scip/Crypt--PWSafe3
1
0
Fork 0
mirror of https://codeberg.org/scip/Crypt--PWSafe3.git synced 2025-12-16 20:21:01 +01:00
Code Issues Packages Projects Releases Wiki Activity

fixed cpantester problem with taintmode unlink() call, now $tmpfile is untainted before

Browse Source
This commit is contained in:
git@daemon.de
2013-07-05 10:10:21 +02:00
parent 90260e757d
commit 2c357f7cf6
1 changed files with 15 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
lib/Crypt/PWSafe3.pm
View File

@@ -294,6 +294,18 @@ sub read {
$this->{fd}->close(); $this->{fd}->close();
} }
sub untaint {
#
# untaint path's
my ($this, $path) = @_;
if($path =~ /([\w\-\/\\\.:]+\z)/) {
return $1;
}
else {
# fail, return unchanged
return $path;
}
}
sub save { sub save {
# #
@@ -325,8 +337,9 @@ sub save {
$this->addheader($whatsaved); $this->addheader($whatsaved);
$this->addheader($whosaved); $this->addheader($whosaved);
my $tmpfile = File::Spec->catfile(File::Spec->tmpdir(), my $tmpfile = $this->untaint(File::Spec->catfile(File::Spec->tmpdir(),
".vault-" . unpack("L<4", $this->random(16))); ".vault-" . unpack("L<4", $this->random(16))));
unlink $tmpfile; unlink $tmpfile;
my $fd = new FileHandle($tmpfile, 'w') or croak "Could not open tmpfile $tmpfile: $!\n"; my $fd = new FileHandle($tmpfile, 'w') or croak "Could not open tmpfile $tmpfile: $!\n";
$fd->binmode(); $fd->binmode();