Bug 419188: [SECURITY] email_in.pl lets you set the changer as @reporter instead…

Bug 419188: [SECURITY] email_in.pl lets you set the changer as @reporter instead of only checking the "From" header - Patch by FrÃ©dÃ©ric Buclin <LpSolit@gmail.com> r=mkanat a=LpSolit

Bug 419188: [SECURITY] email_in.pl lets you set the changer as @reporter instead…
fd87911b · lpsolit%gmail.com · 6d7d31d0 · fd87911b
Commit fd87911b authored May 05, 2008 by lpsolit%gmail.com
Hide whitespace changes
Inline Side-by-side

Showing with 10 additions and 0 deletions

email_in.pl email_in.pl +10 -0

No files found.
--- a/email_in.pl
+++ b/email_in.pl
@@ -106,6 +106,16 @@ sub parse_mail {
            
            if ($line =~ /^@(\S+)\s*=\s*(.*)\s*/) {
                $current_field = lc($1);
+                # It's illegal to pass the reporter field as you could
+                # override the "From:" field of the message and bypass
+                # authentication checks, such as PGP.
+                if ($current_field eq 'reporter') {
+                    # We reset the $current_field variable to something
+                    # post_bug and process_bug will ignore, in case the
+                    # attacker splits the reporter field on several lines.
+                    $current_field = 'illegal_field';
+                    next;
+                }
                $fields{$current_field} = $2;
            }
            else {