oss-sec mailing list archives
Re: CVE request: ruby file creation due in insertion of illegal NUL character
From: Matthias Weckbecker <mweckbecker () suse de>
Date: Wed, 17 Oct 2012 12:25:28 +0200
On Wednesday 17 October 2012 11:44:35 Fabian Keil wrote:
Daniel Kahn Gillmor <dkg () fifthhorseman net> wrote:On 10/16/2012 08:40 AM, Matthias Weckbecker wrote:Technically, this would also apply to Perl (at least with 5.12.3).It's also the case with perl 5.14.2 (just tested). :/At least for Perl I consider this a feature.
I agree. I also think that an application which lets such things happen (ie allow arbitrary content to be passed to open()) is rather to blame than the language (/interpreter) itself. But the same applies to Ruby, IMO.
The NUL byte is a special character and allows trailing white space in the filename that is otherwise stripped. This is (more or less) documented in perlopentut(1). It also seems unlikely that someone adds NUL bytes to the white list of acceptable characters by accident, and if there is no white list in the first place, the Perl script probably has bigger issues.
Ack.
Fabian
Matthias -- Matthias Weckbecker, Senior Security Engineer, SUSE Security Team SUSE LINUX Products GmbH, Maxfeldstr. 5, D-90409 Nuernberg, Germany Tel: +49-911-74053-0; http://suse.com/ SUSE LINUX Products GmbH, GF: Jeff Hawn, HRB 16746 (AG Nuernberg)
Current thread:
- CVE request: ruby file creation due in insertion of illegal NUL character Vincent Danen (Oct 12)
- Re: CVE request: ruby file creation due in insertion of illegal NUL character Kurt Seifried (Oct 13)
- Re: CVE request: ruby file creation due in insertion of illegal NUL character U.Nakamura (Oct 15)
- Re: CVE request: ruby file creation due in insertion of illegal NUL character Matthias Weckbecker (Oct 16)
- Re: CVE request: ruby file creation due in insertion of illegal NUL character Daniel Kahn Gillmor (Oct 16)
- Re: CVE request: ruby file creation due in insertion of illegal NUL character Fabian Keil (Oct 17)
- Re: CVE request: ruby file creation due in insertion of illegal NUL character Matthias Weckbecker (Oct 17)
- Re: CVE request: ruby file creation due in insertion of illegal NUL character Kurt Seifried (Oct 17)
- Re: CVE request: ruby file creation due in insertion of illegal NUL character Simon McVittie (Oct 17)
- Re: CVE request: ruby file creation due in insertion of illegal NUL character Kurt Seifried (Oct 17)
- Re: CVE request: ruby file creation due in insertion of illegal NUL character Matthias Weckbecker (Oct 18)
- Re: CVE request: ruby file creation due in insertion of illegal NUL character Simon McVittie (Oct 18)
- Re: CVE request: ruby file creation due in insertion of illegal NUL character Daniel Kahn Gillmor (Oct 16)
- Re: CVE request: ruby file creation due in insertion of illegal NUL character Kurt Seifried (Oct 13)
- Re: CVE request: ruby file creation due in insertion of illegal NUL character Simon McVittie (Oct 17)
- Re: CVE request: ruby file creation due in insertion of illegal NUL character Eitan Adler (Oct 17)
- Re: CVE request: ruby file creation due in insertion of illegal NUL character Tim (Oct 17)