[Bug 1661810] [NEW] Certain Malformed list names throw TypeError: in roster CGI
Mark Sapiro
mark at msapiro.net
Sat Feb 4 01:07:25 EST 2017
Public bug reported:
We've seen attacks visiting URLs such as
<http://example.com/mailman/roster/python-
dev%2522%252dswffelqj%252d%2522>. The list name after unescaping is
python-dev%22%2dswffelqj%2d%22 which websafes to the same thing.
Ultimately, this calls
error_page(_('No such list <em>%(safelistname)s</em>'))
which in turn calls
error_page_doc(doc, errmsg)
with the translated error message. The problem is error_page_doc is
defined as
def error_page_doc(doc, errmsg, *args):
even though it is never called with any additional args. It then tries
to interpolate the (empty) args into the errmsg string which in this
case contains a '%' an results in
TypeError: not enough arguments for format string
The solution, since error_page_doc is never called with extra arguments
is to just drop the *args and the attempted interpolation.
** Affects: mailman
Importance: Low
Assignee: Mark Sapiro (msapiro)
Status: In Progress
--
You received this bug notification because you are a member of Mailman
Coders, which is subscribed to GNU Mailman.
https://bugs.launchpad.net/bugs/1661810
Title:
Certain Malformed list names throw TypeError: in roster CGI
To manage notifications about this bug go to:
https://bugs.launchpad.net/mailman/+bug/1661810/+subscriptions
More information about the Mailman-coders
mailing list