[SACVS] CVS: spamassassin/lib/Mail/SpamAssassin Ar: msg#00040 mail.spam.spamassassin.cvs

Update of /cvsroot/spamassassin/spamassassin/lib/Mail/SpamAssassin
In directory sc8-pr-cvs1:/tmp/cvs-serv29837/lib/Mail/SpamAssassin

Modified Files:
ArchiveIterator.pm
Log Message:
bug 2460: ArchiveIterator.pm: insecure dependency in glob in taint-mode

Index: ArchiveIterator.pm
===================================================================
RCS file:
/cvsroot/spamassassin/spamassassin/lib/Mail/SpamAssassin/ArchiveIterator.pm,v
retrieving revision 1.38
retrieving revision 1.39
diff -b -w -u -d -r1.38 -r1.39
--- ArchiveIterator.pm 20 Aug 2003 02:23:14 -0000 1.38
+++ ArchiveIterator.pm 15 Sep 2003 22:59:24 -0000 1.39
@@ -617,8 +617,16 @@
# protect/escape spaces: ./Mail/My Letters => ./Mail/My\ Letters
$path =~ s/([^\\])(\s)/$1\\$2/g;

+ my @paths;
+
+ if ($] < 5.006 && Mail::SpamAssassin::Util::am_running_in_taint_mode()) {
+ # glob is not allowed in taint-mode on 5.005
+ push(@paths, $path);
+ }
+ else {
# apply csh-style globs: ./corpus/*.mbox => er, you know what it does ;)
- my @paths = glob $path;
+ @paths = glob $path;
+ }
return @paths;
}

-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf

Previous by Date:	[SACVS] CVS: spamassassin/lib/Mail/SpamAssassin Conf.pm,1.250,1.251: 00040, Daniel Quinlan
Next by Date:	[SACVS] CVS: spamassassin sa-learn.raw,1.30,1.31: 00040, Daniel Quinlan
Previous by Thread:	[SACVS] CVS: spamassassin/lib/Mail/SpamAssassin Conf.pm,1.250,1.251i: 00040, Daniel Quinlan
Next by Thread:	[SACVS] CVS: spamassassin sa-learn.raw,1.30,1.31: 00040, Daniel Quinlan
Indexes:	[Date] [Thread] [Top] [All Lists]

<Prev in Thread]	Current Thread	[Next in Thread>

[SACVS] CVS: spamassassin/lib/Mail/SpamAssassin ArchiveIterator.pm,1.38,1.3: msg#00040

mail.spam.spamassassin.cvs