Groups | Search | Server Info | Login | Register
| Newsgroups | perl.dbi.dev |
|---|---|
| Date | 2024-08-22 00:00 -0700 |
| Message-ID | <perl5-dbi/dbi/push/refs/heads/master/69b37e-29dd61@github.com> (permalink) |
| Subject | [perl5-dbi/dbi] 29dd61: Unescape D\: in f_dir - Fix CVE-2014-10401 for Win... |
| From | dbi-dev@perl.org ("H.Merijn Brand" via dbi-dev) |
Branch: refs/heads/master
Home: https://github.com/perl5-dbi/dbi
Commit: 29dd613cbe87031f549f26b5bf935b6922300221
https://github.com/perl5-dbi/dbi/commit/29dd613cbe87031f549f26b5bf935b6922300221
Author: H.Merijn Brand - Tux <linux@tux.freedom.nl>
Date: 2024-08-22 (Thu, 22 Aug 2024)
Changed paths:
M lib/DBD/File.pm
Log Message:
-----------
Unescape D\: in f_dir - Fix CVE-2014-10401 for Windows
The DNS returns f_dir as C\\:\\\\Foo\\\\DBI\\\\test_output_12345
for my $dl ("", "c", "C") {
for my $c ("", ":", "\:", "\\:", "\\\:", "\\\\:") {
for my $f ("/", map { "\\" x $_ } 0..5) {
my $d = $dl.$c.$f or next;
printf "%2s %5s %-8s %-15s %s\n", $dl, $c, $f, $d, -d $d ? "Yes" : "No";
}
}
}
Shows that -d accepts optional drive-letter-colon (drive letter is case
insensitive too). Doubles \ in path are no problem, but escaped : will
not be valid
To unsubscribe from these emails, change your notification settings at https://github.com/perl5-dbi/dbi/settings/notifications
Back to perl.dbi.dev | Previous | Next | Find similar
[perl5-dbi/dbi] 29dd61: Unescape D\: in f_dir - Fix CVE-2014-10401 for Win... dbi-dev@perl.org ("H.Merijn Brand" via dbi-dev) - 2024-08-22 00:00 -0700
csiph-web