diff options
| author | Todd C. Miller <millert@cvs.openbsd.org> | 2005-02-02 20:13:34 +0000 |
|---|---|---|
| committer | Todd C. Miller <millert@cvs.openbsd.org> | 2005-02-02 20:13:34 +0000 |
| commit | e662c94e4f5ba1ac62ce7217eb729333ffe52e0b (patch) | |
| tree | 45be7a5640920e1a236a6d0198e06573b1bf4d34 | |
| parent | 217f8ac246d6f8d5e5840a8a01e4f5f0a13cba4c (diff) | |
Limit PERLIO_DEBUG environtment variable to a sane length and just ignore
it if setuid. Found by Kevin Finisterre, fix from perl developers.
| -rw-r--r-- | gnu/usr.bin/perl/patchlevel.h | 1 | ||||
| -rw-r--r-- | gnu/usr.bin/perl/perlio.c | 4 |
2 files changed, 3 insertions, 2 deletions
diff --git a/gnu/usr.bin/perl/patchlevel.h b/gnu/usr.bin/perl/patchlevel.h index 0763670d77c..dec0581c621 100644 --- a/gnu/usr.bin/perl/patchlevel.h +++ b/gnu/usr.bin/perl/patchlevel.h @@ -120,6 +120,7 @@ hunk. #if !defined(PERL_PATCHLEVEL_H_IMPLICIT) && !defined(LOCAL_PATCH_COUNT) static char *local_patches[] = { NULL + ,"SUIDPERLIO1 - fix PERLIO_DEBUG buffer overflow (CAN-2005-0156)" ,NULL }; diff --git a/gnu/usr.bin/perl/perlio.c b/gnu/usr.bin/perl/perlio.c index 91a95439f14..03d2fc67797 100644 --- a/gnu/usr.bin/perl/perlio.c +++ b/gnu/usr.bin/perl/perlio.c @@ -454,7 +454,7 @@ PerlIO_debug(const char *fmt, ...) va_list ap; dSYS; va_start(ap, fmt); - if (!dbg) { + if (!dbg && !PL_tainting && PL_uid == PL_euid && PL_gid == PL_egid) { char *s = PerlEnv_getenv("PERLIO_DEBUG"); if (s && *s) dbg = PerlLIO_open3(s, O_WRONLY | O_CREAT | O_APPEND, 0666); @@ -471,7 +471,7 @@ PerlIO_debug(const char *fmt, ...) s = CopFILE(PL_curcop); if (!s) s = "(none)"; - sprintf(buffer, "%s:%" IVdf " ", s, (IV) CopLINE(PL_curcop)); + sprintf(buffer, "%.40s:%" IVdf " ", s, (IV) CopLINE(PL_curcop)); len = strlen(buffer); vsprintf(buffer+len, fmt, ap); PerlLIO_write(dbg, buffer, strlen(buffer)); |