[dak/master] sanitize variable before using it
Signed-off-by: Joerg Jaspert <joerg@debian.org>
---
tools/debianqueued-0.9/debianqueued | 7 +++++++
1 files changed, 7 insertions(+), 0 deletions(-)
diff --git a/tools/debianqueued-0.9/debianqueued b/tools/debianqueued-0.9/debianqueued
index 45f1242..f9da96f 100755
--- a/tools/debianqueued-0.9/debianqueued
+++ b/tools/debianqueued-0.9/debianqueued
@@ -1708,6 +1708,13 @@ sub pgp_check($) {
my $stat;
local (*PIPE);
+ if ($file =~ /^([-\w.+~]+)$/) {
+ $file = $1;
+ } else {
+ msg( "log", "Tainted filename, skipping: $file\n" );
+ return "LOCAL ERROR";
+ }
+
$stat = 1;
if ( -x $conf::gpg ) {
debug( "executing $conf::gpg --no-options --batch "
--
1.7.2.5
Reply to: