diff options
author | Fumitoshi UKAI <ukai@debian.or.jp> | 2001-12-21 18:33:41 +0000 |
---|---|---|
committer | Fumitoshi UKAI <ukai@debian.or.jp> | 2001-12-21 18:33:41 +0000 |
commit | 54702c4d832bdcb24f24852a96d5336e5adca75a (patch) | |
tree | fe085dcc00e3e163a238798a9ab10c2319a1bad7 | |
parent | helpdir default PREFIX/share/w3m (diff) | |
download | w3m-54702c4d832bdcb24f24852a96d5336e5adca75a.tar.gz w3m-54702c4d832bdcb24f24852a96d5336e5adca75a.zip |
Security hole in multipart.cgi.in, w3mman2html.cgi.in
From: Hironori Sakamoto <h-saka@lsi.nec.co.jp>
-rw-r--r-- | ChangeLog | 10 | ||||
-rw-r--r-- | scripts/multipart/multipart.cgi.in | 4 | ||||
-rw-r--r-- | scripts/w3mhelp.cgi.in | 6 | ||||
-rw-r--r-- | scripts/w3mman/w3mman2html.cgi.in | 6 |
4 files changed, 17 insertions, 9 deletions
@@ -1,3 +1,11 @@ +2001-12-22 Hironori Sakamoto <h-saka@lsi.nec.co.jp> + + * Security hole in multipart.cgi.in, w3mman2html.cgi.in + * scripts/w3mhelp.cgi.in: open(F, "< $var") instead of open(F, $var) + * scripts/w3mhelp.cgi.in: fix eval qq{require ...}; + * scripts/multipart/multipart.cgi.in: ditto + * scripts/w3mman/w3mman2html.cgi.in: validate $keyword, $section, $man + 2001-12-21 Fumitoshi UKAI <ukai@debian.or.jp> * [w3m-dev-en 00656] @@ -1369,4 +1377,4 @@ * release-0-2-1 * import w3m-0.2.1 -$Id: ChangeLog,v 1.152 2001/12/21 02:11:49 ukai Exp $ +$Id: ChangeLog,v 1.153 2001/12/21 18:33:41 ukai Exp $ diff --git a/scripts/multipart/multipart.cgi.in b/scripts/multipart/multipart.cgi.in index be4e6a0..fb13443 100644 --- a/scripts/multipart/multipart.cgi.in +++ b/scripts/multipart/multipart.cgi.in @@ -25,7 +25,7 @@ if (defined($ENV{'QUERY_STRING'})) { $CGI = "file:///\$LIB/multipart.cgi?file=" . &html_quote($file); } -open(F, $file); +open(F, "< $file"); $end = 0; $mbody = ''; if (defined($boundary)) { @@ -258,7 +258,7 @@ sub load_mime_type { local($file) = @_; local(%m, $a, @b, $_); - open(M, $file) || return (); + open(M, "< $file") || return (); while(<M>) { /^#/ && next; chop; diff --git a/scripts/w3mhelp.cgi.in b/scripts/w3mhelp.cgi.in index 7f11047..2045224 100644 --- a/scripts/w3mhelp.cgi.in +++ b/scripts/w3mhelp.cgi.in @@ -1,5 +1,5 @@ #!@PERL@ -# $Id: w3mhelp.cgi.in,v 1.3 2001/12/02 13:16:29 ukai Exp $ +# $Id: w3mhelp.cgi.in,v 1.4 2001/12/21 18:33:41 ukai Exp $ $helpdir = "@HELP_DIR@"; unshift(@INC, $helpdir); @@ -29,7 +29,7 @@ if (defined($ENV{'QUERY_STRING'})) { $tlang =~ s/\+|%([0-9A-Fa-f][0-9A-Fa-f])/$& eq '+' ? ' ' : pack('C', hex($1))/ge; $tlang =~ tr/A-Z/a-z/; print "tlang=$tlang\n"; - eval qq{require "w3mhelp-funcdesc.$tlang.pl"}; + eval {require "w3mhelp-funcdesc.$tlang.pl";}; if (defined(%funcdesc)) { $lang = $tlang; } @@ -37,7 +37,7 @@ if (defined($ENV{'QUERY_STRING'})) { } if (-f $keymap) { - open(KEYMAP, $keymap) || die "cannot open keymap: $keymap, $!"; + open(KEYMAP, "< $keymap") || die "cannot open keymap: $keymap, $!"; &load_keymap(*KEYMAP, $func); close(KEYMAP); } diff --git a/scripts/w3mman/w3mman2html.cgi.in b/scripts/w3mman/w3mman2html.cgi.in index 68f318a..6786928 100644 --- a/scripts/w3mman/w3mman2html.cgi.in +++ b/scripts/w3mman/w3mman2html.cgi.in @@ -31,7 +31,7 @@ Content-Type: text/html <h2>man -k <b>$k</b></h2> <ul> EOF - $keyword =~ s:([^\w./]):\\$1:g; + $keyword =~ s:([^-\w\200-\377.,])::g; open(F, "$MAN -k $keyword 2> /dev/null |"); @line = (); while(<F>) { @@ -82,8 +82,8 @@ if ($man =~ s/\((\w+)\)$//) { $man_section = "$man"; } -$section =~ s:([^\w./]):\\$1:g; -$man =~ s:([^\w./]):\\$1:g; +$section =~ s:([^-\w\200-\377.,])::g; +$man =~ s:([^-\w\200-\377.,])::g; open(F, "$MAN $section $man 2> /dev/null |"); $ok = 0; undef $header; |