Re: How to avoid Null Byte Injection?

First, consider turning taint mode on, which will stop your program if it is about to use unfiltered data. Doing that will force you to decide what is and isn't an allowed character before you can do anything dangerous with a user-supplied string.

Once you've done that, make sure the pattern you use to untaint doesn't allow null characters. For example:

  my $filename;
  if ($param('select') =~ /^(\w+)$/)
  {
    $filename = $1;
  }
  else
  {
    die "Illegal filename!\n";
  }
[download]

--
sgifford's Web page

Comment on Re: How to avoid Null Byte Injection? Download Code

Replies are listed 'Best First'.
Re^2: How to avoid Null Byte Injection? by Nik (Initiate) on Oct 08, 2006 at 09:17 UTC
Umm, thanks but i think it would be better if i would be checking param('select') against the valid text file names(*.txt) inside my /data/text/ folder like Joost suggested. After all its only one of those values that i really want.	[reply]
Re^3: How to avoid Null Byte Injection? by sgifford (Prior) on Oct 08, 2006 at 20:25 UTC
You're right, I didn't realize you had a small, fixed list of filenames that were allowed. I would still recommend turning on taint mode, though. It stops you from accidentally introducing security problems at places in your program you may not have thought of. -- sgifford's Web page	[reply]
Re^4: How to avoid Null Byte Injection? by Nik (Initiate) on Oct 09, 2006 at 07:34 UTC
Will do that, thank you :-) But how you mean it stops me? It somehow check my perl script and if it founds it not secure proof it denies the execution of it or displays warnings?	[reply]
Re^5: How to avoid Null Byte Injection? by sgifford (Prior) on Oct 09, 2006 at 15:24 UTC
Re^6: How to avoid Null Byte Injection? by Nik (Initiate) on Oct 09, 2006 at 17:30 UTC
Some notes below your chosen depth have not been shown here
Re^5: How to avoid Null Byte Injection? by Anonymous Monk on Oct 09, 2006 at 07:59 UTC
A reply falls below the community's threshold of quality. You may see it by logging in.