The following patch provides a workaround for a Perl5.8.9 bug #62502:
[perl #62502] Fcntl exported constants become tainted under 5.8.9
where O_WRONLY, O_APPEND and other Fcntl constants can become tainted.
The Perl bug could manifest itself as a taint problem during file-based
quarantining, during MIME decoding, decoding archives and decompressing
mail parts, and possibly elsewhere. The bug is triggered by a legitimate
code in Archive::Zip and affects subsequent operations in amavisd
for the lifetime of the child process.
This only affects perl 5.8.9; the 5.8.8 and 5.10.0 are fine.
--- amavisd.orig 2008-12-15 01:50:09.000000000 +0100
+++ amavisd 2009-02-04 02:23:50.000000000 +0100
@@ -7083,5 +7083,5 @@
import Amavis::Conf qw(:platform c cr ca $MAXFILES);
import Amavis::Timing qw(section_time);
- import Amavis::Util qw(snmp_count ll do_log);
+ import Amavis::Util qw(snmp_count untaint ll do_log);
import Amavis::Unpackers::NewFilename qw(consumed_bytes);
}
@@ -7105,5 +7105,6 @@
my($newpart) = $newpart_obj->full_name;
my($outpart) = IO::File->new;
- $outpart->open($newpart, O_CREAT|O_EXCL|O_WRONLY, 0640)
+ # O_WRONLY etc. can become tainted in Perl5.8.9 [perlbug #62502]
+ $outpart->open($newpart, untaint(O_CREAT|O_EXCL|O_WRONLY), 0640)
or die "Can't create $pe_name file $newpart: $!";
binmode($outpart, ":bytes") or die "Can't cancel :utf8 mode: $!"
@@ -18062,5 +18063,6 @@
{ die "File $bsmtp_file_tmp exists??? Refuse to overwrite it, $!" }
$mp = IO::File->new;
- $mp->open($bsmtp_file_tmp, O_CREAT|O_EXCL|O_WRONLY, 0640)
+ # O_WRONLY etc. can become tainted in Perl5.8.9 [perlbug #62502]
+ $mp->open($bsmtp_file_tmp, untaint(O_CREAT|O_EXCL|O_WRONLY), 0640)
or die "Can't create BSMTP file $bsmtp_file_tmp: $!";
binmode($mp, ":bytes") or die "Can't set :bytes, $!" if $unicode_aware;
@@ -18178,5 +18180,5 @@
@EXPORT_OK = qw(&mail_to_local_mailbox);
import Amavis::Conf qw(:platform $quarantine_subdir_levels c cr ca);
- import Amavis::Util qw(ll do_log unique_list);
+ import Amavis::Util qw(ll do_log untaint unique_list);
import Amavis::Timing qw(section_time);
import Amavis::rfc2821_2822_Tools;
@@ -18335,5 +18337,6 @@
} else {
$mp = IO::File->new;
- $mp->open($mbxname, O_CREAT|O_EXCL|O_WRONLY, 0640)
+ # O_WRONLY etc. can become tainted in Perl5.8.9 [perlbug #62502]
+ $mp->open($mbxname, untaint(O_CREAT|O_EXCL|O_WRONLY), 0640)
or die "Can't create file $mbxname: $!";
binmode($mp, ":bytes") or die "Can't cancel :utf8 mode: $!"
@@ -18347,5 +18350,6 @@
# its mail delivery to be retried later by MTA
$mp = IO::File->new;
- $mp->open($mbxname, O_CREAT|O_EXCL|O_WRONLY, 0640)
+ # O_WRONLY etc. can become tainted in Perl5.8.9 [perlbug #62502]
+ $mp->open($mbxname, untaint(O_CREAT|O_EXCL|O_WRONLY), 0640)
or die "Can't create file $mbxname: $!";
} elsif ($errn==0 && !-f _) {
@@ -18355,5 +18359,6 @@
} else {
$mp = IO::File->new;
- $mp->open($mbxname, O_APPEND|O_WRONLY, 0640)
+ # O_WRONLY etc. can become tainted in Perl5.8.9 [perlbug #62502]
+ $mp->open($mbxname, untaint(O_APPEND|O_WRONLY), 0640)
or die "Can't append to $mbxname: $!";
}
@@ -21932,5 +21937,6 @@
my($newpart) = $newpart_obj->full_name;
my($outpart) = IO::File->new;
- $outpart->open($newpart, O_CREAT|O_EXCL|O_WRONLY, 0640)
+ # O_WRONLY etc. can become tainted in Perl5.8.9 [perlbug #62502]
+ $outpart->open($newpart, untaint(O_CREAT|O_EXCL|O_WRONLY), 0640)
or die "Can't create file $newpart: $!";
binmode($outpart) or die "Can't set file $newpart to binmode: $!";
@@ -22048,5 +22054,6 @@
my($newpart) = $newpart_obj->full_name;
my($outpart) = IO::File->new;
- $outpart->open($newpart, O_CREAT|O_EXCL|O_WRONLY, 0640)
+ # O_WRONLY etc. can become tainted in Perl5.8.9 [perlbug #62502]
+ $outpart->open($newpart, untaint(O_CREAT|O_EXCL|O_WRONLY), 0640)
or die "Can't create file $newpart: $!";
binmode($outpart) or die "Can't set file $newpart to binmode: $!";
@@ -22681,5 +22688,6 @@
my($newpart) = $newpart_obj->full_name;
my($outpart) = IO::File->new;
- $outpart->open($newpart, O_CREAT|O_EXCL|O_WRONLY, 0640)
+ # O_WRONLY etc. can become tainted in Perl5.8.9 [perlbug #62502]
+ $outpart->open($newpart, untaint(O_CREAT|O_EXCL|O_WRONLY), 0640)
or die "Can't create file $newpart: $!";
binmode($outpart) or die "Can't set file $newpart to binmode: $!";
@@ -22964,5 +22972,6 @@
my($outfile, $ifh, $pid) = @_;
my($ofh) = IO::File->new;
- $ofh->open($outfile, O_CREAT|O_EXCL|O_WRONLY, 0640) # calls sysopen
+ # O_WRONLY etc. can become tainted in Perl5.8.9 [perlbug #62502]
+ $ofh->open($outfile, untaint(O_CREAT|O_EXCL|O_WRONLY), 0640) # calls sysopen
or die "Can't create file $outfile: $!";
binmode($ofh) or die "Can't set file $outfile to binmode: $!";
Mark
------------------------------------------------------------------------------
Create and Deploy Rich Internet Apps outside the browser with Adobe(R)AIR(TM)
software. With Adobe AIR, Ajax developers can use existing skills and code to
build responsive, highly engaging applications that combine the power of local
resources and data with the reach of the web. Download the Adobe AIR SDK and
Ajax docs to start building applications today-http://p.sf.net/sfu/adobe-com
_______________________________________________
AMaViS-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
