From e1fd08affe7d6c52701c14b6754971e51d6ca644 Mon Sep 17 00:00:00 2001
From: Peter Marquardt <wwwutz@molgen.mpg.de>
Date: Mon, 10 May 2021 12:21:20 +0200
Subject: [PATCH] fon: fix CVE-ABSP #185

- data security fix
---
 fon/fon.pl | 29 ++++++++++-------------------
 1 file changed, 10 insertions(+), 19 deletions(-)

diff --git a/fon/fon.pl b/fon/fon.pl
index 4047ce0..2931cf3 100755
--- a/fon/fon.pl
+++ b/fon/fon.pl
@@ -10,7 +10,6 @@
 my %multichar;
 my %escapechar;
 
-my $cache    = 'ldap.dump';
 my $USECACHE = 0;
 
 my %L;
@@ -105,27 +104,19 @@ sub exec_ldapsearch {
 sub get_ldap_addressbook {
     my $L = shift;
     my @LDAP;
-    if ( $USECACHE and -s $cache ) {
-        open C, '<', $cache or die "$!";
-        push @LDAP, (<C>);
-        close C;
-    }
-    else {
-        open C, '>', $cache or die "$!";
 
-        my $pid = open P, '-|';
-        defined $pid or die "$!\n";
-        $pid or exec_ldapsearch( '-b', 'dc=addressbook,dc=apps,dc=molgen,dc=mpg,dc=de' );
-        binmode P, ':utf8';
+    my $pid = open P, '-|';
+    defined $pid or die "$!\n";
+    $pid or exec_ldapsearch( '-b', 'dc=addressbook,dc=apps,dc=molgen,dc=mpg,dc=de' );
+    binmode P, ':utf8';
 
-        while (<P>) {
-            print C $_;
-            push @LDAP, $_;
-        }
-        close P;
-        close C;
-        $? and die "get_ldap_addressbook() failed\n";
+    while (<P>) {
+        push @LDAP, $_;
     }
+    close P;
+
+    $? and die "get_ldap_addressbook() failed\n";
+
     my ($uid) = ('');
 
     my @addlist = ( 'sn', 'givenName', 'mail', 'roomNumber', 'collectionId', 'telephoneNumber' );