[prev in list] [next in list] [prev in thread] [next in thread]
List: mailman-cvs
Subject: [Mailman-checkins] [Branch ~mailman-coders/mailman/2.1] Rev 1312:
From: noreply () launchpad ! net
Date: 2011-09-16 3:20:17
Message-ID: 20110916032017.23133.15243.launchpad () ackee ! canonical ! com
[Download RAW message or body]
------------------------------------------------------------
revno: 1312
committer: Mark Sapiro <msapiro@value.net>
branch nick: 2.1
timestamp: Thu 2011-09-15 17:21:55 -0700
message:
Strengthened the validation of email address domains.
modified:
Mailman/Utils.py
NEWS
--
lp:mailman/2.1
https://code.launchpad.net/~mailman-coders/mailman/2.1
Your team Mailman Checkins is subscribed to branch lp:mailman/2.1.
To unsubscribe from this branch go to https://code.launchpad.net/~mailman-c=
oders/mailman/2.1/+edit-subscription
["revision-diff.txt" (text/x-diff)]
=== modified file 'Mailman/Utils.py'
--- Mailman/Utils.py 2011-05-01 16:21:29 +0000
+++ Mailman/Utils.py 2011-09-16 00:21:55 +0000
@@ -216,6 +216,8 @@
# characters in addition to _badchars which are not allowed in
# unquoted local parts.
_specials = re.compile(r'[:\\"]')
+# Only characters allowed in domain parts.
+_valid_domain = re.compile('[-a-z0-9]', re.IGNORECASE)
def ValidateEmail(s):
"""Verify that an email address isn't grossly evil."""
@@ -234,6 +236,10 @@
# local part is not quoted so it can't contain specials
if _specials.search(user):
raise Errors.MMBadEmailError, s
+ # domain parts may only contain ascii letters, digits and hyphen
+ for p in domain_parts:
+ if len(_valid_domain.sub('', p)) > 0:
+ raise Errors.MMHostileAddress, s
=== modified file 'NEWS'
--- NEWS 2011-09-16 00:13:03 +0000
+++ NEWS 2011-09-16 00:21:55 +0000
@@ -8,6 +8,8 @@
Security
+ - Strengthened the validation of email address domains.
+
- An XSS vulnerability, CVE-2011-0707, has been fixed.
New Features
_______________________________________________
Mailman-checkins mailing list
Mailman-checkins@python.org
Unsubscribe: http://mail.python.org/mailman/options/mailman-checkins/mailman-cvs%40progressive-comp.com
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic