From: Joerg Jaspert Date: Wed, 5 Dec 2012 22:20:48 +0000 (+0100) Subject: sanitize variable before using it X-Git-Url: https://err.no/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=10e1a17a6c7c0dbfc3a7b20f37a23ee153b25b66;p=dak sanitize variable before using it Signed-off-by: Joerg Jaspert --- diff --git a/tools/debianqueued-0.9/debianqueued b/tools/debianqueued-0.9/debianqueued index 45f12427..f9da96fa 100755 --- a/tools/debianqueued-0.9/debianqueued +++ b/tools/debianqueued-0.9/debianqueued @@ -1708,6 +1708,13 @@ sub pgp_check($) { my $stat; local (*PIPE); + if ($file =~ /^([-\w.+~]+)$/) { + $file = $1; + } else { + msg( "log", "Tainted filename, skipping: $file\n" ); + return "LOCAL ERROR"; + } + $stat = 1; if ( -x $conf::gpg ) { debug( "executing $conf::gpg --no-options --batch "