Skip to content

Commit

Permalink
[rt.cpan.org 76314] Untaint externally supplied domains.
Browse files Browse the repository at this point in the history 
Resolves part of the ticket reported by Dylan Doxey.  Thank you for
the test case, Dylan!
  • Loading branch information
@rcaputo
rcaputo committed Apr 29, 2012
1 parent 88d27d6 commit 5f22fca
Showing 1 changed file with 7 additions and 1 deletion.
8 changes: 7 additions & 1 deletion lib/POE/Wheel/SocketFactory.pm
View file
Expand Up @@ -495,7 +495,13 @@ sub new {


# Default to Internet sockets. # Default to Internet sockets.
my $domain = delete $params{SocketDomain}; my $domain = delete $params{SocketDomain};
$domain = AF_INET unless defined $domain; if (defined $domain) {
# [rt.cpan.org 76314] Untaint the domain.
($domain) = ($domain =~ /\A(.*)\z/);
}
else {
$domain = AF_INET;
}
$self->[MY_SOCKET_DOMAIN] = $domain; $self->[MY_SOCKET_DOMAIN] = $domain;


# Abstract the socket domain into something we don't have to keep # Abstract the socket domain into something we don't have to keep
Expand Down

0 comments on commit 5f22fca

Please sign in to comment.