New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
use re 'taint' regression #13824
Comments
From @ntyniThis is a bug report for perl from Niko Tyni <ntyni@debian.org>, Found this while trying to get mod_perl2 to work with 5.19.11: % perl -T -Mre=taint -le 'print $^V; sub f { $_[0] =~ /(.*)/ and return % ./perl -I$(pwd)/lib -T -Mre=taint -le 'print $^V; sub f { $_[0] =~ /(.*)/ and return It looks like once the regexp has output tainted data once, it remembers I reduced the above from File::Basename::dirname() seemingly randomly ./perl -I$(pwd)/lib -T -MScalar::Util=tainted -MFile::Basename=dirname -e 'dirname($ENV{HOME}); die if tainted dirname("/tmp")' which broke the mod_perl2 test suite. Bisecting gives v5.19.8-533-g63baef5: 63baef5 is the first bad commit Make taint checking regex compile time instead of runtime Flags: Site configuration information for perl 5.19.12: Configured by niko at Tue May 13 00:20:10 EEST 2014. Summary of my perl5 (revision 5 version 19 subversion 12) configuration: @INC for perl 5.19.12: Environment for perl 5.19.12: |
From @iabynOn Mon, May 12, 2014 at 03:05:37PM -0700, Niko Tyni wrote:
Now fixed with this: commit 1738e04 [perl #121854] use re 'taint' regression -- |
The RT System itself - Status changed from 'new' to 'open' |
From @rjbsBug fixed, so resolved unless Niko Tyni (or someone else) shows otherwise! -- |
@rjbs - Status changed from 'open' to 'resolved' |
Migrated from rt.perl.org#121854 (status was 'resolved')
Searchable as RT121854$
The text was updated successfully, but these errors were encountered: