This patch fixes a couple of obscure bug in the followings versions of INN. 1.4sec If you are still running this version it's recommended that you upgrade to 1.5.1 (ftp://ftp.isc.org/isc/inn/inn-1.5.1.tar.gz) Thanks to Matt Power for finding this. James Brister inn@isc.org --------------------------------------------------------------------------- *** parsecontrol.orig Fri Jan 29 17:52:21 1993 --- parsecontrol Fri Dec 6 12:36:06 1996 *************** *** 8,14 **** AZ=ABCDEFGHIJKLMNOPQRSTUVWXYZ az=abcdefghijklmnopqrstuvwxyz ! FROM="`echo \"$1\" | tr ${AZ} ${az}`" REPLYTO="$2" case "$3" in "") --- 8,16 ---- AZ=ABCDEFGHIJKLMNOPQRSTUVWXYZ az=abcdefghijklmnopqrstuvwxyz ! ZN=0123456789 ! # Attempt to sanitize the address ! FROM="`echo \"$1\" | tr ${AZ} ${az} | tr -dc \\\055${az}${ZN}+_.@%`" REPLYTO="$2" case "$3" in "") *************** *** 41,50 **** shift else rm -f ${TEMP} ! ${MAILCMD} -s "Bad header by ${FROM}" \ ! ${NEWSMASTER} <${ARTICLE} exit fi fi ACTION=mail --- 43,68 ---- shift else rm -f ${TEMP} ! ${SED} -e 's/^~/~~/' < ${ARTICLE} \ ! | ${MAILCMD} -s "Bad header by ${FROM}" ${NEWSMASTER} exit fi + fi + + # Check characters in values of variables that will be inside an eval + TRANS1="`echo \"$1\" | tr ${AZ} ${az} | tr -dc \\\055${az}${ZN}+_.`" + if [ ${1}X != ${TRANS1}X ]; then + rm -f ${TEMP} + ${SED} -e 's/^~/~~/' < ${ARTICLE} \ + | ${MAILCMD} -s "Malformed newsgroup name by ${FROM}" ${NEWSMASTER} + exit + fi + TRANSP="`echo \"$PROG\" | tr ${AZ} ${az} | tr -dc \\\055${az}${ZN}+_.`" + if [ ${PROG}X != ${TRANSP}X ]; then + rm -f ${TEMP} + ${SED} -e 's/^~/~~/' < ${ARTICLE} \ + | ${MAILCMD} -s "Unexpected program name by ${FROM}" ${NEWSMASTER} + exit fi ACTION=mail