Bug#160813: marked as done (=?ansi_x3.4-1968?q?cgiemail:?= =?ansi_x3.4-1968?q?/etc/cgiemail.conf?= is not consulted)
On Sat, Sep 28, 2002 at 06:33:18AM -0500, Debian Bug Tracking System wrote:
> cgiemail (1.6-15) unstable; urgency=low
> .
> * QA upload.
> * Null-terminate templatedir, and make sure it really does get checked
> (closes: #160813).
Sorry, this should have been urgency=high.
I think a stable-security upload will be needed as well. Here's the
relevant part of the diff I used:
--- cgiemail-1.6.orig/cgilib.c
+++ cgiemail-1.6/cgilib.c
@@ -489,6 +489,7 @@
if (endquotes)
{
strncpy(templatedir, inquotes, endquotes - inquotes);
+ templatedir[endquotes - inquotes] = 0;
return(0);
}
}
@@ -525,7 +526,7 @@
if (cgi_read_configuration(formp, templatedir, CGI_VARNAME_MAX - 1))
return(1);
- if ((!templatedir) &&
+ if ((!templatedir) ||
strncmp(templatefile, templatedir, strlen(templatedir)) ||
strstr(templatefile, "/../"))
{
However, on reflection I'm not sure if this fix is optimal. Thomas, was
the !templatedir test supposed to deal with /etc/cgiemail.conf being
missing? If so then perhaps this should be more like 'if
((!*templatedir) || ...)', and *templatedir will need to be initialized
to 0 before calling cgi_read_configuration().
--
Colin Watson [cjwatson@flatline.org.uk]
Reply to: