Skip Menu |

This queue is for tickets about the Mail-DKIM CPAN distribution.

Report information
The Basics
Id: 106485
Status: resolved
Priority: 0/
Queue: Mail-DKIM
People
Owner: mbradshaw [...] cpan.org
Requestors: sewi [...] cpan.org
Cc:
AdminCc:
Bug Information
Severity: (no value)
Broken in:
  • 0.39
  • 0.39_5
  • 0.39_6
  • 0.39_7
  • 0.40
Fixed in: 0.41

History Show all quoted text
  Mon Aug 17 01:27:42 2015 sewi [...] cpan.org - Ticket created
Subject: Mail::DKIM::PrivateKey->load tampering $_ and <FILE>
In Mail/DKIM/PrivateKey.pm's sub load: open FILE, "<", $prms{'File'} or die "Error: cannot read $prms{File}: $!\n"; while (<FILE>) { These lines cause two problems: 1. Anybody else (CPAN module or the users source) using FILE as named file handle will get into trouble. Using named fhs isn't good behavior, but even worse when done by CPAN modules. FILE should be replaced by $key_file or $key_fh, preferably as open my $key_fh,... 2. while (<FILE>) reverse-tampers $_ if the load function is called within a loop without own loop variable (e.g. for (@keys) { Mail::DKIM::PrivateKey->load(File => $_ }). It's also a problem of the calling source, but you could avoid problems by using while (my $line = <FILE>) { instead.
  Thu Mar 16 23:53:08 2017 mbradshaw [...] cpan.org - Taken
  Thu Mar 16 23:55:41 2017 mbradshaw [...] cpan.org - Correspondence added
Thanks, I'll fix this up for the next release.
  Thu Mar 16 23:55:42 2017 The RT System itself - Status changed from 'new' to 'open'
  Fri Apr 14 07:16:23 2017 mbradshaw [...] cpan.org - Status changed from 'open' to 'resolved'
  Fri Apr 14 07:16:29 2017 mbradshaw [...] cpan.org - Fixed in 0.41 added