/[smecontribs]/rpms/mailman/contribs7/mailman-2.1.5.1-CVE-2006-4624.patch
ViewVC logotype

Contents of /rpms/mailman/contribs7/mailman-2.1.5.1-CVE-2006-4624.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.3 - (show annotations) (download)
Tue Nov 25 16:20:13 2008 UTC (16 years ago) by slords
Branch: MAIN
CVS Tags: HEAD
Changes since 1.2: +0 -0 lines
Restore

1 --- mailman-2.1.5.1/Mailman/Utils.py.CVE-2006-4624 2007-05-21 16:23:13.000000000 +0200
2 +++ mailman-2.1.5.1/Mailman/Utils.py 2007-05-21 16:26:11.000000000 +0200
3 @@ -50,6 +50,7 @@
4 from Mailman import Errors
5 from Mailman import Site
6 from Mailman.SafeDict import SafeDict
7 +from Mailman.Logging.Syslog import syslog
8
9 try:
10 True, False
11 @@ -216,9 +217,16 @@
12
13
14
15 +# Patterns which may be used to form malicious path to inject a new
16 +# line in the mailman error log. (TK: advisory by Moritz Naumann)
17 +CRNLpat = re.compile(r'[^\x21-\x7e]')
18 +
19 def GetPathPieces(envar='PATH_INFO'):
20 path = os.environ.get(envar)
21 if path:
22 + if CRNLpat.search(path):
23 + path = CRNLpat.split(path)[0]
24 + syslog('error', 'Warning: Possible malformed path attack.')
25 return [p for p in path.split('/') if p]
26 return None
27
28 @@ -497,7 +505,6 @@
29 text = sdict.interpolate(utemplate)
30 except (TypeError, ValueError), e:
31 # The template is really screwed up
32 - from Mailman.Logging.Syslog import syslog
33 syslog('error', 'broken template: %s\n%s', filename, e)
34 pass
35 if raw:

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed