New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
tainting breakage with index() of a constant #9714
Comments
From @ntyniThis is a bug report for perl from Niko Tyni <ntyni@debian.org>, As reported by Adrian Irving-Beer in <http://bugs.debian.org/291450>, Reported with 5.8.4, verified with current blead, 5.10.0 and 5.8.8. The first attached patch adds a TODO test reduced from this. The second patch fixes it for me, but I'm unsure if this is more like Flags: Site configuration information for perl 5.10.0: Configured by Debian Project at Mon Apr 13 05:15:55 UTC 2009. Summary of my perl5 (revision 5 version 10 subversion 0) configuration: Locally applied patches: @INC for perl 5.10.0: Environment for perl 5.10.0: |
From @ntyni0001-TODO-test-for-index-of-a-tainted-constant.patchFrom 828a95e8f8385f6cecde9982ce08e7ae4502e1b6 Mon Sep 17 00:00:00 2001
From: Niko Tyni <ntyni@debian.org>
Date: Fri, 17 Apr 2009 21:11:08 +0300
Subject: [PATCH] TODO test for index() of a tainted constant
As reported by Adrian Irving-Beer in <http://bugs.debian.org/291450>,
this unexpectedly throws a fatal taint error:
#!/usr/bin/perl -T
use constant C_A => $ARGV[0];
use constant C_B => $ARGV[1];
index(C_A, C_B);
open(FOO, "-|");
The TODO test is reduced from the above.
---
t/op/taint.t | 14 +++++++++++++-
1 files changed, 13 insertions(+), 1 deletions(-)
diff --git a/t/op/taint.t b/t/op/taint.t
index 01ab368..12a931b 100755
--- a/t/op/taint.t
+++ b/t/op/taint.t
@@ -17,7 +17,7 @@ use Config;
use File::Spec::Functions;
BEGIN { require './test.pl'; }
-plan tests => 298;
+plan tests => 302;
$| = 1;
@@ -1303,6 +1303,18 @@ foreach my $ord (78, 163, 256) {
}
}
+# tainted constants and index()
+# http://bugs.debian.org/291450
+{
+ ok(tainted $old_env_path, "initial taintedness");
+ BEGIN { no strict 'refs'; my $v = $old_env_path; *{"::C"} = sub () { $v }; }
+ ok(tainted C, "constant is tainted properly");
+ ok(!tainted "", "tainting not broken yet");
+ index(undef, C);
+ local $::TODO = 'breaks when fbm_compile() is called';
+ ok(!tainted "", "tainting still works after index() of the constant");
+}
+
# This may bomb out with the alarm signal so keep it last
SKIP: {
skip "No alarm()" unless $Config{d_alarm};
--
1.5.6.5
|
From @ntyni0002-Don-t-fbm_compile-tainted-constants.patchFrom c1a3981525d1b69783f3c01e054758cf652395fa Mon Sep 17 00:00:00 2001
From: Niko Tyni <ntyni@debian.org>
Date: Fri, 17 Apr 2009 21:21:32 +0300
Subject: [PATCH] Don't fbm_compile() tainted constants
As seen by the TODO test, calling fbm_compile() with a tainted
value would break subsequent tainting altogether.
---
op.c | 3 ++-
t/op/taint.t | 1 -
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/op.c b/op.c
index be98c3f..b96d277 100644
--- a/op.c
+++ b/op.c
@@ -7204,7 +7204,8 @@ Perl_ck_index(pTHX_ OP *o)
OP *kid = cLISTOPo->op_first->op_sibling; /* get past pushmark */
if (kid)
kid = kid->op_sibling; /* get past "big" */
- if (kid && kid->op_type == OP_CONST)
+ if (kid && kid->op_type == OP_CONST
+ && !SvTAINTED((SV *)((SVOP*)kid)->op_sv))
fbm_compile(((SVOP*)kid)->op_sv, 0);
}
return ck_fun(o);
diff --git a/t/op/taint.t b/t/op/taint.t
index 12a931b..f04fff2 100755
--- a/t/op/taint.t
+++ b/t/op/taint.t
@@ -1311,7 +1311,6 @@ foreach my $ord (78, 163, 256) {
ok(tainted C, "constant is tainted properly");
ok(!tainted "", "tainting not broken yet");
index(undef, C);
- local $::TODO = 'breaks when fbm_compile() is called';
ok(!tainted "", "tainting still works after index() of the constant");
}
--
1.5.6.5
|
From @iabynOn Fri, Apr 17, 2009 at 11:43:36AM -0700, Niko Tyni wrote:
Thanks, applied as 0d1104b
I applied an alternative fix as 3b36395. -- |
The RT System itself - Status changed from 'new' to 'open' |
@iabyn - Status changed from 'open' to 'resolved' |
From bitcard8493823322@mstier.deBug affects recent stable version 5.14.2. Maybe we should add a regression test. |
From @iabynOn Thu, Jan 12, 2012 at 12:02:49PM -0800, Mark via RT wrote:
A regression test was added as part of the fix. The fix went into the -- |
Migrated from rt.perl.org#64804 (status was 'resolved')
Searchable as RT64804$
The text was updated successfully, but these errors were encountered: