This patch fixes an obscure bug in the following versions of INN. 1.4unoff3 and 1.4unoff4 Thanks to Matt Power for finding this and supplying the fix. James Brister inn@isc.org --------------------------------------------------------------------------- *** inn1.4unoff4/samples/parsecontrol Mon Aug 7 15:51:08 1995 --- inn1.4unoff4/samples/parsecontrol.new Thu Mar 6 23:21:54 1997 *************** *** 10,16 **** az=abcdefghijklmnopqrstuvwxyz ZN=0123456789 # Attempt to sanitize the address ! FROM="`echo \"$1\" | tr ${AZ} ${az} | tr -dc ${az}${ZN}+-_.@%`" REPLYTO="$2" case "$3" in "") --- 10,16 ---- az=abcdefghijklmnopqrstuvwxyz ZN=0123456789 # Attempt to sanitize the address ! FROM="`echo \"$1\" | tr ${AZ} ${az} | tr -dc \\\055${az}${ZN}+_.@%`" REPLYTO="$2" case "$3" in "") *************** *** 47,52 **** --- 47,68 ---- | ${MAILCMD} -s "Bad header by ${FROM}" ${NEWSMASTER} exit fi + fi + + # Check characters in values of variables that will be inside an eval + TRANS1="`echo \"$1\" | tr ${AZ} ${az} | tr -dc \\\055${az}${ZN}+_.`" + if [ ${1}X != ${TRANS1}X ]; then + rm -f ${TEMP} + ${SED} -e 's/^~/~~/' < ${ARTICLE} \ + | ${MAILCMD} -s "Malformed newsgroup name by ${FROM}" ${NEWSMASTER} + exit + fi + TRANSP="`echo \"$PROG\" | tr ${AZ} ${az} | tr -dc \\\055${az}${ZN}+_.`" + if [ ${PROG}X != ${TRANSP}X ]; then + rm -f ${TEMP} + ${SED} -e 's/^~/~~/' < ${ARTICLE} \ + | ${MAILCMD} -s "Unexpected program name by ${FROM}" ${NEWSMASTER} + exit fi ACTION=mail