--- exim.pl.16.old 2017-11-05 00:05:29.000000000 -0500 +++ exim.pl.16 2017-11-05 00:14:33.000000000 -0500 @@ -22,6 +22,33 @@ return -1; } +sub safe_name +{ + my ($name) = @_; + + if ($name =~ /\//) + { + return 0; + } + + if ($name =~ /\\/) + { + return 0; + } + + if ($name =~ /\|/) + { + return 0; + } + + if ($name =~ /\.\./) + { + return 0; + } + + return 1; +} + # hit_limit_user # checks to see if a username has hit the send limit. # returns: @@ -37,6 +64,11 @@ my $count = 0; my $email_limit = 0; + if (!safe_name($username)) + { + return 2; + } + if (open (LIMIT, "/etc/virtual/limit_$username")) { $email_limit = int(); @@ -78,6 +110,11 @@ { my($user,$domain) = @_; + if (!safe_name($user) || !safe_name($domain)) + { + return 2; + } + my $user_email_limit = 0; if (open (LIMIT, "/etc/virtual/$domain/limit/$user")) { @@ -136,11 +173,11 @@ } } - if ($username =~ /\|/) - { - Exim::log_write("SMTPAuth: Invalid username: $username"); - return "no"; - } + if (!safe_name($username)) + { + Exim::log_write("SMTPAuth: Invalid username: $username"); + return "no"; + } if ($username =~ /\@/) { @@ -254,6 +291,12 @@ my $username = $auth_id; my @pw; + if (!safe_name($username)) + { + Exim::log_write("find_uid_auth_id: Invalid username: $username"); + return "-1"; + } + if ($auth_id =~ /\@/) { $unixuser = 0; @@ -461,6 +504,12 @@ my $domain=""; ($user, $domain) = (split(/@/, $authenticated_id)); + if (!safe_name($authenticated_id)) + { + Exim::log_write("check_limits: Invalid username: $authenticated_id"); + return "no"; + } + if ($domain ne "") { my $user_email_limit = 0; @@ -544,6 +593,12 @@ my $pss = ""; my $entry = ""; + if (!safe_name($dmn) || !safe_name($lp)) + { + Exim::log_write("save_virtual_user: Invalid username: $lp or domain: $dmn"); + return "no"; + } + open (PASSWD, "/etc/virtual/$dmn/passwd") || return "no"; while ($entry = ) {