[Bug 880329] CVE-2012-5572 perl-Dancer: Newline injection due to improper CRLF escaping in cookie() and cookies() methods
bugzilla at redhat.com
bugzilla at redhat.com
Mon Jun 3 10:58:31 UTC 2013
https://bugzilla.redhat.com/show_bug.cgi?id=880329
--- Comment #5 from Petr Pisar <ppisar at redhat.com> ---
Upstream states the fix is available in commit:
commit 46ef9124f3149f697455061499ac7cee40930349
Author: Colin Keith <colinmkeith at gmail.com>
Date: Sat May 25 22:56:31 2013 -0400
resolution for CVE-2012-5572, \r\n sequence being allowed in a cookie name
fixes PerlDancer/Dancer#859
diff --git a/lib/Dancer/Cookie.pm b/lib/Dancer/Cookie.pm
index efcb1a3..e736ab8 100644
--- a/lib/Dancer/Cookie.pm
+++ b/lib/Dancer/Cookie.pm
@@ -29,7 +29,10 @@ sub to_header {
my $value = join('&', map {uri_escape($_)} $self->value);
my $no_httponly = defined( $self->http_only ) && $self->http_only == 0;
- my @headers = $self->name . '=' . $value;
+ my $name = $self->name;
+ $name =~ s/[=,; \t\r\n\013\014]//mg;
+
+ my @headers = $name . '=' . $value;
push @headers, "path=" . $self->path if $self->path;
push @headers, "expires=" . $self->expires if $self->expires;
push @headers, "domain=" . $self->domain if $self->domain;
Upstream added tests for this issue with commit:
commit d21a0983fa95ffea2b50ad5af84cc93f4ce5f4d2
Author: Colin Keith <colinmkeith at gmail.com>
Date: Sat May 25 00:46:53 2013 -0400
test and resolution for CVE-2012-5572, \r\n sequence being allowed in a
cookie name fixes PerlDancer/Dancer#859
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=MxMxTVXLVw&a=cc_unsubscribe
More information about the perl-devel
mailing list