rpms / perl-libnet

Clone
Source Code
GIT

Files

f23 f24 f25 f26 f27 f28 f29 f30 f31 f32 f33 f34 f35 f36 f37 f38 f39 f40 main rawhide
  1.   f23
  2.   libnet-3.08-CVE-2016-1238-avoid-loading-Net-LocalCfg-from-defaul.patch
Blob Blame History Raw 
From 0d6c5b25583e098b7b85ff89a9a74f8e7d80ba55 Mon Sep 17 00:00:00 2001
From: Tony Cook <tony@develop-help.com>
Date: Thu, 28 Jul 2016 11:25:58 +1000
Subject: [PATCH] CVE-2016-1238: avoid loading Net::LocalCfg from default .

Net::Cfg treats Net::LocalCfg as an optional load, if a site does not
have Net::LocalCfg in the standard places perl will attempt to load
it from the . entry in @INC.

If the current directory happens to be world writable (like /tmp) an
attacker can create Net/LocalCfg.pm to run code as any user that
runs code that loads Net::Cfg in that directory.

This patch temporarily removes the default . entry from @INC when
loading Net::LocalCfg to prevent that.
---
 lib/Net/Config.pm | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/lib/Net/Config.pm b/lib/Net/Config.pm
index 0fb8713..a593538 100644
--- a/lib/Net/Config.pm
+++ b/lib/Net/Config.pm
@@ -24,7 +24,12 @@ our $VERSION = "3.10";
 
 our($CONFIGURE, $LIBNET_CFG);
 
-eval { local $SIG{__DIE__}; require Net::LocalCfg };
+eval {
+  local @INC = @INC;
+  pop @INC if $INC[-1] eq '.';
+  local $SIG{__DIE__};
+  require Net::LocalCfg;
+};
 
 our %NetConfig = (
   nntp_hosts      => [],
-- 
2.5.5
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.