diff --git a/Changes b/Changes index 9cc4f62..c2cec3e 100644 --- a/Changes +++ b/Changes @@ -1,5 +1,8 @@ Revision history for Net::SFTP::Foreign +1.78_07 Oct 6, 2015 + - setcwd was broken in taint mode (bug report by E. Choroba) + 1.78_06 Oct 1, 2015 - the auto resume feature in put method was broken (bug report and fix by Denis Shirokov) diff --git a/lib/Net/SFTP/Foreign.pm b/lib/Net/SFTP/Foreign.pm index 8f34270..53a5761 100644 --- a/lib/Net/SFTP/Foreign.pm +++ b/lib/Net/SFTP/Foreign.pm @@ -1,6 +1,6 @@ package Net::SFTP::Foreign; -our $VERSION = '1.78_06'; +our $VERSION = '1.78_07'; use strict; use warnings; @@ -36,7 +36,8 @@ use Net::SFTP::Foreign::Helpers qw(_is_reg _is_lnk _is_dir _debug _sort_entries _gen_wanted _gen_converter _hexdump _ensure_list _catch_tainted_args - _file_part _umask_save_and_set); + _file_part _umask_save_and_set + _untaint); use Net::SFTP::Foreign::Constants qw( :fxp :flags :att :status :error SSH2_FILEXFER_VERSION ); @@ -535,6 +536,7 @@ sub setcwd { if ($check) { $cwd = $sftp->realpath($cwd); return undef unless defined $cwd; + _untaint($cwd); my $a = $sftp->stat($cwd) or return undef; unless (_is_dir($a->perm)) { @@ -1027,7 +1029,7 @@ sub stat { } sub fstat { - _deprecated "fstat is deprecated and will be removed on the upcomming 2.xx series, " + _deprecated "fstat is deprecated and will be removed on the upcoming 2.xx series, " . "stat method accepts now both file handlers and paths"; goto &stat; } @@ -1224,7 +1226,7 @@ sub setstat { # these return true on success, undef on failure sub fsetstat { - _deprecated "fsetstat is deprecated and will be removed on the upcomming 2.xx series, " + _deprecated "fsetstat is deprecated and will be removed on the upcoming 2.xx series, " . "setstat method accepts now both file handlers and paths"; goto &setstat; } @@ -3205,7 +3207,7 @@ sub statvfs { } sub fstatvfs { - _deprecated "fstatvfs is deprecated and will be removed on the upcomming 2.xx series, " + _deprecated "fstatvfs is deprecated and will be removed on the upcoming 2.xx series, " . "statvfs method accepts now both file handlers and paths"; goto &statvfs; } @@ -5498,6 +5500,23 @@ instance: I don't have access to an HP-UX machine, and so far nobody using it has been able to explain this behaviour. Patches welcome! +=item - Taint mode and data coming through SFTP + +When the module finds it is being used from a script started in taint +mode, on every method call it checks all the arguments passed and dies +if any of them is tainted. Also, any data coming through the SFTP +connection is marked as tainted. + +That generates an internal conflict for those methods that under the +hood query the remote server multiple times, using data from responses +to previous queries (tainted) to build new ones (die!). + +I don't think a generic solution could be applied to this issue while +honoring the taint-mode spirit (and erring on the safe side), so my +plan is to fix that in a case by case manner. + +So, please report any issue you find with taint mode! + =back Also, the following features should be considered experimental: diff --git a/lib/Net/SFTP/Foreign/Helpers.pm b/lib/Net/SFTP/Foreign/Helpers.pm index 5a9d160..ff680ea 100644 --- a/lib/Net/SFTP/Foreign/Helpers.pm +++ b/lib/Net/SFTP/Foreign/Helpers.pm @@ -28,7 +28,8 @@ our @EXPORT_OK = qw( _is_lnk _glob_to_regex _file_part _umask_save_and_set - _tcroak ); + _tcroak + _untaint ); our $debug; @@ -308,6 +309,15 @@ sub _file_part { $1; } +sub _untaint { + if (${^TAINT}) { + for (@_) { + defined or next; + ($_) = /(.*)/s + } + } +} + sub _umask_save_and_set { my $umask = shift; if (defined $umask) {