You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by mm...@apache.org on 2010/02/01 20:28:09 UTC
svn commit: r905379 - in /spamassassin/trunk: lib/Mail/SpamAssassin.pm
spamd/spamd.raw
Author: mmartinec
Date: Mon Feb 1 19:28:08 2010
New Revision: 905379
URL: http://svn.apache.org/viewvc?rev=905379&view=rev
Log:
Bug 6313: fixing two taint issues on getpwnam, and prevents spamd creating users .spamassassin directory if $opt{"user-config"} is false
Modified:
spamassassin/trunk/lib/Mail/SpamAssassin.pm
spamassassin/trunk/spamd/spamd.raw
Modified: spamassassin/trunk/lib/Mail/SpamAssassin.pm
URL: http://svn.apache.org/viewvc/spamassassin/trunk/lib/Mail/SpamAssassin.pm?rev=905379&r1=905378&r2=905379&view=diff
==============================================================================
--- spamassassin/trunk/lib/Mail/SpamAssassin.pm (original)
+++ spamassassin/trunk/lib/Mail/SpamAssassin.pm Mon Feb 1 19:28:08 2010
@@ -75,6 +75,7 @@
use Mail::SpamAssassin::Message;
use Mail::SpamAssassin::PluginHandler;
use Mail::SpamAssassin::DnsResolver;
+use Mail::SpamAssassin::Util qw(untaint_var);
use Mail::SpamAssassin::Util::ScopedTimer;
use Errno qw(ENOENT EACCES);
@@ -1935,7 +1936,7 @@
close IN or die "error closing $defprefs: $!";
if (($< == 0) && ($> == 0) && defined($user)) { # chown it
- my ($uid,$gid) = (getpwnam($user))[2,3];
+ my ($uid,$gid) = (getpwnam(untaint_var($user)))[2,3];
unless (chown($uid, $gid, $fname)) {
warn "config: couldn't chown $fname to $uid:$gid for $user: $!\n";
}
Modified: spamassassin/trunk/spamd/spamd.raw
URL: http://svn.apache.org/viewvc/spamassassin/trunk/spamd/spamd.raw?rev=905379&r1=905378&r2=905379&view=diff
==============================================================================
--- spamassassin/trunk/spamd/spamd.raw (original)
+++ spamassassin/trunk/spamd/spamd.raw Mon Feb 1 19:28:08 2010
@@ -2276,8 +2276,14 @@
sub handle_user_setuid_with_sql {
my $username = shift;
+
+ # Bug 6313: interestingly, if $username is not tainted than $pwd, $gcos and
+ # $etc end up tainted but other fields not; if $username _is_ tainted,
+ # getpwnam does not complain, but all returned fields are tainted (which
+ # makes sense, but is worth remembering)
+ #
my ($name, $pwd, $uid, $gid, $quota, $comment, $gcos, $dir, $etc) =
- getpwnam($username);
+ getpwnam(untaint_var($username));
if (!$spamtest->{'paranoid'} && !defined($uid)) {
# if we are given a username, but can't look it up, maybe name
@@ -2300,7 +2306,7 @@
}
my $spam_conf_dir = $dir . '/.spamassassin'; # needed for Bayes, etc.
- if (! -d $spam_conf_dir) {
+ if ($opt{'user-config'} && ! -d $spam_conf_dir) {
if (mkdir $spam_conf_dir, 0700) {
info("spamd: created $spam_conf_dir for $username");
}