From 5c7b3177b0001970e1802a0c7a4da1f99cf890f4 Mon Sep 17 00:00:00 2001 From: Gervase Markham Date: Wed, 21 Jan 2015 20:31:00 +0000 Subject: Bug 1079065: [SECURITY] Always use the 3 arguments form for open() to prevent shell code injection r=dylan,a=simon --- Bugzilla/Attachment.pm | 4 ++-- Bugzilla/Attachment/PatchReader.pm | 2 +- Bugzilla/Config/Common.pm | 2 +- Bugzilla/Error.pm | 2 +- Bugzilla/Install/CPAN.pm | 4 ++-- Bugzilla/Install/Filesystem.pm | 2 +- Bugzilla/Install/Localconfig.pm | 4 ++-- collectstats.pl | 2 +- reports.cgi | 2 +- search_plugin.cgi | 2 +- showdependencygraph.cgi | 6 +++--- testserver.pl | 6 +++--- 12 files changed, 19 insertions(+), 19 deletions(-) diff --git a/Bugzilla/Attachment.pm b/Bugzilla/Attachment.pm index 2fa9dfdbb..c58be60a4 100644 --- a/Bugzilla/Attachment.pm +++ b/Bugzilla/Attachment.pm @@ -371,7 +371,7 @@ sub data { # If there's no attachment data in the database, the attachment is stored # in a local file, so retrieve it from there. if (length($self->{data}) == 0) { - if (open(AH, $self->_get_local_filename())) { + if (open(AH, '<', $self->_get_local_filename())) { local $/; binmode AH; $self->{data} = ; @@ -417,7 +417,7 @@ sub datasize { # is stored in a local file, and so retrieve its size from the file, # or the attachment has been deleted. unless ($self->{datasize}) { - if (open(AH, $self->_get_local_filename())) { + if (open(AH, '<', $self->_get_local_filename())) { binmode AH; $self->{datasize} = (stat(AH))[7]; close(AH); diff --git a/Bugzilla/Attachment/PatchReader.pm b/Bugzilla/Attachment/PatchReader.pm index 01a624a8f..4390c7055 100644 --- a/Bugzilla/Attachment/PatchReader.pm +++ b/Bugzilla/Attachment/PatchReader.pm @@ -110,7 +110,7 @@ sub process_interdiff { # Send through interdiff, send output directly to template. # Must hack path so that interdiff will work. $ENV{'PATH'} = $lc->{diffpath}; - open my $interdiff_fh, "$lc->{interdiffbin} $old_filename $new_filename|"; + open my $interdiff_fh, '-|', "$lc->{interdiffbin} $old_filename $new_filename"; binmode $interdiff_fh; my ($reader, $last_reader) = setup_patch_readers("", $context); diff --git a/Bugzilla/Config/Common.pm b/Bugzilla/Config/Common.pm index 00c699217..385f1ce81 100644 --- a/Bugzilla/Config/Common.pm +++ b/Bugzilla/Config/Common.pm @@ -256,7 +256,7 @@ sub check_webdotbase { # Check .htaccess allows access to generated images my $webdotdir = bz_locations()->{'webdotdir'}; if(-e "$webdotdir/.htaccess") { - open HTACCESS, "$webdotdir/.htaccess"; + open HTACCESS, "<", "$webdotdir/.htaccess"; if(! grep(/ \\\.png\$/,)) { return "Dependency graph images are not accessible.\nAssuming that you have not modified the file, delete $webdotdir/.htaccess and re-run checksetup.pl to rectify.\n"; } diff --git a/Bugzilla/Error.pm b/Bugzilla/Error.pm index 649fdd486..c87b710ab 100644 --- a/Bugzilla/Error.pm +++ b/Bugzilla/Error.pm @@ -92,7 +92,7 @@ sub _throw_error { $val = "*****" if $val =~ /password|http_pass/i; $mesg .= "[$$] " . Data::Dumper->Dump([$val],["env($var)"]); } - open(ERRORLOGFID, ">>$datadir/errorlog"); + open(ERRORLOGFID, ">>", "$datadir/errorlog"); print ERRORLOGFID "$mesg\n"; close ERRORLOGFID; } diff --git a/Bugzilla/Install/CPAN.pm b/Bugzilla/Install/CPAN.pm index b1f3133c3..2ff3d8b10 100644 --- a/Bugzilla/Install/CPAN.pm +++ b/Bugzilla/Install/CPAN.pm @@ -214,8 +214,8 @@ sub set_cpan_config { # Calling a senseless autoload that does nothing makes us # automatically load any existing configuration. # We want to avoid the "invalid command" message. - open(my $saveout, ">&STDOUT"); - open(STDOUT, '>/dev/null'); + open(my $saveout, ">&", "STDOUT"); + open(STDOUT, '>', '/dev/null'); eval { CPAN->ignore_this_error_message_from_bugzilla; }; undef $@; close(STDOUT); diff --git a/Bugzilla/Install/Filesystem.pm b/Bugzilla/Install/Filesystem.pm index 2881ab047..10fa5d605 100644 --- a/Bugzilla/Install/Filesystem.pm +++ b/Bugzilla/Install/Filesystem.pm @@ -578,7 +578,7 @@ sub _update_old_charts { ($in_file =~ /\.orig$/i)); rename("$in_file", "$in_file.orig") or next; - open(IN, "$in_file.orig") or next; + open(IN, "<", "$in_file.orig") or next; open(OUT, '>', $in_file) or next; # Fields in the header diff --git a/Bugzilla/Install/Localconfig.pm b/Bugzilla/Install/Localconfig.pm index e15e23507..f56f8c02d 100644 --- a/Bugzilla/Install/Localconfig.pm +++ b/Bugzilla/Install/Localconfig.pm @@ -366,7 +366,7 @@ EOT # Move any custom or old variables into a separate file. if (scalar @old_vars) { my $filename_old = "$filename.old"; - open(my $old_file, ">>$filename_old") || die "$filename_old: $!"; + open(my $old_file, ">>", $filename_old) || die "$filename_old: $!"; local $Data::Dumper::Purity = 1; foreach my $var (@old_vars) { print $old_file Data::Dumper->Dump([$localconfig->{$var}], @@ -383,7 +383,7 @@ EOT } # Re-write localconfig - open(my $fh, ">$filename") || die "$filename: $!"; + open(my $fh, ">", $filename) || die "$filename: $!"; foreach my $var (LOCALCONFIG_VARS) { print $fh "\n", $var->{desc}, Data::Dumper->Dump([$localconfig->{$var->{name}}], diff --git a/collectstats.pl b/collectstats.pl index e2af2f02e..0c2066986 100755 --- a/collectstats.pl +++ b/collectstats.pl @@ -349,7 +349,7 @@ sub regenerate_stats { return; } - if (open DATA, ">$file") { + if (open DATA, ">", $file) { my $fields = join('|', ('DATE', @statuses, @resolutions)); print DATA <header('application/xml'); # Get the contents of favicon.ico my $filename = bz_locations()->{'libpath'} . "/images/favicon.ico"; -if (open(IN, $filename)) { +if (open(IN, '<', $filename)) { local $/; binmode IN; $vars->{'favicon'} = ; diff --git a/showdependencygraph.cgi b/showdependencygraph.cgi index 162dd2afb..cf4a907c0 100755 --- a/showdependencygraph.cgi +++ b/showdependencygraph.cgi @@ -61,7 +61,7 @@ sub CreateImagemap { my $map = "\n"; my $default = ""; - open MAP, "<$mapfilename"; + open MAP, "<", $mapfilename; while(my $line = ) { if($line =~ /^default ([^ ]*)(.*)$/) { $default = qq{\n}; @@ -271,7 +271,7 @@ if ($webdotbase =~ /^https?:/) { error => $! }); binmode $pngfh; - open(DOT, "\"$webdotbase\" -Tpng $filename|"); + open(DOT, '-|', "\"$webdotbase\" -Tpng $filename"); binmode DOT; print $pngfh $_ while ; close DOT; @@ -300,7 +300,7 @@ if ($webdotbase =~ /^https?:/) { error => $! }); binmode $mapfh; - open(DOT, "\"$webdotbase\" -Tismap $filename|"); + open(DOT, '-|', "\"$webdotbase\" -Tismap $filename"); binmode DOT; print $mapfh $_ while ; close DOT; diff --git a/testserver.pl b/testserver.pl index 3142685bc..ffe4b1ad5 100755 --- a/testserver.pl +++ b/testserver.pl @@ -44,7 +44,7 @@ my @pscmds = ('ps -eo comm,gid', 'ps -acxo command,gid', 'ps -acxo command,rgid' my $sgid = 0; if (!ON_WINDOWS) { foreach my $pscmd (@pscmds) { - open PH, "$pscmd 2>/dev/null |"; + open PH, '-|', "$pscmd 2>/dev/null"; while (my $line = ) { if ($line =~ /^(?:\S*\/)?(?:httpd|apache)2?\s+(\d+)$/) { $sgid = $1 if $1 > $sgid; @@ -271,7 +271,7 @@ sub check_image { sub create_file { my ($filename, $content) = @_; - open(FH, ">$filename") + open(FH, ">", $filename) or die "Failed to create $filename: $!\n"; binmode FH; print FH $content; @@ -280,7 +280,7 @@ sub create_file { sub read_file { my ($filename) = @_; - open(FH, $filename) + open(FH, "<", $filename) or die "Failed to open $filename: $!\n"; binmode FH; my $content = ; -- cgit v1.2.3-65-gdbad