You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@spamassassin.apache.org by bu...@bugzilla.spamassassin.org on 2015/11/12 11:07:57 UTC
[Bug 7264] New: Allow '(' and ')' in paths when untainting
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7264
Bug ID: 7264
Summary: Allow '(' and ')' in paths when untainting
Product: Spamassassin
Version: 3.4.1
Hardware: PC
OS: Windows 7
Status: NEW
Severity: normal
Priority: P2
Component: Libraries
Assignee: dev@spamassassin.apache.org
Reporter: puppe@jam-software.com
I get a warning when I run sa-update:
```
util: refusing to untaint suspicious path: "C:\Program Files (x86)\JAM
Software\
SpamAssassin for Windows\share/3.004001"
```
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7264] Allow '(' and ')' in paths when untainting
Posted by bu...@bugzilla.spamassassin.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7264
Mark Martinec <Ma...@ijs.si> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |FIXED
--- Comment #4 from Mark Martinec <Ma...@ijs.si> ---
Closing, fixed.
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7264] Allow '(' and ')' in paths when untainting
Posted by bu...@bugzilla.spamassassin.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7264
Martin Puppe <pu...@jam-software.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |puppe@jam-software.com
--- Comment #1 from Martin Puppe <pu...@jam-software.com> ---
Created attachment 5346
--> https://bz.apache.org/SpamAssassin/attachment.cgi?id=5346&action=edit
Patch: Allow '(', ')' in paths when untainting
This patch adjusts the regex in Util.pm to allow parentheses.
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7264] Allow '(' and ')' in paths when untainting
Posted by bu...@bugzilla.spamassassin.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7264
--- Comment #3 from Mark Martinec <Ma...@ijs.si> ---
trunk:
Sending lib/Mail/SpamAssassin/Util.pm
Committed revision 1714142.
3.4:
Sending lib/Mail/SpamAssassin/Util.pm
Committed revision 1714143.
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7264] Allow '(' and ')' in paths when untainting
Posted by bu...@bugzilla.spamassassin.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7264
Mark Martinec <Ma...@ijs.si> changed:
What |Removed |Added
----------------------------------------------------------------------------
Target Milestone|Undefined |3.4.2
--- Comment #2 from Mark Martinec <Ma...@ijs.si> ---
> Patch: Allow '(', ')' in paths when untainting
> This patch adjusts the regex in Util.pm to allow parentheses.
Thanks, makes sense and does not hurt (parenthesis are not special in shall).
Although there are other things wrong with that (original) regexp:
- single-quoted strings in perl use backquotes to quote a character
that follows, so to keep them in a string they must be doubled;
- at the aesthetic side, characters like % = , / : are not special
in a regexp and need not be quoted; also . and + are not special
in a character class and need not be quoted.
So I propose:
lib/Mail/SpamAssassin/Util.pm :
- my $chars = '-_A-Za-z0-9\xA0-\xFF\.\%\@\=\+\,\/\\\:';
- my $re = qr/^\s*([$chars][${chars}~ ]*)$/o;
+ my $chars = '-_A-Za-z0-9.%=+,/:()\\@\\xA0-\\xFF\\\\';
+ my $re = qr{^\s*([$chars][${chars}~ ]*)\z}o;
A short perl program to test:
my $chars = '-_A-Za-z0-9.%=+,/:()\\@\\xA0-\\xFF\\\\';
my $re = qr{^\s*([$chars][${chars}~ ]*)\z}o;
print "$re\n";
(?^:^\s*([-_A-Za-z0-9.%=+,/:()\@\xA0-\xFF\\][-_A-Za-z0-9.%=+,/:()\@\xA0-\xFF\\~
]*)\z)
--
You are receiving this mail because:
You are the assignee for the bug.