Opened 9 years ago

Closed 9 years ago

#562 closed defect (fixed)

Taint errors in amavisd-maia (maiad)

Reported by: rjl@… Owned by: rjl
Priority: normal Milestone: 1.0.3
Component: amavisd-maia Version: 1.0.2
Severity: normal Keywords: maiad amavisd-maia taint
Cc:

Description

Joshua Small <jsmall@…> reports:

Jun 15 17:29:34 mx5 postfix/smtp[6760]: 051323AD422: to=<fromemail>, relay=127.0.0.1[127.0.0.1]:10024, delay=5, delays=4.8/0.01/0.01/0.13, dsn=4.5.0, status=deferred (host 127.0.0.1[127.0.0.1] said: 451 4.5.0 Error in processing, id=06754-01, spam-wb-list FAILED: Insecure dependency in parameter 1 of DBI::st=HASH(0xbfeace8)->execute method call while running with -T switch at /usr/local/sbin/maiad line 3086. (in reply to end of DATA command))

"I really couldn’t work out a sensible way of resolving this – I can see on line 3079 that the parameter in question is clearly untainted. I would suspect a bug in DBD::Pg, which is the latest according to a manual CPAN check. In the end, we could only get mail flowing by editing maia_connect_to_sql(@) such that Taint => 0."

Change History (1)

comment:1 Changed 9 years ago by rjl@…

  • Keywords taint added
  • Resolution set to fixed
  • Status changed from new to closed

This looks like a version of the old taint bug that plagued many versions of Perl, most notably the 5.8 series, soon after Perl went Unicode in 5.8.0. The global $1, $2, $3, etc. would be tainted, so when they were used in the context of a taint test, e.g.

$var = $1 if $var =~ /pattern/;

$var would end up tainted in the process. This bug has been fixed in newer versions of Perl, but it can be worked around safely enough just by explicitly declaring $1, $2, $3, etc. as local, e.g.

local ($1);

I've gone through the code and added explicit local() declarations in [1544], which should fix the problem.

Note: See TracTickets for help on using tickets.