areguera / rpms / mailman

Forked from rpms/mailman 5 years ago
Clone

Blame SOURCES/mailman-2.1.15-CVE-2015-2775.patch

ab2ccd
=== modified file 'Mailman/Defaults.py.in'
ab2ccd
--- a/Mailman/Defaults.py.in	2015-02-13 18:41:28 +0000
ab2ccd
+++ b/Mailman/Defaults.py.in	2015-03-27 18:10:39 +0000
ab2ccd
@@ -138,7 +138,7 @@
ab2ccd
 
ab2ccd
 # A Python regular expression character class which defines the characters
ab2ccd
 # allowed in list names.  Lists cannot be created with names containing any
ab2ccd
-# character that doesn't match this class.
ab2ccd
+# character that doesn't match this class.  Do not include '/' in this list.
ab2ccd
 ACCEPTABLE_LISTNAME_CHARACTERS = '[-+_.=a-z0-9]'
ab2ccd
 
ab2ccd
 
ab2ccd
ab2ccd
=== modified file 'Mailman/Utils.py'
ab2ccd
--- a/Mailman/Utils.py	2015-01-23 23:50:47 +0000
ab2ccd
+++ b/Mailman/Utils.py	2015-03-27 18:14:06 +0000
ab2ccd
@@ -100,6 +100,12 @@
ab2ccd
     #
ab2ccd
     # The former two are for 2.1alpha3 and beyond, while the latter two are
ab2ccd
     # for all earlier versions.
ab2ccd
+    #
ab2ccd
+    # But first ensure the list name doesn't contain a path traversal
ab2ccd
+    # attack.
ab2ccd
+    if len(re.sub(mm_cfg.ACCEPTABLE_LISTNAME_CHARACTERS, '', listname)) > 0:
ab2ccd
+        syslog('mischief', 'Hostile listname: %s', listname)
ab2ccd
+        return False
ab2ccd
     basepath = Site.get_listpath(listname)
ab2ccd
     for ext in ('.pck', '.pck.last', '.db', '.db.last'):
ab2ccd
         dbfile = os.path.join(basepath, 'config' + ext)
ab2ccd