rpms / spamassassin-FuzzyOcr

Clone
Source Code
GIT

Files

el5 el6 f12 f13 f14 f15 f16 f17 f18 f19 f20 f21 f22 f23 f24 f25 f26 f27 f28 f29 main rawhide
  1.   f23
  2.   fuzzyocr-fix-untaint-issue.patch
Blob Blame History Raw 
--- a/FuzzyOcr/Config.pm
+++ b/FuzzyOcr/Config.pm
@@ -577,7 +577,7 @@ sub parse_config {
         return 1;
     } elsif ($opts->{key} eq 'focr_bin_helper') {
         my @cmd; $conf = $opts->{conf};
-        my $val = $opts->{value}; $val =~ s/[\s]*//g;
+        my $val = Mail::SpamAssassin::Util::untaint_var($opts->{value}); $val =~ s/[\s]*//g;
         debuglog("focr_bin_helper: '$val'");
         foreach my $bin (split(',',$val)) {
             unless (grep {m/$bin/} @bin_utils) {
@@ -618,6 +618,7 @@ sub finish_parsing_end {
             delete $conf->{$b};
         } 
         if (defined $conf->{$b}) {
+            $conf->{$b} = Mail::SpamAssassin::Util::untaint_var($conf->{$b});
             debuglog("Using $a => $conf->{$b}");
         } else {
             foreach my $p (@paths) {
diff --git a/FuzzyOcr/Logging.pm b/FuzzyOcr/Logging.pm
index bed9ff5..ef02b32 100644
--- a/FuzzyOcr/Logging.pm
+++ b/FuzzyOcr/Logging.pm
@@ -31,7 +31,8 @@ sub logfile {
     my $time = strftime("%Y-%m-%d %H:%M:%S",localtime(time));
     $logtext =~ s/\n/\n                      /g;
 
-    unless ( open LOGFILE, ">>", $conf->{focr_logfile} ) {
+    my $fname = Mail::SpamAssassin::Util::untaint_file_path($conf->{focr_logfile});
+    unless ( open LOGFILE, ">>", $fname ) {
        warn "Can't open $conf->{focr_logfile} for writing, check permissions";
        return;
     }
Powered by Pagure 5.14.1
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.