]> git.vanrenterghem.biz Git - git.ikiwiki.info.git/commit
CGI, attachment, passwordauth: harden against repeated parameters
authorSimon McVittie <smcv@debian.org>
Wed, 11 Jan 2017 13:22:03 +0000 (13:22 +0000)
committerSimon McVittie <smcv@debian.org>
Wed, 11 Jan 2017 15:20:38 +0000 (15:20 +0000)
commit69230a2220f673c66b5ab875bfc759b32a241c0d
tree6223952a9e08c2f51f3ff1e56832dd649c21c721
parent446fc9e6ab06c7743b8f659de829f166b1778991
CGI, attachment, passwordauth: harden against repeated parameters

These instances of code similar to OVE-20170111-0001 are not believed
to be exploitable, because defined(), length(), setpassword(),
userinfo_set() and the binary "." operator all have prototypes that
force the relevant argument to be evaluated in scalar context. However,
using a safer idiom makes mistakes less likely.
IkiWiki/CGI.pm
IkiWiki/Plugin/attachment.pm
IkiWiki/Plugin/passwordauth.pm