diff options
| author | Guilhem Moulin <guilhem@fripost.org> | 2015-03-25 19:01:37 +0100 | 
|---|---|---|
| committer | Guilhem Moulin <guilhem@fripost.org> | 2015-03-25 20:14:38 +0100 | 
| commit | 28f215f4950791b3b285dc176fefefbd105fdb73 (patch) | |
| tree | e34abb3b7579287216437e7ef5d2cc71033ad8c1 | |
| parent | 92ed83c72e2e1006bd2c94cbe02870f7d2404cae (diff) | |
Untaint $ffdir/$profile.
| -rwxr-xr-x | cli/icevault | 3 | 
1 files changed, 2 insertions, 1 deletions
| diff --git a/cli/icevault b/cli/icevault index 43b8e50..93a4768 100755 --- a/cli/icevault +++ b/cli/icevault @@ -162,7 +162,8 @@ sub connect($) {          }          closedir $dh;          error "No Firefox profile found under C<%s>", $ffdir unless defined $profile; -        $sockname = "$ffdir/$profile/$sockname"; +        "$ffdir/$profile" =~ /\A(\p{Print}+)\z/ or error "Insecure C<%s>", "$ffdir/$profile"; # untaint $ffdir/$profile +        $sockname = "$1/$sockname";          myprintf \*STDERR, "Using socket C<%s>", $sockname if $CONFIG{debug};      } | 
