/[smecontribs]/rpms/mailman/contribs7/mailman-2.1.5.1-CVE-2006-4624.patch
ViewVC logotype

Annotation of /rpms/mailman/contribs7/mailman-2.1.5.1-CVE-2006-4624.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.3 - (hide annotations) (download)
Tue Nov 25 16:20:13 2008 UTC (15 years, 11 months ago) by slords
Branch: MAIN
CVS Tags: HEAD
Changes since 1.2: +0 -0 lines
Restore

1 slords 1.1 --- mailman-2.1.5.1/Mailman/Utils.py.CVE-2006-4624 2007-05-21 16:23:13.000000000 +0200
2     +++ mailman-2.1.5.1/Mailman/Utils.py 2007-05-21 16:26:11.000000000 +0200
3     @@ -50,6 +50,7 @@
4     from Mailman import Errors
5     from Mailman import Site
6     from Mailman.SafeDict import SafeDict
7     +from Mailman.Logging.Syslog import syslog
8    
9     try:
10     True, False
11     @@ -216,9 +217,16 @@
12    
13    
14    
15     +# Patterns which may be used to form malicious path to inject a new
16     +# line in the mailman error log. (TK: advisory by Moritz Naumann)
17     +CRNLpat = re.compile(r'[^\x21-\x7e]')
18     +
19     def GetPathPieces(envar='PATH_INFO'):
20     path = os.environ.get(envar)
21     if path:
22     + if CRNLpat.search(path):
23     + path = CRNLpat.split(path)[0]
24     + syslog('error', 'Warning: Possible malformed path attack.')
25     return [p for p in path.split('/') if p]
26     return None
27    
28     @@ -497,7 +505,6 @@
29     text = sdict.interpolate(utemplate)
30     except (TypeError, ValueError), e:
31     # The template is really screwed up
32     - from Mailman.Logging.Syslog import syslog
33     syslog('error', 'broken template: %s\n%s', filename, e)
34     pass
35     if raw:

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed