Skip Menu |
 

Preferred bug tracker

Please visit the preferred bug tracker to report your issue.

This queue is for tickets about the CGI CPAN distribution.

Report information
The Basics
Id: 64261
Status: resolved
Priority: 0/
Queue: CGI

People
Owner: MARKSTOS [...] cpan.org
Requestors: ntyni [...] iki.fi
Cc:
AdminCc:

Bug Information
Severity: Normal
Broken in: (no value)
Fixed in: (no value)

Attachments
0001-Improve-the-random-multipart-boundary-test.patch



Subject: multipart_init.t logic flaw
MIME-Version: 1.0
X-Mailer: MIME-tools 5.427 (Entity 5.427)
X-RT-Original-Encoding: utf-8
Content-Type: multipart/mixed; boundary="----------=_1293457464-19315-292"
Content-Length: 0
Content-Type: text/plain; charset="UTF-8"
Content-Disposition: inline
Content-Transfer-Encoding: binary
Content-Length: 431
Download (untitled) / with headers
text/plain 431b
Hi, investigating at the multipart boundary issue (CVE-2010-2761), I noticed that test 5 in multipart_init.t that's supposed to test for a random boundary, succeeds even without the fix. This is because $sv is created with an explicit fixed boundary, so the randomness doesn't make any difference. I'm attaching a proposed fix. This is still present in the github repository. Thanks for your work, -- Niko Tyni ntyni@debian.org
Subject: 0001-Improve-the-random-multipart-boundary-test.patch
MIME-Version: 1.0
Content-Type: text/x-diff; name="0001-Improve-the-random-multipart-boundary-test.patch"
X-Mailer: MIME-tools 5.427 (Entity 5.427)
Content-Disposition: inline; filename="0001-Improve-the-random-multipart-boundary-test.patch"
Content-Transfer-Encoding: binary
Content-Length: 864
From cadb707191b3a3efb39a94f36e03e9734c7277dc Mon Sep 17 00:00:00 2001 From: Niko Tyni <ntyni@debian.org> Date: Mon, 27 Dec 2010 15:40:35 +0200 Subject: [PATCH] Improve the random multipart boundary test The test now actually fails without the random boundary fix (CVE-2010-2761). --- t/multipart_init.t | 1 + 1 files changed, 1 insertions(+), 0 deletions(-) diff --git a/t/multipart_init.t b/t/multipart_init.t index 4da809a..f0a05e0 100644 --- a/t/multipart_init.t +++ b/t/multipart_init.t @@ -15,5 +15,6 @@ $sv = $q->multipart_init( -boundary => 'this_is_another_boundary' ); like($sv, qr/boundary="this_is_another_boundary"/, "multipart_init( -boundary => 'this_is_another_boundary')"); +$sv = $q->multipart_init; my $sv2 = $q->multipart_init; isnt($sv,$sv2,"due to random boundaries, multiple calls produce different results"); -- 1.7.2.3
From ntyni [...] cc.helsinki.fi Mon Dec 27 10: 14:51 2010
MIME-Version: 1.0
X-Spam-Status: No, score=-8.749 tagged_above=-99.9 required=10 tests=[AWL=-1.849, BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5] autolearn=ham
In-Reply-To: <rt-3.8.HEAD-19315-1293457464-1579.64261-3-0 [...] rt.cpan.org>
Content-Disposition: inline
X-Spam-Flag: NO
References: <RT-Ticket-64261 [...] rt.cpan.org> <rt-3.8.HEAD-19315-1293457464-1579.64261-3-0 [...] rt.cpan.org>
X-Antivirus: VAMS
X-Virus-Scanned: Debian amavisd-new at bestpractical.com
Message-ID: <20101227151435.GA10835 [...] madeleine.local.invalid>
Content-Type: text/plain; charset="utf-8"
X-RT-Original-Encoding: utf-8
X-Spam-Score: -8.749
Received: from localhost (localhost [127.0.0.1]) by hipster.bestpractical.com (Postfix) with ESMTP id 36A67241329 for <cpan-bug+CGI.pm [...] hipster.bestpractical.com>; Mon, 27 Dec 2010 10:14:51 -0500 (EST)
Received: from hipster.bestpractical.com ([127.0.0.1]) by localhost (hipster.bestpractical.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ME39jJw9LRJt for <cpan-bug+CGI.pm [...] hipster.bestpractical.com>; Mon, 27 Dec 2010 10:14:49 -0500 (EST)
Received: from la.mx.develooper.com (x1.develooper.com [207.171.7.70]) by hipster.bestpractical.com (Postfix) with SMTP id 3581D24122A for <bug-CGI.pm [...] rt.cpan.org>; Mon, 27 Dec 2010 10:14:48 -0500 (EST)
Received: (qmail 10593 invoked by uid 103); 27 Dec 2010 15:14:48 -0000
Received: from x16.dev (10.0.100.26) by x1.dev with QMQP; 27 Dec 2010 15:14:48 -0000
Received: from emh04.mail.saunalahti.fi (HELO emh04.mail.saunalahti.fi) (62.142.5.110) by 16.mx.develooper.com (qpsmtpd/0.80) with ESMTP; Mon, 27 Dec 2010 07:14:44 -0800
Received: from saunalahti-vams (vs3-10.mail.saunalahti.fi [62.142.5.94]) by emh04-2.mail.saunalahti.fi (Postfix) with SMTP id 9AB5113C65D for <bug-CGI.pm [...] rt.cpan.org>; Mon, 27 Dec 2010 17:14:36 +0200 (EET)
Received: from emh04.mail.saunalahti.fi ([62.142.5.110]) by vs3-10.mail.saunalahti.fi ([62.142.5.94]) with SMTP (gateway) id A05C9D8E5F4; Mon, 27 Dec 2010 17:14:36 +0200
Received: from madeleine.local.invalid (a91-156-179-132.elisa-laajakaista.fi [91.156.179.132]) by emh04.mail.saunalahti.fi (Postfix) with ESMTP id 9343641BEA for <bug-CGI.pm [...] rt.cpan.org>; Mon, 27 Dec 2010 17:14:35 +0200 (EET)
Received: from niko by madeleine.local.invalid with local (Exim 4.72) (envelope-from <ntyni [...] cc.helsinki.fi>) id 1PXEmR-0002qO-2f for bug-CGI.pm [...] rt.cpan.org; Mon, 27 Dec 2010 17:14:35 +0200
Delivered-To: cpan-bug+CGI.pm [...] hipster.bestpractical.com
Subject: Re: [rt.cpan.org #64261] AutoReply: multipart_init.t logic flaw
User-Agent: Mutt/1.5.20 (2009-06-14)
Return-Path: <ntyni [...] cc.helsinki.fi>
X-Spam-Check-BY: 16.mx.develooper.com
X-Original-To: cpan-bug+CGI.pm [...] hipster.bestpractical.com
X-RT-Mail-Extension: cgi.pm
Date: Mon, 27 Dec 2010 17:14:35 +0200
X-Spam-Level:
To: "Bugs in CGI.pm via RT" <bug-CGI.pm [...] rt.cpan.org>
From: Niko Tyni <ntyni [...] iki.fi>
RT-Message-ID: <rt-3.8.HEAD-9644-1293462891-576.64261-0-0 [...] rt.cpan.org>
Content-Length: 671
Download (untitled) / with headers
text/plain 671b
On Mon, Dec 27, 2010 at 08:44:24AM -0500, Bugs in CGI.pm via RT wrote: Show quoted text
> investigating at the multipart boundary issue (CVE-2010-2761), I noticed > that test 5 in multipart_init.t that's supposed to test for a random > boundary, succeeds even without the fix. This is because $sv is created > with an explicit fixed boundary, so the randomness doesn't make any > difference. > > I'm attaching a proposed fix. This is still present in the github > repository.
Oops, I see multipart_init.t is _only_ present in the github repository. I suppose this report was rather premature in that case. Apologies for any inconvenience. Thanks again, -- Niko Tyni ntyni@debian.org
MIME-Version: 1.0
X-Mailer: MIME-tools 5.427 (Entity 5.427)
Content-Disposition: inline
Content-Type: text/plain; charset="UTF-8"
Message-ID: <rt-3.8.HEAD-9726-1293547887-1267.64261-0-0 [...] rt.cpan.org>
Content-Transfer-Encoding: binary
X-RT-Original-Encoding: utf-8
Content-Length: 41
Thanks, I appreciate the input. Mark
MIME-Version: 1.0
X-Mailer: MIME-tools 5.427 (Entity 5.427)
Content-Disposition: inline
Content-Type: text/plain; charset="UTF-8"
Message-ID: <rt-3.8.HEAD-17550-1295929744-985.64261-0-0 [...] rt.cpan.org>
Content-Transfer-Encoding: binary
X-RT-Original-Encoding: utf-8
Content-Length: 97
Your patch has now been incorporated and released, with credit to you. Thanks again. Mark


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.