diff options
| author | ivan <ivan> | 2000-09-23 18:08:45 +0000 |
|---|---|---|
| committer | ivan <ivan> | 2000-09-23 18:08:45 +0000 |
| commit | c95ebfccc9bce5d8e48d5339d31b25d88a183fde (patch) | |
| tree | d31ab49828f89196fff8c83bcf357d53b88776e3 | |
| parent | cb69f12c04dcf89236cf6e0b35a0a3f7f6c03929 (diff) | |
fix for DoS vulnerability noted by Kevin S. Ho
| -rw-r--r-- | TODO | 10 | ||||
| -rwxr-xr-x | shift.cgi | 11 |
2 files changed, 16 insertions, 5 deletions
@@ -1,3 +1,13 @@ +here's a one-liner to find duplicate inputbox'es: + +grep inputbox staffing.html | perl -pe '/inputbox\(\"(.*)\"\)/ or die; $_="$1\n";' | sort | uniq -d + +(though the program should probably error out) + +and here's another useful one: + + perl -ne 'if ( /^((.*)\s+)(\S+\@\S+)$/ ) { print "$1<$3>\n"; } else { print "$_\n"; }' P* + Delivered-To: ivan-fnf-planners@420.am To: phred@well.com, larryc@cloudfactory.org, fnf-planners@topica.com From: Rob Jellinghaus <robj@unrealities.com> @@ -2,7 +2,7 @@ #!/usr/bin/perl -Tw # (Text::Template can't do -T, but no user input is used dangerously) # -# $Id: shift.cgi,v 1.2 2000-07-18 05:43:27 ivan Exp $ +# $Id: shift.cgi,v 1.3 2000-09-23 18:08:45 ivan Exp $ # # Copyright (C) 2000 Adam Gould # Copyright (C) 2000 Michal Migurski @@ -103,13 +103,14 @@ if ( $cgi->param() ) { foreach my $field ( @diff_fields ) { $shifthash{$field}='' unless defined $shifthash{$field}; if ( $shifthash{$field} eq $cgi->param($field. '_old') ) { - if ( $cgi->param($field. "_new") =~ - /\b(\w[\w\-\.\+]*\@(([\w\.\-]+\.)+\w+))\b/ - || $cgi->param($field. "_new") =~ /^\s*$/ + if ( $cgi->param($field. "_new") =~ + /^\s*(\w[\w\s\.\'\-]{0,99}<?\s{0,9}(\w[\w\-\.\+]{0,99}\@(([\w\.\-]{1,99}\.){1,99}\w{1,99}))\s{0,9}>?)\s*$/ + || $cgi->param($field. "_new") =~ /^\s*()$/ ) { + my $new = $1; open(FILE,">$data_directory/.new.$field") or die "Can't open file $data_directory/$field: $!"; - print FILE $cgi->param($field. "_new"); + print FILE $new; close FILE; rename "$data_directory/.new.$field", "$data_directory/$field"; $warning{$field} = ''; |