Web lists-archives.com

Re: Potentially insecure Perl scripts




On 2019-01-25 13:55:47 +0000, Ian Jackson wrote:
> The easiest way to sanitise a string to make it safe for 2-argument
> open involves:
>  * prepending ./ if the string does not start with /
>  * appending \0 (a nul byte)
> The result is also a valid operand for 3-argument open.

However, the null byte trick is not portable. As documented in the
open description:

[...]
       otherwise it's necessary to protect any leading and trailing
       whitespace:

           $file =~ s#^(\s)#./$1#;
           open(my $fh, "< $file\0")
               || die "Can't open $file: $!";

       (this may not work on some bizarre filesystems). One should
[...]

And some filesystems may want to see \0 as an error (i.e. making
open fail), e.g. for security reasons:

  https://security.stackexchange.com/questions/45955/what-does-it-mean-to-have-a-file-name-with-null-bytes-in-serialized-instances

(IMHO, it would be safer if Perl did this everywhere.)

-- 
Vincent Lefèvre <vincent@xxxxxxxxxx> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)