Fix for path traversal vulnerability.

author: Mark Sapiro <mark@msapiro.net> 2015-03-27 14:12:16 -0700
committer: Mark Sapiro <mark@msapiro.net> 2015-03-27 14:12:16 -0700
commit: d3124395a3abfe0ccd9f1c37096292bfbe939a85 (patch)
tree: b467552f192b40d48b13697a5d0ba1e407136abf /Mailman/Utils.py
parent: f7f85e8b85b027a919705895f80b63c5d03d727c (diff)
download: mailman2-d3124395a3abfe0ccd9f1c37096292bfbe939a85.tar.gz
mailman2-d3124395a3abfe0ccd9f1c37096292bfbe939a85.tar.xz
mailman2-d3124395a3abfe0ccd9f1c37096292bfbe939a85.zip
1 files changed, 6 insertions, 0 deletions
diff --git a/Mailman/Utils.py b/Mailman/Utils.py
index 13c4ed8b..1cd1cdb7 100644
--- a/Mailman/Utils.py
+++ b/Mailman/Utils.py
@@ -100,6 +100,12 @@ def list_exists(listname):
     #
     # The former two are for 2.1alpha3 and beyond, while the latter two are
     # for all earlier versions.
+    #
+    # But first ensure the list name doesn't contain a path traversal
+    # attack.
+    if len(re.sub(mm_cfg.ACCEPTABLE_LISTNAME_CHARACTERS, '', listname)) > 0:
+        syslog('mischief', 'Hostile listname: %s', listname)
+        return False
     basepath = Site.get_listpath(listname)
     for ext in ('.pck', '.pck.last', '.db', '.db.last'):
         dbfile = os.path.join(basepath, 'config' + ext)
author	Mark Sapiro <mark@msapiro.net>	2015-03-27 14:12:16 -0700
committer	Mark Sapiro <mark@msapiro.net>	2015-03-27 14:12:16 -0700
commit	d3124395a3abfe0ccd9f1c37096292bfbe939a85 (patch)
tree	b467552f192b40d48b13697a5d0ba1e407136abf /Mailman/Utils.py
parent	f7f85e8b85b027a919705895f80b63c5d03d727c (diff)
download	mailman2-d3124395a3abfe0ccd9f1c37096292bfbe939a85.tar.gz mailman2-d3124395a3abfe0ccd9f1c37096292bfbe939a85.tar.xz mailman2-d3124395a3abfe0ccd9f1c37096292bfbe939a85.zip