diff options
| author | msapiro <> | 2006-06-23 20:03:32 +0000 |
|---|---|---|
| committer | msapiro <> | 2006-06-23 20:03:32 +0000 |
| commit | 4dc70bbcc0856b2a27d0d6c0a2def51433712e36 (patch) | |
| tree | c02801e8a577d58dcd2fde46f21164403d646716 | |
| parent | b0a70c0f4069c8ee4196c42502445695a847ce9d (diff) | |
| download | mailman2-4dc70bbcc0856b2a27d0d6c0a2def51433712e36.tar.gz mailman2-4dc70bbcc0856b2a27d0d6c0a2def51433712e36.tar.xz mailman2-4dc70bbcc0856b2a27d0d6c0a2def51433712e36.zip | |
- Decorate.py Fixed bug 1507248 by ignoring header/footer characters
outside the character set of the list's language.
- Utils.py Fixed a security hole which allowed a crafted URI to inject
bogus apparent messages into the error log, possibly inducing an admin to
visit a phishing site.
| -rw-r--r-- | Mailman/Handlers/Decorate.py | 4 | ||||
| -rw-r--r-- | Mailman/Utils.py | 10 | ||||
| -rw-r--r-- | NEWS | 15 |
3 files changed, 25 insertions, 4 deletions
diff --git a/Mailman/Handlers/Decorate.py b/Mailman/Handlers/Decorate.py index 41db3950..d6b20391 100644 --- a/Mailman/Handlers/Decorate.py +++ b/Mailman/Handlers/Decorate.py @@ -95,8 +95,8 @@ def process(mlist, msg, msgdata): # TK: Try to keep the message plain by converting the header/ # footer/oldpayload into unicode and encode with mcset/lcset. # Try to decode qp/base64 also. - uheader = unicode(header, lcset) - ufooter = unicode(footer, lcset) + uheader = unicode(header, lcset, 'ignore') + ufooter = unicode(footer, lcset, 'ignore') try: oldpayload = unicode(msg.get_payload(decode=True), mcset) frontsep = endsep = u'' diff --git a/Mailman/Utils.py b/Mailman/Utils.py index d0eca99a..5218fed8 100644 --- a/Mailman/Utils.py +++ b/Mailman/Utils.py @@ -53,6 +53,7 @@ from Mailman import mm_cfg from Mailman import Errors from Mailman import Site from Mailman.SafeDict import SafeDict +from Mailman.Logging.Syslog import syslog try: True, False @@ -219,9 +220,16 @@ def ValidateEmail(s): +# Patterns which may be used to form malicious path to inject a new +# line in the mailman error log. (TK: advisory by Moritz Naumann) +CRNLpat = re.compile(r'[^\x21-\x7e]') + def GetPathPieces(envar='PATH_INFO'): path = os.environ.get(envar) if path: + if CRNLpat.search(path): + path = CRNLpat.split(path)[0] + syslog('error', 'Warning: Possible malformed path attack.') return [p for p in path.split('/') if p] return None @@ -326,7 +334,6 @@ def Secure_MakeRandomPassword(length): # We have no available source of cryptographically # secure random characters. Log an error and fallback # to the user friendly passwords. - from Mailman.Logging.Syslog import syslog syslog('error', 'urandom not available, passwords not secure') return UserFriendly_MakeRandomPassword(length) @@ -541,7 +548,6 @@ def findtext(templatefile, dict=None, raw=False, lang=None, mlist=None): text = sdict.interpolate(utemplate) except (TypeError, ValueError), e: # The template is really screwed up - from Mailman.Logging.Syslog import syslog syslog('error', 'broken template: %s\n%s', filename, e) pass if raw: @@ -4,6 +4,21 @@ Copyright (C) 1998-2006 by the Free Software Foundation, Inc. Here is a history of user visible changes to Mailman. +2.1.9 (xx-xxx-xxxx) + + Security + + - A malicious user could visit a specially crafted URI and inject an + apparent log message into Mailman's error log which might induce an + unsuspecting administrator to visit a phishing site. This has been + blocked. Thanks to Moritz Naumann for its discovery. + + Bug fixes and other patches + + - Fixed Decorate.py so that characters in message header/footer which + are not in the character set of the list's language are ignored rather + than causing shunted messages (1507248). + 2.1.8 (15-Apr-2006) Security |