'[Mailman-checkins] [Branch ~mailman-coders/mailman/2.1] Rev 1312:'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       mailman-cvs
Subject:    [Mailman-checkins] [Branch ~mailman-coders/mailman/2.1] Rev 1312:
From:       noreply () launchpad ! net
Date:       2011-09-16 3:20:17
Message-ID: 20110916032017.23133.15243.launchpad () ackee ! canonical ! com
[Download RAW message or body]

------------------------------------------------------------
revno: 1312
committer: Mark Sapiro <msapiro@value.net>
branch nick: 2.1
timestamp: Thu 2011-09-15 17:21:55 -0700
message:
  Strengthened the validation of email address domains.
modified:
  Mailman/Utils.py
  NEWS


--
lp:mailman/2.1
https://code.launchpad.net/~mailman-coders/mailman/2.1

Your team Mailman Checkins is subscribed to branch lp:mailman/2.1.
To unsubscribe from this branch go to https://code.launchpad.net/~mailman-c=
oders/mailman/2.1/+edit-subscription

["revision-diff.txt" (text/x-diff)]

=== modified file 'Mailman/Utils.py'
--- Mailman/Utils.py	2011-05-01 16:21:29 +0000
+++ Mailman/Utils.py	2011-09-16 00:21:55 +0000
@@ -216,6 +216,8 @@
 # characters in addition to _badchars which are not allowed in
 # unquoted local parts.
 _specials = re.compile(r'[:\\"]')
+# Only characters allowed in domain parts.
+_valid_domain = re.compile('[-a-z0-9]', re.IGNORECASE)
 
 def ValidateEmail(s):
     """Verify that an email address isn't grossly evil."""
@@ -234,6 +236,10 @@
         # local part is not quoted so it can't contain specials
         if _specials.search(user):
             raise Errors.MMBadEmailError, s
+    # domain parts may only contain ascii letters, digits and hyphen
+    for p in domain_parts:
+        if len(_valid_domain.sub('', p)) > 0:
+            raise Errors.MMHostileAddress, s
 
 
 

=== modified file 'NEWS'
--- NEWS	2011-09-16 00:13:03 +0000
+++ NEWS	2011-09-16 00:21:55 +0000
@@ -8,6 +8,8 @@
 
   Security
 
+    - Strengthened the validation of email address domains.
+
     - An XSS vulnerability, CVE-2011-0707, has been fixed.
 
   New Features



_______________________________________________
Mailman-checkins mailing list
Mailman-checkins@python.org
Unsubscribe: http://mail.python.org/mailman/options/mailman-checkins/mailman-cvs%40progressive-comp.com



[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic