tags 402316 + patch thanks Hello,
Please find attached a patch which should solve (at least partially) this problem. * removes -r option from wget. * specifies an output file to ensure you don't end up with thousands of files. * performs perl syntax check to ensure it's a valid perl file. This doesn't fix the security hole, which is a bug all in itself. Cheers, Neil -- * hermanr feels like a hedgehog having sex...
--- hinfo-update 2007-01-05 17:17:05.621210451 +0000
+++ hinfo-update 2007-01-05 17:56:07.403562701 +0000
@@ -2,6 +2,7 @@
# script to fetch current dnsbl.ins.pl and whois.ins.pl
#
+use File::Copy;
use strict;
my $libdir = '/var/lib/hinfo';
@@ -30,13 +31,14 @@
my $capt = '';
if (-e $wget && -d $libdir) {
- my $c = "$wget -r -N -nd $verbose -P $libdir $options";
+ foreach (@getlist) {
+ my $c = "$wget -N -nd $verbose -P $libdir $options";
foreach (@ARGV) {
$c .= " $_";
}
- foreach (@getlist) {
- $c .= " $blars$_";
- }
+ my $destfile = $libdir."/".$_;
+ copy($destfile,$destfile.".bak");
+ $c .= " $blars$_ -O ".$destfile;
$c .= ' 2>&1';
print $c."\n";
open WGET, "-|", $c or die "Could not execute: $c";
@@ -56,7 +58,18 @@
} else {
print STDERR $_ while ($_ = <WGET>);
}
+
+ # Check it's a valid perl file
+ system("perl","-c",$destfile,"&>/dev/null");
+ if ($? != 0) {
+ print STDERR "File $destfile is invalid, restoring\n";
+ rename $destfile.".bak",$destfile;
+ } else {
+ unlink $destfile.".bak";
+ }
+ }
}
+
print STDERR $capt if ($?);
exit($?);
signature.asc
Description: Digital signature
