v4.85.1-0 tarball beta
John Wilcock
john at tradoc.fr
Mon Mar 2 13:03:05 GMT 2015
Hi Jerry,
You're missing a fix to PFDiskStore.pm that causes taint errors (Can't
call method "print" on an undefined value at
/usr/lib/MailScanner/MailScanner/PFDiskStore.pm line 758) when bad
filenames/filetypes are detected.
This was reported years ago though it never seems to have made it to the
official repository.
John
--- /usr/lib/MailScanner/MailScanner/PFDiskStore.pm.4.85.orig
2015-03-02 13:49:11.000000000 +0100
+++ /usr/lib/MailScanner/MailScanner/PFDiskStore.pm 2015-03-02
13:55:53.000000000 +0100
@@ -630,8 +630,15 @@
my $this = shift;
my($message, $targetdir, $targetfile, $uid, $gid, $changeowner) = @_;
- $targetfile =~/([\w\d]{9,15}\.[\w\d]{5})/;
- $targetfile = $1;
+ if ($targetfile =~ /([A-F\d]{8,15}\.[A-F\d]{5})/) {
+ $targetfile = $1;
+ } else {
+ if ($targetfile =~ /([\w\d\.]{4,32})/) {
+ $targetfile = $1;
+ } else {
+ $targetfile = "fallback";
+ }
+ }
#print STDERR "Copying to $targetdir $targetfile\n";
if (MailScanner::Config::Value('storeentireasdfqf')) {
More information about the MailScanner
mailing list