1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
|
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=458602
From: Christopher Schmidt <crschmidt@crschmidt.net>
Mail::Internet by default sends a header field which includes the entire
'username' field from /etc/passwd. However, when using 'adduser' to add
a user, that field contains more than just the username: it contains a
comma-seperated list of fields. In some cases, that list of fields
includes, for example, a phone number. Regardless of whether this
information is included, the field will have additional commas included.
From an email sent by caff (from signing-party):
Sender: "Ari,,," <ari@example.com>
The attached patch is a simple change to the code to make the name field
*not* include these commas or other data in the field.
Index: libmailtools-perl-2.13/lib/Mail/Internet.pm
===================================================================
--- libmailtools-perl-2.13.orig/lib/Mail/Internet.pm
+++ libmailtools-perl-2.13/lib/Mail/Internet.pm
@@ -530,6 +530,12 @@ sub cleaned_header_dup()
my $name = eval {local $SIG{__DIE__}; (getpwuid($>))[6]} || $ENV{NAME} ||"";
while($name =~ s/\([^\(\)]*\)//) { 1; }
+
+ # Strip extra fields: adduser-generated usernames have multiple comma
+ # seperated fields, only the first of which should be used to prevent
+ # accidental exposure of system-local information like phone numbers/
+ # room numbers.
+ $name = (split /,/, $name)[0];
if($name =~ /[^\w\s]/)
{ $name =~ s/"/\"/g;
|
