vendor/unbound/1.9.6

author: Cy Schubert <cy@FreeBSD.org> 2019-12-28 05:27:06 +0000
committer: Cy Schubert <cy@FreeBSD.org> 2019-12-28 05:27:06 +0000
commit: e2fe726866d062155f6b1aae749375475ef19191 (patch)
tree: fe6b00611d5c987d2c12c32063891ae19295ffeb /pythonmod/examples
parent: 366b94c4a9552acfb560d3234aea0955ebc1eb8e (diff)
1 files changed, 6 insertions, 2 deletions
diff --git a/pythonmod/examples/calc.py b/pythonmod/examples/calc.py
index 3230e37e3eea6..8c15f50b9d75c 100644
--- a/pythonmod/examples/calc.py
+++ b/pythonmod/examples/calc.py
@@ -45,9 +45,13 @@ def operate(id, event, qstate, qdata):
 
     if (event == MODULE_EVENT_NEW) or (event == MODULE_EVENT_PASS):
 
-        if qstate.qinfo.qname_str.endswith("._calc_.cz."):
+        if qstate.qinfo.qname_str.endswith("._calc_.cz.") and not ("__" in qstate.qinfo.qname_str):
             try:
-                res = eval(''.join(qstate.qinfo.qname_list[0:-3]))
+                # the second and third argument to eval attempt to restrict
+                # functions and variables available to stop code execution
+                # but it may not be safe either.  This is why __ substrings
+                # are excluded from evaluation.
+                res = eval(''.join(qstate.qinfo.qname_list[0:-3]),{"__builtins__":None},{})
             except:
                 res = "exception"
author	Cy Schubert <cy@FreeBSD.org>	2019-12-28 05:27:06 +0000
committer	Cy Schubert <cy@FreeBSD.org>	2019-12-28 05:27:06 +0000
commit	e2fe726866d062155f6b1aae749375475ef19191 (patch)
tree	fe6b00611d5c987d2c12c32063891ae19295ffeb /pythonmod/examples
parent	366b94c4a9552acfb560d3234aea0955ebc1eb8e (diff)