On 03/07/2019 20:02, Heiko Schlittermann via Exim-users wrote: > Marc Haber via Exim-users <[email protected]> (Mi 03 Jul 2019 18:17:24 > CEST): >> On Sun, 23 Jun 2019 20:02:33 +0100, Jeremy Harris via Exim-users >> <[email protected]> wrote: >>> deny local_parts = \N ^.*$ : ^.*\\x24 : ^.*\\0?44 \N >>> message = no mate >> >> This might be a really stupid question, but what exactly does that do? >> >> ^.*$ blocks local_parts containing a $ >> ^.\\x24 does the same? >> but I'm stymied about the \\0.44 notation, what's that? > > From my POV ^.*$ matches *any* local_part, as $ is the string's end anchor, > isn't it?. > But I can't imagine that such mistake happens to Jeremy, so I assume, I'm > missing the point here.
You're not missing the point at all; I made a foolish error. That should have been ^.*\$ - to get any local_part containing a dollar. > \\x24 should match the literal \x24, which may be used to encode the > dollar sign for the unintended local_part expansion in the vulnerable > code. > > \\044 and \\44 may encode the dollar sign in base8 notation, with and > w/o the leading zero. Both are collapsed into \\0?44 Yes. But (MH) note there is a question-mark there, not a period. -- Cheers, Jeremy -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
