Bug 1031096 - perl-HTTP-Tiny: error checking in mirror sub
perl-HTTP-Tiny: error checking in mirror sub
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: perl-HTTP-Tiny (Show other bugs)
Unspecified Unspecified
unspecified Severity unspecified
: rc
: ---
Assigned To: perl-maint-list
Martin Kyral
: Patch
Depends On:
Blocks: 1031095
  Show dependency treegraph
Reported: 2013-11-15 10:34 EST by Florian Weimer
Modified: 2014-06-18 04:00 EDT (History)
2 users (show)

See Also:
Fixed In Version: perl-HTTP-Tiny-0.033-2.el7
Doc Type: Bug Fix
Doc Text:
Cause: Calling mirror() method on HTTP::Tiny Perl object. Consequence: If a file with the same name as an HTTP::Tiny temporary files exists, the file will get overwritten and possibly abused with a symlink attack. If write into a temporary file fails, the error will be silently ignored. Fix: A fix to use exclusive file creation and a fix to throw an exception on write error have been applied to the HTTP::Tiny library. Result: It's not possible to attack the HTTP::Tiny mirror() subroutine with a symlink attack. Any write error is reported by an exception.
Story Points: ---
Clone Of:
Last Closed: 2014-06-12 03:48:26 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
[PATCH] Croak on failed write into a file (1.28 KB, patch)
2013-11-27 05:08 EST, Petr Pisar
no flags Details | Diff
[PATCH] Do not use already existing temporary files (1.43 KB, patch)
2013-11-27 05:08 EST, Petr Pisar
no flags Details | Diff

  None (edit)
Description Florian Weimer 2013-11-15 10:34:34 EST
This print statement in the mirror sub needs error checking:

    118     binmode $fh;
    119     $args->{data_callback} = sub { print {$fh} $_[0] };
    120     my $response = $self->request('GET', $url, $args);

Otherwise there is a risk of silent data loss in case of a full disk.

In addition, you should open the temporary file in safe manner (with O_EXCL).  I don't know what kind of dependencies would be acceptable for HTTP::Tiny, so it is difficult to make suggestions here.
Comment 2 Petr Pisar 2013-11-27 05:08:00 EST
Created attachment 829631 [details]
[PATCH] Croak on failed write into a file

The mirror() method saves a document into a file. Any error while
writing to the file, e.g. no disk space, was ignored. This patch fixes
it by croaking on such I/O error.
 lib/HTTP/Tiny.pm | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)
Comment 3 Petr Pisar 2013-11-27 05:08:15 EST
Created attachment 829632 [details]
[PATCH] Do not use already existing temporary files

mirror() method tries to create a new temporary file as can be
concluded by using random name.

To prevent from from attacks, one has to make sure the file does not
exist. This patch creates temporary files with O_CREAT|O_EXCL mode.
 lib/HTTP/Tiny.pm | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)
Comment 4 Petr Pisar 2013-11-27 05:15:07 EST
Patches submitted to upstream as:

Comment 7 Petr Pisar 2013-12-10 10:38:58 EST
Upstream accepted the exclusive-open patch.

Upstream refused the check-print-error patch because Perl close() seems to report even previous errors. Although I think the patch is useful to abort network transfer right at local I/O error to safe network resources.

Note You need to log in before you can comment on or make changes to this bug.