Bug #105021 for HTTP-Body: HTTP::Body fails to check for errors when writing temp files

Sat Jun 06 13:35:48 2015 mods [...] hank.org - Ticket created

Subject:

HTTP::Body fails to check for errors when writing temp files

Both HTTP::Body::Multipart and HTTP::Body::OctetStream write to temp files, but they fail to check the return value when writing to those file handles. Currently, HTTP::Body would ignore theses errors and continue as if everything is fine. This opens a potential DoS attack. Is HTTP::Body on Github?

Sat Jun 06 16:15:54 2015 ether [...] cpan.org - Correspondence added

On 2015-06-06 10:35:48, HANK wrote: Show quoted text

> Both HTTP::Body::Multipart and HTTP::Body::OctetStream write to temp > files, but they fail to check the return value when writing to those > file handles. Currently, HTTP::Body would ignore theses errors and > continue as if everything is fine. > > This opens a potential DoS attack. > > Is HTTP::Body on Github?

It's at git://git.shadowcat.co.uk/catagits/HTTP-Body.git (on the web, http://git.shadowcat.co.uk/gitweb/gitweb.cgi?p=catagits/HTTP-Body.git;a=summary). If you want to create a branch on github that contains a patch, please link to it and I can merge your change back to the main repo.

Sat Jun 06 16:15:55 2015 The RT System itself - Status changed from 'new' to 'open'

Mon Jun 08 18:04:47 2015 mods [...] hank.org - Correspondence added

On Sat Jun 06 16:15:54 2015, ETHER wrote: Show quoted text

> > It's at git://git.shadowcat.co.uk/catagits/HTTP-Body.git (on the web, > http://git.shadowcat.co.uk/gitweb/gitweb.cgi?p=catagits/HTTP- > Body.git;a=summary). > > If you want to create a branch on github that contains a patch, please > link to it and I can merge your change back to the main repo.

Something like this? https://github.com/billmoseley/HTTP-Body/tree/check_return_value_on_write