mirror of
https://gitlab.alpinelinux.org/alpine/aports.git
synced 2025-08-05 21:37:15 +02:00
27 lines
1.1 KiB
Diff
27 lines
1.1 KiB
Diff
Description: Allow only word characters in filename suffixes
|
|
CVE-2013-4407: Allow only word characters in filename suffixes. An
|
|
attacker able to upload files to a service that uses
|
|
HTTP::Body::Multipart could use this issue to upload a file and create
|
|
a specifically-crafted temporary filename on the server, that when
|
|
processed without further validation, could allow execution of commands
|
|
on the server.
|
|
Origin: vendor
|
|
Bug: https://rt.cpan.org/Ticket/Display.html?id=88342
|
|
Bug-Debian: http://bugs.debian.org/721634
|
|
Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1005669
|
|
Forwarded: no
|
|
Author: Salvatore Bonaccorso <carnil@debian.org>
|
|
Last-Update: 2013-10-21
|
|
|
|
--- a/lib/HTTP/Body/MultiPart.pm
|
|
+++ b/lib/HTTP/Body/MultiPart.pm
|
|
@@ -275,7 +275,7 @@
|
|
|
|
if ( $filename ne "" ) {
|
|
my $basename = (File::Spec->splitpath($filename))[2];
|
|
- my $suffix = $basename =~ /[^.]+(\.[^\\\/]+)$/ ? $1 : q{};
|
|
+ my $suffix = $basename =~ /(\.\w+(?:\.\w+)*)$/ ? $1 : q{};
|
|
|
|
my $fh = File::Temp->new( UNLINK => 0, DIR => $self->tmpdir, SUFFIX => $suffix );
|
|
|