| From: John Lightsey <jd@cpanel.net> |
| Date: Mon, 27 Jun 2011 13:07:44 -0500 |
| Subject: [PATCH] symlink safety |
| |
| Add check for unsafe symbolic links to _is_safe() directory check. |
| |
| |
| diff -ruN File-Temp-0.23.orig/lib/File/Temp.pm File-Temp-0.23/lib/File/Temp.pm |
| --- File-Temp-0.23.orig/lib/File/Temp.pm 2013-03-14 22:56:59.000000000 +0100 |
| +++ File-Temp-0.23/lib/File/Temp.pm 2014-10-15 23:46:29.894611586 +0200 |
| @@ -672,7 +672,25 @@ |
| my $err_ref = shift; |
| |
| # Stat path |
| - my @info = stat($path); |
| + my @info = lstat($path); |
| + my $symlink_test_path = $path; |
| + my $symlink_loop_count = 0; |
| + while (-l _) { |
| + if (++$symlink_loop_count >= 50) { |
| + $$err_ref = "50 levels of symlinks encountered at $path"; |
| + return 0; |
| + } |
| + if ( $info[4] <= File::Temp->top_system_uid() || $info[4] == $>) { |
| + # safe to traverse |
| + $symlink_test_path = readlink($symlink_test_path); |
| + @info = lstat($symlink_test_path); |
| + } |
| + else { |
| + $$err_ref = "Unsafe symlink at $path"; |
| + return 0; |
| + } |
| + } |
| + |
| unless (scalar(@info)) { |
| $$err_ref = "stat(path) returned no values"; |
| return 0; |