Unverified Commit 4e2730f4 authored by IKEDA Soji's avatar IKEDA Soji Committed by GitHub
Browse files

Merge pull request #904 from ikedas/issue-860 by ikedas

Scenario: Prevent crashing by fatal error in syntax of regexp (#860)
parents ba429c61 1d3acd86
......@@ -35,6 +35,7 @@ check_SCRIPTS = \
t/Message_smime.t \
t/Message_urlize.t \
t/Regexps.t \
t/Scenario.t \
t/Tools_Data.t \
t/Tools_File.t \
t/Tools_Password.t \
......
......@@ -668,7 +668,10 @@ sub _compile_condition {
# Fix orphan "'" and "\".
$re =~ s{(\\.|.)}{($1 eq "'" or $1 eq "\\")? "\\$1" : $1}eg;
# regexp w/o interpolates
unless (defined eval sprintf "qr'%s'i", $re) {
unless (
defined
do { local $SIG{__DIE__}; eval sprintf "qr'%s'i", $re }
) {
$log->syslog('err', 'Bad regexp /%s/: %s', $re, $EVAL_ERROR);
return undef;
}
......@@ -973,7 +976,7 @@ sub safe_qr {
my $domain = $context->{domain};
$domain =~ s/[.]/[.]/g;
$re =~ s/[[](domain|host)[]]/$domain/g;
return eval sprintf "qr'%s'i", $re;
return do { local $SIG{__DIE__}; eval sprintf "qr'%s'i", $re };
}
##### condition : true
......
# -*- indent-tabs-mode: nil; -*-
# vim:ft=perl:et:sw=4
use lib qw(t/stub);
use strict;
use warnings;
use English qw(-no_match_vars);
use File::Path qw(make_path rmtree);
use Test::More;
BEGIN {
use_ok('Sympa::Scenario');
}
%Conf::Conf = (
domain => 'lists.example.com', # mandatory
listmaster => 'dude@example.com', # mandatory
etc => 't/tmp/etc',
);
my $domain = $Conf::Conf{'domain'};
my $list = bless {
name => 'listname',
domain => $domain,
dir => Sympa::Constants::EXPLDIR() . '/listname',
admin => {status => 'open'}
} => 'Sympa::List';
make_path $Conf::Conf{'etc'} . '/scenari' or die $ERRNO;
my $scenario;
# Nonexisting scenarios.
$scenario = Sympa::Scenario->new($domain, 'create_list', name => 'none');
is(($scenario->authz('smtp', {}) || {})->{action}, 'reject');
$scenario = Sympa::Scenario->new($list, 'visibility', name => 'none');
is(($scenario->authz('smtp', {}) || {})->{action}, 'reject');
# ToDo: compile()
# GH issue #860: Crash by bad syntax of regexp
open my $fh, '>', $Conf::Conf{'etc'} . '/scenari/send.bad_regexp';
print $fh <<'EOF';
match([sender],/[custom_vars->sender_whitelist]/) smtp,dkim,md5,smime -> do_it
EOF
close $fh;
$scenario = Sympa::Scenario->new($list, 'send', name => 'bad_regexp');
is(($scenario->authz('smtp', {}) || {})->{action},
'reject', 'bad regexp syntax');
# ... and legitimate case
open my $fh, '>', $Conf::Conf{'etc'} . '/scenari/send.good_regexp';
print $fh <<'EOF';
match([sender],/[domain]/) smtp,dkim,md5,smime -> do_it
EOF
close $fh;
$scenario = Sympa::Scenario->new($list, 'send', name => 'good_regexp');
is( ($scenario->authz('smtp', {sender => 'me@lists.example.com'}) || {})
->{action},
'do_it',
'good regexp'
);
rmtree 't/tmp' or die $ERRNO;
done_testing();
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment