Re: [Omail-devel] Insecure dependency
Brought to you by:
swix
From: Wolfgang P. <ma...@di...> - 2004-01-23 10:25:09
|
hi again, the same error also occours in the updatestatus function best regards Wolfgang Am Do, den 22.01.2004 schrieb Wolfgang Pichler um 16:56: > hi all, > > i am running omail-webamil version 0.98.4 - and upgraded to perl 5.8. > With this upgrade it seems that something with the taint checks have > changed ( i am not a perl expert! ). After the upgrade i got the > Insecure dependency errorat line 2733 (where it copies the mail from new > to cur with a system call). I've changed that: > ------------ > if ($submdir eq "new") { > my $sourcefile = "$spooldir/$submdir/$currentfile"; > my $destfile = "$spooldir/cur/$currentfile";; > system("/bin/cp","$sourcefile","$destfile"); > if ((-f $destfile) && ($destfile ne $sourcefile)) { > ------------- > to that: > ------------- > if ($submdir eq "new") { > my $sourcefile = "$spooldir/$submdir/$currentfile"; > my $destfile = "$spooldir/cur/$currentfile";; > if ($sourcefile =~ /^([-\@\/\w.]+)$/) { > $sourcefile = $1; # $data now untainted > } else { > die "Bad data in $sourcefile"; # log this somewhere > } > if ($destfile =~ /^([-\@\/\w.]+)$/) { > $destfile = $1; # $data now untainted > } else { > die "Bad data in $destfile"; # log this somewhere > } > system("/bin/cp","$sourcefile","$destfile"); > if ((-f $destfile) && ($destfile ne $sourcefile)) { > ------------- > > and now it works (i don't know if this is the right way) > > best regards > Wolfgang > > > > ------------------------------------------------------- > The SF.Net email is sponsored by EclipseCon 2004 > Premiere Conference on Open Tools Development and Integration > See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. > http://www.eclipsecon.org/osdn > _______________________________________________ > Omail-devel mailing list > Oma...@li... > https://lists.sourceforge.net/lists/listinfo/omail-devel |