Closed
Bug 208647
Opened 22 years ago
Closed 21 years ago
cygwin, IIS 5.0: Insecure dependency in parameter 1 of DBI::db=HASH(0x10611388)->prepare method call while running with -T switch at Bugzilla/DB.pm line 64.
Categories
(Bugzilla :: Administration, task)
Tracking
()
RESOLVED
FIXED
Bugzilla 2.18
People
(Reporter: jpyeron, Assigned: jpyeron)
Details
Attachments
(1 file, 2 obsolete files)
1.17 KB,
patch
|
bbaetz
:
review+
|
Details | Diff | Splinter Review |
User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; .NET CLR 1.0.3705) Build Identifier: When adding a new product after submit I get Insecure dependency in parameter 1 of DBI::db=HASH(0x10611388)->prepare method call while running with -T switch at Bugzilla/DB.pm line 64. Reproducible: Always Steps to Reproduce: 1. install on cygwin, use IIS 5.0 (win2kpro) 2. perl -T %s %s 3. go to products page, choose add, then submit Version 2.17.4 Bugzilla/DB.pm:64: $_current_sth = Bugzilla->dbh->prepare($str);
Assignee | ||
Comment 1•22 years ago
|
||
offending code from editproducts.cgi: about line 329 SendSQL("INSERT INTO products ( " . "name, description, milestoneurl, disallownew, votesperuser, " . "maxvotesperbug, votestoconfirm, defaultmilestone" . " ) VALUES ( " . SqlQuote($product) . "," . SqlQuote($description) . "," . SqlQuote($milestoneurl) . "," . $disallownew . "," . "$votesperuser, $maxvotesperbug, $votestoconfirm, " . SqlQuote($defaultmilestone) . ")");
Summary: cygwin, IIS 5.0: Insecure dependency in parameter 1 of DBI::db=HASH(0x10611388)->prepare method call while running with -T switch at Bugzilla/DB.pm line 64. → cygwin, IIS 5.0: Insecure dependency in parameter 1 of DBI::db=HASH(0x10611388)->prepare method call while running with -T switch at Bugzilla/DB.pm line 64.
Assignee | ||
Comment 2•22 years ago
|
||
fixed it by untainting: $disallownew $votesperuser $maxvotesperbug $votestoconfirm with SqlQuote()
Assignee | ||
Comment 3•22 years ago
|
||
forgot to comment the code
Attachment #125145 -
Attachment is obsolete: true
Assignee | ||
Updated•22 years ago
|
Component: Installation & Upgrading → Administration
Assignee | ||
Updated•22 years ago
|
Attachment #125148 -
Flags: review?(matty)
Comment 5•22 years ago
|
||
edit* does not run under taint mode. Yes, we know that this affects windows (because windows can't run some scripts under -T and others not) These shouldn't be SqlQuoted, but instead checked for numerics (via detaint_natural).
Bug xxx has been added to the database Content-type: text/html Software error: Insecure dependency in exec while running with -T switch at /var/www/bugzilla- 2.16.3/post_bug.cgi line 303.
Assignee | ||
Comment 7•22 years ago
|
||
re commet 6: thanks, unfortunatly it will be some time before this problem on the stable branch is attacked. If you would like to check the development (tip), and this problem is still there, a patch will be created ASAP by our company.
Comment 8•21 years ago
|
||
Comment on attachment 125148 [details] [diff] [review] detaint vars for add new product sql I don't know where MattyT is these days...
Attachment #125148 -
Flags: review?(mattyt-bugzilla) → review?(bbaetz)
Comment 9•21 years ago
|
||
Comment on attachment 125148 [details] [diff] [review] detaint vars for add new product sql I'll be really surprised if tis makes editproducts taint-safe, but.... Its not strictly correct (we should detaint_natural) them first, but its edit*, and not a security issue, so r=bbaetz
Attachment #125148 -
Flags: review?(bbaetz) → review+
Comment 10•21 years ago
|
||
Assigning to patch writer.
Assignee: zach → jpyeron
Status: UNCONFIRMED → NEW
Ever confirmed: true
Flags: approval?
Updated•21 years ago
|
Status: NEW → ASSIGNED
Target Milestone: --- → Bugzilla 2.18
Comment 11•21 years ago
|
||
Checking in editproducts.cgi; /cvsroot/mozilla/webtools/bugzilla/editproducts.cgi,v <-- editproducts.cgi new revision: 1.40; previous revision: 1.39 done
Status: ASSIGNED → RESOLVED
Closed: 21 years ago
Flags: approval? → approval+
Resolution: --- → FIXED
Updated•12 years ago
|
QA Contact: matty_is_a_geek → default-qa
You need to log in
before you can comment on or make changes to this bug.
Description
•