diff options
| author | Michael G. Schwern <schwern@pobox.com> | 2011-10-03 19:05:29 +0100 |
|---|---|---|
| committer | Ricardo Signes <rjbs@cpan.org> | 2012-08-09 16:04:11 -0400 |
| commit | c4fc4d72d0bf574a2b7597f0a919aa614d47c6de (patch) | |
| tree | 5f7a735e805c26dcda869599f3f50186f860d261 | |
| parent | 3f22bd654dbafc1220c5360d5e685b11d99a5404 (diff) | |
| download | perl-c4fc4d72d0bf574a2b7597f0a919aa614d47c6de.tar.gz | |
Close the eval "require $module" security hole in Digest->new($algorithm)
Also the filter was incomplete.
Bug-Debian: http://bugs.debian.org/644108
| -rw-r--r-- | MANIFEST | 1 | ||||
| -rw-r--r-- | cpan/Digest/Digest.pm | 6 | ||||
| -rw-r--r-- | cpan/Digest/t/security.t | 14 |
3 files changed, 19 insertions, 2 deletions
@@ -759,6 +759,7 @@ cpan/Digest-SHA/typemap Typemap for Digest::SHA cpan/Digest/t/base.t See if Digest extensions work cpan/Digest/t/digest.t See if Digest extensions work cpan/Digest/t/file.t See if Digest extensions work +cpan/Digest/t/security.t See if Digest extensions work cpan/Encode/AUTHORS List of authors cpan/Encode/bin/enc2xs Encode module generator cpan/Encode/bin/piconv iconv by perl diff --git a/cpan/Digest/Digest.pm b/cpan/Digest/Digest.pm index 384dfc8266..d71443481f 100644 --- a/cpan/Digest/Digest.pm +++ b/cpan/Digest/Digest.pm @@ -24,7 +24,7 @@ sub new shift; # class ignored my $algorithm = shift; my $impl = $MMAP{$algorithm} || do { - $algorithm =~ s/\W+//; + $algorithm =~ s/\W+//g; "Digest::$algorithm"; }; $impl = [$impl] unless ref($impl); @@ -35,7 +35,9 @@ sub new ($class, @args) = @$class if ref($class); no strict 'refs'; unless (exists ${"$class\::"}{"VERSION"}) { - eval "require $class"; + my $pm_file = $class . ".pm"; + $pm_file =~ s{::}{/}g; + eval { require $pm_file }; if ($@) { $err ||= $@; next; diff --git a/cpan/Digest/t/security.t b/cpan/Digest/t/security.t new file mode 100644 index 0000000000..5cba122b22 --- /dev/null +++ b/cpan/Digest/t/security.t @@ -0,0 +1,14 @@ +#!/usr/bin/env perl + +# Digest->new() had an exploitable eval + +use strict; +use warnings; + +use Test::More tests => 1; + +use Digest; + +$LOL::PWNED = 0; +eval { Digest->new(q[MD;5;$LOL::PWNED = 42]) }; +is $LOL::PWNED, 0; |