mail/postgrey/files/patch-postgrey


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19

--- postgrey.orig   2011-05-05 04:54:15.000000000 +0800
+++ postgrey    2013-10-20 01:07:50.744835568 +0800
@@ -557,6 +557,16 @@
     if($opt{dbdir}) {
         $opt{dbdir} =~ /^(.*)$/; $opt{dbdir} = $1;
     }
+    # untaint what is given on --pidfile. It is not security sensitive since
+    # it is provided by the admin
+    if($opt{pidfile}) {
+        $opt{pidfile} =~ /^(.*)$/; $opt{pidfile} = $1;
+    }
+    # untaint what is given on --inet. It is not security sensitive since
+    # it is provided by the admin
+    if($opt{inet}) {
+        $opt{inet} =~ /^(.*)$/; $opt{inet} = $1;
+    }
 
     # determine proper "logsock" for Sys::Syslog
     my $syslog_logsock;