Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Close the eval "require $module" security hole in Digest->new($algori…

…thm)

Also the filter was incomplete.
  • Loading branch information...
commit 33800e83550bcad19c4fc593874ec3497841fa1e 1 parent 517c704
Michael G. Schwern schwern authored
Showing with 18 additions and 2 deletions.
  1. +4 −2 Digest.pm
  2. +14 −0 t/security.t
6 Digest.pm
View
@@ -24,7 +24,7 @@ sub new
shift; # class ignored
my $algorithm = shift;
my $impl = $MMAP{$algorithm} || do {
- $algorithm =~ s/\W+//;
+ $algorithm =~ s/\W+//g;
"Digest::$algorithm";
};
$impl = [$impl] unless ref($impl);
@@ -35,7 +35,9 @@ sub new
($class, @args) = @$class if ref($class);
no strict 'refs';
unless (exists ${"$class\::"}{"VERSION"}) {
- eval "require $class";
+ my $pm_file = $class . ".pm";
+ $pm_file =~ s{::}{/}g;
+ eval { require $pm_file };
if ($@) {
$err ||= $@;
next;
14 t/security.t
View
@@ -0,0 +1,14 @@
+#!/usr/bin/env perl
+
+# Digest->new() had an exploitable eval
+
+use strict;
+use warnings;
+
+use Test::More tests => 1;
+
+use Digest;
+
+$LOL::PWNED = 0;
+eval { Digest->new(q[MD;5;$LOL::PWNED = 42]) };
+is $LOL::PWNED, 0;
Please sign in to comment.
Something went wrong with that request. Please try again.