1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
|
$NetBSD: patch-bf,v 1.1 2005/06/24 06:43:47 jlam Exp $
--- perlio.c.orig 2004-09-10 03:06:52.000000000 -0400
+++ perlio.c
@@ -454,7 +454,8 @@ PerlIO_debug(const char *fmt, ...)
va_list ap;
dSYS;
va_start(ap, fmt);
- if (!dbg) {
+ /* Tighten uid/gid checks [CAN-2005-0155] */
+ if (!dbg && !PL_tainting && PL_uid == PL_euid && PL_gid == PL_egid) {
char *s = PerlEnv_getenv("PERLIO_DEBUG");
if (s && *s)
dbg = PerlLIO_open3(s, O_WRONLY | O_CREAT | O_APPEND, 0666);
@@ -471,7 +472,8 @@ PerlIO_debug(const char *fmt, ...)
s = CopFILE(PL_curcop);
if (!s)
s = "(none)";
- sprintf(buffer, "%s:%" IVdf " ", s, (IV) CopLINE(PL_curcop));
+ /* Avoid PERLIO_DEBUG buffer overflow [CAN-2005-0156] */
+ sprintf(buffer, "%.40s:%" IVdf " ", s, (IV) CopLINE(PL_curcop));
len = strlen(buffer);
vsprintf(buffer+len, fmt, ap);
PerlLIO_write(dbg, buffer, strlen(buffer));
|
