diff options
| author | Gervase Markham <gerv@mozilla.org> | 2015-01-21 20:06:08 +0000 |
|---|---|---|
| committer | David Lawrence <dkl@mozilla.com> | 2015-01-21 20:06:08 +0000 |
| commit | 19117cc3e4da268d64107957e4c206d8df875505 (patch) | |
| tree | 81546dbda0b66c7463407c3854ee98689326dc15 /Bugzilla/Install | |
| parent | 272b0b69b2884d937ffd4b5b01fb89235603c67c (diff) | |
| download | bugs-19117cc3e4da268d64107957e4c206d8df875505.tar bugs-19117cc3e4da268d64107957e4c206d8df875505.tar.gz bugs-19117cc3e4da268d64107957e4c206d8df875505.tar.bz2 bugs-19117cc3e4da268d64107957e4c206d8df875505.tar.xz bugs-19117cc3e4da268d64107957e4c206d8df875505.zip | |
Bug 1079065: [SECURITY] Always use the 3 arguments form for open() to prevent shell code injection
r=dkl,a=glob
Diffstat (limited to 'Bugzilla/Install')
| -rw-r--r-- | Bugzilla/Install/CPAN.pm | 4 | ||||
| -rw-r--r-- | Bugzilla/Install/Filesystem.pm | 2 |
2 files changed, 3 insertions, 3 deletions
diff --git a/Bugzilla/Install/CPAN.pm b/Bugzilla/Install/CPAN.pm index 19f143190..094784e1a 100644 --- a/Bugzilla/Install/CPAN.pm +++ b/Bugzilla/Install/CPAN.pm @@ -196,8 +196,8 @@ sub set_cpan_config { # Calling a senseless autoload that does nothing makes us # automatically load any existing configuration. # We want to avoid the "invalid command" message. - open(my $saveout, ">&STDOUT"); - open(STDOUT, '>/dev/null'); + open(my $saveout, ">&", "STDOUT"); + open(STDOUT, '>', '/dev/null'); eval { CPAN->ignore_this_error_message_from_bugzilla; }; undef $@; close(STDOUT); diff --git a/Bugzilla/Install/Filesystem.pm b/Bugzilla/Install/Filesystem.pm index 061ca53c7..15fca30ee 100644 --- a/Bugzilla/Install/Filesystem.pm +++ b/Bugzilla/Install/Filesystem.pm @@ -633,7 +633,7 @@ sub _update_old_charts { ($in_file =~ /\.orig$/i)); rename("$in_file", "$in_file.orig") or next; - open(IN, "$in_file.orig") or next; + open(IN, "<", "$in_file.orig") or next; open(OUT, '>', $in_file) or next; # Fields in the header |