From: John Lightsey Date: Mon, 27 Jun 2011 13:07:44 -0500 Subject: [PATCH] symlink safety Add check for unsafe symbolic links to _is_safe() directory check. diff -ruN File-Temp-0.23.orig/lib/File/Temp.pm File-Temp-0.23/lib/File/Temp.pm --- File-Temp-0.23.orig/lib/File/Temp.pm 2013-03-14 22:56:59.000000000 +0100 +++ File-Temp-0.23/lib/File/Temp.pm 2014-10-15 23:46:29.894611586 +0200 @@ -672,7 +672,25 @@ my $err_ref = shift; # Stat path - my @info = stat($path); + my @info = lstat($path); + my $symlink_test_path = $path; + my $symlink_loop_count = 0; + while (-l _) { + if (++$symlink_loop_count >= 50) { + $$err_ref = "50 levels of symlinks encountered at $path"; + return 0; + } + if ( $info[4] <= File::Temp->top_system_uid() || $info[4] == $>) { + # safe to traverse + $symlink_test_path = readlink($symlink_test_path); + @info = lstat($symlink_test_path); + } + else { + $$err_ref = "Unsafe symlink at $path"; + return 0; + } + } + unless (scalar(@info)) { $$err_ref = "stat(path) returned no values"; return 0;