[interchange-cvs] interchange - heins modified lib/Vend/Payment.pm

interchange-cvs at icdevgroup.org interchange-cvs at icdevgroup.org
Tue May 3 21:12:27 EDT 2005


User:      heins
Date:      2005-05-04 01:12:27 GMT
Modified:  lib/Vend Payment.pm
Log:
* Make wget adaptation a bit more secure by seeking/rewriting the file
  to wipe contents a bit before unlinking.

Revision  Changes    Path
2.16      +12 -4     interchange/lib/Vend/Payment.pm


rev 2.16, prev_rev 2.15
Index: Payment.pm
===================================================================
RCS file: /var/cvs/interchange/lib/Vend/Payment.pm,v
retrieving revision 2.15
retrieving revision 2.16
diff -u -r2.15 -r2.16
--- Payment.pm	3 May 2005 17:41:42 -0000	2.15
+++ Payment.pm	4 May 2005 01:12:26 -0000	2.16
@@ -1,6 +1,6 @@
 # Vend::Payment - Interchange payment processing routines
 #
-# $Id: Payment.pm,v 2.15 2005/05/03 17:41:42 mheins Exp $
+# $Id: Payment.pm,v 2.16 2005/05/04 01:12:26 mheins Exp $
 #
 # Copyright (C) 2002-2003 Interchange Development Group
 # Copyright (C) 1996-2002 Red Hat, Inc.
@@ -23,7 +23,7 @@
 package Vend::Payment;
 require Exporter;
 
-$VERSION = substr(q$Revision: 2.15 $, 10);
+$VERSION = substr(q$Revision: 2.16 $, 10);
 
 @ISA = qw(Exporter);
 
@@ -627,8 +627,6 @@
 		open WIN, "> $infile"
 			or die errmsg("Cannot create wget post input file %s: %s", $infile, $!) . "\n";
 		print WIN $post;
-		close WIN
-			or die errmsg("Cannot close wget post input file %s: %s", $infile, $!) . "\n";
 		local($/);
 
 		my @args = $cmd;
@@ -653,6 +651,16 @@
 				or die errmsg("Cannot close wget output %s: %s", $outfile, $!) . "\n";
 			unlink $outfile unless $opt->{debug};
 		}
+
+		seek(WIN, 0, 0)
+			or die errmsg("Cannot seek on wget input file %s: %s", $infile, $!) . "\n";
+		unless($opt->{debug}) {
+			my $len = int(length($post) / 8) + 1;
+			print WIN 'deadbeef' x $len;
+		}
+
+		close WIN
+			or die errmsg("Cannot close wget post input file %s: %s", $infile, $!) . "\n";
 		unlink $infile unless $opt->{debug};
 		open WSTAT, "< $statfile"
 			or die errmsg("Cannot read wget status from %s: %s", $statfile, $!) . "\n";








More information about the interchange-cvs mailing list