54 lines
2 KiB
Text
54 lines
2 KiB
Text
From sbeck@gossamer-threads.com Sat Oct 9 00:36:20 2004
|
|
Return-Path: <sbeck@gossamer-threads.com>
|
|
Delivered-To: guy-ezmlm@rucus.net
|
|
Received: (qmail 94672 invoked by uid 1025); 8 Oct 2004 22:36:20 -0000
|
|
Received: from sbeck@gossamer-threads.com by server.rucus.ru.ac.za by uid 82 with qmail-scanner-1.22
|
|
(clamdscan: 0.75.1. Clear:RC:0(64.69.64.21):.
|
|
Processed in 3.991777 secs); 08 Oct 2004 22:36:20 -0000
|
|
Received: from gossamer.nmsrv.com (HELO gossamer-threads.com) (64.69.64.21)
|
|
by server.rucus.ru.ac.za with SMTP; 8 Oct 2004 22:36:16 -0000
|
|
Received: (qmail 17647 invoked from network); 8 Oct 2004 22:36:00 -0000
|
|
X-AntiVirus: Clean
|
|
Received: from unknown (HELO sbeck) (sbeck@64.180.111.209)
|
|
by gossamer.nmsrv.com with (RC4-MD5 encrypted) SMTP; 8 Oct 2004 22:36:00 -0000
|
|
Subject: Mail::Ezmlm tainting
|
|
From: Scott Beck <sbeck@gossamer-threads.com>
|
|
To: Guy Antony Halse <guy-ezmlm@rucus.net>
|
|
Content-Type: text/plain
|
|
Organization: Gossamer Threads
|
|
Message-Id: <1097274969.15328.32.camel@sbeck.office.gossamer-threads.com>
|
|
Mime-Version: 1.0
|
|
X-Mailer: Ximian Evolution 1.4.6
|
|
Date: Fri, 08 Oct 2004 15:36:09 -0700
|
|
Content-Transfer-Encoding: 7bit
|
|
Status: RO
|
|
Content-Length: 810
|
|
|
|
Hi,
|
|
|
|
I just ran into a taint problem with Mail::Ezmlm on one of our servers.
|
|
In Mail/Ezmlm.pm you have a sub _checkaddress which validates an email
|
|
address that is passed off to system, however to just verify the address
|
|
is not enough for perl's -T tests. You must reassign it to a capture
|
|
from a regex. Here is a version of the function that fixes this (a
|
|
little hacky).
|
|
|
|
sub _checkaddress {
|
|
my($self, $address) = @_;
|
|
return 1 unless defined($address);
|
|
return 0 unless($address =~ /^(\S+\@\S+\.\S+)$/);
|
|
$_[1] = $1;
|
|
return 1;
|
|
}
|
|
|
|
Cheers,
|
|
|
|
Scott
|
|
--
|
|
-------------------- Gossamer Threads Inc. ----------------------
|
|
Scott Beck Email: scott@gossamer-threads.com
|
|
Lead Software Developer Phone: (604) 687-5804
|
|
http://www.gossamer-threads.com Fax: (604) 687-5806
|
|
|
|
|
|
|