[SECURITY] Fix RCE in swiftmailer 48/33448/2
authorHelmut Hummel <helmut.hummel@typo3.org>
Wed, 22 Oct 2014 08:13:48 +0000 (10:13 +0200)
committerOliver Hader <oliver.hader@typo3.org>
Wed, 22 Oct 2014 08:13:56 +0000 (10:13 +0200)
A remote code execution vulnerability was fixed upstream
which is now also fixed in the code we deliver with TYPO3.

This is not a full upgrade of the library but a backport
of the security fix.

Change-Id: I17c960e0c087b011032754839a2dafb0e2e57b50
Resolves: #59573
Releases: 4.5, 4.6, 4.7, 6.0, 6.1, 6.2
Security-Commit: 59331a6bfbcba0f7f0683a3bd0726670f2e1c7b5
Security-Bulletin: TYPO3-CORE-SA-2014-002
Reviewed-on: http://review.typo3.org/33448
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
typo3/contrib/swiftmailer/classes/Swift/Transport/SendmailTransport.php

index 2c1a04a..456a731 100644 (file)
@@ -115,7 +115,7 @@ class Swift_Transport_SendmailTransport
 
       if (false === strpos($command, ' -f'))
       {
-        $command .= ' -f' . $this->_getReversePath($message);
+        $command .= ' -f' . escapeshellarg($this->_getReversePath($message));
       }
 
       $buffer->initialize(array_merge($this->_params, array('command' => $command)));