[Esd-l] Oops: buglet in 1.141

John D. Hardin jhardin at impsec.org
Thu Mar 11 19:35:38 PST 2004 

The ZIP scanner in 1.141 doesn't anchor it's test on the end of the
filename, (ah the perils of cut-n-paste programming and inadequate
test sets...) thus a zip containing "fnord.exe.safe-ext" would be
trapped by a filespec of "*.exe" when it shouldn't be.

This patch fixes the problem.

1) save the patch to the same directory as the scanner
2) back up the scanner:   cp -vp html-trap.procmail html-trap.141
3) apply the patch    :   patch < zipscan141.patch

On the bright side, this fails paranoid rather then failing insecure.

Alternative to the patch: put a $ on the end of all your
ZIPPED_EXECUTABLES filespecs. (But you'll have to undo that when 1.142
is installed.)

--
 John Hardin KA7OHZ    ICQ#15735746    http://www.impsec.org/~jhardin/
 jhardin at impsec.org    FALaholic #11174    pgpk -a jhardin at impsec.org
 key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
  "Bother," said Pooh as he struggled with /etc/sendmail.cf, "it never
  does quite what I want. I wish Christopher Robin was here."
				-- Peter da Silva in a.s.r
-----------------------------------------------------------------------
   23 days until the Slovakian Presidential Election
*** html-trap.procmail	2004-03-01 06:10:03-08	1.141
--- html-trap.procmail	2004-03-11 16:28:34-08
***************
*** 921,928 ****
  		      $pol_spec =~ s/\*/.*/g;	#\
  		      $pol_spec =~ s/([^\(])\?/$1./g;	#\
  		      warn "   Checking against \"$pol_spec\"\n" if $ENV{"DEBUG"};	#\
! 		      if ($filen =~ /^${pol_spec}/i) {	#\
! 			warn "   Trapped \"$filen\".\n";	#\
  			$filen =~ s/\s{10,}/ (many spaces) /;	#\
  			if (!$poisoned) {	#\
  			  print "\n\n--$rawbdry\n";	#\
--- 921,928 ----
  		      $pol_spec =~ s/\*/.*/g;	#\
  		      $pol_spec =~ s/([^\(])\?/$1./g;	#\
  		      warn "   Checking against \"$pol_spec\"\n" if $ENV{"DEBUG"};	#\
! 		      if ($filen =~ /^${pol_spec}$/i) {	#\
! 			warn "   Trapped zipped \"$filen\".\n";	#\
  			$filen =~ s/\s{10,}/ (many spaces) /;	#\
  			if (!$poisoned) {	#\
  			  print "\n\n--$rawbdry\n";	#\

More information about the esd-l mailing list