chiark / gitweb /
~ianmdlvl / secnet.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: fcfa19e) | patch
make-secnet-sites: Taint the `group' parameter
authorIan Jackson <ijackson@chiark.greenend.org.uk>
Thu, 24 Oct 2019 14:39:08 +0000 (15:39 +0100)
committerIan Jackson <ijackson@chiark.greenend.org.uk>
Thu, 24 Oct 2019 18:16:17 +0000 (19:16 +0100)
commit1699c102b7b7d76a66aaf65832cda1476171671f
tree97193f2ad16bb0238b67cc98c03372bd50d5ea20tree | snapshot
parentfcfa19e603539af0e3c97635dead1ec4e4816756commit | diff
make-secnet-sites: Taint the `group' parameter

This comes from the untrusted caller.  It should be tainted before we
use it as a filename.  (Actually in practice it's checked against the
`location' from the header, so this doesn't actually fix a
vulnerability.)

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
make-secnet-sites diff | blob | history
secnet (vpn system) - master public repo