Objet : Pour les administrateurs de serveurs de listes utilisant le logiciel Sympa
Archives de la liste
- From: Olivier Salaun - CRU <adresse@cachée>
- To: adresse@cachée
- Cc: adresse@cachée
- Subject: [patch] Possible security hole in Sympa
- Date: Tue, 21 Sep 1999 15:49:08 +0200
A bug has been reported by "Frederic ALLIOD" <adresse@cachée> :
The problem occurs when sending a file/message/report to an email
address beginning with a "-". When invoking sendmail, this is considered
by sendmail like an argument which he doesn't understand. Sendmail call
fails and Sympa dies.
Here is a patch :
Olivier Salaun
*** smtp.pm~ Tue Jun 29 17:21:03 1999
--- smtp.pm Tue Sep 21 15:32:22 1999
***************
*** 67,72 ****
--- 67,83 ----
my @t = $rcpt; \@t = $rcpt;
do_log('debug2', '[smtpto] Msg from %s, %d rcpts',$from, $#t);
+ ## Escape "-" at beginning of recepient addresses
+ ## prevent sendmail from taking it as argument
+ if (ref($rcpt) eq 'SCALAR') {
+ $$rcpt =~ s/^-/\\-/;
+ }else {
+ my @emails = @$rcpt;
+ foreach my $i (0..$#emails) {
+ $rcpt->[$i] =~ s/^-/\\-/;
+ }
+ }
+
## Check how many open smtp's we have, if too many wait for a few
## to terminate and then do our job.
print STDERR "Open = $opensmtp\n" if ($main::opt_d);
-
[patch] Possible security hole in Sympa,
Olivier Salaun - CRU, 21/09/1999
- Re: [patch] Possible security hole in Sympa, André LAGADEC, 22/09/1999
Archives gérées par MHonArc 2.6.19+.