8025 – Taint failure handling Windows short path

Bug 8025 - Taint failure handling Windows short path

Summary: Taint failure handling Windows short path

Status:	RESOLVED FIXED

Alias:	None

Product:	Spamassassin
Classification:	Unclassified
Component:	Regression Tests (show other bugs)
Version:	4.0.0
Hardware:	PC Windows

Importance:	P2 normal
Target Milestone:	4.0.0
Assignee:	SpamAssassin Developer Mailing List

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2022-08-12 23:52 UTC by Sidney Markowitz
Modified:	2022-08-20 11:41 UTC (History)
CC List:	1 user (show)

Attachment	Type	Modified	Status	Actions	Submitter/CLA Status
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sidney Markowitz 2022-08-12 23:52:38 UTC

The fix for bug 8010 does not handle the '~' character in Windows short paths. This is showing up as the same test failures as in bug 8010 when a test encounters the short form of a directory name.

Comment 1 Sidney Markowitz 2022-08-13 00:53:10 UTC

The problem of untainting Windows file paths was already properly solved in Mail::SpamAssassin::Utils::untaint_file_path() but it couldn't be called directly in this case. Fix was to copy/paste to use the same pattern as that sub uses.

trunk % svn ci -m "bug 8025 - Use better untaint pattern for Windows file paths than the incomplete fix for bug 8010" lib/Mail/SpamAssassin.pm 
Sending        lib/Mail/SpamAssassin.pm
Transmitting file data .done
Committing transaction...
Committed revision 1903383.

Comment 2 Sidney Markowitz 2022-08-20 11:41:57 UTC

trunk % svn ci -m "bug 8025 - Add a comment referencing this issue to the fix already committed"  
Sending        lib/Mail/SpamAssassin.pm
Transmitting file data .done
Committing transaction...
Committed revision 1903595.