Ability to run in tainted mode for spamassasin plugin.

author Akos Vandra <axos88@gmail.com>

Sun, 25 Sep 2016 14:25:41 +0000 (16:25 +0200)

committer GitHub <noreply@github.com>

Sun, 25 Sep 2016 14:25:41 +0000 (16:25 +0200)
author Akos Vandra <axos88@gmail.com>
Sun, 25 Sep 2016 14:25:41 +0000 (16:25 +0200)
committer GitHub <noreply@github.com>
Sun, 25 Sep 2016 14:25:41 +0000 (16:25 +0200)
diff --git a/contrib/SpamAssassin/Collectd.pm b/contrib/SpamAssassin/Collectd.pm

index 1edcfc6152b32baac895ba795f41a51553a373ec..58d1e68632b9e288cfe349c10bea5ac30756322a 100644 (file)
--- a/contrib/SpamAssassin/Collectd.pm
+++ b/contrib/SpamAssassin/Collectd.pm
@@ -152,8 +152,8 @@ sub check_end {
                 #try at least $self->{main}->{conf}->{collectd_retries} to get a
                 #connection
                 for (my $i = 0; $i < $self->{main}->{conf}->{collectd_retries} ; ++$i) {
-                       last if $sock = new IO::Socket::UNIX
-                               ($self->{main}->{conf}->{collectd_socket});
+                       my ($socket_path) = $self->{main}->{conf}->{collectd_socket} =~ /(.*)/ # Untaint path, which can contain any characters.
+                       last if $sock = new IO::Socket::UNIX $socket_path;
                         #sleep a random value between 0 and 50 microsecs to try for a new
                         #thread
                         usleep(int(rand(50)));
author	Akos Vandra <axos88@gmail.com>
	Sun, 25 Sep 2016 14:25:41 +0000 (16:25 +0200)
committer	GitHub <noreply@github.com>
	Sun, 25 Sep 2016 14:25:41 +0000 (16:25 +0200)