blob: 5071bac31add0cf2df2278c5145609922c2f89a5 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
|
Description: Allow only word characters in filename suffixes
CVE-2013-4407: Allow only word characters in filename suffixes. An
attacker able to upload files to a service that uses
HTTP::Body::Multipart could use this issue to upload a file and create
a specifically-crafted temporary filename on the server, that when
processed without further validation, could allow execution of commands
on the server.
Origin: vendor
Bug: https://rt.cpan.org/Ticket/Display.html?id=88342
Bug-Debian: http://bugs.debian.org/721634
Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1005669
Forwarded: no
Author: Salvatore Bonaccorso <carnil@debian.org>
Last-Update: 2013-10-21
--- a/lib/HTTP/Body/MultiPart.pm
+++ b/lib/HTTP/Body/MultiPart.pm
@@ -275,7 +275,7 @@
if ( $filename ne "" ) {
my $basename = (File::Spec->splitpath($filename))[2];
- my $suffix = $basename =~ /[^.]+(\.[^\\\/]+)$/ ? $1 : q{};
+ my $suffix = $basename =~ /(\.\w+(?:\.\w+)*)$/ ? $1 : q{};
my $fh = File::Temp->new( UNLINK => 0, DIR => $self->tmpdir, SUFFIX => $suffix );
|
