Package: libauthen-captcha-perl
Version: 1.023-2
When running with perl's '-T' taint switch, the package aborts
the script with following error when trying to unlink expired
images:
Insecure dependency in unlink while running with -T switch at
/usr/share/perl5/Authen/Captcha.pm line 261.
This introduces a security issue for scripts using the package
as they cannot use the '-T' switch.
This script demonstrate the problem:
----------------------------------------------------------------------
#!/usr/bin/perl -T
use Authen::Captcha;
my $captcha = Authen::Captcha->new(
expire => 1,
data_folder => '/tmp',
output_folder => '/tmp',
);
my $md5sum = $captcha->generate_code(5);
sleep(3);
$captcha->check_code($md5sum, $md5sum);
exit 0;
----------------------------------------------------------------------
The following patch fixes this problem:
--- Authen/Captcha.pm-orig 2007-02-05 11:25:13.000000000 +1100
+++ Authen/Captcha.pm 2007-02-05 11:26:22.000000000 +1100
@@ -232,7 +232,11 @@
foreach my $line (@data)
{
$line =~ s/\n//;
- my ($data_time,$data_code) = split(/::/,$line);
+
+ #
+ # Extract untainted time and code
+ #
+ my ($data_time,$data_code) = $line =~
m/(^\d+)::([[:xdigit:]]{32})$/;
my $png_file =
File::Spec->catfile($self->output_folder(),$data_code . ".png");
if ($data_code eq $crypt)
@@ -351,7 +355,12 @@
foreach my $line (@data)
{
$line =~ s/\n//;
- my ($data_time,$data_code) = split(/::/,$line);
+
+ #
+ # Extract untainted time and code
+ #
+ my ($data_time,$data_code) = $line =~
m/(^\d+)::([[:xdigit:]]{32})$/;
+
if ( (($current_time - $data_time) > ($self->expire())) ||
($data_code eq $md5) )
{ # remove expired captcha, or a dup
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
