summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDylan William Hardison <dylan@hardison.net>2016-10-11 23:18:08 +0200
committerDylan William Hardison <dylan@hardison.net>2016-10-11 23:18:08 +0200
commitb955c8d1282ac7c0762c7a12dd8549e13110bfb1 (patch)
tree498d5cb93191c85458a7b7eead7ede9ba79ba409
parentb4b59f86d560a88b91bf9a5325e6bad8d7d2a990 (diff)
downloadbugzilla-b955c8d1282ac7c0762c7a12dd8549e13110bfb1.tar.gz
bugzilla-b955c8d1282ac7c0762c7a12dd8549e13110bfb1.tar.xz
Bug 1309278 - Cache::Memcached::Fast returns tainted data if the key is tainted
-rw-r--r--Bugzilla/Memcached.pm49
1 files changed, 3 insertions, 46 deletions
diff --git a/Bugzilla/Memcached.pm b/Bugzilla/Memcached.pm
index f73623720..a1b8a5ac7 100644
--- a/Bugzilla/Memcached.pm
+++ b/Bugzilla/Memcached.pm
@@ -12,8 +12,8 @@ use strict;
use warnings;
use Bugzilla::Error;
-use Bugzilla::Util qw(trick_taint);
use Scalar::Util qw(blessed);
+use Bugzilla::Util qw(trick_taint);
use URI::Escape;
use Encode;
use Sys::Syslog qw(:DEFAULT);
@@ -224,6 +224,7 @@ sub _config_prefix {
sub _encode_key {
my ($self, $key) = @_;
$key = $self->_global_prefix . '.' . uri_escape_utf8($key);
+ trick_taint($key) if defined $key;
return length($self->{namespace} . $key) > MAX_KEY_LENGTH
? undef
: $key;
@@ -247,51 +248,7 @@ sub _get {
$key = $self->_encode_key($key)
or return;
- my $value = $self->{memcached}->get($key);
- return unless defined $value;
-
- # detaint returned values
- # hashes and arrays are detainted just one level deep
- if (ref($value) eq 'HASH') {
- _detaint_hashref($value);
- }
- elsif (ref($value) eq 'ARRAY') {
- foreach my $value (@$value) {
- next unless defined $value;
- # arrays of hashes and arrays are common
- if (ref($value) eq 'HASH') {
- _detaint_hashref($value);
- }
- elsif (ref($value) eq 'ARRAY') {
- _detaint_arrayref($value);
- }
- elsif (!ref($value)) {
- trick_taint($value);
- }
- }
- }
- elsif (!ref($value)) {
- trick_taint($value);
- }
- return $value;
-}
-
-sub _detaint_hashref {
- my ($hashref) = @_;
- foreach my $value (values %$hashref) {
- if (defined($value) && !ref($value)) {
- trick_taint($value);
- }
- }
-}
-
-sub _detaint_arrayref {
- my ($arrayref) = @_;
- foreach my $value (@$arrayref) {
- if (defined($value) && !ref($value)) {
- trick_taint($value);
- }
- }
+ return $self->{memcached}->get($key);
}
sub _delete {