develooper Front page | perl.perl5.porters | Postings from January 2008

RE: FW: [perl #50322] CGITempFile causes "Insecure dependency in sprintf" in perl 5.10.0

Thread Previous
From:
Steve Hay
Date:
January 31, 2008 01:17
Subject:
RE: FW: [perl #50322] CGITempFile causes "Insecure dependency in sprintf" in perl 5.10.0
Message ID:
1B32FF956ABF414C9BCE5E487A1497E70132B55C@ukmail02.planit.group
OK, thanks. Now applied to bleadperl as #33143.

________________________________

From: Lincoln Stein [mailto:lincoln.stein@gmail.com] 
Sent: 30 January 2008 15:12
To: Steve Hay; perl5-porters@perl.org
Subject: Re: FW: [perl #50322] CGITempFile causes "Insecure dependency
in sprintf" in perl 5.10.0


It looks fine to me. I'm adding the proposed fix to 3.33.

Lincoln


On Jan 30, 2008 4:13 AM, Steve Hay <SteveHay@planit.com> wrote:


	Hi Lincoln,
	
	Not sure if you saw the email below that I copied you with the
other
	day, but I noticed that you just replied to another thread from
a
	different address, so I thought I'd forward to that address too.
	
	Shall I go ahead and apply Steffen's fix to bleadperl, or would
you
	rather fix things differently?
	
	Steve
	


	Steve Hay wrote:
	> Steffen Mueller wrote:
	>> Steve Hay wrote:
	>>> Run the following program under perl 5.10.0 on Windows XP:
	>>>
	>>> #!perl -wT
	>>> use strict;
	>>> use warnings;
	>>> BEGIN { $ENV{TMPDIR} = "$ENV{WINDIR}\\TEMP" };
	>>> use CGI;
	>>> my $tmpfile = new CGITempFile(1);
	>>> print "tmpfile='", $tmpfile->as_string(), "'\n";
	>>>
	>>> This causes the error:
	>>>
	>>> Insecure dependency in sprintf while running with -T switch
at (eval
	>>> 2) line 6.
	>>
	>> it seems to me that this would have to be fixed in
CGITempFile
	>> because the error is probably genuine.
	>>
	>> How about changing the sprintf call to this (untested, but
well...):
	>>
	>> sprintf("\%s${SL}CGItemp%d", $TMPDIRECTORY, $sequence++)
	>
	> Yes, that fixes it, thanks.
	>
	> Lincoln, are you happy with this fix?
	




-- 
Lincoln D. Stein
Cold Spring Harbor Laboratory
1 Bungtown Road
Cold Spring Harbor, NY 11724
(516) 367-8380 (voice)
(516) 367-8389 (fax)
FOR URGENT MESSAGES & SCHEDULING, 
PLEASE CONTACT MY ASSISTANT, 
SANDRA MICHELSEN, AT michelse@cshl.edu 

Thread Previous


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About