--- mailman-2.1.5.1/Mailman/Utils.py.CVE-2006-4624 2007-05-21 16:23:13.000000000 +0200 +++ mailman-2.1.5.1/Mailman/Utils.py 2007-05-21 16:26:11.000000000 +0200 @@ -50,6 +50,7 @@ from Mailman import Errors from Mailman import Site from Mailman.SafeDict import SafeDict +from Mailman.Logging.Syslog import syslog try: True, False @@ -216,9 +217,16 @@ +# Patterns which may be used to form malicious path to inject a new +# line in the mailman error log. (TK: advisory by Moritz Naumann) +CRNLpat = re.compile(r'[^\x21-\x7e]') + def GetPathPieces(envar='PATH_INFO'): path = os.environ.get(envar) if path: + if CRNLpat.search(path): + path = CRNLpat.split(path)[0] + syslog('error', 'Warning: Possible malformed path attack.') return [p for p in path.split('/') if p] return None @@ -497,7 +505,6 @@ text = sdict.interpolate(utemplate) except (TypeError, ValueError), e: # The template is really screwed up - from Mailman.Logging.Syslog import syslog syslog('error', 'broken template: %s\n%s', filename, e) pass if raw: