Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

utf8::SWASHNEW messes taint state when $1,$2,$3 are tainted #14529

Closed
p5pRT opened this issue Feb 19, 2015 · 4 comments
Closed

utf8::SWASHNEW messes taint state when $1,$2,$3 are tainted #14529

p5pRT opened this issue Feb 19, 2015 · 4 comments

Comments

@p5pRT
Copy link

p5pRT commented Feb 19, 2015

Migrated from rt.perl.org#123880 (status was 'resolved')

Searchable as RT123880$

@p5pRT
Copy link
Author

p5pRT commented Feb 19, 2015

From Mark.Martinec@ijs.si

Created by Mark.Martinec@ijs.si

The following program​:

  #!/usr/bin/perl -T
  use strict;
  use re 'taint';
  $ENV{PATH} =~ /^(.)(.)(.)/;
  eval 'qr/\p{IsXDigit}/; printf("OK\n")'
  or die "Eval failed​: $@​\n";

yields​:
  Eval failed​: Insecure dependency in printf
  while running with -T switch at (eval 1) line 1.

(Replacing printf("OK\n") with something like 'use strict'
ends up with 'Insecure dependency in require'.)

This fails on 5.16.*, 5.18.* and 5.20.1, but seems to
be fixed in 5.20.2. (The 5.14.2 and 5.12.5 are fine too)

It is possibly related to [perl #122669], which
is also fixed in 5.20.2, although under 5.14.2
the #122669 fails but this one does not.

Regardless, seems prudent to localize $1, $2 and $3
in utf8​::SWASHNEW so that it does not depend on
whether these global variables are tainted or not.

Perl Info

Flags:
    category=core
    severity=medium

Site configuration information for perl 5.20.1:

Configured by root at Wed Dec 17 20:24:38 UTC 2014.

Summary of my perl5 (revision 5 version 20 subversion 1) configuration:
   
  Platform:
    osname=freebsd, osvers=10.0-release, archname=amd64-freebsd-thread-multi
    uname='freebsd 10amd64-ws-default-job-01 10.0-release freebsd 10.0-release amd64 '
    config_args='-sde -Dprefix=/usr/local -Dlibperl=libperl.so.5.20.1 -Darchlib=/usr/local/lib/perl5/5.20/mach -Dprivlib=/usr/local/lib/perl5/5.20 -Dman3dir=/usr/local/lib/perl5/5.20/perl/man/man3 -Dman1dir=/usr/local/man/man1 -Dsitearch=/usr/local/lib/perl5/site_perl/mach/5.20 -Dsitelib=/usr/local/lib/perl5/site_perl -Dscriptdir=/usr/local/bin -Dsiteman3dir=/usr/local/lib/perl5/site_perl/man/man3 -Dsiteman1dir=/usr/local/man/man1 -Ui_malloc -Ui_iconv -Uinstallusrbinperl -Dcc=cc -Duseshrplib -Dinc_version_list=none -Dotherlibdirs=/usr/local/lib/perl5/site_perl/5.20:/usr/local/lib/perl5/site_perl/5.20/mach -Doptimize=-g -DDEBUGGING -Ui_gdbm -Dusemultiplicity=n -Duse64bitint -Dusethreads=y -Dusemymalloc=n'
    hint=recommended, useposix=true, d_sigaction=define
    useithreads=define, usemultiplicity=define
    use64bitint=define, use64bitall=define, uselongdouble=undef
    usemymalloc=n, bincompat5005=undef
  Compiler:
    cc='cc', ccflags ='-DHAS_FPSETMASK -DHAS_FLOATINGPOINT_H -DDEBUGGING -fno-strict-aliasing -pipe -fstack-protector -I/usr/local/include',
    optimize='-g',
    cppflags='-DHAS_FPSETMASK -DHAS_FLOATINGPOINT_H -DDEBUGGING -fno-strict-aliasing -pipe -fstack-protector -I/usr/local/include'
    ccversion='', gccversion='4.2.1 Compatible FreeBSD Clang 3.3 (tags/RELEASE_33/final 183502)', gccosandvers=''
    intsize=4, longsize=8, ptrsize=8, doublesize=8, byteorder=12345678
    d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=16
    ivtype='long', ivsize=8, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8
    alignbytes=8, prototype=define
  Linker and Libraries:
    ld='cc', ldflags ='-pthread -Wl,-E  -fstack-protector -L/usr/local/lib'
    libpth=/usr/lib /usr/local/lib /usr/include/clang/3.3 /usr/lib
    libs=-lm -lcrypt -lutil
    perllibs=-lm -lcrypt -lutil
    libc=, so=so, useshrplib=true, libperl=libperl.so.5.20.1
    gnulibc_version=''
  Dynamic Linking:
    dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='  -Wl,-R/usr/local/lib/perl5/5.20/mach/CORE'
    cccdlflags='-DPIC -fPIC', lddlflags='-shared -L/wrkdirs/usr/ports/lang/perl5.20/work/perl-5.20.1 -L/usr/local/lib/perl5/5.20/mach/CORE -Wl,-rpath=/usr/local/lib/perl5/5.20/mach/CORE -lperl  -L/usr/local/lib -fstack-protector'



@INC for perl 5.20.1:
    /usr/local/lib/perl5/site_perl/mach/5.20
    /usr/local/lib/perl5/site_perl
    /usr/local/lib/perl5/5.20/mach
    /usr/local/lib/perl5/5.20
    /usr/local/lib/perl5/site_perl/5.20
    /usr/local/lib/perl5/site_perl/5.20/mach
    .


Environment for perl 5.20.1:
    HOME=/home/mark
    LANG (unset)
    LANGUAGE=
    LC_ALL=en_US.UTF-8
    LD_LIBRARY_PATH (unset)
    LOGDIR (unset)
    PATH=/usr/local/bin:/usr/local/sbin:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/kde4/bin/:/usr/X11R6/bin
    PERL_BADLANG (unset)
    SHELL=/usr/local/bin/bash

@p5pRT
Copy link
Author

p5pRT commented Sep 19, 2015

From @khwilliamson

It turns out this ticket was fixed by the fix in #124109 which localises $1,$2,$3 in the caller, so there's no need to localise it in utf8​::SWASHNEW.

--
Karl Williamson

@p5pRT
Copy link
Author

p5pRT commented Sep 19, 2015

The RT System itself - Status changed from 'new' to 'open'

@p5pRT
Copy link
Author

p5pRT commented Sep 19, 2015

@khwilliamson - Status changed from 'open' to 'resolved'

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

1 participant