[Bug 1667215] [NEW] Uncaught TypeError in subscribe CGI with multiple digest flags in post/query data

Mark Sapiro mark at msapiro.net
Thu Feb 23 00:46:24 EST 2017


Public bug reported:

If a malicious user, bot or whatever POSTs or GETs with query data to
the subscribe CGI and the data contains multiple 'digest=' fragments,
the resultant digest data seen by the subscribe CGI is a list rather
than a string. The CGI calls int() on this which throws TypeError.

The int() call is already in a try: that catches ValueError. It needs to
catch TypeError too.

** Affects: mailman
     Importance: Low
     Assignee: Mark Sapiro (msapiro)
         Status: In Progress

-- 
You received this bug notification because you are a member of Mailman
Coders, which is subscribed to GNU Mailman.
https://bugs.launchpad.net/bugs/1667215

Title:
  Uncaught TypeError in subscribe CGI with multiple digest flags in
  post/query data

To manage notifications about this bug go to:
https://bugs.launchpad.net/mailman/+bug/1667215/+subscriptions


More information about the Mailman-coders mailing list