You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by mm...@apache.org on 2010/02/01 20:28:09 UTC

svn commit: r905379 - in /spamassassin/trunk: lib/Mail/SpamAssassin.pm spamd/spamd.raw

Author: mmartinec
Date: Mon Feb  1 19:28:08 2010
New Revision: 905379

URL: http://svn.apache.org/viewvc?rev=905379&view=rev
Log:
Bug 6313: fixing two taint issues on getpwnam, and prevents spamd creating users .spamassassin directory if $opt{"user-config"} is false

Modified:
    spamassassin/trunk/lib/Mail/SpamAssassin.pm
    spamassassin/trunk/spamd/spamd.raw

Modified: spamassassin/trunk/lib/Mail/SpamAssassin.pm
URL: http://svn.apache.org/viewvc/spamassassin/trunk/lib/Mail/SpamAssassin.pm?rev=905379&r1=905378&r2=905379&view=diff
==============================================================================
--- spamassassin/trunk/lib/Mail/SpamAssassin.pm (original)
+++ spamassassin/trunk/lib/Mail/SpamAssassin.pm Mon Feb  1 19:28:08 2010
@@ -75,6 +75,7 @@
 use Mail::SpamAssassin::Message;
 use Mail::SpamAssassin::PluginHandler;
 use Mail::SpamAssassin::DnsResolver;
+use Mail::SpamAssassin::Util qw(untaint_var);
 use Mail::SpamAssassin::Util::ScopedTimer;
 
 use Errno qw(ENOENT EACCES);
@@ -1935,7 +1936,7 @@
       close IN  or die "error closing $defprefs: $!";
 
       if (($< == 0) && ($> == 0) && defined($user)) { # chown it
-        my ($uid,$gid) = (getpwnam($user))[2,3];
+        my ($uid,$gid) = (getpwnam(untaint_var($user)))[2,3];
         unless (chown($uid, $gid, $fname)) {
           warn "config: couldn't chown $fname to $uid:$gid for $user: $!\n";
         }

Modified: spamassassin/trunk/spamd/spamd.raw
URL: http://svn.apache.org/viewvc/spamassassin/trunk/spamd/spamd.raw?rev=905379&r1=905378&r2=905379&view=diff
==============================================================================
--- spamassassin/trunk/spamd/spamd.raw (original)
+++ spamassassin/trunk/spamd/spamd.raw Mon Feb  1 19:28:08 2010
@@ -2276,8 +2276,14 @@
 
 sub handle_user_setuid_with_sql {
   my $username = shift;
+
+  # Bug 6313: interestingly, if $username is not tainted than $pwd, $gcos and
+  # $etc end up tainted but other fields not;  if $username _is_ tainted,
+  # getpwnam does not complain, but all returned fields are tainted (which
+  # makes sense, but is worth remembering)
+  #
   my ($name, $pwd, $uid, $gid, $quota, $comment, $gcos, $dir, $etc) =
-      getpwnam($username);
+      getpwnam(untaint_var($username));
 
   if (!$spamtest->{'paranoid'} && !defined($uid)) {
     # if we are given a username, but can't look it up, maybe name
@@ -2300,7 +2306,7 @@
   }
 
   my $spam_conf_dir = $dir . '/.spamassassin'; # needed for Bayes, etc.
-  if (! -d $spam_conf_dir) {
+  if ($opt{'user-config'} && ! -d $spam_conf_dir) {
     if (mkdir $spam_conf_dir, 0700) {
       info("spamd: created $spam_conf_dir for $username");
     }