https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6218
Summary: spamd input delimiter $/ can be corrupt by a tainted
error in a plugin
Product: Spamassassin
Version: 3.2.5
Platform: Other
OS/Version: All
Status: NEW
Severity: normal
Priority: P5
Component: spamc/spamd
AssignedTo: [email protected]
ReportedBy: [email protected]
Created an attachment (id=4547)
--> (https://issues.apache.org/SpamAssassin/attachment.cgi?id=4547)
Plugin code to exhibit the problem
If a plugin stops due to a (tainted) error while the $/ delimiter has be
changed by the plugin, the spamd process instance is definitvely corrupt until
it stops.
This bug is probably the cause of problem discussed (and unresolvedd) in thread
at
http://markmail.org/message/yiwydbv7xmotaoxd#query:+page:1+mid:c7gv4gxygbuk3vn2+state:results
Attached are 2 files to exhibit the problem and a patch that fixes it.
To exhibit the problem:
1) copy buggy.pm in the Perl Mail/Spamassassin/Plugin/directory
2) copy 66_buggy.cf in the Spamassassin configuration directory
3) restart spamd daemon
4) submit "spamc < somemailtotest" twice
5) View the maillog file
The mail log shows that the 1st spamc call caused plugin to issue a tainted
error (this is intentional), while the 2nd spamc call is unsuccessful because
of the previous error. Any subsequent calls to spamc will be failing.
See buggy.pm and 66_buggy.cf for details.
The solution in the patch just resets $/ to \n before reading a new spamc
input.
Note: I discovered this problem while testing the custom plugin at
http://antispam.imp.ch/patches/ocrtext-3.2.tgz This plugin uses
Image::Exiftools for image processing and a tainted error may occur in it with
$/ is set to "" if something goes wrong in the image EXIF directory.
--
Configure bugmail:
https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
