Improve behaviour of Razor2 when running in taint mode.

Fixes come from the SpamAssassin 2.60 release (originally from
http://www.ijs.si/software/amavisd/ (Thanks to amavisd-new, Mark Martinec,
and Vivek Khera!))

4 files changed, 64 insertions, 1 deletions

diff --git a/mail/p5-razor-agents/Makefile b/mail/p5-razor-agents/Makefile
index 3d07fe02b66..40b1c40305c 100644
--- a/mail/p5-razor-agents/Makefile
+++ b/mail/p5-razor-agents/Makefile
@@ -1,7 +1,8 @@
-# $NetBSD: Makefile,v 1.10 2003/09/13 06:22:50 jlam Exp $
+# $NetBSD: Makefile,v 1.11 2003/09/27 13:20:25 heinz Exp $
 
 DISTNAME=	razor-agents-2.22
 PKGNAME=	p5-${DISTNAME}
+PKGREVISION=	1
 SVR4_PKGNAME=	p5ra
 CATEGORIES=	mail
 MASTER_SITES=	${MASTER_SITE_SOURCEFORGE:=razor/}
diff --git a/mail/p5-razor-agents/patches/patch-ab b/mail/p5-razor-agents/patches/patch-ab
new file mode 100644
index 00000000000..eee3d6922f3
--- /dev/null
+++ b/mail/p5-razor-agents/patches/patch-ab
@@ -0,0 +1,12 @@
+$NetBSD: patch-ab,v 1.1 2003/09/27 13:20:25 heinz Exp $
+
+--- lib/Razor2/Client/Agent.pm.orig	Wed Nov 20 01:26:05 2002
++++ lib/Razor2/Client/Agent.pm
+@@ -969,6 +969,7 @@ sub loadservercache {
+     my @fns;
+     if (opendir D,$self->{razorhome}) {
+         @fns = map "$self->{razorhome}/$_", grep /^server\.[\S]+\.conf$/, readdir D;
++        @fns = map { /^(\S+)$/, $1 } @fns; # untaint
+         closedir D;
+     }
+     foreach (@fns) {
diff --git a/mail/p5-razor-agents/patches/patch-ac b/mail/p5-razor-agents/patches/patch-ac
new file mode 100644
index 00000000000..baac27f5485
--- /dev/null
+++ b/mail/p5-razor-agents/patches/patch-ac
@@ -0,0 +1,33 @@
+$NetBSD: patch-ac,v 1.1 2003/09/27 13:20:25 heinz Exp $
+
+--- lib/Razor2/Client/Config.pm.orig	Thu Nov 14 23:47:01 2002
++++ lib/Razor2/Client/Config.pm
+@@ -323,9 +323,11 @@ sub my_readlink {
+         if ($fn =~ /^(.*)\/([^\/]+)$/) {
+             my $dir = $1;
+             $fn = readlink $fn;
++            $fn = $1 if $fn =~ /^(\S+)$/; # untaint readlink
+             $fn = "$dir/$fn" unless $fn =~ /^\//;
+         } else {
+             $fn = readlink $fn;
++            $fn = $1 if $fn =~ /^(\S+)$/; # untaint readlink
+         }
+     }
+ }
+@@ -366,13 +368,13 @@ sub read_file {
+         chomp; 
+         next if /^\s*#/;
+         if ($nothash) {
+-            s/^\s+//; s/\s+$//;
++            next unless s/^\s*(.+?)\s*$/$1/; # untaint
+             $conf->{$_} = 7;
+             push @lines, $_;
+         } else { 
+             next unless /=/;
+-            my ($attribute, $value) = split /\=/, $_, 2; 
+-            $attribute =~ s/^\s+//; $attribute =~ s/\s+$//;
++            my ($attribute, $value) = /^\s*(.+?)\s*=\s*(.+?)\s*$/; # untaint
++            next unless (defined $attribute && defined $value);
+             $conf->{$attribute} = $self->parse_value($value);
+         }
+         $total++;
diff --git a/mail/p5-razor-agents/patches/patch-ad b/mail/p5-razor-agents/patches/patch-ad
new file mode 100644
index 00000000000..7ab2dd8fa31
--- /dev/null
+++ b/mail/p5-razor-agents/patches/patch-ad
@@ -0,0 +1,17 @@
+$NetBSD: patch-ad,v 1.1 2003/09/27 13:20:25 heinz Exp $
+
+--- lib/Razor2/Client/Core.pm.orig	Wed Nov 13 21:01:10 2002
++++ lib/Razor2/Client/Core.pm
+@@ -216,8 +216,10 @@ sub bootstrap_discovery {
+         foreach $rr ($query->answer) { 
+             my $pushed = 0;
+             if ($rr->type eq "A") { 
+-                push @list, $rr->address; 
+-                $pushed = 1;
++                if ($rr->address =~ m/^(\d+\.\d+\.\d+\.\d+)$/) {
++                    push @list, $1; 
++                    $pushed = 1;
++                }
+             } elsif ($rr->type eq "CNAME") { 
+                 if ($rr->cname eq 'list.terminator') { 
+                     pop @list if $pushed;