Bug 1297455 - CVE-2015-8607: File::Spec::canonpath() loses taint
CVE-2015-8607: File::Spec::canonpath() loses taint
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: perl-PathTools (Show other bugs)
22
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Petr Pisar
Fedora Extras Quality Assurance
https://rt.perl.org/Public/Bug/Displa...
:
: 1297486 (view as bug list)
Depends On:
Blocks: CVE-2015-8607 1297598
  Show dependency treegraph
 
Reported: 2016-01-11 09:52 EST by Petr Pisar
Modified: 2016-01-27 10:52 EST (History)
3 users (show)

See Also:
Fixed In Version: perl-PathTools-3.60-2.fc24 perl-PathTools-3.60-2.fc23 perl-PathTools-3.47-312.fc22
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-01-14 03:52:56 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Petr Pisar 2016-01-11 09:52:08 EST
File::Spec->canonpath does not preserve tainted flag. This is regression since 
PathTools-3.40:

$ perl -T -MFile::Spec -MScalar::Util -e 'print Scalar::Util::tainted(File::Spec->canonpath(Cwd::getcwd)), qq{\n}'
0

While expected behavior is:

$ ./perl -T -Ilib -MFile::Spec -MScalar::Util -e 'print Scalar::Util::tainted(File::Spec->canonpath(Cwd::getcwd)), qq{\n}'
1

This bug affects all Fedoras and is know as CVE-2015-8607. Perl upstream fixed it with commit:

commit 0b6f93036de171c12ba95d415e264d9cf7f4e1fd
Author: Tony Cook <tony@develop-help.com>
Date:   Tue Dec 15 10:56:54 2015 +1100

    ensure File::Spec::canonpath() preserves taint
    
    Previously the unix specific XS implementation of canonpath() would
    return an untainted path when supplied a tainted path.
    
    For the empty string case, newSVpvs() already sets taint as needed on
    its result.
    
    This issue was assigned CVE-2015-8607.  [perl #126862]
Comment 1 Fedora Update System 2016-01-11 10:15:47 EST
perl-PathTools-3.60-2.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2016-69e506e02d
Comment 2 Fedora Update System 2016-01-11 10:15:59 EST
perl-PathTools-3.47-312.fc22 has been submitted as an update to Fedora 22. https://bodhi.fedoraproject.org/updates/FEDORA-2016-4ca904238f
Comment 3 Petr Pisar 2016-01-11 10:54:18 EST
(In reply to Petr Pisar from comment #0)
> File::Spec->canonpath does not preserve tainted flag. This is regression
> since PathTools-3.40:
> 
Since PathTools-3.47.
Comment 4 Petr Pisar 2016-01-11 11:05:44 EST
*** Bug 1297486 has been marked as a duplicate of this bug. ***
Comment 5 Fedora Update System 2016-01-12 04:52:49 EST
perl-PathTools-3.60-2.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-69e506e02d
Comment 6 Fedora Update System 2016-01-12 04:54:13 EST
perl-PathTools-3.47-312.fc22 has been pushed to the Fedora 22 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-4ca904238f
Comment 7 Fedora Update System 2016-01-14 03:52:47 EST
perl-PathTools-3.60-2.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
Comment 8 Fedora Update System 2016-01-27 10:52:00 EST
perl-PathTools-3.47-312.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.