blob: d6a3a717c7022e000797fabcafa9cd4ffaae32f0 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
|
From: John Lightsey <jd@cpanel.net>
Date: Mon, 27 Jun 2011 13:07:44 -0500
Subject: [PATCH] symlink safety
Add check for unsafe symbolic links to _is_safe() directory check.
diff -ruN File-Temp-0.23.orig/lib/File/Temp.pm File-Temp-0.23/lib/File/Temp.pm
--- File-Temp-0.23.orig/lib/File/Temp.pm 2013-03-14 22:56:59.000000000 +0100
+++ File-Temp-0.23/lib/File/Temp.pm 2014-10-15 23:46:29.894611586 +0200
@@ -672,7 +672,25 @@
my $err_ref = shift;
# Stat path
- my @info = stat($path);
+ my @info = lstat($path);
+ my $symlink_test_path = $path;
+ my $symlink_loop_count = 0;
+ while (-l _) {
+ if (++$symlink_loop_count >= 50) {
+ $$err_ref = "50 levels of symlinks encountered at $path";
+ return 0;
+ }
+ if ( $info[4] <= File::Temp->top_system_uid() || $info[4] == $>) {
+ # safe to traverse
+ $symlink_test_path = readlink($symlink_test_path);
+ @info = lstat($symlink_test_path);
+ }
+ else {
+ $$err_ref = "Unsafe symlink at $path";
+ return 0;
+ }
+ }
+
unless (scalar(@info)) {
$$err_ref = "stat(path) returned no values";
return 0;
|
GitWeb
