diff options
| author |   sthen <sthen@openbsd.org> | 2013-03-19 22:14:30 +0000 |
|---|---|---|
| committer | sthen <sthen@openbsd.org> | 2013-03-19 22:14:30 +0000 |
| commit | 5cabaf342e5dc2c77413e0fb8e42b1e5c7088cba (patch) | |
| tree | a386b9843b97ee0018850b988e4b7e8221ff337e | |
| parent | Don't advertise brightness control if it isn't supported. (diff) | |
| download | wireguard-openbsd-5cabaf342e5dc2c77413e0fb8e42b1e5c7088cba.tar.xz wireguard-openbsd-5cabaf342e5dc2c77413e0fb8e42b1e5c7088cba.zip | |
Untaint a variable used in an sprintf format string by using a regex and back-
reference. This diff from espie@ after we worked through a few alternatives.
(Background: with perl's taint mode, any operation other than RE+backref, even
just taking a length of a tainted [user-supplied/untrusted] string, results in
a tainted variable. Perl 5.14 improves the checks in format strings to sprintf
which triggers with this script).
| -rw-r--r-- | libexec/security/security | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/libexec/security/security b/libexec/security/security index 91df67ac222..85b8497f094 100644 --- a/libexec/security/security +++ b/libexec/security/security @@ -1,6 +1,6 @@ #!/usr/bin/perl -T -# $OpenBSD: security,v 1.21 2013/03/18 14:36:05 sthen Exp $ +# $OpenBSD: security,v 1.22 2013/03/19 22:14:30 sthen Exp $ # # Copyright (c) 2011, 2012 Ingo Schwarze <schwarze@openbsd.org> # Copyright (c) 2011 Andrew Fresh <andrew@afresh1.com> @@ -601,7 +601,7 @@ sub adjust_columns { } } $s[-1] = ''; - my $fmt = join ' ', map "%-${_}s", @s; + my $fmt = join ' ', map { m/(\d+)/ && "%-$1s"} @s; return map { sprintf $fmt, @$_ } @table; } |