severely restrict what characters can be in a signer, to make

certain it's not possible to go ../  from /etc/signify

1 files changed, 10 insertions, 1 deletions

diff --git a/usr.sbin/pkg_add/OpenBSD/PackingElement.pm b/usr.sbin/pkg_add/OpenBSD/PackingElement.pm
index 3d89f26bdd8..743f325e865 100644
--- a/usr.sbin/pkg_add/OpenBSD/PackingElement.pm
+++ b/usr.sbin/pkg_add/OpenBSD/PackingElement.pm
@@ -1,5 +1,5 @@
 # ex:ts=8 sw=4:
-# $OpenBSD: PackingElement.pm,v 1.224 2014/01/07 13:52:43 espie Exp $
+# $OpenBSD: PackingElement.pm,v 1.225 2014/01/07 18:35:23 espie Exp $
 #
 # Copyright (c) 2003-2010 Marc Espie <espie@openbsd.org>
 #
@@ -1791,6 +1791,15 @@ sub keyword() { 'signer' }
 __PACKAGE__->register_with_factory;
 sub category() { "signer" }
 
+sub new
+{
+	my ($class, $args) = @_;
+	unless ($args =~ m/^[\w\d\.\-\+\@]+$/) {
+		die "Invalid characters in signer $args\n";
+	}
+	$class->SUPER::new($args);
+}
+
 # XXX digital-signatures have to be unique, since they are a part
 # of the unsigned packing-list, with only the b64sig part removed
 # (likewise for signer)