Merge pull request #186 from mariux64/fix-fon-dump

fon: fix CVE-ABSP #185
mariux64 · May 10, 2021 · 56f0f9d · 56f0f9d
2 parents 935c089 + e1fd08a
commit 56f0f9d
Showing 1 changed file with 10 additions and 19 deletions.
diff --git a/fon/fon.pl b/fon/fon.pl
@@ -10,7 +10,6 @@
 my %multichar;
 my %escapechar;
 
-my $cache    = 'ldap.dump';
 my $USECACHE = 0;
 
 my %L;
@@ -105,27 +104,19 @@ sub exec_ldapsearch {
 sub get_ldap_addressbook {
     my $L = shift;
     my @LDAP;
-    if ( $USECACHE and -s $cache ) {
-        open C, '<', $cache or die "$!";
-        push @LDAP, (<C>);
-        close C;
-    }
-    else {
-        open C, '>', $cache or die "$!";
 
-        my $pid = open P, '-|';
-        defined $pid or die "$!\n";
-        $pid or exec_ldapsearch( '-b', 'dc=addressbook,dc=apps,dc=molgen,dc=mpg,dc=de' );
-        binmode P, ':utf8';
+    my $pid = open P, '-|';
+    defined $pid or die "$!\n";
+    $pid or exec_ldapsearch( '-b', 'dc=addressbook,dc=apps,dc=molgen,dc=mpg,dc=de' );
+    binmode P, ':utf8';
 
-        while (<P>) {
-            print C $_;
-            push @LDAP, $_;
-        }
-        close P;
-        close C;
-        $? and die "get_ldap_addressbook() failed\n";
+    while (<P>) {
+        push @LDAP, $_;
     }
+    close P;
+
+    $? and die "get_ldap_addressbook() failed\n";
+
     my ($uid) = ('');
 
     my @addlist = ( 'sn', 'givenName', 'mail', 'roomNumber', 'collectionId', 'telephoneNumber' );