]> git.vanrenterghem.biz Git - git.ikiwiki.info.git/commit
projects / git.ikiwiki.info.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 446fc9e) | patch
CGI, attachment, passwordauth: harden against repeated parameters
authorSimon McVittie <smcv@debian.org>
Wed, 11 Jan 2017 13:22:03 +0000 (13:22 +0000)
committerSimon McVittie <smcv@debian.org>
Wed, 11 Jan 2017 15:20:38 +0000 (15:20 +0000)
commit69230a2220f673c66b5ab875bfc759b32a241c0d
tree6223952a9e08c2f51f3ff1e56832dd649c21c721tree | snapshot
parent446fc9e6ab06c7743b8f659de829f166b1778991commit | diff
CGI, attachment, passwordauth: harden against repeated parameters

These instances of code similar to OVE-20170111-0001 are not believed
to be exploitable, because defined(), length(), setpassword(),
userinfo_set() and the binary "." operator all have prototypes that
force the relevant argument to be evaluated in scalar context. However,
using a safer idiom makes mistakes less likely.
IkiWiki/CGI.pm diff | blob | history
IkiWiki/Plugin/attachment.pm diff | blob | history
IkiWiki/Plugin/passwordauth.pm diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.