|Subject:||Fatal taint error in CGI::Session::ErrorHandler|
Environment: CGI::Session 4.41 # $Id: Session.pm 459 2009-03-21 02:00:17Z markstos $ Perl v5.10.0 built for i486-linux-gnu-thread-multi Linux Ubuntu 8.10, kernel 2.6.27-23-xen What happened: I had a setup problem (database table didn't exist) when invoking CGI::Session. Instead of reporting the error, a fault occurred within CGI::Session. The error message was: "Insecure dependency in sprintf while running with -T switch at /usr/local/share/perl/5.10.0/CGI/Session/ErrorHandler.pm line 45" The problem occurred when I was running Perl 5.10.0. In Perl 5.8.8, with the same code and different setup problems, the problem did not occur. The likely explanation: newer Perls reject any tainted format argument in sprintf: Show quoted textThe following workaround allows execution to proceed with a blanket untaint of the variable in question: 42a43,44
> $message =~ m/^(.*)$/; > $message = $1;However, I did not examine the security implications of this workaround.