Overview

File mailman-2.1.11-CVE-2015-2775.patch of Package mailman.13240

=== modified file 'Mailman/Defaults.py.in'
--- a/Mailman/Defaults.py.in
+++ b/Mailman/Defaults.py.in
@@ -118,7 +118,7 @@ HTML_TO_PLAIN_TEXT_COMMAND = '/usr/bin/l
 
 # A Python regular expression character class which defines the characters
 # allowed in list names.  Lists cannot be created with names containing any
-# character that doesn't match this class.
+# character that doesn't match this class.  Do not include '/' in this list.
 ACCEPTABLE_LISTNAME_CHARACTERS = '[-+_.=a-z0-9]'
 
 
--- a/Mailman/Utils.py
+++ b/Mailman/Utils.py
@@ -92,6 +92,12 @@ def list_exists(listname):
     #
     # The former two are for 2.1alpha3 and beyond, while the latter two are
     # for all earlier versions.
+    #
+    # But first ensure the list name doesn't contain a path traversal
+    # attack.
+    if len(re.sub(mm_cfg.ACCEPTABLE_LISTNAME_CHARACTERS, '', listname)) > 0:
+        syslog('mischief', 'Hostile listname: %s', listname)
+        return False
     basepath = Site.get_listpath(listname)
     for ext in ('.pck', '.pck.last', '.db', '.db.last'):
         dbfile = os.path.join(basepath, 'config' + ext)
openSUSE Build Service is sponsored by
Places