On Sun, Jan 04, 2009 at 10:38:57PM -0800, Robert Spier wrote:
> This is really just papering over the issue, as it doesn't actually
> validate the contents of 'me', which could still potentially contain
> bad data. But as this doesn't actually make anything *worse* and
> fixes your case, applied
This is really just papering over the issue, as it doesn't actually
validate the contents of 'me', which could still potentially contain
bad data. But as this doesn't actually make anything *worse* and
fixes your case, applied as r967.
The "right" way to fix this is a lot more work involves abs
The code feeds the results of $session->config('me') to
sprintf as part of the format string. In practice, this is
probably not a problem since hostnames don't contain percent
signs. However, it triggers a taint warning in perl 5.10,
making cram-md5 auth unusable.
This patch rewrites the sprintf t
The code feeds the results of $session->config('me') to
sprintf as part of the format string. In practice, this is
probably not a problem since hostnames don't contain percent
signs. However, it triggers a taint warning in perl 5.10,
making cram-md5 auth unusable.
This patch rewrites the sprintf t
