Re: [Omail-devel] Insecure dependency
Brought to you by:
swix
Menu
▾
▴
Re: [Omail-devel] Insecure dependency
|
From: Wolfgang P. <ma...@di...> - 2004-01-23 10:25:09
|
hi again,
the same error also occours in the updatestatus function
best regards
Wolfgang
Am Do, den 22.01.2004 schrieb Wolfgang Pichler um 16:56:
> hi all,
>
> i am running omail-webamil version 0.98.4 - and upgraded to perl 5.8.
> With this upgrade it seems that something with the taint checks have
> changed ( i am not a perl expert! ). After the upgrade i got the
> Insecure dependency errorat line 2733 (where it copies the mail from new
> to cur with a system call). I've changed that:
> ------------
> if ($submdir eq "new") {
> my $sourcefile = "$spooldir/$submdir/$currentfile";
> my $destfile = "$spooldir/cur/$currentfile";;
> system("/bin/cp","$sourcefile","$destfile");
> if ((-f $destfile) && ($destfile ne $sourcefile)) {
> -------------
> to that:
> -------------
> if ($submdir eq "new") {
> my $sourcefile = "$spooldir/$submdir/$currentfile";
> my $destfile = "$spooldir/cur/$currentfile";;
> if ($sourcefile =~ /^([-\@\/\w.]+)$/) {
> $sourcefile = $1; # $data now untainted
> } else {
> die "Bad data in $sourcefile"; # log this somewhere
> }
> if ($destfile =~ /^([-\@\/\w.]+)$/) {
> $destfile = $1; # $data now untainted
> } else {
> die "Bad data in $destfile"; # log this somewhere
> }
> system("/bin/cp","$sourcefile","$destfile");
> if ((-f $destfile) && ($destfile ne $sourcefile)) {
> -------------
>
> and now it works (i don't know if this is the right way)
>
> best regards
> Wolfgang
>
>
>
> -------------------------------------------------------
> The SF.Net email is sponsored by EclipseCon 2004
> Premiere Conference on Open Tools Development and Integration
> See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
> http://www.eclipsecon.org/osdn
> _______________________________________________
> Omail-devel mailing list
> Oma...@li...
> https://lists.sourceforge.net/lists/listinfo/omail-devel
|