aboutsummaryrefslogtreecommitdiffstats
path: root/main/perl/CVE-2011-3597.patch
blob: dc7cc2d7493b62609bb36c3ce9bc5bf74e885d03 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
From dbcab24bb98b4a243c8330bc7017c2080832b3f9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
Date: Tue, 4 Oct 2011 13:46:39 +0200
Subject: [PATCH] Fix code injection in Digest

See <https://bugzilla.redhat.com/show_bug.cgi?id=743010> for more details.
---
 cpan/Digest/Digest.pm |    4 +++-
 1 files changed, 3 insertions(+), 1 deletions(-)

diff --git a/cpan/Digest/Digest.pm b/cpan/Digest/Digest.pm
index 384dfc8..4b923ae 100644
--- a/cpan/Digest/Digest.pm
+++ b/cpan/Digest/Digest.pm
@@ -35,7 +35,9 @@ sub new
 	($class, @args) = @$class if ref($class);
 	no strict 'refs';
 	unless (exists ${"$class\::"}{"VERSION"}) {
-	    eval "require $class";
+	    my $pm_file = $class . ".pm";
+	    $pm_file =~ s{::}{/}g;
+	    eval { require $pm_file };
 	    if ($@) {
 		$err ||= $@;
 		next;
-- 
1.7.6.4