Closed gregoa closed 10 years ago
Thanks for reporting. I pushed a possible fix, based on the related postgrey bug/fix. Unfortunately I have no way to test this, so please let me know how it goes.
Cheers, -Max
Thanks, I'll ask the original but submitter for a test & feedback.
According to http://bugs.debian.org/722159#24 , the patch did not fix the submitter's problem :/
(Maybe you could try to work this out together? Copypasting between the Debian BTS and github seems a bit inefficient ...)
The following patch fixes the problem for me. I didn't check if untainting less variables would be sufficient, too, though.
Michael
--- spampd 2013-11-04 16:03:52.000000000 +0100 +++ /usr/sbin/spampd 2013-11-04 16:05:05.000000000 +0100 @@ -900,6 +900,22 @@ usage(0); }
+# Untaint some options provided by admin command line. +$pidfile =~ /^(.)$/; +$pidfile = $1; + +$relayhost =~ /^(.)$/; +$relayhost = $1; + +$relayport =~ /^(.)$/; +$relayport = $1; + +$host =~ /^(.)$/; +$host = $1; + +$port =~ /^(.*)$/; +$port = $1; + if ( $options{tagall} ) { $tagall = 1; } if ( $options{'log-rules-hit'} ) { $rh = 1; } if ( $options{debug} ) { $debug = 1; $nsloglevel = 4; }
Thanks Michael! Update pushed. Marking issue closed for now. Gregor, thanks for your time as well.
-Max
The regexps are incomplete. Better use this: http://paste.ubuntu.com/6993312/
Forwarded from http://bugs.debian.org/722159
After the upgrade from Perl 5.14 to 5.18 spampd doesn't start: