Preferred bug tracker

Please visit the preferred bug tracker to report your issue.

This queue is for tickets about the Archive-Zip CPAN distribution.

Report information
The Basics
Id:
1506
Status:
resolved
Priority:
Low/Low
Queue:

People
Owner:
Nobody in particular
Requestors:
erwin [...] lansing.dk
Cc:
AdminCc:

BugTracker
Severity:
Normal
Broken in:
1.03
Fixed in:
(no value)

Attachments
patch-lib-Archive-Zip.pm



Subject: Zip.pm uses tainted variable
lastModTime() returns a tainted value. The attached, crude patch fixes this. Eg. amavis and spamassasin run with -T and broke after an upgrade to 1.03. Cheers, -erwin
--- lib/Archive/Zip.pm.orig Wed Sep 11 13:18:37 2002 +++ lib/Archive/Zip.pm Wed Sep 11 13:18:54 2002 @@ -1304,7 +1304,13 @@ sub lastModTime # Archive::Zip::Member { my $self = shift; - return _dosToUnixTime( $self->lastModFileDateTime() ); + my $lastMT = _dosToUnixTime( $self->lastModFileDateTime() ); + if ($lastMT =~ /^(\d+)$/ ) { + $lastMT = $1; + } else { + die ("Bad timestamp"); + } + return $lastMT; } sub setLastModFileDateTimeFromUnix # Archive::Zip::Member
From: Ned Konz
[guest - Wed Sep 11 08:22:06 2002]:
Show quoted text
> lastModTime() returns a tainted value. The attached, crude patch
fixes this.
Show quoted text
> > Eg. amavis and spamassasin run with -T and broke after an upgrade to
1.03. Fixed in 1.05.


This service runs on Request Tracker, is sponsored by The Perl Foundation, and maintained by Best Practical Solutions.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.