Created
June 6, 2019 17:41
-
-
Save ryancdotorg/a5e66b3457e0297d70d28bc28648e531 to your computer and use it in GitHub Desktop.
patch to restrict exim's `{$perl {...}}` expansion function for hardening purposes
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- old/src/perl.c 2017-03-04 21:21:35.000000000 +0000 | |
+++ new/src/perl.c 2019-03-09 23:42:10.546624662 +0000 | |
@@ -160,6 +160,23 @@ | |
uschar *str; | |
int items; | |
+ if (name[0] == '_') | |
+ { | |
+ *errstrp = US"forbidden function name"; | |
+ return 0; | |
+ } | |
+ | |
+ int i = 0; | |
+ while (name[i] > 0) | |
+ { | |
+ if (name[i++] == ':') | |
+ { | |
+ *errstrp = US"forbidden function name"; | |
+ return 0; | |
+ } | |
+ } | |
+ | |
+ | |
if (!interp_perl) | |
{ | |
*errstrp = US"the Perl interpreter has not been started"; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment