Branch: refs/heads/master Home: https://github.com/perl5-dbi/dbi Commit: 29dd613cbe87031f549f26b5bf935b6922300221 https://github.com/perl5-dbi/dbi/commit/29dd613cbe87031f549f26b5bf935b6922300221 Author: H.Merijn Brand - Tux <li...@tux.freedom.nl> Date: 2024-08-22 (Thu, 22 Aug 2024)
Changed paths: M lib/DBD/File.pm Log Message: ----------- Unescape D\: in f_dir - Fix CVE-2014-10401 for Windows The DNS returns f_dir as C\\:\\\\Foo\\\\DBI\\\\test_output_12345 for my $dl ("", "c", "C") { for my $c ("", ":", "\:", "\\:", "\\\:", "\\\\:") { for my $f ("/", map { "\\" x $_ } 0..5) { my $d = $dl.$c.$f or next; printf "%2s %5s %-8s %-15s %s\n", $dl, $c, $f, $d, -d $d ? "Yes" : "No"; } } } Shows that -d accepts optional drive-letter-colon (drive letter is case insensitive too). Doubles \ in path are no problem, but escaped : will not be valid To unsubscribe from these emails, change your notification settings at https://github.com/perl5-dbi/dbi/settings/notifications