Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

tainted $@ taints utf8 substitution result #10112

Closed
p5pRT opened this issue Jan 25, 2010 · 4 comments
Closed

tainted $@ taints utf8 substitution result #10112

p5pRT opened this issue Jan 25, 2010 · 4 comments

Comments

@p5pRT
Copy link

p5pRT commented Jan 25, 2010

Migrated from rt.perl.org#72360 (status was 'resolved')

Searchable as RT72360$

@p5pRT
Copy link
Author

p5pRT commented Jan 25, 2010

From @ntyni

This is a bug report for perl from Niko Tyni <ntyni@​debian.org>,
generated with the help of perlbug 1.39 running under perl 5.11.4.


When $@​ is tainted, the result of a regexp substitution on an
utf8 string becomes tainted too for no apparent reason.

Seen on at least from 5.8.8 up to current blead.

#!perl -T
use Scalar​::Util q/tainted/;
$@​=$ENV{HOME}; # taint errsv
$f = "out/abc\x{263A}"; # set the utf8 flag
print tainted($f), "\n";
$f =~s!/*[^/]+$!!;
print tainted($f), "\n";
__END__

gives

0
1

when I'd expect

0
0

(Originally reported as http​://bugs.debian.org/411786 )



Flags​:
  category=core
  severity=low


Site configuration information for perl 5.11.4​:

Configured by niko at Mon Jan 25 19​:04​:36 EET 2010.

Summary of my perl5 (revision 5 version 11 subversion 4) configuration​:
  Commit id​: fe61459
  Platform​:
  osname=linux, osvers=2.6.32-trunk-amd64, archname=x86_64-linux-gnu-thread-multi
  uname='linux madeleine 2.6.32-trunk-amd64 #1 smp sun jan 10 22​:40​:40 utc 2010 x86_64 gnulinux '
  config_args='-Dusethreads -Duselargefiles -Dccflags=-DDEBIAN -Dcccdlflags=-fPIC -Darchname=x86_64-linux-gnu -Dprefix=/usr -Dprivlib=/usr/share/perl/5.11 -Darchlib=/usr/lib/perl/5.11 -Dvendorprefix=/usr -Dvendorlib=/usr/share/perl5 -Dvendorarch=/usr/lib/perl5 -Dsiteprefix=/usr/local -Dsitelib=/usr/local/share/perl/5.11.4 -Dsitearch=/usr/local/lib/perl/5.11.4 -Dman1dir=/usr/share/man/man1 -Dman3dir=/usr/share/man/man3 -Dsiteman1dir=/usr/local/man/man1 -Dsiteman3dir=/usr/local/man/man3 -Dman1ext=1 -Dman3ext=3perl -Dpager=/usr/bin/sensible-pager -Uafs -Ud_csh -Ud_ualarm -Uusesfio -Uusenm -DDEBUGGING=both -Doptimize=-O0 -Dusedevel -Uuseshrplib -des'
  hint=recommended, useposix=true, d_sigaction=define
  useithreads=define, usemultiplicity=define
  useperlio=define, d_sfio=undef, uselargefiles=define, usesocks=undef
  use64bitint=define, use64bitall=define, uselongdouble=undef
  usemymalloc=n, bincompat5005=undef
  Compiler​:
  cc='cc', ccflags ='-D_REENTRANT -D_GNU_SOURCE -DDEBIAN -DDEBUGGING -fno-strict-aliasing -pipe -fstack-protector -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64',
  optimize='-O0 -g',
  cppflags='-D_REENTRANT -D_GNU_SOURCE -DDEBIAN -DDEBUGGING -fno-strict-aliasing -pipe -fstack-protector -I/usr/local/include'
  ccversion='', gccversion='4.4.3 20100108 (prerelease)', gccosandvers=''
  intsize=4, longsize=8, ptrsize=8, doublesize=8, byteorder=12345678
  d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=16
  ivtype='long', ivsize=8, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8
  alignbytes=8, prototype=define
  Linker and Libraries​:
  ld='cc', ldflags =' -fstack-protector -L/usr/local/lib'
  libpth=/usr/local/lib /lib /usr/lib /lib64 /usr/lib64
  libs=-lnsl -lgdbm -ldb -ldl -lm -lcrypt -lutil -lpthread -lc -lgdbm_compat
  perllibs=-lnsl -ldl -lm -lcrypt -lutil -lpthread -lc
  libc=/lib/libc-2.10.2.so, so=so, useshrplib=false, libperl=libperl.a
  gnulibc_version='2.10.2'
  Dynamic Linking​:
  dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-Wl,-E'
  cccdlflags='-fPIC', lddlflags='-shared -O0 -g -L/usr/local/lib -fstack-protector'

Locally applied patches​:
 


@​INC for perl 5.11.4​:
  lib
  /usr/local/lib/perl/5.11.4
  /usr/local/share/perl/5.11.4
  /usr/lib/perl5
  /usr/share/perl5
  /usr/lib/perl/5.11
  /usr/share/perl/5.11
  .


Environment for perl 5.11.4​:
  HOME=/home/niko
  LANG=en_US.UTF-8
  LANGUAGE (unset)
  LC_CTYPE=fi_FI.UTF-8
  LD_LIBRARY_PATH (unset)
  LOGDIR (unset)
  PATH=/home/niko/bin​:/home/niko/bin​:/home/niko/bin​:/usr/local/bin​:/usr/bin​:/bin​:/usr/local/games​:/usr/games​:/sbin​:/usr/sbin​:/sbin​:/usr/sbin
  PERL_BADLANG (unset)
  SHELL=/bin/zsh

@p5pRT
Copy link
Author

p5pRT commented Jun 28, 2011

From @iabyn

On Mon, Jan 25, 2010 at 12​:17​:11PM -0800, Niko Tyni wrote​:

When $@​ is tainted, the result of a regexp substitution on an
utf8 string becomes tainted too for no apparent reason.

Seen on at least from 5.8.8 up to current blead.

#!perl -T
use Scalar​::Util q/tainted/;
$@​=$ENV{HOME}; # taint errsv
$f = "out/abc\x{263A}"; # set the utf8 flag
print tainted($f), "\n";
$f =~s!/*[^/]+$!!;
print tainted($f), "\n";
__END__

gives

0
1

when I'd expect

0
0

(Originally reported as http​://bugs.debian.org/411786 )

This was fixed in 5.13.10 and 5.14.0 by commit

  20be658

--
Little fly, thy summer's play my thoughtless hand
has terminated with extreme prejudice.
  (with apologies to William Blake)

@p5pRT
Copy link
Author

p5pRT commented Jun 28, 2011

The RT System itself - Status changed from 'new' to 'open'

@p5pRT p5pRT closed this as completed Jun 28, 2011
@p5pRT
Copy link
Author

p5pRT commented Jun 28, 2011

@iabyn - Status changed from 'open' to 'resolved'

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

1 participant