> indeed. There is code for that feature, but it will take time to
> debug this.
FWIW, I notice the netbsd folks are reporting new taint problems with
postgrey and perl 5.18 too, so perl probably turned up the taint
checking a bit.
I've hacked an experimental change (diff below) into my local copy, will
watch and advise.
De
--- cya_amavisd-new 2014-05-10 16:54:25.000000000 -0400
+++ amavisd-new 2014-07-17 16:41:24.431525709 -0400
@@ -7891,13 +7891,14 @@
use vars qw(@ISA @EXPORT @EXPORT_OK %EXPORT_TAGS $VERSION);
$VERSION = '2.320';
@ISA = qw(Exporter);
+ import Amavis::Util qw(untaint_inplace);
}
sub new
{ my $class = $_[0]; bless {}, $class }
sub client_ip # client IP address (immediate SMTP client, i.e. our MTA)
- { @_<2 ? shift->{client_ip} : ($_[0]->{client_ip} = $_[1]) }
+ { @_<2 ? untaint_inplace(shift->{client_ip}) : ($_[0]->{client_ip} =
untaint_inplace($_[1])) }
sub socket_ip # IP address of our interface that received connection
{ @_<2 ? shift->{socket_ip} : ($_[0]->{socket_ip} = $_[1]) }
sub socket_port # TCP port of our interface that received connection
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
