/[smeserver]/rpms/smeserver-qpsmtpd/sme10/smeserver-qpsmtpd-2.7.0-bz11648-tnef2mime.patch
ViewVC logotype

Annotation of /rpms/smeserver-qpsmtpd/sme10/smeserver-qpsmtpd-2.7.0-bz11648-tnef2mime.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.2 - (hide annotations) (download)
Fri Sep 17 04:36:31 2021 UTC (3 years, 1 month ago) by jpp
Branch: MAIN
CVS Tags: smeserver-qpsmtpd-2_7_0-13_el7_sme, smeserver-qpsmtpd-2_7_0-6_el7_sme, smeserver-qpsmtpd-2_7_0-9_el7_sme, smeserver-qpsmtpd-2_7_0-7_el7_sme, smeserver-qpsmtpd-2_7_0-14_el7_sme, smeserver-qpsmtpd-2_7_0-8_el7_sme, smeserver-qpsmtpd-2_7_0-17_el7_sme, smeserver-qpsmtpd-2_7_0-12_el7_sme, smeserver-qpsmtpd-2_7_0-11_el7_sme, smeserver-qpsmtpd-2_7_0-5_el7_sme, smeserver-qpsmtpd-2_7_0-16_el7_sme, smeserver-qpsmtpd-2_7_0-15_el7_sme, smeserver-qpsmtpd-2_7_0-10_el7_sme, HEAD
Changes since 1.1: +101 -1 lines
* Thu Sep 16 2021 Jean-Philippe Pialasse <tests@pialasse.com> 2.7.0-5.sme
- fix tnef2mime FATAL PLUGIN ERROR  [SME: 11648]
  this will be a temp fix by redefining MIME::Parser::Filer::output_path
  until it has been fixed upstream

1 jpp 1.1 diff -Nur --no-dereference smeserver-qpsmtpd-2.7.0.old/root/usr/share/qpsmtpd/plugins/tnef2mime smeserver-qpsmtpd-2.7.0/root/usr/share/qpsmtpd/plugins/tnef2mime
2     --- smeserver-qpsmtpd-2.7.0.old/root/usr/share/qpsmtpd/plugins/tnef2mime 2008-10-07 11:05:17.000000000 -0400
3 jpp 1.2 +++ smeserver-qpsmtpd-2.7.0/root/usr/share/qpsmtpd/plugins/tnef2mime 2021-09-17 00:33:10.776000000 -0400
4 jpp 1.1 @@ -1,4 +1,4 @@
5     -#!/usr/bin/perl -wT
6     +#!/usr/bin/perl -w
7     =head1 NAME
8    
9     tnef2mime
10 jpp 1.2 @@ -19,9 +19,56 @@
11    
12    
13     =cut
14     -
15     -
16     use MIME::Parser;
17     +{
18     +# this is a dirty fix regarding this bug https://rt.cpan.org/Ticket/Display.html?id=97886
19     +# this way we can keep on usinhg this plugin waiting for the upstream fix
20     +# the no warnings avoid message in qpsmtpd log on every mails saying we override the sub.
21     +no warnings;
22     +*MIME::Parser::Filer::output_path = sub {
23     + my ($self, $head) = @_;
24     +
25     + ### Get the output directory:
26     + my $dir = $self->output_dir($head);
27     +
28     + ### Get the output filename as UTF-8
29     + my $fname = $head->recommended_filename;
30     +
31     + ### Can we use it:
32     + if (!defined($fname)) {
33     + $self->debug("no filename recommended: synthesizing our own");
34     + $fname = $self->output_filename($head);
35     + }
36     + elsif ($self->ignore_filename) {
37     + $self->debug("ignoring all external filenames: synthesizing our own");
38     + $fname = $self->output_filename($head);
39     + }
40     + elsif ($self->evil_filename($fname)) {
41     +
42     + ### Can we save it by just taking the last element?
43     + my $ex = $self->exorcise_filename($fname);
44     + if (defined($ex) and !$self->evil_filename($ex)) {
45     + $self->whine("Provided filename '$fname' is regarded as evil, ",
46     + "but I was able to exorcise it and get something ",
47     + "usable.");
48     + $fname = $ex;
49     + }
50     + else {
51     + $self->whine("Provided filename '$fname' is regarded as evil; ",
52     + "I'm ignoring it and supplying my own.");
53     + $fname = $self->output_filename($head);
54     + }
55     + }
56     + $self->debug("planning to use '$fname'");
57     +
58     + #untaint dir and fname
59     + $self->debug("it is our own");
60     + $fname = ($fname =~ m/^([ \w_.:%-]+)$/ig) ? $1 : $self->output_filename($head);
61     + ### Resolve collisions and return final path:
62     + return $self->find_unused_path($dir, $fname);
63     +};
64     +}
65     +
66     use MIME::Entity;
67     use MIME::Head;
68     use File::MMagic;
69     @@ -117,13 +164,18 @@
70     my ($self, $transaction) = @_;
71     # new Parser Object
72     $parser = new MIME::Parser;
73     + # if you want to debug the Parser :
74     + #use MIME::Tools; MIME::Tools->debugging(1);
75     # temp output directory
76     $parser->output_under( $tmpdir );
77     $parser->extract_uuencode(1);
78    
79     + #untainted filename
80     + $transaction->body_filename() =~ /^([:\-\/\w]+)\z/ or die "Disallowed characters in filename ".$transaction->body_filename();
81     + my $bdfilename = $1;
82     # read message body
83     - open BFN, $transaction->body_filename();
84     - $ent = $parser->parse(\*BFN);
85     + open BFN, "<", $bdfilename ;#$transaction->body_filename();
86     + $ent = $parser->parse(\*BFN);
87     my @keep = grep { keep_part($self, $_) } $ent->parts; # @keep now holds all non-tnef attachments
88     close BFN;
89    
90     @@ -155,7 +207,7 @@
91     $transaction->header->add('X-TNEF2MIME-Plugin', $xac );
92     }
93     # write converted message body
94     - open BFN, ">" . $transaction->body_filename();
95     + open BFN, ">" , $bdfilename;#$transaction->body_filename();
96     $ent->print(\*BFN);
97     close BFN;
98     }
99     @@ -166,7 +218,9 @@
100     $tnefs[$i]->purge();
101     }
102    
103     - my $output_dir = $parser->output_dir;
104     + #untainted filename
105     + $parser->output_dir =~ /^([:\-\/\w]+)\z/ or die "Disallowed characters in output dir ".$parser->output_dir;
106     + my $output_dir = $1;
107    
108     opendir( DIR, $output_dir ) or die "Could not open temporary output dir $output_dir: $!\n";
109     while( defined( my $file = readdir( DIR ) ) )

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed