File: patch-2

package info (click to toggle)
mirror 2.9-13slink15
  • links: PTS
  • area: main
  • in suites: slink
  • size: 588 kB
  • ctags: 303
  • sloc: perl: 5,881; makefile: 131; sh: 56
file content (20 lines) | stat: -rw-r--r-- 856 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
 
*** mirror.pl.orig      Fri May 29 15:01:42 1998
--- mirror.pl   Mon Nov  1 21:16:29 1999
***************
*** 2332,2337 ****
--- 2332,2346 ----
                        next;
                }

+               # important security check - marc@suse.de
+               # we don't use an allow list but an deny list because otherwise
+               # we will get problems with umlaute and other stuff. And the
+               # hole is very small anyway.
+               if ( $src_path =~ m/[\\\n;&<>#\`!\$\*\|~]/ || $src_path =~ m/\.\./) {
+                        print STDERR "Error: source filename contains unallowed characters: \"$src_path\"\n";
+                        next;
+               }
+
                # Just create any needed directories (the timestamps
                # should be ignored)
                if( $src_type[ $srci ] eq 'd' ){