[interchange-cvs] interchange - heins modified lib/Vend/Payment.pm
interchange-cvs at icdevgroup.org
interchange-cvs at icdevgroup.org
Tue May 3 21:12:27 EDT 2005
User: heins
Date: 2005-05-04 01:12:27 GMT
Modified: lib/Vend Payment.pm
Log:
* Make wget adaptation a bit more secure by seeking/rewriting the file
to wipe contents a bit before unlinking.
Revision Changes Path
2.16 +12 -4 interchange/lib/Vend/Payment.pm
rev 2.16, prev_rev 2.15
Index: Payment.pm
===================================================================
RCS file: /var/cvs/interchange/lib/Vend/Payment.pm,v
retrieving revision 2.15
retrieving revision 2.16
diff -u -r2.15 -r2.16
--- Payment.pm 3 May 2005 17:41:42 -0000 2.15
+++ Payment.pm 4 May 2005 01:12:26 -0000 2.16
@@ -1,6 +1,6 @@
# Vend::Payment - Interchange payment processing routines
#
-# $Id: Payment.pm,v 2.15 2005/05/03 17:41:42 mheins Exp $
+# $Id: Payment.pm,v 2.16 2005/05/04 01:12:26 mheins Exp $
#
# Copyright (C) 2002-2003 Interchange Development Group
# Copyright (C) 1996-2002 Red Hat, Inc.
@@ -23,7 +23,7 @@
package Vend::Payment;
require Exporter;
-$VERSION = substr(q$Revision: 2.15 $, 10);
+$VERSION = substr(q$Revision: 2.16 $, 10);
@ISA = qw(Exporter);
@@ -627,8 +627,6 @@
open WIN, "> $infile"
or die errmsg("Cannot create wget post input file %s: %s", $infile, $!) . "\n";
print WIN $post;
- close WIN
- or die errmsg("Cannot close wget post input file %s: %s", $infile, $!) . "\n";
local($/);
my @args = $cmd;
@@ -653,6 +651,16 @@
or die errmsg("Cannot close wget output %s: %s", $outfile, $!) . "\n";
unlink $outfile unless $opt->{debug};
}
+
+ seek(WIN, 0, 0)
+ or die errmsg("Cannot seek on wget input file %s: %s", $infile, $!) . "\n";
+ unless($opt->{debug}) {
+ my $len = int(length($post) / 8) + 1;
+ print WIN 'deadbeef' x $len;
+ }
+
+ close WIN
+ or die errmsg("Cannot close wget post input file %s: %s", $infile, $!) . "\n";
unlink $infile unless $opt->{debug};
open WSTAT, "< $statfile"
or die errmsg("Cannot read wget status from %s: %s", $statfile, $!) . "\n";
More information about the interchange-cvs
mailing list