Skip Menu |

This queue is for tickets about the Crypt-CBC CPAN distribution.

Report information
The Basics
Id: 29646
Status: resolved
Priority: 0/
Queue: Crypt-CBC

Owner: Nobody in particular
Requestors: pauldoom [...]

Bug Information
Severity: Important
Broken in: 2.22
Fixed in: (no value)

Subject: Taint breakage when used with Crypt::Rijndael or Crypt::OpenSSL::AES
Download (untitled) / with headers
text/plain 1.1k
When used with taint enabled and with automatic salting (-salt = 1), the random bytes used for salt are not untainted. When later used as part of real key, the SvPOK(key) call used in the .xs files for Crypt::Rijndael and Crypt::OpenSSL::AES returns false resulting in this error (differs slightly between cipher modules): "Key must be a scalar at /usr/lib/perl5/vendor_perl/5.8.8/Crypt/ line 367" Here is a one-liner to trigger the error (remove the -T flag to see it work correctly) $ perl -Te 'use Crypt::CBC;$c=Crypt::CBC->new(-key=>"pw", -cipher=>"Rijndael", -header=>"salt"); print unpack("H*", $c->encrypt("test")), "\n";' I suggest untainting $result in Crypt::CBC::_get_random_bytes(), as shown in the following diff. (This double checks the length, as well.) --- 2007-09-27 17:24:32.000000000 -0500 +++ 2007-09-27 17:31:15.000000000 -0500 @@ -422,7 +422,9 @@ } else { $result = pack("C*",map {rand(256)} 1..$length); } - $result; + # Clear taint and check length + $result =~ /^(.{$length})$/s or croak "Invalid length while gathering $length randim bytes"; + $result = $1; } sub _standard_padding ($$$) {
Patch is accepted and will appear in release 2.24 Thanks!

This service is sponsored and maintained by Best Practical Solutions and runs on infrastructure.

Please report any issues with to