You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@spamassassin.apache.org by bu...@spamassassin.apache.org on 2022/08/12 23:52:38 UTC

[Bug 8025] New: Taint failure handling Windows short path

https://bz.apache.org/SpamAssassin/show_bug.cgi?id=8025

            Bug ID: 8025
           Summary: Taint failure handling Windows short path
           Product: Spamassassin
           Version: 4.0.0
          Hardware: PC
                OS: Windows
            Status: NEW
          Severity: minor
          Priority: P2
         Component: Regression Tests
          Assignee: dev@spamassassin.apache.org
          Reporter: sidney@sidney.com
  Target Milestone: Undefined

The fix for bug 8010 does not handle the '~' character in Windows short paths.
This is showing up as the same test failures as in bug 8010 when a test
encounters the short form of a directory name.

-- 
You are receiving this mail because:
You are the assignee for the bug.

[Bug 8025] Taint failure handling Windows short path

Posted by bu...@spamassassin.apache.org.

https://bz.apache.org/SpamAssassin/show_bug.cgi?id=8025

Sidney Markowitz <si...@sidney.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |sidney@sidney.com
   Target Milestone|Undefined                   |4.0.0
           Severity|minor                       |normal

-- 
You are receiving this mail because:
You are the assignee for the bug.

[Bug 8025] Taint failure handling Windows short path

Posted by bu...@spamassassin.apache.org.

https://bz.apache.org/SpamAssassin/show_bug.cgi?id=8025

Sidney Markowitz <si...@sidney.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |FIXED

--- Comment #1 from Sidney Markowitz <si...@sidney.com> ---
The problem of untainting Windows file paths was already properly solved in
Mail::SpamAssassin::Utils::untaint_file_path() but it couldn't be called
directly in this case. Fix was to copy/paste to use the same pattern as that
sub uses.

trunk % svn ci -m "bug 8025 - Use better untaint pattern for Windows file paths
than the incomplete fix for bug 8010" lib/Mail/SpamAssassin.pm 
Sending        lib/Mail/SpamAssassin.pm
Transmitting file data .done
Committing transaction...
Committed revision 1903383.

-- 
You are receiving this mail because:
You are the assignee for the bug.

[Bug 8025] Taint failure handling Windows short path

Posted by bu...@spamassassin.apache.org.

https://bz.apache.org/SpamAssassin/show_bug.cgi?id=8025

--- Comment #2 from Sidney Markowitz <si...@sidney.com> ---
trunk % svn ci -m "bug 8025 - Add a comment referencing this issue to the fix
already committed"  
Sending        lib/Mail/SpamAssassin.pm
Transmitting file data .done
Committing transaction...
Committed revision 1903595.

-- 
You are receiving this mail because:
You are the assignee for the bug.