CVSROOT: /cvs Module name: src Changes by: st...@cvs.openbsd.org 2013/03/19 16:14:30
Modified files: libexec/security: security Log message: Untaint a variable used in an sprintf format string by using a regex and back- reference. This diff from espie@ after we worked through a few alternatives. (Background: with perl's taint mode, any operation other than RE+backref, even just taking a length of a tainted [user-supplied/untrusted] string, results in a tainted variable. Perl 5.14 improves the checks in format strings to sprintf which triggers with this script).