Skip Menu |
 

This queue is for tickets about the Net-HTTPServer CPAN distribution.

Report information
The Basics
Id: 39220
Status: new
Priority: 0/
Queue: Net-HTTPServer

People
Owner: Nobody in particular
Requestors: jw [...] suse.de
Cc:
AdminCc:

Bug Information
Severity: (no value)
Broken in: 1.1.1
Fixed in: (no value)



Subject: wide character in syswrite()
MIME-Version: 1.0
X-Mailer: MIME-tools 5.426 (Entity 5.426)
Charset: utf8
X-RT-Original-Encoding: utf-8
Content-Type: multipart/mixed; boundary="----------=_1221228088-24643-7"
Content-Length: 0
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
Content-Length: 414
Download (untitled) / with headers
text/plain 414b
Net::HTTPServer-1.1.1 is vulnerable to inhection of unencoded unicode strings. It handles them allright, until we hit syswrite in Net::HTTPServer::_send_data(), which fails with an error message like this: Wide character in syswrite at /usr/lib/perl5/5.10.0/x86_64-linux-thread-multi/IO/Handle.pm line 460. The attached fix takes care that the response body is always utf8::encode()ed properly when needed.
Subject: handle_wide_char.diff
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----------=_1221228088-24643-6"
X-Mailer: MIME-tools 5.426 (Entity 5.426)
Charset: utf8
Content-Length: 0
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
X-RT-Original-Encoding: iso-8859-1
Content-Length: 0
Content-Type: text/x-diff; name="handle_wide_char.diff"
Content-Disposition: inline; filename="handle_wide_char.diff"
Content-Transfer-Encoding: binary
Content-Length: 950
--- Net-HTTPServer-1.1.1/lib/Net/HTTPServer/Response.pm.orig 2005-01-06 04:58:16.000000000 +0100 +++ Net-HTTPServer-1.1.1/lib/Net/HTTPServer/Response.pm 2008-09-12 15:39:09.169964000 +0200 @@ -72,6 +72,9 @@ Returns the current value of the response body. Sets the content of the response if a value is specified. +Body() always returns the value as a utf8::encode()ed string. +As a parameter it accepts both, perl unicode wide character strings +or utf8 encoded byte strings. =head2 Clear() @@ -194,7 +197,11 @@ my $self = shift; my $body = shift; - return $self->{BODY} unless defined($body); + unless (defined $body) + { + utf8::encode $self->{BODY} if utf8::is_utf8 $self->{BODY}; + return $self->{BODY}; + } $self->{BODY} = $body; } @@ -401,7 +408,7 @@ chomp($header); $header .= "\r\n\r\n"; - return ($header,$self->{BODY}); + return ($header,$self->Body()); }
MIME-Version: 1.0
X-Mailer: MIME-tools 5.426 (Entity 5.426)
Content-Disposition: inline
Charset: utf8
Message-Id: <rt-3.6.HEAD-24620-1221228939-286.39220-0-0 [...] rt.cpan.org>
Content-Type: text/plain
Content-Transfer-Encoding: binary
From: jw [...] suse.de
X-RT-Original-Encoding: utf-8
Content-Length: 152
Download (untitled) / with headers
text/plain 152b
http://software.opensuse.org/search?q=perl-Net-HTTPServer applies patches for both rt24361 and rt39220 ontop of version 1.1.1 we call it 1.1.1a there.


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.