Skip Menu |
 

This queue is for tickets about the Crypt-OpenSSL-CA CPAN distribution.

Report information
The Basics
Id: 95385
Status: new
Priority: 0/
Queue: Crypt-OpenSSL-CA

People
Owner: Nobody in particular
Requestors: tlhackque [...] yahoo.com
Cc:
AdminCc:

Bug Information
Severity: Normal
Broken in: 0.23
Fixed in: (no value)



Subject: Taint mode troubles with set_extension
Download (untitled) / with headers
text/plain 1.6k
Running in taint mode, I happened to fetch a value for set_extensions from a file. I get an error message that has nothing to do with tainted data, and sent me on a long chase for "undef" in a hash entry. The error should either mention tainted data as a possibility, or die with a true tainted data exception. Here's the case (simplified): my %aiaSection; $ifile = readlink( $ifile ) if( -l $ifile ); # This will be tainted if -l is true $ifile = (fileparse( $ifile ))[0]; $aiaSection{'caIssuers;URI'} = $ifile; $cert->set_extension( authorityInfoAccess => '@aia_section', aia_section => \%aiaSection, ); Here's the error: bad structure: hash contains an undef value at /usr/lib/perl5/site_perl/5.8.8/i386-linux-thread-multi/Crypt/OpenSSL/CA.pm line 1920. It appears that the tainted value causes char0_value to return a zero-length string, and SvPOK then makes it look undef... And here is a dump (Data::Dumper::Dumper) of the arguments just before the error (Note that some other entries were filled in when this was captured, but it was the caIssuers that caused the problem): $VAR1 = 'authorityInfoAccess'; $VAR2 = '@aia_section'; $VAR3 = 'aia_section'; $VAR4 = { 'OCSP;URI.1' => 'http://security1.example.net:2560/ocsp/root', 'OCSP;URI.2' => 'http://security2.example.net:2560/ocsp/root', 'caIssuers;URI' => 'http://security.example.net/ca/1b86ad992cd90868d83f51445df4db.pem' }; Note that there is nothing undefined. untainting the value solved the problem. An older version, of Perl on Fedora: This is perl, v5.8.8 built for i386-linux-thread-multi Linux overkill 2.6.22.14-72.fc6 #1 SMP Wed Nov 21 15:12:59 EST 2007 i686 i686 i386 GNU/Linux


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.