[FFmpeg-devel] [fateserver PATCH 2/2] Add missing validation of out of process data

[Martin Storsjö]

When invoking unxz, the variables making up the path
passed to unxz need to be validated.

load_summary normally only reads the "summary" file, but
if missing, it tries to use unxz to unpack report.xz. In
this case the slot value needs to be validated, which can
be done in the main loop in index.cgi.

load_report uses unxz, with a slot and date read from
the summary file, when the report contained failures.
In this case, the slot and date values can either be
validated as they're read from the summary in load_summary
or split_header, or before they're used in load_report.

This unbreaks the main results listings for slots with one or
more test failures.
---
 FATE.pm   | 2 ++
 index.cgi | 1 +
 2 files changed, 3 insertions(+)

diff --git a/FATE.pm b/FATE.pm
index b7d7260..ccb8958 100644
--- a/FATE.pm
+++ b/FATE.pm
@@ -147,6 +147,8 @@ sub load_summary {
 
 sub load_report {
     my ($slot, $date) = @_;
+    ($slot) = $slot =~ /^([A-Za-z0-9_\-.]{1,80})\z/ or exit 1;
+    ($date) = $date =~ /^([0-9]{1,80})\z/ or exit 1;
     my $report = "$fatedir/$slot/$date/report.xz";
     my @recs;
 
diff --git a/index.cgi b/index.cgi
index 8fe92db..c053d0e 100755
--- a/index.cgi
+++ b/index.cgi
@@ -47,6 +47,7 @@ my $allpass = 0;
 my $allfail = 0;
 
 for my $slot (@slots) {
+    ($slot) = $slot =~ /^([A-Za-z0-9_\-.]{1,80})\z/ or next;
     next if -e "$fatedir/$slot/hidden";
     my $rep = load_summary $slot, 'latest' or next;
     next if time - parse_date($$rep{date}) > $hidden_age;
-- 
2.25.1