From 10e1a17a6c7c0dbfc3a7b20f37a23ee153b25b66 Mon Sep 17 00:00:00 2001
From: Joerg Jaspert <joerg@debian.org>
Date: Wed, 5 Dec 2012 23:20:48 +0100
Subject: [PATCH] sanitize  variable before using it

Signed-off-by: Joerg Jaspert <joerg@debian.org>
---
 tools/debianqueued-0.9/debianqueued | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/tools/debianqueued-0.9/debianqueued b/tools/debianqueued-0.9/debianqueued
index 45f12427..f9da96fa 100755
--- a/tools/debianqueued-0.9/debianqueued
+++ b/tools/debianqueued-0.9/debianqueued
@@ -1708,6 +1708,13 @@ sub pgp_check($) {
   my $stat;
   local (*PIPE);
 
+  if ($file =~ /^([-\w.+~]+)$/) {
+    $file = $1;
+  } else {
+    msg( "log", "Tainted filename, skipping: $file\n" );
+    return "LOCAL ERROR";
+  }
+
   $stat = 1;
   if ( -x $conf::gpg ) {
     debug(   "executing $conf::gpg --no-options --batch "
-- 
2.39.2