aboutsummaryrefslogtreecommitdiffstats
path: root/main/perl-http-body/CVE-2013-4407.patch
blob: 5071bac31add0cf2df2278c5145609922c2f89a5 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
Description: Allow only word characters in filename suffixes
 CVE-2013-4407: Allow only word characters in filename suffixes. An
 attacker able to upload files to a service that uses
 HTTP::Body::Multipart could use this issue to upload a file and create
 a specifically-crafted temporary filename on the server, that when
 processed without further validation, could allow execution of commands
 on the server.
Origin: vendor
Bug: https://rt.cpan.org/Ticket/Display.html?id=88342
Bug-Debian: http://bugs.debian.org/721634
Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1005669
Forwarded: no
Author: Salvatore Bonaccorso <carnil@debian.org>
Last-Update: 2013-10-21

--- a/lib/HTTP/Body/MultiPart.pm
+++ b/lib/HTTP/Body/MultiPart.pm
@@ -275,7 +275,7 @@
 
             if ( $filename ne "" ) {
                 my $basename = (File::Spec->splitpath($filename))[2];
-                my $suffix = $basename =~ /[^.]+(\.[^\\\/]+)$/ ? $1 : q{};
+                my $suffix = $basename =~ /(\.\w+(?:\.\w+)*)$/ ? $1 : q{};
 
                 my $fh = File::Temp->new( UNLINK => 0, DIR => $self->tmpdir, SUFFIX => $suffix );