Bug #38933 for Apache-Session: Apache::Session::File should detaint session id to run in taint mode

RT for rt.cpan.org

This queue is for tickets about the Apache-Session CPAN distribution.

Report information

The Basics

Id:	38933
Status:	resolved
Priority:	0/
Queue:	Apache-Session

People

Owner:	Nobody in particular
Requestors:	MARKLE [...] cpan.org
Cc:
AdminCc:

Bug Information

Severity:	Important
Broken in:	(no value)
Fixed in:	1.88

History Show all quoted text

Wed Sep 03 02:12:03 2008 MARKLE [...] cpan.org - Ticket created

Subject:

Apache::Session::File should detaint session id to run in taint mode

You can't use Apache::Session::File in taint mode. Deleting the session does not work, because even if you untaint your cookie value when tying the session, it gets the session id internally from {_session_id} and since this is input from a file, it cannot be used in unlink. ($id) = $id =~ m{ \A ([a-z0-9]+) \z }mxs; Looks like someone else ran into this problem and described it here: http://www.mail-archive.com/modperl@apache.org/msg33173.html

Sat Dec 27 18:55:26 2008 CHORNY [...] cpan.org - Correspondence added

Срд. Сен. 03 02:12:03 2008, MARKLE писал: Show quoted text

> You can't use Apache::Session::File in taint mode. Deleting the session > does not work, because even if you untaint your cookie value when tying > the session, it gets the session id internally from {_session_id} and > since this is input from a file, it cannot be used in unlink.

Please test version 1.88. -- Alexandr Ciornii, http://chorny.net

Sat Dec 27 18:55:27 2008 The RT System itself - Status changed from 'new' to 'open'

Tue Sep 21 18:48:37 2010 CHORNY [...] cpan.org - Status changed from 'open' to 'resolved'

Tue Sep 21 18:48:38 2010 CHORNY [...] cpan.org - Fixed in 1.88 added