diff options
author | Tony Cook <tony@develop-help.com> | 2016-07-28 11:25:58 +1000 |
---|---|---|
committer | Tony Cook <tony@develop-help.com> | 2016-07-28 11:25:58 +1000 |
commit | 0d6c5b25583e098b7b85ff89a9a74f8e7d80ba55 (patch) | |
tree | 5d8a32003b96f3d5d69fd4faab6f84f386357ae1 | |
parent | 41e46adcef382389085fdb979c5288b4ed2cf77c (diff) | |
download | perl-libnet-0d6c5b25583e098b7b85ff89a9a74f8e7d80ba55.tar.gz |
CVE-2016-1238: avoid loading Net::LocalCfg from default .
Net::Cfg treats Net::LocalCfg as an optional load, if a site does not have Net::LocalCfg in the standard places perl will attempt to load it from the . entry in @INC. If the current directory happens to be world writable (like /tmp) an attacker can create Net/LocalCfg.pm to run code as any user that runs code that loads Net::Cfg in that directory. This patch temporarily removes the default . entry from @INC when loading Net::LocalCfg to prevent that.
-rw-r--r-- | lib/Net/Config.pm | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/lib/Net/Config.pm b/lib/Net/Config.pm index 0fb8713..a593538 100644 --- a/lib/Net/Config.pm +++ b/lib/Net/Config.pm @@ -24,7 +24,12 @@ our $VERSION = "3.10"; our($CONFIGURE, $LIBNET_CFG); -eval { local $SIG{__DIE__}; require Net::LocalCfg }; +eval { + local @INC = @INC; + pop @INC if $INC[-1] eq '.'; + local $SIG{__DIE__}; + require Net::LocalCfg; +}; our %NetConfig = ( nntp_hosts => [], |