You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@spamassassin.apache.org by jm...@apache.org on 2008/12/31 17:54:24 UTC

svn commit: r730414 - in /spamassassin/trunk: sa-compile.raw spamd-apache2/lib/Mail/SpamAssassin/Spamd/Apache2/Config.pm

Author: jm
Date: Wed Dec 31 08:54:24 2008
New Revision: 730414

URL: http://svn.apache.org/viewvc?rev=730414&view=rev
Log:
bug 5932: replace trivial File::Path::rmtree usage with simple 'rm -rf' command lines to avoid File::Path security bug (CPAN bug# 36982).  we still have other usage of rmtree(), but it's all in the test suite rather than runtime code

Modified:
    spamassassin/trunk/sa-compile.raw
    spamassassin/trunk/spamd-apache2/lib/Mail/SpamAssassin/Spamd/Apache2/Config.pm

Modified: spamassassin/trunk/sa-compile.raw
URL: http://svn.apache.org/viewvc/spamassassin/trunk/sa-compile.raw?rev=730414&r1=730413&r2=730414&view=diff
==============================================================================
--- spamassassin/trunk/sa-compile.raw (original)
+++ spamassassin/trunk/sa-compile.raw Wed Dec 31 08:54:24 2008
@@ -376,13 +376,14 @@
 
   our $PATH = $modname;
   $PATH =~ s/::/-/g;
+  $PATH =~ s/[^-_A-Za-z0-9\.]/_/g;
   our $PMFILE = $modname;
   $PMFILE =~ s/.*:://;
   $PMFILE .= ".pm";
   our $XSFILE = $PMFILE;
   $XSFILE =~ s/\.pm$/.xs/;
 
-  $force and rmtree $PATH;
+  $force and system("rm -rf $PATH");
   mkdir $PATH or (!$force and die "mkdir($PATH): $!");
   chdir $PATH;
   if (!$quiet) { print "cd $PATH\n" or die "error writing: $!" }

Modified: spamassassin/trunk/spamd-apache2/lib/Mail/SpamAssassin/Spamd/Apache2/Config.pm
URL: http://svn.apache.org/viewvc/spamassassin/trunk/spamd-apache2/lib/Mail/SpamAssassin/Spamd/Apache2/Config.pm?rev=730414&r1=730413&r2=730414&view=diff
==============================================================================
--- spamassassin/trunk/spamd-apache2/lib/Mail/SpamAssassin/Spamd/Apache2/Config.pm (original)
+++ spamassassin/trunk/spamd-apache2/lib/Mail/SpamAssassin/Spamd/Apache2/Config.pm Wed Dec 31 08:54:24 2008
@@ -450,7 +450,7 @@
       $ENV{HOME} = $tmphome;
       $sa->compile_now(0, 1);
       delete $ENV{HOME};
-      File::Path::rmtree($tmphome);
+      system("rm -rf '$tmphome'");
       $Mail::SpamAssassin::Spamd::Apache2::spamtest = $sa;
       Mail::SpamAssassin::Spamd::backup_config($sa);
     }