untaint $uid.

Found out that $uid is in fact tainted while trying to use it in a
system() call in another context.  We have untainted it here.

I think this actually means that perl's taint checking is broken,
because it fails to check for taint in the open() call to a
subprocesses.

diff --git a/msva-perl b/msva-perl
index fd5892e163fc58510da035f95c907d9ed91a5a02..46477215249cdd51b1005b4dd0d770858d7ff3f3 100755 (executable)
--- a/msva-perl
+++ b/msva-perl
@@ -324,12 +324,36 @@ use strict;
   }
 
 
+  sub getuid {
+    my $data = shift;
+    if ($data->{context} =~ /(https|ssh)/) {
+      $data->{context} = $1;
+    } else {
+      return [];
+    }
+    if ($data->{peer} =~ /(^[^\s]*$)/) {
+      $data->{peer} = $1;
+    } else {
+      return [];
+    }
+    return $data->{context}.'://'.$data->{peer};
+  }
 
   sub reviewcert {
     my $data  = shift;
     return if !ref $data;
 
-    my $uid = $data->{context}.'://'.$data->{peer};
+    my $status = '200 OK';
+    my $ret =  { valid => JSON::false,
+                 message => 'Unknown failure',
+               };
+
+    my $uid = getuid($data);
+    if ($uid eq []) {
+        msvalog('error', "invalid peer/context: %s/%s\n", $data->{context}, $data->{peer});
+        $ret->{message} = sprintf('invalid peer/context');
+        return $status, $ret;
+    }
 
     my $rawdata = join('', map(chr, @{$data->{pkc}->{data}}));
     my $cert = Crypt::X509->new(cert => $rawdata);
@@ -338,10 +362,6 @@ use strict;
     msvalog('verbose', "cert pubkey algo: %s\n", $cert->PubKeyAlg());
     msvalog('verbose', "cert pubkey: %s\n", unpack('H*', $cert->pubkey()));
 
-    my $status = '200 OK';
-    my $ret =  { valid => JSON::false,
-                 message => 'Unknown failure',
-               };
     if ($cert->PubKeyAlg() ne 'RSA') {
       $ret->{message} = sprintf('public key was algo "%s" (OID %s).  MSVA.pl only supports RSA',
                                 $cert->PubKeyAlg(), $cert->pubkey_algorithm);