From: Jameson Rollins Date: Sun, 2 May 2010 00:53:20 +0000 (-0400) Subject: untaint $uid. X-Git-Tag: msva-perl/0.4~23 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=e0be50fa941e606da7a897248615a706637a48f3;p=monkeysphere-validation-agent.git untaint $uid. Found out that $uid is in fact tainted while trying to use it in a system() call in another context. We have untainted it here. I think this actually means that perl's taint checking is broken, because it fails to check for taint in the open() call to a subprocesses. --- diff --git a/msva-perl b/msva-perl index fd5892e..4647721 100755 --- a/msva-perl +++ b/msva-perl @@ -324,12 +324,36 @@ use strict; } + sub getuid { + my $data = shift; + if ($data->{context} =~ /(https|ssh)/) { + $data->{context} = $1; + } else { + return []; + } + if ($data->{peer} =~ /(^[^\s]*$)/) { + $data->{peer} = $1; + } else { + return []; + } + return $data->{context}.'://'.$data->{peer}; + } sub reviewcert { my $data = shift; return if !ref $data; - my $uid = $data->{context}.'://'.$data->{peer}; + my $status = '200 OK'; + my $ret = { valid => JSON::false, + message => 'Unknown failure', + }; + + my $uid = getuid($data); + if ($uid eq []) { + msvalog('error', "invalid peer/context: %s/%s\n", $data->{context}, $data->{peer}); + $ret->{message} = sprintf('invalid peer/context'); + return $status, $ret; + } my $rawdata = join('', map(chr, @{$data->{pkc}->{data}})); my $cert = Crypt::X509->new(cert => $rawdata); @@ -338,10 +362,6 @@ use strict; msvalog('verbose', "cert pubkey algo: %s\n", $cert->PubKeyAlg()); msvalog('verbose', "cert pubkey: %s\n", unpack('H*', $cert->pubkey())); - my $status = '200 OK'; - my $ret = { valid => JSON::false, - message => 'Unknown failure', - }; if ($cert->PubKeyAlg() ne 'RSA') { $ret->{message} = sprintf('public key was algo "%s" (OID %s). MSVA.pl only supports RSA', $cert->PubKeyAlg(), $cert->pubkey_algorithm);