]> git.vanrenterghem.biz Git - git.ikiwiki.info.git/commit
projects / git.ikiwiki.info.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b642cbe) | patch
CGI, attachment, passwordauth: harden against repeated parameters
authorSimon McVittie <smcv@debian.org>
Wed, 11 Jan 2017 13:22:03 +0000 (13:22 +0000)
committerSimon McVittie <smcv@debian.org>
Wed, 11 Jan 2017 18:11:07 +0000 (18:11 +0000)
commitd157a97452ae0641f87996b6d0f21c9d222cef3d
treeef0032b1d5f83010b0f084557fc3690c9b46a7b9tree | snapshot
parentb642cbef80d120df3c9f3146eb1e39dfbe395a2dcommit | diff
CGI, attachment, passwordauth: harden against repeated parameters

These instances of code similar to OVE-20170111-0001 are not believed
to be exploitable, because defined(), length(), setpassword(),
userinfo_set() and the binary "." operator all have prototypes that
force the relevant argument to be evaluated in scalar context. However,
using a safer idiom makes mistakes less likely.

(cherry picked from commit 69230a2220f673c66b5ab875bfc759b32a241c0d)
IkiWiki/CGI.pm diff | blob | history
IkiWiki/Plugin/attachment.pm diff | blob | history
IkiWiki/Plugin/passwordauth.pm diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.