Skip Menu |
 

This queue is for tickets about the Archive-Zip CPAN distribution.

Report information
The Basics
Id: 1506
Status: resolved
Priority: 0/
Queue: Archive-Zip

People
Owner: Nobody in particular
Requestors: erwin [...] lansing.dk
Cc:
AdminCc:

Bug Information
Severity: Normal
Broken in: 1.03
Fixed in: (no value)

Attachments
patch-lib-Archive-Zip.pm



Subject: Zip.pm uses tainted variable
Download (untitled) / with headers
text/plain 168b
lastModTime() returns a tainted value. The attached, crude patch fixes this. Eg. amavis and spamassasin run with -T and broke after an upgrade to 1.03. Cheers, -erwin
--- lib/Archive/Zip.pm.orig Wed Sep 11 13:18:37 2002 +++ lib/Archive/Zip.pm Wed Sep 11 13:18:54 2002 @@ -1304,7 +1304,13 @@ sub lastModTime # Archive::Zip::Member { my $self = shift; - return _dosToUnixTime( $self->lastModFileDateTime() ); + my $lastMT = _dosToUnixTime( $self->lastModFileDateTime() ); + if ($lastMT =~ /^(\d+)$/ ) { + $lastMT = $1; + } else { + die ("Bad timestamp"); + } + return $lastMT; } sub setLastModFileDateTimeFromUnix # Archive::Zip::Member
From: Ned Konz
Download (untitled) / with headers
text/plain 220b
[guest - Wed Sep 11 08:22:06 2002]: Show quoted text
> lastModTime() returns a tainted value. The attached, crude patch
fixes this. Show quoted text
> > Eg. amavis and spamassasin run with -T and broke after an upgrade to
1.03. Fixed in 1.05.


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.