Do taint checking on command line args. I believe this is correct.

Bill Fenner suggested a simpler fix, but this is my fault if it is broken. Reactivate -T
svn path=/www/; revision=8673
2001-01-12 00:19:09 +00:00 · 2001-01-12 00:19:09 +00:00 · a8f823aed0 · 2020-12-08 03:00:23 +00:00
commit a8f823aed0
parent b36262e356
1 changed files with 12 additions and 6 deletions
--- a/en/cgi/query-pr-summary.cgi
+++ b/en/cgi/query-pr-summary.cgi
@ -1,5 +1,5 @@
-#!/usr/bin/perl
-# $FreeBSD: www/en/cgi/query-pr-summary.cgi,v 1.30 2000/12/28 13:43:41 wosch Exp $
+#!/usr/bin/perl -T
+# $FreeBSD: www/en/cgi/query-pr-summary.cgi,v 1.31 2001/01/04 22:22:38 peter Exp $

 $html_mode     = 1 if $ENV{'DOCUMENT_ROOT'};
 $self_ref      = $ENV{'SCRIPT_NAME'};
@ -50,10 +50,16 @@ if ($html_mode) {
 } else {
 	&Getopts('CcqRr:s:');

-	$input{"responsible"} = "summary" if $opt_R;
-	$input{"responsible"} = $opt_r if $opt_r;
-	$input{"state"}	      = $opt_s if $opt_s;
-	$input{"quiet"}	      = $opt_q if $opt_q;
+	$input{"responsible"}	= "summary" if $opt_R;
+	if ($opt_r) {
+		($input{"responsible"})	= ($opt_r =~ m/^([-a-zA-Z0-9@.]*)$/);
+		die "Insecure args" if ($input{"responsible"} ne $opt_r)
+	}
+	if ($opt_s) {
+		($input{"state"})	= ($opt_s =~ m/^([a-zA-Z]*)$/);
+		die "Insecure args" if ($input{"state"} ne $opt_s)
+	}
+	$input{"quiet"}		= "yes" if $opt_q;
 	if ($opt_C) {
 		$query_args   = '--confidential=yes ';
 	} elsif (!$opt_c) {