This information is originally from http://www.ijs.si/software/amavisd/
(Thanks to amavisd-new, Mark Martinec, and Vivek Khera!)
If SpamAssassin is running in taint-mode (the default) and is configured to
call Vipul's Razor 2.22 or higher, then Razor2 checks will fail because the
Razor2 code is not quite taint-safe. The problem is still present in 2.36
and the SpamAssassin developers do not know when or how this will be
addressed so please don't ask us!
To apply: cd to the directory /usr/{lib,share}/perl5/.../Razor2 (wherever
the Client subdirectory is located) and apply the patch directly with:
patch -p0 < Razor2.patch
or apply to the Razor2 source tree with:
patch -p0 -d lib/Razor2 < Razor2.patch
Please make sure that no unpatched copies of Razor are installed on your
system. Sometimes, there is more than one installed copy.
--- Client/Agent.pm~ Tue Nov 19 16:26:05 2002
+++ Client/Agent.pm Sun Sep 21 23:20:47 2003
@@ -969,6 +969,7 @@
my @fns;
if (opendir D,$self->{razorhome}) {
@fns = map "$self->{razorhome}/$_", grep /^server\.[\S]+\.conf$/, readdir D;
+ @fns = map { /^(\S+)$/, $1 } @fns; # untaint
closedir D;
}
foreach (@fns) {
--- Client/Config.pm~ Thu Nov 14 14:47:01 2002
+++ Client/Config.pm Sun Sep 21 23:18:52 2003
@@ -323,9 +323,11 @@
if ($fn =~ /^(.*)\/([^\/]+)$/) {
my $dir = $1;
$fn = readlink $fn;
+ $fn = $1 if $fn =~ /^(\S+)$/; # untaint readlink
$fn = "$dir/$fn" unless $fn =~ /^\//;
} else {
$fn = readlink $fn;
+ $fn = $1 if $fn =~ /^(\S+)$/; # untaint readlink
}
}
}
@@ -366,13 +368,13 @@
chomp;
next if /^\s*#/;
if ($nothash) {
- s/^\s+//; s/\s+$//;
+ next unless s/^\s*(.+?)\s*$/$1/; # untaint
$conf->{$_} = 7;
push @lines, $_;
} else {
next unless /=/;
- my ($attribute, $value) = split /\=/, $_, 2;
- $attribute =~ s/^\s+//; $attribute =~ s/\s+$//;
+ my ($attribute, $value) = /^\s*(.+?)\s*=\s*(.+?)\s*$/; # untaint
+ next unless (defined $attribute && defined $value);
$conf->{$attribute} = $self->parse_value($value);
}
$total++;
--- Client/Core.pm~ Wed Nov 13 12:01:10 2002
+++ Client/Core.pm Sun Sep 21 23:20:21 2003
@@ -216,8 +216,10 @@
foreach $rr ($query->answer) {
my $pushed = 0;
if ($rr->type eq "A") {
- push @list, $rr->address;
- $pushed = 1;
+ if ($rr->address =~ m/^(\d+\.\d+\.\d+\.\d+)$/) {
+ push @list, $1;
+ $pushed = 1;
+ }
} elsif ($rr->type eq "CNAME") {
if ($rr->cname eq 'list.terminator') {
pop @list if $pushed;