| 1 |
diff --git a/Mailman/Defaults.py.in b/Mailman/Defaults.py.in |
| 2 |
index 8e42f54..e79f454 100755 |
| 3 |
--- a/Mailman/Defaults.py.in |
| 4 |
+++ b/Mailman/Defaults.py.in |
| 5 |
@@ -111,7 +111,7 @@ HTML_TO_PLAIN_TEXT_COMMAND = '/usr/bin/lynx -dump %(filename)s' |
| 6 |
|
| 7 |
# A Python regular expression character class which defines the characters |
| 8 |
# allowed in list names. Lists cannot be created with names containing any |
| 9 |
-# character that doesn't match this class. |
| 10 |
+# character that doesn't match this class. Do not include '/' in this list. |
| 11 |
ACCEPTABLE_LISTNAME_CHARACTERS = '[-+_.=a-z0-9]' |
| 12 |
|
| 13 |
|
| 14 |
diff --git a/Mailman/Utils.py b/Mailman/Utils.py |
| 15 |
index 8021942..231f72c 100644 |
| 16 |
--- a/Mailman/Utils.py |
| 17 |
+++ b/Mailman/Utils.py |
| 18 |
@@ -100,6 +100,12 @@ def list_exists(listname): |
| 19 |
# |
| 20 |
# The former two are for 2.1alpha3 and beyond, while the latter two are |
| 21 |
# for all earlier versions. |
| 22 |
+ # |
| 23 |
+ # But first ensure the list name doesn't contain a path traversal |
| 24 |
+ # attack. |
| 25 |
+ if len(re.sub(mm_cfg.ACCEPTABLE_LISTNAME_CHARACTERS, '', listname)) > 0: |
| 26 |
+ syslog('mischief', 'Hostile listname: %s', listname) |
| 27 |
+ return False |
| 28 |
basepath = Site.get_listpath(listname) |
| 29 |
for ext in ('.pck', '.pck.last', '.db', '.db.last'): |
| 30 |
dbfile = os.path.join(basepath, 'config' + ext) |
Parent Directory
| 
Revision Log
| 
Revision Graph
