Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Missing getmagic in Digest::MD5 #7419

Closed
p5pRT opened this issue Jul 11, 2004 · 6 comments
Closed

Missing getmagic in Digest::MD5 #7419

p5pRT opened this issue Jul 11, 2004 · 6 comments
Labels
cpan-dual-life issues regarding dual-life cpan-first distributions distro-Linux sendToCPAN type-library

Comments

@p5pRT
Copy link

p5pRT commented Jul 11, 2004

Migrated from rt.perl.org#30673 (status was 'rejected')

Searchable as RT30673$
@p5pRT
Copy link
Author

p5pRT commented Jul 11, 2004

From perl-5.8.0@ton.iguana.be

Created by perl-5.8.0@ton.iguana.be

Again using tainting as my favorite way to attach magic​:

perl -Twle 'use Digest​::MD5; my $class = "Digest​::MD5" . substr($0, 0, 0); $m = $class->new; print STDERR "Got here"; $m->add("")'
Got here
Not a reference to a Digest​::MD5 object at -e line 1.
  (in cleanup) Not a reference to a Digest​::MD5 object during global destruction.

I think the problem is that MD5_CTX* get_md5_ctx in ext/Digest/MD5/MD5.xs
does a direct check for SvROK(sv) without doing a get magic first

I'm also starting to think that a tainted testsuite is really needed.
This kind of stuff is far too common.

Perl Info 

Flags:
    category=library
    severity=low

Site configuration information for perl v5.8.4:

Configured by ton at Thu Jun  3 13:28:19 CEST 2004.

Summary of my perl5 (revision 5 version 8 subversion 4) configuration:
  Platform:
    osname=linux, osvers=2.6.5, archname=i686-linux-64int-ld
    uname='linux quasar 2.6.5 #8 mon apr 5 05:41:20 cest 2004 i686 gnulinux '
    config_args=''
    hint=recommended, useposix=true, d_sigaction=define
    usethreads=undef use5005threads=undef useithreads=undef usemultiplicity=undef
    useperlio=define d_sfio=undef uselargefiles=define usesocks=undef
    use64bitint=define use64bitall=undef uselongdouble=define
    usemymalloc=y, bincompat5005=undef
  Compiler:
    cc='cc', ccflags ='-fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64',
    optimize='-O2 -fomit-frame-pointer',
    cppflags='-fno-strict-aliasing -I/usr/local/include'
    ccversion='', gccversion='3.4.0 20031231 (experimental)', gccosandvers=''
    intsize=4, longsize=4, ptrsize=4, doublesize=8, byteorder=12345678
    d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=12
    ivtype='long long', ivsize=8, nvtype='long double', nvsize=12, Off_t='off_t', lseeksize=8
    alignbytes=4, prototype=define
  Linker and Libraries:
    ld='cc', ldflags =' -L/usr/local/lib'
    libpth=/usr/local/lib /lib /usr/lib
    libs=-lnsl -ldb -ldl -lm -lcrypt -lutil -lc
    perllibs=-lnsl -ldl -lm -lcrypt -lutil -lc
    libc=/lib/libc-2.3.2.so, so=so, useshrplib=false, libperl=libperl.a
    gnulibc_version='2.3.2'
  Dynamic Linking:
    dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-Wl,-E'
    cccdlflags='-fpic', lddlflags='-shared -L/usr/local/lib'

Locally applied patches:
    


@INC for perl v5.8.4:
    /usr/lib/perl5/5.8.4/i686-linux-64int-ld
    /usr/lib/perl5/5.8.4
    /usr/lib/perl5/site_perl/5.8.4/i686-linux-64int-ld
    /usr/lib/perl5/site_perl/5.8.4
    /usr/lib/perl5/site_perl
    .


Environment for perl v5.8.4:
    HOME=/home/ton
    LANG (unset)
    LANGUAGE (unset)
    LD_LIBRARY_PATH (unset)
    LOGDIR (unset)
    PATH=/home/ton/bin.Linux:/home/ton/bin:/home/ton/bin.SampleSetup:/opt/schily/bin:/usr/local/bin:/usr/local/sbin:/home/oracle/product/9.0.1/bin:/usr/local/ar/bin:/usr/games/bin:/usr/X11R6/bin:/usr/share/bin:/usr/bin:/usr/sbin:/bin:/sbin:.
    PERL_BADLANG (unset)
    SHELL=/bin/bash

@p5pRT
Copy link
Author

p5pRT commented Nov 8, 2005

From @smpeters

[perl-5.8.0@​ton.iguana.be - Sun Jul 11 06​:59​:45 2004]​:

This is a bug report for perl from perl-5.8.0@​ton.iguana.be,
generated with the help of perlbug 1.35 running under perl v5.8.4.

-----------------------------------------------------------------
[Please enter your report here]

Again using tainting as my favorite way to attach magic​:

perl -Twle 'use Digest​::MD5; my $class = "Digest​::MD5" . substr($0, 0,
0); $m = $class->new; print STDERR "Got here"; $m->add("")'
Got here
Not a reference to a Digest​::MD5 object at -e line 1.
(in cleanup) Not a reference to a Digest​::MD5 object during
global destruction.

I think the problem is that MD5_CTX* get_md5_ctx in
ext/Digest/MD5/MD5.xs
does a direct check for SvROK(sv) without doing a get magic first

I'm also starting to think that a tainted testsuite is really needed.
This kind of stuff is far too common.

I tested out the above, adding a SvGETMAGIC(sv) before the call to
SvROK(sv), and I got the same results as above. I'm assuming you hoped
to see something different?

Inline Patch 
--- ext/Digest/MD5/MD5.xs.old   Tue Jul  5 06:02:12 2005
+++ ext/Digest/MD5/MD5.xs       Tue Nov  8 06:33:28 2005
@@ -468,6 +468,7 @@

 static MD5_CTX* get_md5_ctx(pTHX_ SV* sv)
 {
+    SvGETMAGIC(sv);
     if (SvROK(sv)) {
        sv = SvRV(sv);
        if (SvIOK(sv)) {

@p5pRT
Copy link
Author

p5pRT commented Nov 8, 2005

The RT System itself - Status changed from 'new' to 'open'

@p5pRT
Copy link
Author

p5pRT commented Nov 8, 2005

From me-02@ton.iguana.be

On Tue, Nov 08, 2005 at 04​:37​:53AM -0800, Steve Peters via RT wrote​:

I tested out the above, adding a SvGETMAGIC(sv) before the call to
SvROK(sv), and I got the same results as above. I'm assuming you hoped
to see something different?

Indeed I did hope the fix would be that simple (and quite often it is)
No such luck it seems :-(

@p5pRT
Copy link
Author

p5pRT commented Apr 20, 2012

From @cpansprout

Forwarding to the CPAN queue....

On Sun Jul 11 06​:59​:45 2004, perl-5.8.0@​ton.iguana.be wrote​:

This is a bug report for perl from perl-5.8.0@​ton.iguana.be,
generated with the help of perlbug 1.35 running under perl v5.8.4.

-----------------------------------------------------------------
[Please enter your report here]

Again using tainting as my favorite way to attach magic​:

perl -Twle 'use Digest​::MD5; my $class = "Digest​::MD5" . substr($0, 0,
0); $m = $class->new; print STDERR "Got here"; $m->add("")'
Got here
Not a reference to a Digest​::MD5 object at -e line 1.
(in cleanup) Not a reference to a Digest​::MD5 object during
global destruction.

I think the problem is that MD5_CTX* get_md5_ctx in
ext/Digest/MD5/MD5.xs
does a direct check for SvROK(sv) without doing a get magic first

I'm also starting to think that a tainted testsuite is really needed.
This kind of stuff is far too common.

[Please do not change anything below this line]
-----------------------------------------------------------------
---
Flags​:
category=library
severity=low
---
Site configuration information for perl v5.8.4​:

Configured by ton at Thu Jun 3 13​:28​:19 CEST 2004.

Summary of my perl5 (revision 5 version 8 subversion 4) configuration​:
Platform​:
osname=linux, osvers=2.6.5, archname=i686-linux-64int-ld
uname='linux quasar 2.6.5 #8 mon apr 5 05​:41​:20 cest 2004 i686
gnulinux '
config_args=''
hint=recommended, useposix=true, d_sigaction=define
usethreads=undef use5005threads=undef useithreads=undef
usemultiplicity=undef
useperlio=define d_sfio=undef uselargefiles=define usesocks=undef
use64bitint=define use64bitall=undef uselongdouble=define
usemymalloc=y, bincompat5005=undef
Compiler​:
cc='cc', ccflags ='-fno-strict-aliasing -I/usr/local/include
-D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64',
optimize='-O2 -fomit-frame-pointer',
cppflags='-fno-strict-aliasing -I/usr/local/include'
ccversion='', gccversion='3.4.0 20031231 (experimental)',
gccosandvers=''
intsize=4, longsize=4, ptrsize=4, doublesize=8, byteorder=12345678
d_longlong=define, longlongsize=8, d_longdbl=define,
longdblsize=12
ivtype='long long', ivsize=8, nvtype='long double', nvsize=12,
Off_t='off_t', lseeksize=8
alignbytes=4, prototype=define
Linker and Libraries​:
ld='cc', ldflags =' -L/usr/local/lib'
libpth=/usr/local/lib /lib /usr/lib
libs=-lnsl -ldb -ldl -lm -lcrypt -lutil -lc
perllibs=-lnsl -ldl -lm -lcrypt -lutil -lc
libc=/lib/libc-2.3.2.so, so=so, useshrplib=false,
libperl=libperl.a
gnulibc_version='2.3.2'
Dynamic Linking​:
dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-Wl,-E'
cccdlflags='-fpic', lddlflags='-shared -L/usr/local/lib'

Locally applied patches​:

---
@​INC for perl v5.8.4​:
/usr/lib/perl5/5.8.4/i686-linux-64int-ld
/usr/lib/perl5/5.8.4
/usr/lib/perl5/site_perl/5.8.4/i686-linux-64int-ld
/usr/lib/perl5/site_perl/5.8.4
/usr/lib/perl5/site_perl
.

---
Environment for perl v5.8.4​:
HOME=/home/ton
LANG (unset)
LANGUAGE (unset)
LD_LIBRARY_PATH (unset)
LOGDIR (unset)

PATH=/home/ton/bin.Linux​:/home/ton/bin​:/home/ton/bin.SampleSetup​:/opt/schily/bin​:/usr/local/bin​:/usr/local/sbin​:/home/oracle/product/9.0.1/bin​:/usr/local/ar/bin​:/usr/games/bin​:/usr/X11R6/bin​:/usr/share/bin​:/usr/bin​:/usr/sbin​:/bin​:/sbin​:.

PERL\_BADLANG \(unset\)
SHELL=/bin/bash

--

Father Chrysostomos

@p5pRT
Copy link
Author

p5pRT commented Apr 20, 2012

@cpansprout - Status changed from 'open' to 'rejected'

@p5pRT p5pRT closed this as completed Apr 20, 2012
@toddr toddr mentioned this issue Oct 5, 2020
Closed
@toddr toddr added the cpan-dual-life issues regarding dual-life cpan-first distributions label Oct 5, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
cpan-dual-life issues regarding dual-life cpan-first distributions distro-Linux sendToCPAN type-library
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@toddr @p5pRT