='test.com'
11:06:52 33945 search_type 15 (pgsql) quoting -1 (none)
11:06:52 33945 PostgreSQL query: "select domain from virtdomains where domain='test.com'" opts 'NULL'11:06:52 33945   tainted search query is not properly quoted (router dnslookup, /etc/exim/exim.conf 746): select domain from virtdomains where domain='test.com'
11:06:52 33945 search_type 15 (pgsql) quoting -1 (none)
...

score 0 · Answer 1 · answered Nov 15 '23 at 15:00

I am hoping after four months you solved this, but just in case... I am going through this with MySQL queries at the moment. You can fix the query itself by quoting the 'domain' parameter in your where clause:

domainlist local_domains = @:domain1.org:domain2.org:domain2.org:\
         pgsql;select domain from virtdomains where domain='${quote_pgsql:$domain}'

The issue I am having is that result itself is considered tainted :P

Fixing a tainted statement in EXIM

1 Answers1