From: Tom Hughes Date: Thu, 31 Dec 2020 19:27:55 +0000 (+0000) Subject: Avoid using tainted data to construct file names in exim configuration X-Git-Url: https://git.openstreetmap.org/chef.git/commitdiff_plain/4dfa85adc113c5679167960dd8ad61da5b348dad Avoid using tainted data to construct file names in exim configuration --- diff --git a/cookbooks/exim/templates/default/exim4.conf.erb b/cookbooks/exim/templates/default/exim4.conf.erb index 3c4ebd4aa..17160ecf3 100644 --- a/cookbooks/exim/templates/default/exim4.conf.erb +++ b/cookbooks/exim/templates/default/exim4.conf.erb @@ -768,7 +768,7 @@ noreply: to = $sender_address subject = Re: $header_subject: headers = MIME-Version: 1.0\nContent-Type: text/plain; charset=utf-8 - file = /etc/exim4/noreply/$local_part + file = /etc/exim4/noreply/$local_part_data user = Debian-exim group = Debian-exim