From f07bd4752110d7ea74465c719ca4bfcb163eba6e Mon Sep 17 00:00:00 2001 From: jeremy Date: Thu, 10 Feb 2011 01:39:47 +0000 Subject: [PATCH] Fix "Vulnerability in Sendmail Delivery Agent code", which allowed arbitrary code execution. Details at http://groups.google.com/group/mail-ruby/browse_thread/thread/e93bbd05706478dd OK ajacoutot@ --- mail/ruby-mail/Makefile | 4 +- ...tch-lib_mail_core_extensions_shellwords_rb | 63 +++++++++++++++++++ ..._mail_network_delivery_methods_sendmail_rb | 20 ++++++ mail/ruby-mail/patches/patch-lib_mail_rb | 22 +++++++ mail/ruby-mail/pkg/PLIST | 3 +- 5 files changed, 109 insertions(+), 3 deletions(-) create mode 100644 mail/ruby-mail/patches/patch-lib_mail_core_extensions_shellwords_rb create mode 100644 mail/ruby-mail/patches/patch-lib_mail_network_delivery_methods_sendmail_rb create mode 100644 mail/ruby-mail/patches/patch-lib_mail_rb diff --git a/mail/ruby-mail/Makefile b/mail/ruby-mail/Makefile index 8d9b8bc52f6..1d7fe7672d1 100644 --- a/mail/ruby-mail/Makefile +++ b/mail/ruby-mail/Makefile @@ -1,9 +1,9 @@ -# $OpenBSD: Makefile,v 1.2 2011/01/06 04:24:24 jeremy Exp $ +# $OpenBSD: Makefile,v 1.3 2011/02/10 01:39:47 jeremy Exp $ COMMENT= easy email delivery and testing for ruby DISTNAME= mail-2.2.10 -REVISION = 0 +REVISION = 1 CATEGORIES= mail # MIT License diff --git a/mail/ruby-mail/patches/patch-lib_mail_core_extensions_shellwords_rb b/mail/ruby-mail/patches/patch-lib_mail_core_extensions_shellwords_rb new file mode 100644 index 00000000000..b15a3f8decb --- /dev/null +++ b/mail/ruby-mail/patches/patch-lib_mail_core_extensions_shellwords_rb @@ -0,0 +1,63 @@ +$OpenBSD: patch-lib_mail_core_extensions_shellwords_rb,v 1.1 2011/02/10 01:39:47 jeremy Exp $ + +Fix for "Vulnerability in Sendmail Delivery Agent code". + +--- lib/mail/core_extensions/shellwords.rb.orig Wed Feb 9 09:21:19 2011 ++++ lib/mail/core_extensions/shellwords.rb Wed Feb 9 09:21:19 2011 +@@ -0,0 +1,55 @@ ++# The following is imported from ruby 1.9.2 shellwords.rb ++# ++module Shellwords ++ # Escapes a string so that it can be safely used in a Bourne shell ++ # command line. ++ # ++ # Note that a resulted string should be used unquoted and is not ++ # intended for use in double quotes nor in single quotes. ++ # ++ # open("| grep #{Shellwords.escape(pattern)} file") { |pipe| ++ # # ... ++ # } ++ # ++ # +String#shellescape+ is a shorthand for this function. ++ # ++ # open("| grep #{pattern.shellescape} file") { |pipe| ++ # # ... ++ # } ++ # ++ def shellescape(str) ++ # An empty argument will be skipped, so return empty quotes. ++ return "''" if str.empty? ++ ++ str = str.dup ++ ++ # Process as a single byte sequence because not all shell ++ # implementations are multibyte aware. ++ str.gsub!(/([^A-Za-z0-9_\-.,:\/@\n])/n, "\\\\\\1") ++ ++ # A LF cannot be escaped with a backslash because a backslash + LF ++ # combo is regarded as line continuation and simply ignored. ++ str.gsub!(/\n/, "'\n'") ++ ++ return str ++ end ++ ++ module_function :shellescape ++ ++ class << self ++ alias escape shellescape ++ end ++ ++end ++ ++class String ++ # call-seq: ++ # str.shellescape => string ++ # ++ # Escapes +str+ so that it can be safely used in a Bourne shell ++ # command line. See +Shellwords::shellescape+ for details. ++ # ++ def shellescape ++ Shellwords.escape(self) ++ end ++end +\ No newline at end of file diff --git a/mail/ruby-mail/patches/patch-lib_mail_network_delivery_methods_sendmail_rb b/mail/ruby-mail/patches/patch-lib_mail_network_delivery_methods_sendmail_rb new file mode 100644 index 00000000000..490f56b3c9c --- /dev/null +++ b/mail/ruby-mail/patches/patch-lib_mail_network_delivery_methods_sendmail_rb @@ -0,0 +1,20 @@ +$OpenBSD: patch-lib_mail_network_delivery_methods_sendmail_rb,v 1.1 2011/02/10 01:39:47 jeremy Exp $ + +Fix for "Vulnerability in Sendmail Delivery Agent code". + +--- lib/mail/network/delivery_methods/sendmail.rb.orig Wed Dec 31 16:00:00 1969 ++++ lib/mail/network/delivery_methods/sendmail.rb Wed Feb 9 09:21:19 2011 +@@ -45,11 +45,11 @@ module Mail + + def deliver!(mail) + envelope_from = mail.return_path || mail.sender || mail.from_addrs.first +- return_path = "-f \"#{envelope_from}\"" if envelope_from ++ return_path = "-f \"#{envelope_from.to_s.shellescape}\"" if envelope_from + + arguments = [settings[:arguments], return_path].compact.join(" ") + +- Sendmail.call(settings[:location], arguments, mail.destinations.join(" "), mail) ++ Sendmail.call(settings[:location], arguments, mail.destinations.collect(&:shellescape).join(" "), mail) + end + + def Sendmail.call(path, arguments, destinations, mail) diff --git a/mail/ruby-mail/patches/patch-lib_mail_rb b/mail/ruby-mail/patches/patch-lib_mail_rb new file mode 100644 index 00000000000..52fab9423f0 --- /dev/null +++ b/mail/ruby-mail/patches/patch-lib_mail_rb @@ -0,0 +1,22 @@ +$OpenBSD: patch-lib_mail_rb,v 1.1 2011/02/10 01:39:47 jeremy Exp $ + +Fix for "Vulnerability in Sendmail Delivery Agent code". + +--- lib/mail.rb.orig Wed Dec 31 16:00:00 1969 ++++ lib/mail.rb Wed Feb 9 09:22:07 2011 +@@ -2,6 +2,7 @@ + module Mail # :doc: + + require 'date' ++ require 'shellwords' + + require 'active_support' + require 'active_support/core_ext/hash/indifferent_access' +@@ -31,6 +32,7 @@ module Mail # :doc: + require 'mail/version' + + require 'mail/core_extensions/nil' ++ require 'mail/core_extensions/shellwords' unless String.new.respond_to?(:shellescape) + require 'mail/core_extensions/string' + + require 'mail/patterns' diff --git a/mail/ruby-mail/pkg/PLIST b/mail/ruby-mail/pkg/PLIST index 1d4f6a091b3..11516db727b 100644 --- a/mail/ruby-mail/pkg/PLIST +++ b/mail/ruby-mail/pkg/PLIST @@ -1,4 +1,4 @@ -@comment $OpenBSD: PLIST,v 1.1.1.1 2010/12/08 21:26:43 jeremy Exp $ +@comment $OpenBSD: PLIST,v 1.2 2011/02/10 01:39:47 jeremy Exp $ ${GEM_LIB}/cache/${DISTNAME}.gem ${GEM_LIB}/gems/${DISTNAME}/ ${GEM_LIB}/gems/${DISTNAME}/CHANGELOG.rdoc @@ -14,6 +14,7 @@ ${GEM_LIB}/gems/${DISTNAME}/lib/mail/body.rb ${GEM_LIB}/gems/${DISTNAME}/lib/mail/configuration.rb ${GEM_LIB}/gems/${DISTNAME}/lib/mail/core_extensions/ ${GEM_LIB}/gems/${DISTNAME}/lib/mail/core_extensions/nil.rb +${GEM_LIB}/gems/${DISTNAME}/lib/mail/core_extensions/shellwords.rb ${GEM_LIB}/gems/${DISTNAME}/lib/mail/core_extensions/string.rb ${GEM_LIB}/gems/${DISTNAME}/lib/mail/elements/ ${GEM_LIB}/gems/${DISTNAME}/lib/mail/elements.rb