Potentially insecure Perl scripts
Vincent Lefevre
vincent at vinc17.net
Mon Jan 28 09:58:33 GMT 2019
On 2019-01-25 13:55:47 +0000, Ian Jackson wrote:
> The easiest way to sanitise a string to make it safe for 2-argument
> open involves:
> * prepending ./ if the string does not start with /
> * appending \0 (a nul byte)
> The result is also a valid operand for 3-argument open.
However, the null byte trick is not portable. As documented in the
open description:
[...]
otherwise it's necessary to protect any leading and trailing
whitespace:
$file =~ s#^(\s)#./$1#;
open(my $fh, "< $file\0")
|| die "Can't open $file: $!";
(this may not work on some bizarre filesystems). One should
[...]
And some filesystems may want to see \0 as an error (i.e. making
open fail), e.g. for security reasons:
https://security.stackexchange.com/questions/45955/what-does-it-mean-to-have-a-file-name-with-null-bytes-in-serialized-instances
(IMHO, it would be safer if Perl did this everywhere.)
--
Vincent Lefèvre <vincent at vinc17.net> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
More information about the Perl-maintainers
mailing list