Bug: Topic Diffs gives multiple Perl Taint errors

Problem occured after upgrading:

twiki 20040902-1.1 -> 20040902-3 apache2-common 2.0.53-5 -> 2.0.54-2 (other packages were also upgraded at the same time but I suspect the problem was one of these)

Immediately after upgrading we started getting this error:

Insecure dependency in exec while running with -T switch at /usr/share/perl5/TWiki.pm line 3454.

whenever we clicked the "Diffs" link on a TWiki topic. I looked into the code and the problem seems to start on line 378 of /usr/share/perl5/TWiki/UI/RDiff.pm

my $rev1 = $query->param( "rev1" );

At this point rev1 (and rev2) are tainted.

On line 410 (411 for rev2) they are run through a regexp:

$rev1 =~ s/r?1\.//go; # cut 'r' and major

but it does not seem sufficient to untaint them.

Changing the line to something like:

($rev1) = $rev1 =~ /r?1\.(\d*)/; # cut 'r' and major

does work.

This issue was also submitted to the Debian package list and assigned bug# 307299.

Test case
Environment
Impact and Available Solutions
Follow up
Fix record
Discussion

Test case

Environment

TWiki version:	TWikiRelease02Sep2004
TWiki plugins:	DefaultPlugin, EmptyPlugin, InterwikiPlugin
Server OS:	Debian Linux (2.4.25 #1 SMP)
Web server:	Apache 2.0.54-2
Perl version:	5.8.4
Client OS:	Mac OS X Panther
Web Browser:	Firefix 1.0.3

-- TristanLawrence - 02 May 2005

Impact and Available Solutions

WhatDoesItAffect:	UI
AffectedExtensions:
AffectedReleases:	TWikiRelease02Sep2004
HaveQuickFixFor:	TWikiRelease02Sep2004

Follow up

Fix record

Discussion

ChangeProposalForm
TopicClassification	BugReport
TopicSummary	Topic Diffs gives multiple Perl Taint errors
CurrentState	UnderInvestigation
OutstandingIssues
RelatedTopics
InterestedParties
ProposedFor
AppliesTo
TWikiContributors
HasPriority	100

Codev

Create New Topic

edit left bar

Copyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback