[Bug 5929] New: hostname can be "(none)", causing "cannot untaint" warnings

Mon, 23 Jun 2008 02:46:41 -0700 

https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5929

           Summary: hostname can be "(none)", causing "cannot untaint"
                    warnings
           Product: Spamassassin
           Version: SVN Trunk (Latest Devel Version)
          Platform: Other
        OS/Version: All
            Status: NEW
          Severity: minor
          Priority: P5
         Component: Libraries
        AssignedTo: [email protected]
        ReportedBy: [EMAIL PROTECTED]


a recent CPAN-tester report says:

Subject: FAIL Mail-SpamAssassin-3.2.5 i586-linux-thread-multi 2.6.8.1
From: [EMAIL PROTECTED]
Date: Sat, 21 Jun 2008 11:42:58 +0200
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]

This distribution has been tested as part of the cpan-testers
effort to test as many new uploads to CPAN as possible.  See
http://testers.cpan.org/

Output from '/usr/bin/make test':

/usr/bin/perl build/mkrules --exit_on_no_src --src rulesrc --out rules
--manifest MANIFEST --manifestskip MANIFEST.SKIP
no source directory found: exiting
/usr/bin/perl build/preprocessor  -Mvars -DVERSION="3.002005" -DPREFIX="/usr"
-DDEF_RULES_DIR="/usr/share/spamassassin"
-DLOCAL_RULES_DIR="/etc/mail/spamassassin"
-DLOCAL_STATE_DIR="/var/lib/spamassassin"
-DINSTALLSITELIB="/usr/lib/perl5/site_perl/5.8.5"
-DCONTACT_ADDRESS="[EMAIL PROTECTED]" -Msharpbang -Mconditional
-DPERL_BIN="/usr/bin/perl" -DPERL_WARN="" -DPERL_TAINT="" -m755 -isa-update.raw
-osa-update
cp sa-update blib/script/sa-update
/usr/bin/perl "-MExtUtils::MY" -e "MY->fixin(shift)" blib/script/sa-update
PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" "test_harness(0,
'blib/lib', 'blib/arch')" t/*.t
t/basic_lint.t....................ok
t/basic_obj_api.t.................util: cannot untaint path:
"./log/user_state/auto-whitelist.lock.(none).12635"
util: cannot untaint path: "./log/user_state/bayes.lock.(none).12635"
ok
t/bayesdbm.t......................util: cannot untaint path:
"./log/user_state/bayes.lock.(none).12636"
util: cannot untaint path: "./log/user_state/bayes.lock.(none).12636"
util: cannot untaint path: "./log/user_state/bayes.lock.(none).12636"
util: cannot untaint path: "./log/user_state/bayes.lock.(none).12636"
util: cannot untaint path: "./log/user_state/bayes.lock.(none).12636"
util: cannot untaint path: "./log/user_state/bayes.lock.(none).12636"
util: cannot untaint path: "./log/user_state/bayes.lock.(none).12636"
util: cannot untaint path: "./log/user_state/bayes.lock.(none).12636"
util: cannot untaint path: "./log/user_state/bayes.lock.(none).12636"
util: cannot untaint path: "./log/user_state/bayes.lock.(none).12636"
util: cannot untaint path: "./log/user_state/bayes.lock.(none).12636"
util: cannot untaint path: "./log/user_state/bayes.lock.(none).12636"
util: cannot untaint path: "./log/user_state/bayes.lock.(none).12638"
util: cannot untaint path: "./log/user_state/bayes.lock.(none).12640"
util: cannot untaint path: "./log/user_state/bayes.lock.(none).12642"
util: cannot untaint path: "./log/user_state/bayes.lock.(none).12636"
ok


etc. etc.   Similar warnings appear throughout the test log.

It appears that Mail::SA::Util::fq_hostname() is returning "(none)" as the
hostname, probably from Sys::Hostname in return, and this is being used in the
lock filename.

1. should "(" and ")" be ok in the untaint_path() function?  IMO no, they're
shell metachars, let's keep them illegal.

2. should fq_hostname() be fixed to handle this wierd output? IMO yes.


-- 
Configure bugmail: 
https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

Reply via email to