/[smecontribs]/rpms/smeserver-mailalias/contribs10/smeserver-mailalias-0.1-bz12108-untaint.patch
ViewVC logotype

Annotation of /rpms/smeserver-mailalias/contribs10/smeserver-mailalias-0.1-bz12108-untaint.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.1 - (hide annotations) (download)
Sun Jul 24 00:27:23 2022 UTC (2 years, 3 months ago) by jpp
Branch: MAIN
CVS Tags: smeserver-mailalias-0_1-10_el7_sme, smeserver-mailalias-0_1-9_el7_sme, smeserver-mailalias-0_1-11_el7_sme, HEAD
* Sat Jul 23 2022 Jean-Philippe Pialasse <tests@pialasse.com> 0.1-9.sme
- untaint correctly mailalias [SME: 12108]

1 jpp 1.1 diff -Nur --no-dereference smeserver-mailalias-0.1.old/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/mailalias.pm smeserver-mailalias-0.1/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/mailalias.pm
2     --- smeserver-mailalias-0.1.old/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/mailalias.pm 2011-09-27 22:15:23.000000000 -0400
3     +++ smeserver-mailalias-0.1/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/mailalias.pm 2022-07-23 20:25:02.797000000 -0400
4     @@ -180,7 +180,7 @@
5     or $msg = "Error occurred while creating mailalias in database.";
6    
7     # Untaint $pseudonym before use in system()
8     - ($mailalias) = ($mailalias =~ /(.+)/);
9     + ($mailalias) = ($mailalias =~ /([\w\p{L}.]+)/ );
10     system( "/sbin/e-smith/signal-event", "mailalias-create", "$mailalias",)
11     == 0 or $msg = "Error occurred while creating mailalias.";
12    
13     @@ -230,7 +230,7 @@
14     or $msg = "Error occurred while modifying mailalias in database.";
15    
16     # Untaint $mailalias before use in system()
17     - ($mailalias) = ($mailalias =~ /(.+)/);
18     + ($mailalias) = ($mailalias =~ /([\w\p{L}]+.)/);
19     system( "/sbin/e-smith/signal-event", "mailalias-modify", "$mailalias",)
20     == 0 or $msg = "Error occurred while modifying mailalias.";
21    
22     @@ -268,7 +268,7 @@
23     #------------------------------------------------------------
24    
25     # Untaint $mailalias before use in system()
26     - ($mailalias) = ($mailalias =~ /(.+)/);
27     + ($mailalias) = ($mailalias =~ /([\w\p{L}]+.)/);
28     system( "/sbin/e-smith/signal-event", "mailalias-delete", "$mailalias",)
29     == 0 or $msg = "Error occurred while deleting mailalias.";
30    

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed