You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by he...@apache.org on 2019/06/23 14:37:55 UTC
svn commit: r1861937 - in /spamassassin: branches/3.4/t/SATest.pm
trunk/t/SATest.pm
Author: hege
Date: Sun Jun 23 14:37:54 2019
New Revision: 1861937
URL: http://svn.apache.org/viewvc?rev=1861937&view=rev
Log:
Some taint fixes
Modified:
spamassassin/branches/3.4/t/SATest.pm
spamassassin/trunk/t/SATest.pm
Modified: spamassassin/branches/3.4/t/SATest.pm
URL: http://svn.apache.org/viewvc/spamassassin/branches/3.4/t/SATest.pm?rev=1861937&r1=1861936&r2=1861937&view=diff
==============================================================================
--- spamassassin/branches/3.4/t/SATest.pm (original)
+++ spamassassin/branches/3.4/t/SATest.pm Sun Jun 23 14:37:54 2019
@@ -56,6 +56,11 @@ BEGIN {
$sock->close or die "error closing inet6 socket: $!" if $sock;
$sock ? 1 : undef;
};
+
+ # Clean PATH so taint doesn't complain
+ $ENV{'PATH'} = '/bin:/usr/bin:/usr/local/bin';
+ # Remove tainted envs, atleast ENV used in FreeBSD
+ delete @ENV{qw(IFS CDPATH ENV BASH_ENV)};
}
# Set up for testing. Exports (as global vars):
@@ -245,7 +250,6 @@ sub probably_unused_spamd_port {
my $port;
my @nstat;
- local $ENV{'PATH'} = '/bin:/usr/bin:/usr/local/bin'; # must not be tainted
if (!open(NSTAT, "netstat -a -n 2>&1 |")) {
# not too bad if failing on some architecture, with some luck should be alright
} else {
@@ -1118,7 +1122,6 @@ sub untaint_var {
# untainted system()
sub untaint_system {
- local $ENV{'PATH'} = '/bin:/usr/bin:/usr/local/bin'; # must not be tainted
my @args;
push @args, untaint_var($_) foreach (@_);
return system(@args);
@@ -1126,7 +1129,6 @@ sub untaint_system {
# untainted version of `shell command`
sub untaint_cmd {
- local $ENV{'PATH'} = '/bin:/usr/bin:/usr/local/bin'; # must not be tainted
if (open(CMD, untaint_var($_[0])."|")) {
my $stdout = do { local($/); <CMD> };
close CMD;
Modified: spamassassin/trunk/t/SATest.pm
URL: http://svn.apache.org/viewvc/spamassassin/trunk/t/SATest.pm?rev=1861937&r1=1861936&r2=1861937&view=diff
==============================================================================
--- spamassassin/trunk/t/SATest.pm (original)
+++ spamassassin/trunk/t/SATest.pm Sun Jun 23 14:37:54 2019
@@ -56,6 +56,11 @@ BEGIN {
$sock->close or die "error closing inet6 socket: $!" if $sock;
$sock ? 1 : undef;
};
+
+ # Clean PATH so taint doesn't complain
+ $ENV{'PATH'} = '/bin:/usr/bin:/usr/local/bin';
+ # Remove tainted envs, atleast ENV used in FreeBSD
+ delete @ENV{qw(IFS CDPATH ENV BASH_ENV)};
}
# Set up for testing. Exports (as global vars):
@@ -245,7 +250,6 @@ sub probably_unused_spamd_port {
my $port;
my @nstat;
- local $ENV{'PATH'} = '/bin:/usr/bin:/usr/local/bin'; # must not be tainted
if (!open(NSTAT, "netstat -a -n 2>&1 |")) {
# not too bad if failing on some architecture, with some luck should be alright
} else {
@@ -1118,7 +1122,6 @@ sub untaint_var {
# untainted system()
sub untaint_system {
- local $ENV{'PATH'} = '/bin:/usr/bin:/usr/local/bin'; # must not be tainted
my @args;
push @args, untaint_var($_) foreach (@_);
return system(@args);
@@ -1126,7 +1129,6 @@ sub untaint_system {
# untainted version of `shell command`
sub untaint_cmd {
- local $ENV{'PATH'} = '/bin:/usr/bin:/usr/local/bin'; # must not be tainted
if (open(CMD, untaint_var($_[0])."|")) {
my $stdout = do { local($/); <CMD> };
close CMD;