diff options
Diffstat (limited to 'main/perl-http-body/CVE-2013-4407.patch')
| -rw-r--r-- | main/perl-http-body/CVE-2013-4407.patch | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/main/perl-http-body/CVE-2013-4407.patch b/main/perl-http-body/CVE-2013-4407.patch new file mode 100644 index 0000000000..5071bac31a --- /dev/null +++ b/main/perl-http-body/CVE-2013-4407.patch @@ -0,0 +1,26 @@ +Description: Allow only word characters in filename suffixes + CVE-2013-4407: Allow only word characters in filename suffixes. An + attacker able to upload files to a service that uses + HTTP::Body::Multipart could use this issue to upload a file and create + a specifically-crafted temporary filename on the server, that when + processed without further validation, could allow execution of commands + on the server. +Origin: vendor +Bug: https://rt.cpan.org/Ticket/Display.html?id=88342 +Bug-Debian: http://bugs.debian.org/721634 +Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1005669 +Forwarded: no +Author: Salvatore Bonaccorso <carnil@debian.org> +Last-Update: 2013-10-21 + +--- a/lib/HTTP/Body/MultiPart.pm ++++ b/lib/HTTP/Body/MultiPart.pm +@@ -275,7 +275,7 @@ + + if ( $filename ne "" ) { + my $basename = (File::Spec->splitpath($filename))[2]; +- my $suffix = $basename =~ /[^.]+(\.[^\\\/]+)$/ ? $1 : q{}; ++ my $suffix = $basename =~ /(\.\w+(?:\.\w+)*)$/ ? $1 : q{}; + + my $fh = File::Temp->new( UNLINK => 0, DIR => $self->tmpdir, SUFFIX => $suffix ); + |