cygwin, IIS 5.0: Insecure dependency in parameter 1 of DBI::db=HASH(0x10611388)->prepare method call while running with -T switch at Bugzilla/DB.pm line 64.

RESOLVED FIXED in Bugzilla 2.18

Status

()

Bugzilla
Administration
RESOLVED FIXED
15 years ago
5 years ago

People

(Reporter: Jason Pyeron, Assigned: Jason Pyeron)

Tracking

unspecified
Bugzilla 2.18
x86
Windows 2000
Bug Flags:
approval +

Details

Attachments

(1 attachment, 2 obsolete attachments)

(Assignee)

Description

15 years ago
User-Agent:       Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; .NET CLR 1.0.3705)
Build Identifier: 

When adding a new product after submit I get 


Insecure dependency in parameter 1 of DBI::db=HASH(0x10611388)->prepare method 
call while running with -T switch at Bugzilla/DB.pm line 64. 

Reproducible: Always

Steps to Reproduce:
1. install on cygwin, use IIS 5.0 (win2kpro)
2. perl -T %s %s
3. go to products page, choose add, then submit




Version 2.17.4 

Bugzilla/DB.pm:64:
    $_current_sth = Bugzilla->dbh->prepare($str);
(Assignee)

Comment 1

15 years ago
offending code from editproducts.cgi:


about line 329

    SendSQL("INSERT INTO products ( " .
            "name, description, milestoneurl, disallownew, votesperuser, " .
            "maxvotesperbug, votestoconfirm, defaultmilestone" .
            " ) VALUES ( " .
            SqlQuote($product) . "," .
            SqlQuote($description) . "," .
            SqlQuote($milestoneurl) . "," .
            $disallownew . "," .
            "$votesperuser, $maxvotesperbug, $votestoconfirm, " .
            SqlQuote($defaultmilestone) . ")");
Summary: cygwin, IIS 5.0: Insecure dependency in parameter 1 of DBI::db=HASH(0x10611388)->prepare method call while running with -T switch at Bugzilla/DB.pm line 64. → cygwin, IIS 5.0: Insecure dependency in parameter 1 of DBI::db=HASH(0x10611388)->prepare method call while running with -T switch at Bugzilla/DB.pm line 64.
(Assignee)

Comment 2

15 years ago
Created attachment 125145 [details] [diff] [review]
detaint vars for add new product sql

fixed it by untainting:
 $disallownew $votesperuser $maxvotesperbug $votestoconfirm
with SqlQuote()
(Assignee)

Comment 3

15 years ago
Created attachment 125147 [details] [diff] [review]
detaint vars for add new product sql

forgot to comment the code
Attachment #125145 - Attachment is obsolete: true
(Assignee)

Comment 4

15 years ago
Created attachment 125148 [details] [diff] [review]
detaint vars for add new product sql
Attachment #125147 - Attachment is obsolete: true
(Assignee)

Updated

15 years ago
Component: Installation & Upgrading → Administration
(Assignee)

Updated

15 years ago
Attachment #125148 - Flags: review?(matty)
edit* does not run under taint mode. Yes, we know that this affects windows
(because windows can't run some scripts under -T and others not)

These shouldn't be SqlQuoted, but instead checked for numerics (via
detaint_natural).

Comment 6

15 years ago
Bug xxx has been added to the database
Content-type: text/html 

Software error:
Insecure dependency in exec while running with -T switch at /var/www/bugzilla-
2.16.3/post_bug.cgi line 303.
(Assignee)

Comment 7

15 years ago
re commet 6: thanks, unfortunatly it will be some time before this problem on 
the stable branch is attacked. If you would like to check the development 
(tip), and this problem is still there, a patch will be created ASAP by our 
company.
Comment on attachment 125148 [details] [diff] [review]
detaint vars for add new product sql

I don't know where MattyT is these days...
Attachment #125148 - Flags: review?(mattyt-bugzilla) → review?(bbaetz)
Comment on attachment 125148 [details] [diff] [review]
detaint vars for add new product sql

I'll be really surprised if tis makes editproducts taint-safe, but....

Its not strictly correct (we should detaint_natural) them first, but its edit*,
and not a security issue, so r=bbaetz
Attachment #125148 - Flags: review?(bbaetz) → review+

Comment 10

14 years ago
Assigning to patch writer.
Assignee: zach → jpyeron
Status: UNCONFIRMED → NEW
Ever confirmed: true
Flags: approval?

Updated

14 years ago
Status: NEW → ASSIGNED
Target Milestone: --- → Bugzilla 2.18
Checking in editproducts.cgi;
/cvsroot/mozilla/webtools/bugzilla/editproducts.cgi,v  <--  editproducts.cgi
new revision: 1.40; previous revision: 1.39
done
Status: ASSIGNED → RESOLVED
Last Resolved: 14 years ago
Flags: approval? → approval+
Resolution: --- → FIXED
(Assignee)

Comment 12

14 years ago
for thos who have this problem in editgroups see Bug 223704 
QA Contact: matty_is_a_geek → default-qa
You need to log in before you can comment on or make changes to this bug.