From e104b0d4df3a43867f1881c0f47ef75f641b9536 Mon Sep 17 00:00:00 2001 From: leeym Date: Sat, 4 Oct 2003 14:10:12 +0000 Subject: use the patch comes from SpamAssassin FAQ instead Noticed by: Mark Edwards Obtained from: SpamAssassin FAQ --- .../files/patch-lib::Razor2::Client::Agent.pm | 8 ++++++ .../files/patch-lib::Razor2::Client::Config.pm | 29 +++++++++++++++++++--- 2 files changed, 33 insertions(+), 4 deletions(-) (limited to 'mail') diff --git a/mail/razor-agents/files/patch-lib::Razor2::Client::Agent.pm b/mail/razor-agents/files/patch-lib::Razor2::Client::Agent.pm index 808e3d7eed0f..4903fa5be7b1 100644 --- a/mail/razor-agents/files/patch-lib::Razor2::Client::Agent.pm +++ b/mail/razor-agents/files/patch-lib::Razor2::Client::Agent.pm @@ -15,3 +15,11 @@ } next unless defined(my $line = <$fh>); if ($line =~ /^From /) { +@@ -969,6 +969,7 @@ + my @fns; + if (opendir D,$self->{razorhome}) { + @fns = map "$self->{razorhome}/$_", grep /^server\.[\S]+\.conf$/, readdir D; ++ @fns = map { /^(\S+)$/, $1 } @fns; # untaint + closedir D; + } + foreach (@fns) { diff --git a/mail/razor-agents/files/patch-lib::Razor2::Client::Config.pm b/mail/razor-agents/files/patch-lib::Razor2::Client::Config.pm index da79781bc383..ad400c27fca9 100644 --- a/mail/razor-agents/files/patch-lib::Razor2::Client::Config.pm +++ b/mail/razor-agents/files/patch-lib::Razor2::Client::Config.pm @@ -1,10 +1,31 @@ --- lib/Razor2/Client/Config.pm.orig 2002-11-25 19:13:59.000000000 +0100 +++ lib/Razor2/Client/Config.pm 2002-11-11 19:29:17.000000000 +0100 -@@ -373,6 +373,7 @@ +@@ -323,9 +323,11 @@ + if ($fn =~ /^(.*)\/([^\/]+)$/) { + my $dir = $1; + $fn = readlink $fn; ++ $fn = $1 if $fn =~ /^(\S+)$/; # untaint readlink + $fn = "$dir/$fn" unless $fn =~ /^\//; + } else { + $fn = readlink $fn; ++ $fn = $1 if $fn =~ /^(\S+)$/; # untaint readlink + } + } + } +@@ -366,13 +368,13 @@ + chomp; + next if /^\s*#/; + if ($nothash) { +- s/^\s+//; s/\s+$//; ++ next unless s/^\s*(.+?)\s*$/$1/; # untaint + $conf->{$_} = 7; + push @lines, $_; + } else { next unless /=/; - my ($attribute, $value) = split /\=/, $_, 2; - $attribute =~ s/^\s+//; $attribute =~ s/\s+$//; -+ $value = $1 if $value =~ /^(.*)$/; # untaint! +- my ($attribute, $value) = split /\=/, $_, 2; +- $attribute =~ s/^\s+//; $attribute =~ s/\s+$//; ++ my ($attribute, $value) = /^\s*(.+?)\s*=\s*(.+?)\s*$/; # untaint ++ next unless (defined $attribute && defined $value); $conf->{$attribute} = $self->parse_value($value); } $total++; -- cgit