| Subject: | Taint causes script to die when calling prune |
| Date: | Fri, 20 Aug 2010 10:49:37 -0400 |
| To: | bug-CGI-Auth [...] rt.cpan.org |
| From: | Frank Geueke <fgeueke [...] gmail.com> |
Hi.
This module is really coming in handy on a project I'm working on
currently. One quick thing to point out though. First, the specs:
CGI-Auth-3.00
perl v5.8.8 built for i386-linux-thread-multi
Linux www.geueke.net 2.6.18-164.11.1.el5 #1 SMP Wed Jan 20 07:39:04 EST 2010
i686 i686 i386 GNU/Linux
CentOS release 5.4 (Final)
So I had a cgi script that uses Taint via the -T switch. This script dies
like so:
[Fri Aug 20 10:03:44 2010] [error] [client 192.168.2.2] Insecure dependency
in unlink while running with -T switch at
/usr/lib/perl5/site_perl/5.8.8/CGI/Auth.pm line 942., referer:
https://www.geueke.net:8443/productivity/
942 being:
$pruned += unlink $file if ($age > $self->{timeout});
It appears that Taint won't let you trust the input from readdir(). From
looking at how the session filenames are generated I'd say replacing line
935 in my version:
$file = $self->{sessdir} . '/' . $file;
with this:
next unless ($file =~ /^([0-9A-Z]+)$/);
$file = $self->{sessdir} . "/$file";
should do the trick. Thanks again for the very useful module.
-Frank Geueke