You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@spamassassin.apache.org by bu...@bugzilla.spamassassin.org on 2008/06/23 11:46:10 UTC
[Bug 5929] New: hostname can be "(none)", causing "cannot untaint"
warnings
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5929
Summary: hostname can be "(none)", causing "cannot untaint"
warnings
Product: Spamassassin
Version: SVN Trunk (Latest Devel Version)
Platform: Other
OS/Version: All
Status: NEW
Severity: minor
Priority: P5
Component: Libraries
AssignedTo: dev@spamassassin.apache.org
ReportedBy: jm@jmason.org
a recent CPAN-tester report says:
Subject: FAIL Mail-SpamAssassin-3.2.5 i586-linux-thread-multi 2.6.8.1
From: g.grigelionis@computer.org
Date: Sat, 21 Jun 2008 11:42:58 +0200
To: cpan-testers@perl.org
Cc: JMASON@cpan.org
This distribution has been tested as part of the cpan-testers
effort to test as many new uploads to CPAN as possible. See
http://testers.cpan.org/
Output from '/usr/bin/make test':
/usr/bin/perl build/mkrules --exit_on_no_src --src rulesrc --out rules
--manifest MANIFEST --manifestskip MANIFEST.SKIP
no source directory found: exiting
/usr/bin/perl build/preprocessor -Mvars -DVERSION="3.002005" -DPREFIX="/usr"
-DDEF_RULES_DIR="/usr/share/spamassassin"
-DLOCAL_RULES_DIR="/etc/mail/spamassassin"
-DLOCAL_STATE_DIR="/var/lib/spamassassin"
-DINSTALLSITELIB="/usr/lib/perl5/site_perl/5.8.5"
-DCONTACT_ADDRESS="g.grigelionis@gmail.com" -Msharpbang -Mconditional
-DPERL_BIN="/usr/bin/perl" -DPERL_WARN="" -DPERL_TAINT="" -m755 -isa-update.raw
-osa-update
cp sa-update blib/script/sa-update
/usr/bin/perl "-MExtUtils::MY" -e "MY->fixin(shift)" blib/script/sa-update
PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" "test_harness(0,
'blib/lib', 'blib/arch')" t/*.t
t/basic_lint.t....................ok
t/basic_obj_api.t.................util: cannot untaint path:
"./log/user_state/auto-whitelist.lock.(none).12635"
util: cannot untaint path: "./log/user_state/bayes.lock.(none).12635"
ok
t/bayesdbm.t......................util: cannot untaint path:
"./log/user_state/bayes.lock.(none).12636"
util: cannot untaint path: "./log/user_state/bayes.lock.(none).12636"
util: cannot untaint path: "./log/user_state/bayes.lock.(none).12636"
util: cannot untaint path: "./log/user_state/bayes.lock.(none).12636"
util: cannot untaint path: "./log/user_state/bayes.lock.(none).12636"
util: cannot untaint path: "./log/user_state/bayes.lock.(none).12636"
util: cannot untaint path: "./log/user_state/bayes.lock.(none).12636"
util: cannot untaint path: "./log/user_state/bayes.lock.(none).12636"
util: cannot untaint path: "./log/user_state/bayes.lock.(none).12636"
util: cannot untaint path: "./log/user_state/bayes.lock.(none).12636"
util: cannot untaint path: "./log/user_state/bayes.lock.(none).12636"
util: cannot untaint path: "./log/user_state/bayes.lock.(none).12636"
util: cannot untaint path: "./log/user_state/bayes.lock.(none).12638"
util: cannot untaint path: "./log/user_state/bayes.lock.(none).12640"
util: cannot untaint path: "./log/user_state/bayes.lock.(none).12642"
util: cannot untaint path: "./log/user_state/bayes.lock.(none).12636"
ok
etc. etc. Similar warnings appear throughout the test log.
It appears that Mail::SA::Util::fq_hostname() is returning "(none)" as the
hostname, probably from Sys::Hostname in return, and this is being used in the
lock filename.
1. should "(" and ")" be ok in the untaint_path() function? IMO no, they're
shell metachars, let's keep them illegal.
2. should fq_hostname() be fixed to handle this wierd output? IMO yes.
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 5929] hostname can be "(none)", causing "cannot untaint"
warnings
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5929
Justin Mason <jm...@jmason.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
CC| |jm@jmason.org
Resolution| |FIXED
--- Comment #2 from Justin Mason <jm...@jmason.org> 2009-09-20 10:34:58 PDT ---
easy fix:
: 9...; svn commit -m "bug 5929: avoid taint warnings if hostname is returned
as '(none)'" lib/Mail/SpamAssassin/Util.pm
Sending lib/Mail/SpamAssassin/Util.pm
Transmitting file data .
Committed revision 817057.
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 5929] hostname can be "(none)", causing "cannot untaint"
warnings
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5929
--- Comment #1 from Justin Mason <jm...@jmason.org> 2008-06-23 02:47:06 PST ---
Created an attachment (id=4341)
--> (https://issues.apache.org/SpamAssassin/attachment.cgi?id=4341)
full CPAN-testers mail message
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.