core/perl/digest_eval_hole.diff
2012-05-09 20:14:20 +00:00

63 lines
1.6 KiB
Diff

From 4b6a7324284e7435a361c58f7ddb32fc0c635bd0 Mon Sep 17 00:00:00 2001
From: "Michael G. Schwern" <schwern@pobox.com>
Date: Mon, 3 Oct 2011 19:05:29 +0100
Subject: Close the eval "require $module" security hole in
Digest->new($algorithm)
Also the filter was incomplete.
Bug-Debian: http://bugs.debian.org/644108
Patch-Name: fixes/digest_eval_hole.diff
---
cpan/Digest/Digest.pm | 6 ++++--
cpan/Digest/t/security.t | 14 ++++++++++++++
2 files changed, 18 insertions(+), 2 deletions(-)
create mode 100644 cpan/Digest/t/security.t
diff --git a/cpan/Digest/Digest.pm b/cpan/Digest/Digest.pm
index 384dfc8..d714434 100644
--- a/cpan/Digest/Digest.pm
+++ b/cpan/Digest/Digest.pm
@@ -24,7 +24,7 @@ sub new
shift; # class ignored
my $algorithm = shift;
my $impl = $MMAP{$algorithm} || do {
- $algorithm =~ s/\W+//;
+ $algorithm =~ s/\W+//g;
"Digest::$algorithm";
};
$impl = [$impl] unless ref($impl);
@@ -35,7 +35,9 @@ sub new
($class, @args) = @$class if ref($class);
no strict 'refs';
unless (exists ${"$class\::"}{"VERSION"}) {
- eval "require $class";
+ my $pm_file = $class . ".pm";
+ $pm_file =~ s{::}{/}g;
+ eval { require $pm_file };
if ($@) {
$err ||= $@;
next;
diff --git a/cpan/Digest/t/security.t b/cpan/Digest/t/security.t
new file mode 100644
index 0000000..5cba122
--- /dev/null
+++ b/cpan/Digest/t/security.t
@@ -0,0 +1,14 @@
+#!/usr/bin/env perl
+
+# Digest->new() had an exploitable eval
+
+use strict;
+use warnings;
+
+use Test::More tests => 1;
+
+use Digest;
+
+$LOL::PWNED = 0;
+eval { Digest->new(q[MD;5;$LOL::PWNED = 42]) };
+is $LOL::PWNED, 0;