[SECURITY] Fix RCE in swiftmailer 58/33458/2
authorHelmut Hummel <helmut.hummel@typo3.org>
Wed, 22 Oct 2014 08:14:25 +0000 (10:14 +0200)
committerOliver Hader <oliver.hader@typo3.org>
Wed, 22 Oct 2014 08:14:27 +0000 (10:14 +0200)
A remote code execution vulnerability was fixed upstream
which is now also fixed in the code we deliver with TYPO3.

This is not a full upgrade of the library but a backport
of the security fix.

Change-Id: I498163c13b09cb81c70ab7b4fa576b7a3110cbea
Resolves: #59573
Releases: 4.5, 4.6, 4.7, 6.0, 6.1, 6.2
Security-Commit: e8e192dcb778ca69746e7bd79e66aef14a12a2e2
Security-Bulletin: TYPO3-CORE-SA-2014-002
Reviewed-on: http://review.typo3.org/33458
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
typo3/contrib/swiftmailer/classes/Swift/Transport/SendmailTransport.php

index 95c2e4a..9ce7480 100644 (file)
@@ -114,7 +114,7 @@ class Swift_Transport_SendmailTransport extends Swift_Transport_AbstractSmtpTran
             }
 
             if (false === strpos($command, ' -f')) {
-                $command .= ' -f' . $this->_getReversePath($message);
+                $command .= ' -f' . escapeshellarg($this->_getReversePath($message));
             }
 
             $buffer->initialize(array_merge($this->_params, array('command' => $command)));