[Van-pm] CGI taint mode

Vincent Li mcli at brc.ubc.ca
Mon Dec 5 16:05:11 PST 2005 

Hello Vancouver PM:

I read about Lincoln Stein's WWW Security FAQ. I am testing a sample
upload.pl. While I turned on the taint mode, and did the taint check as
following:

---------
35     if ($file =~ /^([-\@\w.]+)$/) {
36         $file = $1;
37     }
38     else {
39         error("invalid filename: $file");
40     }
41
42     print h2('File name'),$file;
43     print h2('File MIME type'),
44     uploadInfo($file)->{'Content-Type'};
----------

The script always give me error

Software error:
Can't use an undefined value as a HASH reference at test line 43.

the full upload scrirpt is:

-----------
1 #!/usr/bin/perl -wT
2 #file: upload.pl
3
4 $| = 1;
5 use strict;
6 use CGI qw/:standard/;
7 use CGI::Carp qw(warningsToBrowser fatalsToBrowser);
8 use Fcntl qw( :DEFAULT :flock );
9 use Readonly;
10
11 $CGI::POST_MAX=1024 * 100;
12 $CGI::DISABLE_UPLOADS=0;
13 $ENV{PATH}='/usr/bin,/bin';
14
15 Readonly my $UPLOAD_DIR     => q[/var/www/apache2-default/upload];
16
17 print header,
18     start_html('file upload'),
19     h1('file upload');
20     print_form()    unless param;
21     print_results() if param;
22 print end_html;
23
24 sub print_form {
25     print start_multipart_form(),
26        filefield(-name=>'upload',-size=>60),br,
27        submit(-label=>'Upload File'),
28        end_form;
29 }
30
31 sub print_results {
32     my $length;
33     my $file = param('upload');
34
35     if ($file =~ /^([-\@\w.]+)$/) {
36         $file = $1;
37     }
38     else {
39         error("invalid filename: $file");
40     }
41
42     print h2('File name'),$file;
43     print h2('File MIME type'),
44     uploadInfo($file)->{'Content-Type'};
45
46     sysopen(my $OUT, "$UPLOAD_DIR/$file", O_WRONLY|O_TRUNC|O_CREAT, 0600)
47         or error( " Could not create: $!");
48
49     while (<$file>) {
50         print $OUT $_;
51     }
52 }
53
54 sub error {
55     my ($reason ) = @_;
56
57     print header,
58           start_html( "Error" ),
59           print h1( "Error" ),
60           p( "Your upload was not procesed because the following error ",
61                  "occured: " ),
62           p (i( $reason ) ),
63           end_html;
64     exit;
65 }
----------------

Thank in Advance!!!


-- 
Vincent Li
System Admin, UBC
http://mcli.homelinux.org:8080

More information about the Vancouver-pm mailing list