File: CVE-2013-4407.patch

package info (click to toggle)
libhttp-body-perl 1.11-1%2Bdeb7u1
  • links: PTS, VCS
  • area: main
  • in suites: wheezy
  • size: 4,468 kB
  • sloc: perl: 840; makefile: 4
file content (26 lines) | stat: -rw-r--r-- 1,127 bytes parent folder | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
Description: Allow only word characters in filename suffixes
 CVE-2013-4407: Allow only word characters in filename suffixes. An
 attacker able to upload files to a service that uses
 HTTP::Body::Multipart could use this issue to upload a file and create
 a specifically-crafted temporary filename on the server, that when
 processed without further validation, could allow execution of commands
 on the server.
Origin: vendor
Bug: https://rt.cpan.org/Ticket/Display.html?id=88342
Bug-Debian: http://bugs.debian.org/721634
Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1005669
Forwarded: no
Author: Salvatore Bonaccorso <carnil@debian.org>
Last-Update: 2013-10-21

--- a/lib/HTTP/Body/MultiPart.pm
+++ b/lib/HTTP/Body/MultiPart.pm
@@ -275,7 +275,7 @@
 
             if ( $filename ne "" ) {
                 my $basename = (File::Spec->splitpath($filename))[2];
-                my $suffix = $basename =~ /[^.]+(\.[^\\\/]+)$/ ? $1 : q{};
+                my $suffix = $basename =~ /(\.\w+(?:\.\w+)*)$/ ? $1 : q{};
 
                 my $fh = File::Temp->new( UNLINK => 0, DIR => $self->tmpdir, SUFFIX => $suffix );