You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@spamassassin.apache.org by jm...@apache.org on 2004/05/15 06:49:28 UTC

svn commit: rev 10672 - incubator/spamassassin/trunk/lib/Mail/SpamAssassin

Author: jm
Date: Fri May 14 21:49:27 2004
New Revision: 10672

Modified:
   incubator/spamassassin/trunk/lib/Mail/SpamAssassin/Dns.pm
Log:
bug 3325: Insecure dependency in Dns.pm line 214: fixed, here at least.  seems to be tickling a perl bug...

Modified: incubator/spamassassin/trunk/lib/Mail/SpamAssassin/Dns.pm
==============================================================================
--- incubator/spamassassin/trunk/lib/Mail/SpamAssassin/Dns.pm	(original)
+++ incubator/spamassassin/trunk/lib/Mail/SpamAssassin/Dns.pm	Fri May 14 21:49:27 2004
@@ -210,8 +210,18 @@
 	}
 	$subtest =~ s/\bS(\d+)\b/\$sb{$1}/;
       }
-      #print STDERR "$subtest\n";
-      #print STDERR "$rdatastr\n";
+
+      # untaint. doing the usual $subtest=$1 doesn't work! (bug 3325)
+      $subtest =~ /^(.*)$/;
+      my $untainted = $1;
+      $subtest = $untainted;
+
+      # Mail::SpamAssassin::Util::untaint_var (\%sb);
+      # dbg ("$subtest");
+      # dbg ("$rdatastr");
+
+      eval $subtest;
+
       $self->got_hit($rule, "SenderBase: ") if !$undef && eval "$subtest";
     }
     # bitmask