Uncaught TypeError in subscribe CGI with multiple digest flags in post/query data
Bug #1667215 reported by
Mark Sapiro
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
GNU Mailman |
Fix Released
|
Low
|
Mark Sapiro |
Bug Description
If a malicious user, bot or whatever POSTs or GETs with query data to the subscribe CGI and the data contains multiple 'digest=' fragments, the resultant digest data seen by the subscribe CGI is a list rather than a string. The CGI calls int() on this which throws TypeError.
The int() call is already in a try: that catches ValueError. It needs to catch TypeError too.
Related branches
Changed in mailman: | |
status: | In Progress → Fix Committed |
Changed in mailman: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.