Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Step:15-SP4
spamassassin.12434
CVE-2020-1931.diff
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2020-1931.diff of Package spamassassin.12434
Index: lib/Mail/SpamAssassin/Conf.pm =================================================================== --- lib/Mail/SpamAssassin/Conf.pm (revision 1872750) +++ lib/Mail/SpamAssassin/Conf.pm (working copy) @@ -3496,6 +3496,20 @@ setting => 'priority', is_priv => 1, type => $CONF_TYPE_HASH_KEY_VALUE, + code => sub { + my ($self, $key, $value, $line) = @_; + my ($rulename, $priority) = split(/\s+/, $value, 2); + unless (defined $priority) { + return $MISSING_REQUIRED_VALUE; + } + unless ($rulename =~ IS_RULENAME) { + return $INVALID_VALUE; + } + unless ($priority =~ /^-?\d+$/) { + return $INVALID_VALUE; + } + $self->{priority}->{$rulename} = $priority; + } }); =back --- lib/Mail/SpamAssassin/Plugin/Check.pm.orig 2020-03-24 14:30:34.597938332 +0100 +++ lib/Mail/SpamAssassin/Plugin/Check.pm 2020-03-24 14:43:26.084199675 +0100 @@ -551,7 +551,7 @@ foreach my $token (@tokens) { # ... rulename? - if ($token =~ /^${RULENAME_RE}\z/) { + if ($token =~ IS_RULENAME) { # the " || 0" formulation is to avoid "use of uninitialized value" # warnings; this is better than adding a 0 to a hash for every # rule referred to in a meta... --- lib/Mail/SpamAssassin/Conf/Parser.pm.orig 2020-03-24 14:30:45.598084233 +0100 +++ lib/Mail/SpamAssassin/Conf/Parser.pm 2020-03-24 14:45:51.122129352 +0100 @@ -1190,7 +1190,7 @@ my $conf = $self->{conf}; # Don't allow invalid names ... - if ($name !~ /^${RULENAME_RE}$/) { + if ($name !~ IS_RULENAME) { $self->lint_warn("config: error: rule '$name' has invalid characters ". "(not Alphanumeric + Underscore + starting with a non-digit)\n", $name); return; @@ -1351,7 +1351,7 @@ # Go through each token in the meta rule foreach my $token (@tokens) { # If the token is a syntactically legal rule name, make it zero - if ($token =~ /^${RULENAME_RE}\z/s) { + if ($token =~ IS_RULENAME) { $meta .= "0 "; } # if it is a number or a string of 1 or 2 punctuation characters (i.e. operators) tack it onto the degenerate rule --- lib/Mail/SpamAssassin/Constants.pm.orig 2020-03-24 14:30:54.586203447 +0100 +++ lib/Mail/SpamAssassin/Constants.pm 2020-03-24 14:47:05.279115983 +0100 @@ -44,6 +44,7 @@ MAX_BODY_LINE_LENGTH MAX_HEADER_KEY_LENGTH MAX_HEADER_VALUE_LENGTH MAX_HEADER_LENGTH ARITH_EXPRESSION_LEXER AI_TIME_UNKNOWN CHARSETS_LIKELY_TO_FP_AS_CAPS MAX_URI_LENGTH RULENAME_RE + IS_RULENAME ); %EXPORT_TAGS = ( @@ -405,4 +406,7 @@ # Allowed rulename format use constant RULENAME_RE => qr([_a-zA-Z][_a-zA-Z0-9]{0,127}); +# Exact match +use constant IS_RULENAME => qr/^${\(RULENAME_RE)}$/; + 1;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor