| |
@@ -0,0 +1,117 @@
|
| |
+ From c3caa02fe5e48e02a2ff2c0f409317022b05d34f Mon Sep 17 00:00:00 2001
|
| |
+ From: Petr Viktorin <encukou@gmail.com>
|
| |
+ Date: Fri, 3 Jun 2022 11:43:35 +0200
|
| |
+ Subject: [PATCH] 00382: CVE-2015-20107
|
| |
+
|
| |
+ Make mailcap refuse to match unsafe filenames/types/params (GH-91993)
|
| |
+
|
| |
+ Upstream: https://github.com/python/cpython/issues/68966
|
| |
+
|
| |
+ Tracker bug: https://bugzilla.redhat.com/show_bug.cgi?id=2075390
|
| |
+ ---
|
| |
+ lib-python/3/mailcap.py | 26 ++++++++++++++++++++++++--
|
| |
+ lib-python/3/test/test_mailcap.py | 8 ++++++--
|
| |
+ 2 files changed, 30 insertions(+), 4 deletions(-)
|
| |
+
|
| |
+ diff --git a/lib-python/3/mailcap.py b/lib-python/3/mailcap.py
|
| |
+ index ae416a8..444c640 100644
|
| |
+ --- a/lib-python/3/mailcap.py
|
| |
+ +++ b/lib-python/3/mailcap.py
|
| |
+ @@ -2,6 +2,7 @@
|
| |
+
|
| |
+ import os
|
| |
+ import warnings
|
| |
+ +import re
|
| |
+
|
| |
+ __all__ = ["getcaps","findmatch"]
|
| |
+
|
| |
+ @@ -13,6 +14,11 @@ def lineno_sort_key(entry):
|
| |
+ else:
|
| |
+ return 1, 0
|
| |
+
|
| |
+ +_find_unsafe = re.compile(r'[^\xa1-\U0010FFFF\w@+=:,./-]').search
|
| |
+ +
|
| |
+ +class UnsafeMailcapInput(Warning):
|
| |
+ + """Warning raised when refusing unsafe input"""
|
| |
+ +
|
| |
+
|
| |
+ # Part 1: top-level interface.
|
| |
+
|
| |
+ @@ -165,15 +171,22 @@ def findmatch(caps, MIMEtype, key='view', filename="/dev/null", plist=[]):
|
| |
+ entry to use.
|
| |
+
|
| |
+ """
|
| |
+ + if _find_unsafe(filename):
|
| |
+ + msg = "Refusing to use mailcap with filename %r. Use a safe temporary filename." % (filename,)
|
| |
+ + warnings.warn(msg, UnsafeMailcapInput)
|
| |
+ + return None, None
|
| |
+ entries = lookup(caps, MIMEtype, key)
|
| |
+ # XXX This code should somehow check for the needsterminal flag.
|
| |
+ for e in entries:
|
| |
+ if 'test' in e:
|
| |
+ test = subst(e['test'], filename, plist)
|
| |
+ + if test is None:
|
| |
+ + continue
|
| |
+ if test and os.system(test) != 0:
|
| |
+ continue
|
| |
+ command = subst(e[key], MIMEtype, filename, plist)
|
| |
+ - return command, e
|
| |
+ + if command is not None:
|
| |
+ + return command, e
|
| |
+ return None, None
|
| |
+
|
| |
+ def lookup(caps, MIMEtype, key=None):
|
| |
+ @@ -206,6 +219,10 @@ def subst(field, MIMEtype, filename, plist=[]):
|
| |
+ elif c == 's':
|
| |
+ res = res + filename
|
| |
+ elif c == 't':
|
| |
+ + if _find_unsafe(MIMEtype):
|
| |
+ + msg = "Refusing to substitute MIME type %r into a shell command." % (MIMEtype,)
|
| |
+ + warnings.warn(msg, UnsafeMailcapInput)
|
| |
+ + return None
|
| |
+ res = res + MIMEtype
|
| |
+ elif c == '{':
|
| |
+ start = i
|
| |
+ @@ -213,7 +230,12 @@ def subst(field, MIMEtype, filename, plist=[]):
|
| |
+ i = i+1
|
| |
+ name = field[start:i]
|
| |
+ i = i+1
|
| |
+ - res = res + findparam(name, plist)
|
| |
+ + param = findparam(name, plist)
|
| |
+ + if _find_unsafe(param):
|
| |
+ + msg = "Refusing to substitute parameter %r (%s) into a shell command" % (param, name)
|
| |
+ + warnings.warn(msg, UnsafeMailcapInput)
|
| |
+ + return None
|
| |
+ + res = res + param
|
| |
+ # XXX To do:
|
| |
+ # %n == number of parts if type is multipart/*
|
| |
+ # %F == list of alternating type and filename for parts
|
| |
+ diff --git a/lib-python/3/test/test_mailcap.py b/lib-python/3/test/test_mailcap.py
|
| |
+ index c08423c..920283d 100644
|
| |
+ --- a/lib-python/3/test/test_mailcap.py
|
| |
+ +++ b/lib-python/3/test/test_mailcap.py
|
| |
+ @@ -121,7 +121,8 @@ class HelperFunctionTest(unittest.TestCase):
|
| |
+ (["", "audio/*", "foo.txt"], ""),
|
| |
+ (["echo foo", "audio/*", "foo.txt"], "echo foo"),
|
| |
+ (["echo %s", "audio/*", "foo.txt"], "echo foo.txt"),
|
| |
+ - (["echo %t", "audio/*", "foo.txt"], "echo audio/*"),
|
| |
+ + (["echo %t", "audio/*", "foo.txt"], None),
|
| |
+ + (["echo %t", "audio/wav", "foo.txt"], "echo audio/wav"),
|
| |
+ (["echo \\%t", "audio/*", "foo.txt"], "echo %t"),
|
| |
+ (["echo foo", "audio/*", "foo.txt", plist], "echo foo"),
|
| |
+ (["echo %{total}", "audio/*", "foo.txt", plist], "echo 3")
|
| |
+ @@ -205,7 +206,10 @@ class FindmatchTest(unittest.TestCase):
|
| |
+ ('"An audio fragment"', audio_basic_entry)),
|
| |
+ ([c, "audio/*"],
|
| |
+ {"filename": fname},
|
| |
+ - ("/usr/local/bin/showaudio audio/*", audio_entry)),
|
| |
+ + (None, None)),
|
| |
+ + ([c, "audio/wav"],
|
| |
+ + {"filename": fname},
|
| |
+ + ("/usr/local/bin/showaudio audio/wav", audio_entry)),
|
| |
+ ([c, "message/external-body"],
|
| |
+ {"plist": plist},
|
| |
+ ("showexternal /dev/null default john python.org /tmp foo bar", message_entry))
|
| |
+ --
|
| |
+ 2.35.3
|
| |
+
|
| |
Fixes: rhbz#2075390