Re: Vulnerabilities in PGPMail.pl

[Markus Bertheau <twanger () bluetwanger de>]

On Fri, 2001-11-30 at 04:45, joetesta () hushmail com wrote:
> >       # The PGP user id must be passed via command line, so make sure
> >       #     that only legal characters are present.  Fixed by Joe Testa
> >       #     (joetesta () hushmail com).
> >       $theUserID = $CONFIG{'pgpuserid'};
> >       $theUserID =~ /([a-zA-Z0-9]+)/;
> >       $theUserID = $1;
> >       $ret_val = open (PGP, "|$pgpprog -fea +VERBOSE=0 \"$CONFIG{$theUserID}\" > $pgptmp");
must be
$ret_val = open (PGP, "|$pgpprog -fea +VERBOSE=0 \"$theUserID\" >
$pgptmp");

Markus Bertheau

Attachment: _bin
Description: