Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

* Version 71 with advisory from @fweimer

  • Loading branch information...
commit 575f7bd6ba4cc7c92f841e8758f88a131674ebf2 1 parent 86d9415
@audreyt authored
Showing with 18 additions and 5 deletions.
  1. +8 −0 Changes
  2. +1 −1  META.yml
  3. +9 −4 lib/Module/Signature.pm
View
8 Changes
@@ -1,3 +1,11 @@
+[Changes for 0.71 - Tue Jun 4 18:24:10 CST 2013]
+
+* Constrain the user-specified digest name to /^\w+\d+$/.
+
+* Avoid loading Digest::* from relative paths in @INC.
+
+ Contributed by: Florian Weimer
+
[Changes for 0.70 - Thu Nov 29 01:45:54 CST 2012]
* Don't check gpg version if gpg does not exist.
View
2  META.yml
@@ -25,4 +25,4 @@ requires:
perl: 5.005
resources:
repository: http://github.com/audreyt/module-signature
-version: 0.70
+version: 0.71
View
13 lib/Module/Signature.pm
@@ -1,5 +1,5 @@
package Module::Signature;
-$Module::Signature::VERSION = '0.70';
+$Module::Signature::VERSION = '0.71';
use 5.005;
use strict;
@@ -532,18 +532,23 @@ sub _mkdigest {
sub _digest_object {
my($algorithm) = @_;
+
+ # Avoid loading Digest::* from relative paths in @INC.
+ local @INC = grep { /^[^.]/ } @INC;
+
+ # Constrain algorithm name to be of form ABC123.
+ my ($base, $variant) = ($algorithm =~ /^([_a-zA-Z]+)([0-9]+)$/g)
+ or die "Malformed algorithm name: $algorithm (should match /\\w+\\d+/)";
+
my $obj = eval { Digest->new($algorithm) } || eval {
- my ($base, $variant) = ($algorithm =~ /^(\w+?)(\d+)$/g) or die;
require "Digest/$base.pm"; "Digest::$base"->new($variant)
} || eval {
require "Digest/$algorithm.pm"; "Digest::$algorithm"->new
} || eval {
- my ($base, $variant) = ($algorithm =~ /^(\w+?)(\d+)$/g) or die;
require "Digest/$base/PurePerl.pm"; "Digest::$base\::PurePerl"->new($variant)
} || eval {
require "Digest/$algorithm/PurePerl.pm"; "Digest::$algorithm\::PurePerl"->new
} or do { eval {
- my ($base, $variant) = ($algorithm =~ /^(\w+?)(\d+)$/g) or die;
warn "Unknown cipher: $algorithm, please install Digest::$base, Digest::$base$variant, or Digest::$base\::PurePerl\n";
} and return } or do {
warn "Unknown cipher: $algorithm, please install Digest::$algorithm\n"; return;
Please sign in to comment.
Something went wrong with that request. Please try again.