From fd87911bb05e072c61628bd313579d06e95f2525 Mon Sep 17 00:00:00 2001
From: "lpsolit%gmail.com" <>
Date: Mon, 5 May 2008 04:55:06 +0000
Subject: [PATCH] =?utf8?q?Bug=20419188:=20[SECURITY]=20email=5Fin.pl=20let?=
 =?utf8?q?s=20you=20set=20the=20changer=20as=20@reporter=20instead=20of=20?=
 =?utf8?q?only=20checking=20the=20"From"=20header=20-=20Patch=20by=20Fr?=
 =?utf8?q?=C3=83=C2=A9d=C3=83=C2=A9ric=20Buclin=20<LpSolit@gmail.com>=20r?=
 =?utf8?q?=3Dmkanat=20a=3DLpSolit?=
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

---
 email_in.pl | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/email_in.pl b/email_in.pl
index 864bdee7f2..81637ebc49 100644
--- a/email_in.pl
+++ b/email_in.pl
@@ -106,6 +106,16 @@ sub parse_mail {
             
             if ($line =~ /^@(\S+)\s*=\s*(.*)\s*/) {
                 $current_field = lc($1);
+                # It's illegal to pass the reporter field as you could
+                # override the "From:" field of the message and bypass
+                # authentication checks, such as PGP.
+                if ($current_field eq 'reporter') {
+                    # We reset the $current_field variable to something
+                    # post_bug and process_bug will ignore, in case the
+                    # attacker splits the reporter field on several lines.
+                    $current_field = 'illegal_field';
+                    next;
+                }
                 $fields{$current_field} = $2;
             }
             else {
-- 
2.47.2