File CVE-2020-1930.diff of Package spamassassin.12434

Index: lib/Mail/SpamAssassin/Plugin/OneLineBodyRuleType.pm
===================================================================
--- lib/Mail/SpamAssassin/Plugin/OneLineBodyRuleType.pm	(revision 1872750)
+++ lib/Mail/SpamAssassin/Plugin/OneLineBodyRuleType.pm	(working copy)
@@ -89,17 +89,18 @@
     loop_body => sub
   {
     my ($self, $pms, $conf, $rulename, $pat, %opts) = @_;
-    $pat = untaint_var($pat);
-    my $sub;
+    my $sub = '
+      my $qrptr = $self->{main}->{conf}->{test_qrs};
+    ';
 
     if (($conf->{tflags}->{$rulename}||'') =~ /\bmultiple\b/)
     {
       # avoid [perl #86784] bug (fixed in 5.13.x), access the arg through ref
-      $sub = '
+      $sub .= '
       my $lref = \$_[1];
       pos $$lref = 0;
       '.$self->hash_line_for_rule($pms, $rulename).'
-      while ($$lref =~ '.$pat.'g) {
+      while ($$lref =~ /$qrptr->{q{'.$rulename.'}}/go) {
         my $self = $_[0];
         $self->got_hit(q{'.$rulename.'}, "BODY: ", ruletype => "one_line_body");
         '. $self->hit_rule_plugin_code($pms, $rulename, "one_line_body",
@@ -108,9 +109,9 @@
       ';
 
     } else {
-      $sub = '
+      $sub .= '
       '.$self->hash_line_for_rule($pms, $rulename).'
-      if ($_[1] =~ '.$pat.') {
+      if ($_[1] =~ /$qrptr->{q{'.$rulename.'}}/o) {
         my $self = $_[0];
         $self->got_hit(q{'.$rulename.'}, "BODY: ", ruletype => "one_line_body");
         '. $self->hit_rule_plugin_code($pms, $rulename, "one_line_body", "return 1") . '