GNU Mailman

Uncaught TypeError in subscribe CGI with multiple digest flags in post/query data

Bug #1667215 reported by Mark Sapiro
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
GNU Mailman
Fix Released
Low
Mark Sapiro
GNU Mailman 2.1.24

Bug Description

If a malicious user, bot or whatever POSTs or GETs with query data to the subscribe CGI and the data contains multiple 'digest=' fragments, the resultant digest data seen by the subscribe CGI is a list rather than a string. The CGI calls int() on this which throws TypeError.

The int() call is already in a try: that catches ValueError. It needs to catch TypeError too.

Related branches

lp:mailman/2.1
Mark Sapiro (msapiro)
Changed in mailman:
status: In Progress → Fix Committed
Mark Sapiro (msapiro)
Changed in mailman:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.