[SCM] Debian package checker branch, master, updated. 2.5.0-rc2-122-g12888e8

To: debian-lint-maint@lists.debian.org
Subject: [SCM] Debian package checker branch, master, updated. 2.5.0-rc2-122-g12888e8
From: "Niels Thykier" <niels@thykier.net>
Date: Tue, 12 Apr 2011 12:37:09 +0000
Message-id: <[🔎] E1Q9cqD-0003oZ-5L@alioth.debian.org>

The following commit has been merged in the master branch:
commit 8893a15fcbb2afafc6e322b4c225626a3101f73c
Author: Niels Thykier <niels@thykier.net>
Date:   Tue Feb 22 16:24:11 2011 +0100

    Clean fields of Processable to avoid path transversal

diff --git a/lib/Lintian/Processable.pm b/lib/Lintian/Processable.pm
index babf8b9..c238dcd 100644
--- a/lib/Lintian/Processable.pm
+++ b/lib/Lintian/Processable.pm
@@ -177,6 +177,10 @@ sub _init{
     $self->{pkg_version}     = '' unless (defined $self->{pkg_version});
     $self->{pkg_src_version} = '' unless (defined $self->{pkg_src_version});
     $self->{pkg_arch}        = '' unless (defined $self->{pkg_arch});
+    # make sure none of the fields can cause traversal.
+    foreach my $field (qw(pkg_name pkg_version pkg_src pkg_src_version pkg_arch)) {
+        $self->{$field} =~ s,/,_,o;
+    }
     return 1;
 }
 

-- 
Debian package checker

Reply to:

Prev by Date: [SCM] Debian package checker branch, master, updated. 2.5.0-rc2-122-g12888e8
Next by Date: [SCM] Debian package checker branch, master, updated. 2.5.0-rc2-122-g12888e8
Previous by thread: [SCM] Debian package checker branch, master, updated. 2.5.0-rc2-122-g12888e8
Next by thread: [SCM] Debian package checker branch, master, updated. 2.5.0-rc2-122-g12888e8
Index(es):
- Date
- Thread