Skip to content
Browse files

[rt.cpan.org 76314] Untaint externally supplied domains.

Resolves part of the ticket reported by Dylan Doxey.  Thank you for
the test case, Dylan!
  • Loading branch information...
1 parent 88d27d6 commit 5f22fcada8b4493dcbcd83c5716c929dc56949f6 @rcaputo committed Apr 29, 2012
Showing with 7 additions and 1 deletion.
  1. +7 −1 lib/POE/Wheel/SocketFactory.pm
View
8 lib/POE/Wheel/SocketFactory.pm
@@ -495,7 +495,13 @@ sub new {
# Default to Internet sockets.
my $domain = delete $params{SocketDomain};
- $domain = AF_INET unless defined $domain;
+ if (defined $domain) {
+ # [rt.cpan.org 76314] Untaint the domain.
+ ($domain) = ($domain =~ /\A(.*)\z/);
+ }
+ else {
+ $domain = AF_INET;
+ }
$self->[MY_SOCKET_DOMAIN] = $domain;
# Abstract the socket domain into something we don't have to keep

0 comments on commit 5f22fca

Please sign in to comment.
Something went wrong with that request. Please try again.