New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Mysterious taint issue in Bugzilla4Intranet git~e099a6b018a0599b2f4e5eea13832d47b1259a30 #14796
Comments
From vitalif@mail.ruHi! I experience a mysterious taint issue in Bugzilla4Intranet (https://github.com/vitalif/bugzilla-4intranet), with git commit a72643daeb18cc237684be4c3ec107cd3a2a4ad6 and Perl 5.20.2 from Debian Sid (package version 5.20.2-6). Most dependencies are installed from CPAN, ImageMagick is installed from Debian (perlmagick 8:6.8.9.9-5). A full list of dependencies is in README starting with line 52, both "minimal" and "full" module lists are installed. Stand-alone HTTP::Server::Simple based server is used for serving HTTP requests (see ./HTTPServerSimple.pl, configuration example is in the end). The problem shows up in Bugzilla/Object.pm in _init() at line 124 and _do_list_select() at line 288. In both places there's the following line: my $cols = join(',', $class->DB_COLUMNS); After this line $cols becomes tainted although NONE of DB_COLUMNS (a list constant) are tainted themselves and $class is also not tainted! The error reproduces with $class equal to at least Bugzilla::Product and Bugzilla::Component. I've seen similar taint mode bugs in the past - is it possible to fix them at last? |
From vitalif@mail.ru...and changing the constant definition from 'use constant DB_COLUMNS => qw(...)' to 'sub DB_COLUMNS() { qw(...) }' works around this issue. :-( P.S: sorry, I've included different different git versions in issue title and description. a72643daeb18cc237684be4c3ec107cd3a2a4ad6 is more correct. |
From @jkeenanOn Thu Jul 09 04:38:41 2015, vitalif@mail.ru wrote:
The rt.perl.org issue queue and the perl5-porters mailing list have as their focus the development and maintenance of the Perl 5 core distribution. That focus does not include problems you might encounter with CPAN libraries that are not distributed with the core, except insofar as they clearly suggest problems with the core distribution. None of the libraries you mentioned are distributed with core, so we can't help you very much with them. If you could present a clear, short example of the tainting problem without reference to those libraries, then we might have something to work with. Also, I could not find any modules called Bugzilla::Product or Bugzilla::Component on CPAN. Are they perhaps modules that come with Bugzilla itself? A post on a Bugzilla-related mailing list might be a good place to start. Thank you very much. -- |
The RT System itself - Status changed from 'new' to 'open' |
From vitalif@mail.ru
I think it's clearly a perl core bug when the concatenation of several NON-TAINTED scalars becomes TAINTED. Everything else in bug description just relates to environment - it only reproduces in Bugzilla and in specific perl version(s?). I can't easily reproduce the issue in a simple perl script, but it happens and it's rather unpleasant... Bugzilla::Product and Bugzilla::Component are of course parts of Bugzilla. |
From @jkeenanOn Fri Jul 10 05:32:19 2015, vitalif@mail.ru wrote:
Unfortunately, if we don't have a reproducible example of the bug, we cannot help you.
-- |
From vz-bitcard@zeitlins.org
I understand this perfectly well and I don't expect any action here, but I'd just like to leave a note saying that I ran into the same issue after upgrading an old Bugzilla 3.6 installation which was previously running nicely with 5.15 to 5.20 and spent an hour or so trying to understand what was happening -- unsuccessfully. So while I don't have a way to reproduce it neither (I tried but failed), at the very least this problem is not specific to the original reporter and can be reliably reproduced with Bugzilla 3.6 and Perl 5.20. |
From [Unknown Contact. See original ticket]
I understand this perfectly well and I don't expect any action here, but I'd just like to leave a note saying that I ran into the same issue after upgrading an old Bugzilla 3.6 installation which was previously running nicely with 5.15 to 5.20 and spent an hour or so trying to understand what was happening -- unsuccessfully. So while I don't have a way to reproduce it neither (I tried but failed), at the very least this problem is not specific to the original reporter and can be reliably reproduced with Bugzilla 3.6 and Perl 5.20. |
From @jkeenanOn Wed Jan 20 05:27:42 2016, V.Z wrote:
I discussed this issue with a Mozilla Bugzilla developer who spoke at this past weekend's DC-Baltimore Perl Workshop. He commented that the bug appears to be on a fork of Bugzilla of which he was previously unaware. So, there's clearly nothing more for P5P to do here, so I'm closing this ticket. Any further issues should first be filed with the CPAN distribution or with Bugzilla itself. Thank you very much. -- |
@jkeenan - Status changed from 'open' to 'rejected' |
Migrated from rt.perl.org#125584 (status was 'rejected')
Searchable as RT125584$
The text was updated successfully, but these errors were encountered: