From: Simon McVittie <smcv@debian.org>
Date: Wed, 11 Jan 2017 13:22:03 +0000 (+0000)
Subject: CGI, attachment, passwordauth: harden against repeated parameters
X-Git-Tag: debian/3.20120629.2+deb7u2~34
X-Git-Url: http://git.vanrenterghem.biz/git.ikiwiki.info.git/commitdiff_plain/b1c341777de7304287a02adc8b7b324cab44eb0b?ds=sidebyside;hp=b1c341777de7304287a02adc8b7b324cab44eb0b

CGI, attachment, passwordauth: harden against repeated parameters

These instances of code similar to OVE-20170111-0001 are not believed
to be exploitable, because defined(), length(), setpassword(),
userinfo_set() and the binary "." operator all have prototypes that
force the relevant argument to be evaluated in scalar context. However,
using a safer idiom makes mistakes less likely.
---