Hi
Maybe i'v found the solution. Please try this patch
I am not perl programmer so maybe it's not clean, but as i can see in my logs
it works.
*** Misc.pm.ORIG 2009-11-11 16:23:00.000000000 +0100
--- Misc.pm 2010-03-30 12:44:07.000000000 +0200
***************
*** 138,143 ****
--- 138,144 ----
if (defined $stderr) {
open_on_specific_fd(2, $stderr);
}
+ $pgm = $1 if $pgm =~ /^(\S+)$/; # untaint
exec {$pgm} ($pgm,@args);
die "failed to exec $cmd: $!";
};
***************
*** 185,190 ****
--- 186,192 ----
if (defined $stderr) {
open_on_specific_fd(2, $stderr);
}
+ $pgm = $1 if $pgm =~ /^(\S+)$/; # untaint
exec {$pgm} ($pgm,@args);
die "failed to exec $cmd: $!";
};
*** Config.pm.ORIG 2009-11-11 16:23:00.000000000 +0100
--- Config.pm 2010-03-30 12:32:11.000000000 +0200
***************
*** 577,583 ****
return 1;
} elsif ($opts->{key} eq 'focr_bin_helper') {
my @cmd; $conf = $opts->{conf};
! my $val = $opts->{value}; $val =~ s/[\s]*//g;
debuglog("focr_bin_helper: '$val'");
foreach my $bin (split(',',$val)) {
unless (grep {m/$bin/} @bin_utils) {
--- 577,583 ----
return 1;
} elsif ($opts->{key} eq 'focr_bin_helper') {
my @cmd; $conf = $opts->{conf};
! my $val = Mail::SpamAssassin::Util::untaint_var($opts->{value}); $val
=~ s/[\s]*//g;
debuglog("focr_bin_helper: '$val'");
foreach my $bin (split(',',$val)) {
unless (grep {m/$bin/} @bin_utils) {
***************
*** 618,623 ****
--- 618,624 ----
delete $conf->{$b};
}
if (defined $conf->{$b}) {
+ $conf->{$b} = Mail::SpamAssassin::Util::untaint_var($conf->{$b});
debuglog("Using $a => $conf->{$b}");
} else {
foreach my $p (@paths) {
Regards
Martin
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
