Permalink
Browse files

[rt.cpan.org 76314] Untaint externally supplied domains.

Resolves part of the ticket reported by Dylan Doxey.  Thank you for
the test case, Dylan!
  • Loading branch information...
1 parent 3444b16 commit 7f3c34775d8e2245d4498d397db3b999a064a23c @rcaputo committed Apr 29, 2012
Showing with 7 additions and 1 deletion.
  1. +7 −1 lib/POE/Wheel/SocketFactory.pm
@@ -495,7 +495,13 @@ sub new {
# Default to Internet sockets.
my $domain = delete $params{SocketDomain};
- $domain = AF_INET unless defined $domain;
+ if (defined $domain) {
+ # [rt.cpan.org 76314] Untaint the domain.
+ ($domain) = ($domain =~ /\A(.*)\z/);
+ }
+ else {
+ $domain = AF_INET;
+ }
$self->[MY_SOCKET_DOMAIN] = $domain;
# Abstract the socket domain into something we don't have to keep

0 comments on commit 7f3c347

Please sign in to comment.