spamassassin-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Morton <morto...@dgrmm.net>
Subject Re: insecure dependency in sa-learn --import
Date Wed, 27 Jan 2010 01:41:29 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Mark Martinec wrote:
>> perl 5.8.8
> 
> --- lib/Mail/SpamAssassin/BayesStore/DBM.pm	(revision 903517)
> +++ lib/Mail/SpamAssassin/BayesStore/DBM.pm	(working copy)
> @@ -1438,6 +1438,9 @@
>      # bayes directory
>      my $main = $self->{bayes}->{main};
>      my $path = $main->sed_path($main->{conf}->{bayes_path});
> +
> +    # prevent dirname() from tainting the result, it assumes $1 is not tainted
> +    local($1,$2,$3);
>      my $dir = dirname($path);
>  
>      # make temporary copy since old dbm and new dbm may have same name



Thanks Mark, I can confirm that works for me.

- --
David Morton <mortonda@dgrmm.net>

Morton Software & Design  http://www.dgrmm.net - Ruby on Rails
                                                 PHP Applications
Maia Mailguard http://www.maiamailguard.com    - Spam management
                                                 for mail servers
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iD8DBQFLX5nJUy30ODPkzl0RAqGkAKCxvhXf2/rYih9A3Tu+HUzIqLua3gCgk4YL
JhI6Axz97pfWEqkyVJfhk08=
=/9Uq
-----END PGP SIGNATURE-----

Mime
View raw message