svn commit: r575698 - /spamassassin/trunk/sa-compile.raw

[mm...@apache.org]

Author: mmartinec
Date: Fri Sep 14 07:25:07 2007
New Revision: 575698

URL: http://svn.apache.org/viewvc?rev=575698&view=rev
Log:
explicit untainting in sa-compile

Modified:
    spamassassin/trunk/sa-compile.raw

Modified: spamassassin/trunk/sa-compile.raw
URL: http://svn.apache.org/viewvc/spamassassin/trunk/sa-compile.raw?rev=575698&r1=575697&r2=575698&view=diff
==============================================================================
--- spamassassin/trunk/sa-compile.raw (original)
+++ spamassassin/trunk/sa-compile.raw Fri Sep 14 07:25:07 2007
@@ -23,6 +23,10 @@
 my $LOCAL_STATE_DIR = '@@LOCAL_STATE_DIR@@';    # substituted at 'make' time
 use lib '@@INSTALLSITELIB@@';                   # substituted at 'make' time
 
+use strict;
+use warnings;
+use re 'taint';
+
 use File::Spec;
 use Config;
 
@@ -51,10 +55,8 @@
   }
 }
 
-use strict;
-use warnings;
-
 use Mail::SpamAssassin;
+use Mail::SpamAssassin::Util qw(untaint_var);
 use Getopt::Long;
 use File::Copy;
 use File::Path;
@@ -295,8 +297,7 @@
     $perl = $Config{perlpath};
     $perl =~ s|/[^/]*$|/$^X|;
   }
-  $perl =~ /^(.*)$/;
-  return $1;
+  return untaint_var($perl);
 }
 
 ##############################################################################
@@ -312,8 +313,9 @@
 # read ruleset name from the first line in the file
   my $ruleset_name;
   $_ = <$fh>;
+  local ($1);
   if (/^name\s+(\S+)/) {
-    $ruleset_name = $1;
+    $ruleset_name = untaint_var($1);
   }
 
   if (!$modname) {
@@ -366,6 +368,7 @@
     while (<$fh>) {
       next if /^#/;
 
+      local ($1,$2);
       if (/^orig\s+(\S+)\s+(.*)$/) {
 	my $name = $1;
 	my $regexp = $2;
@@ -605,6 +608,7 @@
   my $TOK = qr([\"\\]);
 
   my $STATE;
+  local ($1,$2);
   while ($re =~ /\G(.*?)($TOK)/gc) {
     my $pre = $1;
     my $tok = $2;