svn commit: r411821 - /spamassassin/branches/3.1/spamd/spamd.raw

[fe...@apache.org]

Author: felicity
Date: Mon Jun  5 08:35:40 2006
New Revision: 411821

URL: http://svn.apache.org/viewvc?rev=411821&view=rev
Log:
bug 4926: given a certain set of parameters to spamd and a specially formatted input message, users could cause spamd to execute arbitrary commands as spamd user

Modified:
    spamassassin/branches/3.1/spamd/spamd.raw

Modified: spamassassin/branches/3.1/spamd/spamd.raw
URL: http://svn.apache.org/viewvc/spamassassin/branches/3.1/spamd/spamd.raw?rev=411821&r1=411820&r2=411821&view=diff
==============================================================================
--- spamassassin/branches/3.1/spamd/spamd.raw (original)
+++ spamassassin/branches/3.1/spamd/spamd.raw Mon Jun  5 08:35:40 2006
@@ -1716,19 +1716,22 @@
   my ($name, $pwd, $uid, $gid, $quota, $comment, $gcos, $dir, $etc) =
       getpwnam($userid);
 
-  if (!$spamtest->{'paranoid'} && !defined($uid)) {
-    # if we are given a username, but can't look it up, maybe name
-    # services are down?  let's break out here to allow them to get
-    # 'defaults' when we are not running paranoid
-    info("spamd: handle_user unable to find user: $userid\n");
-    return 0;
+  if (!defined $uid) {
+      my $errmsg = "spamd: handle_user unable to find user: '$userid'\n";
+      die $errmsg if $spamtest->{'paranoid'};
+      # if we are given a username, but can't look it up, maybe name
+      # services are down?  let's break out here to allow them to get
+      # 'defaults' when we are not running paranoid
+      info($errmsg);
+      return 0;
   }
 
-  # not sure if this is required, the documentation says it isn't
-  $uid =~ /^(\d+)$/ and $uid = $1;    # de-taint
-  $gid =~ /^(\d+)$/ and $gid = $1;    # de-taint
-
   if ($setuid_to_user) {
+
+    # not sure if this is required, the documentation says it isn't
+    $uid =~ /^(\d+)$/ and $uid = $1;    # de-taint
+    $gid =~ /^(\d+)$/ and $gid = $1;    # de-taint
+
     $) = "$gid $gid";                 # change eGID
     $> = $uid;                        # change eUID
     if ( !defined($uid) || ( $> != $uid and $> != ( $uid - 2**32 ) ) ) {
@@ -1745,12 +1748,12 @@
   #
   if ( $opt{'vpopmail'} ) {
     my $vpopdir = $dir;
-    $dir = `$vpopdir/bin/vuserinfo -d $username`;
+    $dir = `$vpopdir/bin/vuserinfo -d \Q$username\E`;
     if ($? != 0) {
       #
       # If vuserinfo failed $username could be an alias
       #
-      $dir = `$vpopdir/bin/valias $username`;
+      $dir = `$vpopdir/bin/valias \Q$username\E`;
       if ($? == 0 && $dir !~ /.+ -> &/) {
         $dir =~ s,.+ -> (/.+)/Maildir/,$1,;
       } else {