bugConcurrent Versions System - Bugs: bug #23093, contrib/rcslock.in script fails...


bug #23093: contrib/rcslock.in script fails with perl taint mode enabled

Submitter:  John Perkins <jperkins71>
Submitted:  Mon 28 Apr 2008 04:42:57 PM UTC
Category:  Bug Fix (patch attached) Severity:  3 - Normal
Item Group:  None Status:  None
Privacy:  Public Assigned to:  None
Open/Closed:  Open Release: 
Fixed Release:  None Fixed Feature Release:  None
* Mandatory Fields

Add a New Comment Rich Markup

Mon 28 Apr 2008 04:42:57 PM UTC, original submission:  

The "rcslock" script, shipped as contrib/rcslock.in in current CVS releases, fails when enabling perl's "taint" mode.  This issue exists in stable and feature releases.

Attached is a patch that attempts to avoid taint mode failures:
 - current directory is determined using perl's Cwd module
   rather than exec'ing /bin/pwd
 - arguments are passed through a regular expression, to
   provide minimal argument checking, before passing them to
   perl's chdir() in an effort to untaint those arguments

John Perkins <jperkins71>


(Note: upload size limit is set to 16384 kB, after insertion of the required escape characters.)

Attach Files:

Attached Files
file #15545:  rcslock.patch added by jperkins71 (3KiB - text/x-patch)


Depends on the following items: None found

Items that depend on this one: None found


Carbon-Copy List
  • -email is unavailable- added by jperkins71 (Submitted the item)
  • -email is unavailable- added by jperkins71

    There are 0 votes so far. Votes easily highlight which items people would like to see resolved in priority, independently of the priority of the item set by tracker managers.

    Only logged-in users can vote.


    Follow 2 latest changes.

    Date Changed by Updated Field Previous Value => Replaced by
    2008-04-28 jperkins71 Attached File- Added rcslock.patch, #15545
        Carbon-Copy- Added -email is unavailable-

    Back to the top

    Powered by Savane 3.14-e222.
    Corresponding source code