Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
patch to restrict exim's `{$perl {...}}` expansion function for hardening purposes
--- old/src/perl.c 2017-03-04 21:21:35.000000000 +0000
+++ new/src/perl.c 2019-03-09 23:42:10.546624662 +0000
@@ -160,6 +160,23 @@
uschar *str;
int items;
+ if (name[0] == '_')
+ {
+ *errstrp = US"forbidden function name";
+ return 0;
+ }
+
+ int i = 0;
+ while (name[i] > 0)
+ {
+ if (name[i++] == ':')
+ {
+ *errstrp = US"forbidden function name";
+ return 0;
+ }
+ }
+
+
if (!interp_perl)
{
*errstrp = US"the Perl interpreter has not been started";
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.