There is a problem and potential security hazard that causes the
Mail::CheckUser to fail in Perl 5.8.0 with taint checking enabled.
I have not tried with previous versions of perl.
The list of
MX records returned from DNS is passed directly to Net::Ping-
>XXX without checking the host names for validity. These have
to be untainted and should be checked for valid syntax. I have not
studied the code much, but in the event someone controls the
DNS of the email address being verified, it might open security
holes now or in the future.
I have uploaded a simple patch,
although you might want to provide a more elegant solution. I just
needed to get it working in a hurry after upgrading Perl :-)
Log in to post a comment.