Skip Menu |
 

This queue is for tickets about the Digest-MD5-File CPAN distribution.

Report information
The Basics
Id: 76174
Status: resolved
Priority: 0/
Queue: Digest-MD5-File

People
Owner: Nobody in particular
Requestors: par.osterberg [...] gmail.com
Cc:
AdminCc:

Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: 0.08



CC: dmuey [...] cpan.org
Subject: Digest::MD5::File
Date: Fri, 30 Mar 2012 15:29:39 -0400
To: bug-Digest-MD5-File [...] rt.cpan.org
From: Par Osterberg Medina <par.osterberg [...] gmail.com>
Daniel, First off let me start by thanking you for writing this excellent Perl module. Here is my system information; Package: libdigest-md5-file-perl Priority: optional Section: perl Installed-Size: 72 Maintainer: Debian Perl Group <pkg-perl-maintainers@lists.alioth.debian.org> Architecture: all Version: 0.07-1 Depends: perl (>= 5.6.0-16), libwww-perl Linux xyz 2.6.32-5-amd64 #1 SMP Mon Jan 16 16:22:28 UTC 2012 x86_64 GNU/Linux This is perl, v5.10.1 (*) built for x86_64-linux-gnu-thread-multi I was messing around with Digest::MD5::File trying to get the module to accept a filename that ends with a space (0x20). Yes I know, a valid filename should not end with a space but I do not have any control over it - file is part of a self executing archive. They underlying issue is how you open the file in the function 'getfh' and by changing the 'open' statement on line 53 of 'File.pm' (see below) I was able to get it running; #open my ($fh), "$file" or return; open (my $fh,"<", $file) or return; Kind regards Pär Österberg Medina
thanks, I'll take a look ASAP
Subject: [rt.cpan.org #76174] REOPEN
Date: Tue, 13 Jan 2015 19:50:33 +0100
To: bug-Digest-MD5-File [...] rt.cpan.org
From: Christian Wetzig <christian [...] wetzig.de>
Download (untitled) / with headers
text/plain 518b
Hi Daniel, issue isn't fixed, module still uses two-argument open. Please fix, it's also a security problem. --- File.pm 2012-04-04 21:58:08.000000000 +0200 +++ File.pm.new 2015-01-13 19:13:44.000000000 +0100 @@ -50,7 +50,7 @@ my $getfh = sub { croak "$file: Is a directory" if -d $file && !$NOFATALS; if(-e $file && !-d $file) { - open my $fh, $file or return; + open my $fh, '<', $file or return; binmode $fh if $BINMODE; return $fh; } best regards, Christian
Download (untitled) / with headers
text/plain 650b
thanks, I'll try to address ASAP On Tue Jan 13 13:50:51 2015, christian@wetzig.de wrote: Show quoted text
> Hi Daniel, > > issue isn't fixed, module still uses two-argument open. > Please fix, it's also a security problem. > > --- File.pm 2012-04-04 21:58:08.000000000 +0200 > +++ File.pm.new 2015-01-13 19:13:44.000000000 +0100 > @@ -50,7 +50,7 @@ my $getfh = sub { > croak "$file: Is a directory" if -d $file && !$NOFATALS; > > if(-e $file && !-d $file) { > - open my $fh, $file or return; > + open my $fh, '<', $file or return; > binmode $fh if $BINMODE; > return $fh; > } > > > best regards, > Christian


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.