/[smecontribs]/rpms/mailman/contribs7/mailman-2.1-CVE-2006-2941.patch
ViewVC logotype

Annotation of /rpms/mailman/contribs7/mailman-2.1-CVE-2006-2941.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.3 - (hide annotations) (download)
Tue Nov 25 16:20:13 2008 UTC (16 years ago) by slords
Branch: MAIN
CVS Tags: HEAD
Changes since 1.2: +0 -0 lines
Restore

1 slords 1.1 --- mailman/Mailman/Handlers/Scrubber.py.orig 2006-06-13 22:05:53.000000000 +0300
2     +++ mailman/Mailman/Handlers/Scrubber.py 2006-06-13 22:04:24.000000000 +0300
3     @@ -266,7 +266,11 @@
4     finally:
5     os.umask(omask)
6     desc = part.get('content-description', _('not available'))
7     - filename = part.get_filename(_('not available'))
8     + try:
9     + filename = part.get_filename(_('not available'))
10     + except ValueError:
11     + # Hack to deal with filename containing ' character.
12     + filename = _('not available')
13     del part['content-type']
14     del part['content-transfer-encoding']
15     part.set_payload(_("""\
16     @@ -358,8 +362,16 @@
17     # e.g. image/jpg (should be image/jpeg). For now we just store such
18     # things as application/octet-streams since that seems the safest.
19     ctype = msg.get_content_type()
20     - fnext = os.path.splitext(msg.get_filename(''))[1]
21     - ext = guess_extension(ctype, fnext)
22     + try:
23     + fnext = os.path.splitext(msg.get_filename(''))[1]
24     + except ValueError:
25     + # Catch the case when msg.get_filename('') fails with a
26     + # ValueError: need more than 2 values to unpack
27     + # File "/usr/lib/python2.4/email/Utils.py", line 222, in decode_rfc2231
28     + # charset, language, s = parts
29     + ext = ''
30     + else:
31     + ext = guess_extension(ctype, fnext)
32     if not ext:
33     # We don't know what it is, so assume it's just a shapeless
34     # application/octet-stream, unless the Content-Type: is
35     @@ -377,7 +389,11 @@
36     try:
37     # Now base the filename on what's in the attachment, uniquifying it if
38     # necessary.
39     - filename = msg.get_filename()
40     + try:
41     + filename = msg.get_filename()
42     + except ValueError:
43     + # Another case of catching filenames that contain a ' character.
44     + filename = ''
45     if not filename:
46     filebase = 'attachment'
47     else:

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed