File mailman-2.1.15-CVE-2018-13796.patch of Package mailman.10473

Overview Repositories Revisions Requests Users Attributes Meta

File mailman-2.1.15-CVE-2018-13796.patch of Package mailman.10473

=== modified file 'Mailman/Utils.py'
--- a/Mailman/Utils.py
+++ b/Mailman/Utils.py
@@ -245,10 +245,25 @@ CRNLpat = re.compile(r'[^\x21-\x7e]')
 def GetPathPieces(envar='PATH_INFO'):
     path = os.environ.get(envar)
     if path:
+        remote = os.environ.get('HTTP_FORWARDED_FOR',
+                 os.environ.get('HTTP_X_FORWARDED_FOR',
+                 os.environ.get('REMOTE_ADDR',
+                                'unidentified origin')))
         if CRNLpat.search(path):
             path = CRNLpat.split(path)[0]
             syslog('error', 'Warning: Possible malformed path attack.')
-        return [p for p in path.split('/') if p]
+        # Check for listname injections that won't be websafed.
+        pieces = [p for p in path.split('/') if p]
+        # Get the longest listname or 20 if none.
+        if list_names():
+            longest = max([len(x) for x in list_names()])
+        else:
+            longest = 20
+        if pieces and len(pieces[0]) > longest:
+            syslog('mischief',
+               'Hostile listname: listname=%s: remote=%s', pieces[0], remote)
+            pieces[0] = pieces[0][:longest] + '...'
+        return pieces
     return None

Places

File mailman-2.1.15-CVE-2018-13796.patch of Package mailman.10473

Places