Branch: refs/heads/master
  Home:   https://github.com/perl5-dbi/dbi
  Commit: 29dd613cbe87031f549f26b5bf935b6922300221
      
https://github.com/perl5-dbi/dbi/commit/29dd613cbe87031f549f26b5bf935b6922300221
  Author: H.Merijn Brand - Tux <li...@tux.freedom.nl>
  Date:   2024-08-22 (Thu, 22 Aug 2024)

  Changed paths:
    M lib/DBD/File.pm

  Log Message:
  -----------
  Unescape D\: in f_dir - Fix CVE-2014-10401 for Windows

The DNS returns f_dir as C\\:\\\\Foo\\\\DBI\\\\test_output_12345

for my $dl ("", "c", "C") {
  for my $c ("", ":", "\:", "\\:", "\\\:", "\\\\:") {
    for my $f ("/", map { "\\" x $_ } 0..5) {
      my $d = $dl.$c.$f or next;
      printf "%2s %5s %-8s %-15s %s\n", $dl, $c, $f, $d, -d $d ? "Yes" : "No";
      }
    }
  }

Shows that -d accepts optional drive-letter-colon (drive letter is case
insensitive too). Doubles \ in path are no problem, but escaped : will
not be valid



To unsubscribe from these emails, change your notification settings at 
https://github.com/perl5-dbi/dbi/settings/notifications

Reply via email to