Package: postgrey
Tags: patch
Thanks
Hi.
Here is a patch for the named problem (dbdir is tainted, so it has to be
untainted (and checked) before being used in potentially harmful
operations (like open ">>$dbdir").
cu,
sven
PS: I will offer you two more patches (wishlist) which allow easier
setting of the greylist-text through /etc/default/postgrey.
diff -ur postgrey-1.21.orig/postgrey postgrey-1.21/postgrey
--- postgrey-1.21.orig/postgrey 2005-05-17 18:47:20.000000000 +0200
+++ postgrey-1.21/postgrey 2005-05-17 18:59:05.000000000 +0200
@@ -406,6 +406,15 @@
}
}
+ # if dbdir is used, make sure it
+ if ( $opt{dbdir} ) {
+ if ( $opt{dbdir} =~ m,^([a-zA-Z0-9_/]+)$, ) {
+ $opt{dbdir} = $1
+ } else {
+ die "dbdir contains unwanted characters. Allowed characters:
a-z,A-Z,0-9,_,/\n"
+ }
+ }
+
# create Net::Server object and run it
my $server = bless {
server => {
