You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by jm...@apache.org on 2004/05/15 06:49:28 UTC
svn commit: rev 10672 - incubator/spamassassin/trunk/lib/Mail/SpamAssassin
Author: jm
Date: Fri May 14 21:49:27 2004
New Revision: 10672
Modified:
incubator/spamassassin/trunk/lib/Mail/SpamAssassin/Dns.pm
Log:
bug 3325: Insecure dependency in Dns.pm line 214: fixed, here at least. seems to be tickling a perl bug...
Modified: incubator/spamassassin/trunk/lib/Mail/SpamAssassin/Dns.pm
==============================================================================
--- incubator/spamassassin/trunk/lib/Mail/SpamAssassin/Dns.pm (original)
+++ incubator/spamassassin/trunk/lib/Mail/SpamAssassin/Dns.pm Fri May 14 21:49:27 2004
@@ -210,8 +210,18 @@
}
$subtest =~ s/\bS(\d+)\b/\$sb{$1}/;
}
- #print STDERR "$subtest\n";
- #print STDERR "$rdatastr\n";
+
+ # untaint. doing the usual $subtest=$1 doesn't work! (bug 3325)
+ $subtest =~ /^(.*)$/;
+ my $untainted = $1;
+ $subtest = $untainted;
+
+ # Mail::SpamAssassin::Util::untaint_var (\%sb);
+ # dbg ("$subtest");
+ # dbg ("$rdatastr");
+
+ eval $subtest;
+
$self->got_hit($rule, "SenderBase: ") if !$undef && eval "$subtest";
}
# bitmask