Majordomo-Workers: Re: another bug fix to 1.94 majordomo.pl

Majordomo-Workers
(November 1996)

Indexed By Thread: [Previous] [Next]

Subject:	Re: another bug fix to 1.94 majordomo.pl
From:	Dave Wolfe <dwolfe @ risc . sps . mot . com>
Date:	Mon, 18 Nov 1996 14:55:11 -0600 (CST)
To:	haas @ xmission . com (Walt Haas)
Cc:	majordomo-workers @ greatcircle . com, tibbs @ hpc . uh . edu
In-reply-to:	<199611182027.NAA05854@xmission.com> from "Walt Haas" at Nov 18, 96 01:27:53 pm
Reply-to:	Dave Wolfe <david_wolfe @ risc . sps . mot . com>

[ Walt Haas writes: ]
> 
> If the address were:
> 
> 	usr/STLIB_SALSA@stlib.state.nm.us
> 
> then it would be treated as hostile.

OK, I see how the 1.93 code breaks now. The test on "/$components[0]"
should only be done if $components[0] was null from the split. I had
that coded once and lost sight of why. This should work:

    if ( m#/# ) {
	local(@components) = split( /\//, $_);

	if ($components[0] eq "") {
	    shift @components;
	    &main'abort("HOSTILE ADDRESS (path exists to /file) $addr")
		if (-e "/$components[0]"); #'
	}
	else {
	    &main'abort("HOSTILE ADDRESS (path exists to file) $addr")
		if (-e "$components[0]"); #'
	}

This way the '/' is prefixed *only* when it existed in the original
address.

-- 
 Dave Wolfe

Follow-Ups:

Re: another bug fix to 1.94 majordomo.pl
From: Walt Haas <haas@xmission.com>

References:

Re: another bug fix to 1.94 majordomo.pl
From: Walt Haas <haas@xmission.com>

Indexed By Date	Previous:	Re: Majordomo 1.94.1 -- the first patch From: Jason L Tibbitts III <tibbs@hpc.uh.edu>
Indexed By Date	Next:	Re: another bug fix to 1.94 majordomo.pl From: Walt Haas <haas@xmission.com>
Indexed By Thread	Previous:	Re: another bug fix to 1.94 majordomo.pl From: Walt Haas <haas@xmission.com>
Indexed By Thread	Next:	Re: another bug fix to 1.94 majordomo.pl From: Walt Haas <haas@xmission.com>