From aa8ae14367b1d855a1b93ebde1f31998b3e0ab54 Mon Sep 17 00:00:00 2001
From: Hanno Hecker <vetinari@ankh-morp.org>
Date: Sat, 27 Oct 2007 09:05:04 +0000
Subject: [PATCH] Fix issue #23, reported w/ patch by ulr...@topfen.net

git-svn-id: https://svn.perl.org/qpsmtpd/trunk@812 958fd67b-6ff1-0310-b445-bb7760255be9
---
 lib/Qpsmtpd/Postfix.pm      | 12 ++++++++----
 plugins/queue/postfix-queue |  7 +++++--
 2 files changed, 13 insertions(+), 6 deletions(-)

diff --git a/lib/Qpsmtpd/Postfix.pm b/lib/Qpsmtpd/Postfix.pm
index fb7e841..f3f5d11 100644
--- a/lib/Qpsmtpd/Postfix.pm
+++ b/lib/Qpsmtpd/Postfix.pm
@@ -90,10 +90,14 @@ sub print_rec_time {
 }
 
 sub open_cleanup {
-  my ($class) = @_;
+  my ($class, $socket) = @_;
+
+  $socket = "/var/spool/postfix/public/cleanup"
+    unless defined $socket;
+
   my $self = IO::Socket::UNIX->new(Type => SOCK_STREAM,
-  				   Peer => "/var/spool/postfix/public/cleanup");
-  die qq[Couldn't open unix socket "/var/spool/postfix/public/cleanup": $!] unless ref $self;
+  				   Peer => $socket);
+  die qq(Couldn't open unix socket "$socket": $!) unless ref $self;
   # allow buffered writes
   $self->autoflush(0);
   bless ($self, $class);
@@ -159,7 +163,7 @@ $transaction is supposed to be a Qpsmtpd::Transaction object.
 sub inject_mail {
   my ($class, $transaction) = @_;
 
-  my $strm = $class->open_cleanup();
+  my $strm = $class->open_cleanup($transaction->notes('postfix-queue-socket'));
 
   my %at = $strm->get_attr;
   my $qid = $at{queue_id};
diff --git a/plugins/queue/postfix-queue b/plugins/queue/postfix-queue
index fa471c5..8b3a3c0 100644
--- a/plugins/queue/postfix-queue
+++ b/plugins/queue/postfix-queue
@@ -128,8 +128,10 @@ sub register {
                         ."v$postfix_version");
     $self->{_queue_flags} = 0;
     if (@args > 0) {
-        if ($args[0] =~ m#^/#) {
-            $self->{_queue_socket} = shift @args;
+        if ($args[0] =~ m#^(/.+)#) {
+            # untaint socket path
+            $self->{_queue_socket} = $1;
+            shift @args;
         }
         else {
             $self->{_queue_socket} = "/var/spool/postfix/public/cleanup";
@@ -157,6 +159,7 @@ sub register {
 sub hook_queue {
     my ($self, $transaction) = @_;
     $transaction->notes('postfix-queue-flags', $self->{_queue_flags});
+    $transaction->notes('postfix-queue-socket', $self->{_queue_socket});
 
     # $self->log(LOGDEBUG, "queue-flags=".$transaction->notes('postfix-queue-flags'));
     my ($status, $qid, $reason) = Qpsmtpd::Postfix->inject_mail($transaction);