Closed Bug 208647 Opened 22 years ago Closed 22 years ago

cygwin, IIS 5.0: Insecure dependency in parameter 1 of DBI::db=HASH(0x10611388)->prepare method call while running with -T switch at Bugzilla/DB.pm line 64.

Categories

(Bugzilla :: Administration, task)

Product:
Bugzilla
Component:
Administration
Platform:
x86
Windows 2000
Type:
task
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
Bugzilla 2.18

People

(Reporter: jpyeron, Assigned: jpyeron)

Details

Attachments

(1 file, 2 obsolete files)

detaint vars for add new product sql
1.17 KB, patch
bbaetz
: review+
Details | Diff | Splinter Review
User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; .NET CLR 1.0.3705) Build Identifier: When adding a new product after submit I get Insecure dependency in parameter 1 of DBI::db=HASH(0x10611388)->prepare method call while running with -T switch at Bugzilla/DB.pm line 64. Reproducible: Always Steps to Reproduce: 1. install on cygwin, use IIS 5.0 (win2kpro) 2. perl -T %s %s 3. go to products page, choose add, then submit Version 2.17.4 Bugzilla/DB.pm:64: $_current_sth = Bugzilla->dbh->prepare($str);
offending code from editproducts.cgi: about line 329 SendSQL("INSERT INTO products ( " . "name, description, milestoneurl, disallownew, votesperuser, " . "maxvotesperbug, votestoconfirm, defaultmilestone" . " ) VALUES ( " . SqlQuote($product) . "," . SqlQuote($description) . "," . SqlQuote($milestoneurl) . "," . $disallownew . "," . "$votesperuser, $maxvotesperbug, $votestoconfirm, " . SqlQuote($defaultmilestone) . ")");
Summary: cygwin, IIS 5.0: Insecure dependency in parameter 1 of DBI::db=HASH(0x10611388)->prepare method call while running with -T switch at Bugzilla/DB.pm line 64. → cygwin, IIS 5.0: Insecure dependency in parameter 1 of DBI::db=HASH(0x10611388)->prepare method call while running with -T switch at Bugzilla/DB.pm line 64.
fixed it by untainting: $disallownew $votesperuser $maxvotesperbug $votestoconfirm with SqlQuote()
forgot to comment the code
Attachment #125145 - Attachment is obsolete: true
Attachment #125147 - Attachment is obsolete: true
Component: Installation & Upgrading → Administration
Attachment #125148 - Flags: review?(matty)
edit* does not run under taint mode. Yes, we know that this affects windows (because windows can't run some scripts under -T and others not) These shouldn't be SqlQuoted, but instead checked for numerics (via detaint_natural).
Bug xxx has been added to the database Content-type: text/html Software error: Insecure dependency in exec while running with -T switch at /var/www/bugzilla- 2.16.3/post_bug.cgi line 303.
re commet 6: thanks, unfortunatly it will be some time before this problem on the stable branch is attacked. If you would like to check the development (tip), and this problem is still there, a patch will be created ASAP by our company.
Comment on attachment 125148 [details] [diff] [review] detaint vars for add new product sql I don't know where MattyT is these days...
Attachment #125148 - Flags: review?(mattyt-bugzilla) → review?(bbaetz)
Comment on attachment 125148 [details] [diff] [review] detaint vars for add new product sql I'll be really surprised if tis makes editproducts taint-safe, but.... Its not strictly correct (we should detaint_natural) them first, but its edit*, and not a security issue, so r=bbaetz
Attachment #125148 - Flags: review?(bbaetz) → review+
Assigning to patch writer.
Assignee: zach → jpyeron
Status: UNCONFIRMED → NEW
Ever confirmed: true
Flags: approval?
Status: NEW → ASSIGNED
Target Milestone: --- → Bugzilla 2.18
Checking in editproducts.cgi; /cvsroot/mozilla/webtools/bugzilla/editproducts.cgi,v <-- editproducts.cgi new revision: 1.40; previous revision: 1.39 done
Status: ASSIGNED → RESOLVED
Closed: 22 years ago
Flags: approval? → approval+
Resolution: --- → FIXED
for thos who have this problem in editgroups see Bug 223704
QA Contact: matty_is_a_geek → default-qa
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: