Branch: refs/heads/master
Home: https://github.com/perl5-dbi/dbi
Commit: 29dd613cbe87031f549f26b5bf935b6922300221
https://github.com/perl5-dbi/dbi/commit/29dd613cbe87031f549f26b5bf935b6922300221
Author: H.Merijn Brand - Tux <li...@tux.freedom.nl>
Date: 2024-08-22 (Thu, 22 Aug 2024)
Changed paths:
M lib/DBD/File.pm
Log Message:
-----------
Unescape D\: in f_dir - Fix CVE-2014-10401 for Windows
The DNS returns f_dir as C\\:\\\\Foo\\\\DBI\\\\test_output_12345
for my $dl ("", "c", "C") {
for my $c ("", ":", "\:", "\\:", "\\\:", "\\\\:") {
for my $f ("/", map { "\\" x $_ } 0..5) {
my $d = $dl.$c.$f or next;
printf "%2s %5s %-8s %-15s %s\n", $dl, $c, $f, $d, -d $d ? "Yes" : "No";
}
}
}
Shows that -d accepts optional drive-letter-colon (drive letter is case
insensitive too). Doubles \ in path are no problem, but escaped : will
not be valid
To unsubscribe from these emails, change your notification settings at
https://github.com/perl5-dbi/dbi/settings/notifications
