diff options
Diffstat (limited to 'dev-perl/HTTP-Body/files/HTTP-Body-1.230.0-CVE-2013-4407.patch')
-rw-r--r-- | dev-perl/HTTP-Body/files/HTTP-Body-1.230.0-CVE-2013-4407.patch | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/dev-perl/HTTP-Body/files/HTTP-Body-1.230.0-CVE-2013-4407.patch b/dev-perl/HTTP-Body/files/HTTP-Body-1.230.0-CVE-2013-4407.patch new file mode 100644 index 000000000000..e4046ec3fec3 --- /dev/null +++ b/dev-perl/HTTP-Body/files/HTTP-Body-1.230.0-CVE-2013-4407.patch @@ -0,0 +1,33 @@ +Description: Allow only word characters in filename suffixes + CVE-2013-4407: Allow only word characters in filename suffixes. An + attacker able to upload files to a service that uses + HTTP::Body::Multipart could use this issue to upload a file and create + a specifically-crafted temporary filename on the server, that when + processed without further validation, could allow execution of commands + on the server. +Origin: vendor +Bug: https://rt.cpan.org/Ticket/Display.html?id=88342 +Bug-Debian: http://bugs.debian.org/721634 +Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1005669 +Forwarded: no +Author: Salvatore Bonaccorso <carnil@debian.org> +Last-Update: 2013-10-21 + +Updated by Andreas K. Huettel <dilfridge@gentoo.org> for HTTP-Body-1.19 +Updated by Andreas K. Huettel <dilfridge@gentoo.org> for HTTP-Body-1.23 + This version has a fix for the CVE, but the stricter regexp has served + us well so far... + +diff -ruN HTTP-Body-1.23.orig/lib/HTTP/Body/MultiPart.pm HTTP-Body-1.23/lib/HTTP/Body/MultiPart.pm +--- HTTP-Body-1.23.orig/lib/HTTP/Body/MultiPart.pm 2024-03-30 14:27:57.000000000 +1100 ++++ HTTP-Body-1.23/lib/HTTP/Body/MultiPart.pm 2024-05-02 13:07:21.794271606 +1100 +@@ -255,7 +255,7 @@ + + =cut + +-our $basename_regexp = qr/[^.]+(\.[^\\\/]+)$/; ++our $basename_regexp = qr/(\.\w+(?:\.\w+)*)$/; + our $file_temp_suffix = '.upload'; + our $file_temp_template; + our %file_temp_parameters; + |