New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
//g loops infinitely on tainted data #4855
Comments
From skud@infotrope.netCreated by skud@infotrope.netThis is freaky. I've found an odd situation where Perl will go into an #!/usr/bin/perl -w use strict; print "The string we're using is '$ENV{LANG}'\n"; while($ENV{LANG} =~ m/(.)/g ) { Try running that with taint checking off, and you should see it work its Cool, huh? There's no mention of this behaviour in perlsec.pod, so I'm figuring For what it's worth, this caught me in a Real World application where I I've verified this behaviour with perl 5.6.0, 5.6.1 and bleadperl, all K. ` Perl Info
|
From @vanstynKirrily Robert <skud@infotrope.net> wrote: This seems to be a symptom of our current approach to localising magic. /* This makes C<local $tied{foo} = $tied{foo}> possible. Because the taint adds a GMG flag, we end up with the mortalcopy to I don't know how to solve this, but I suspect the solution is not Hugo |
From [Unknown Contact. See original ticket]Kirrily Robert wrote:
It is and it isn't a bug :) With tainting turned on, $ENV{LANG} is slightly more magical than with |
From cmoore@hellyeah.orgThis is also present in 5.8.0. [skud - Wed Jan 16 13:03:13 2002]:
|
From @smpeters
With Perl-5.8.7, I see... steve@kirk:~/perl-current$ perl rt_8262.pl Checking a few other recent Perls, it looks like it went away somewhere |
@smpeters - Status changed from 'open' to 'resolved' |
From laocoon@fastmail.fm
Please note that this only occurs when running under -T. |
1 similar comment
From laocoon@fastmail.fm
Please note that this only occurs when running under -T. |
From @ysthOn Sat, Dec 17, 2005 at 01:23:38PM -0800, Steve Peters via RT wrote:
I think you missed this part, Steve.
^ -T
I see it failing in 5.8.7 and bleadperl (*with* the -T switch). |
From BQW10602@nifty.comOn Sun, 18 Dec 2005 02:02:34 -0800, Yitzchak Scott-Thoennes <sthoenna@efn.org> wrote
Yes, the problem still remains to me, too. When a value of %ENV is tainted, its copy (for example, $a = $ENV{LANG}) Similarly $ARGV[0] is harmful, while its copy ($a = shift) is harmless. Regards, |
From @petdance
You can also do it on: while ( $ENV{LANG} =~ m/./g ) { -- |
From @smpetersOn Sun, Dec 18, 2005 at 11:11:05PM -0800, Andy Lester wrote:
Yes, I did miss the -T. Reopened. |
@smpeters - Status changed from 'resolved' to 'open' |
From mjtg@cam.ac.ukSADAHIRO Tomoyuki <bqw10602@nifty.com> wrote
So it looks like it's magic which causes the trouble ... presumably Mike Guy |
From @iabynOn Mon, Dec 19, 2005 at 05:41:14PM +0000, Mike Guy wrote:
In something like $foo[0] =~ /bar/g the expression on the LHS isn't treated as an lvalue, and it so happens This is a problem with //g, since it wants to modify the LHS by attaching The patch below makes the LHS of a //g expression an lvalue, and seems Dave -- Change 26410 by davem@davem-splatty on 2005/12/19 22:07:49 [perl #8262] //g loops infinitely on tainted data Affected files ... ... //depot/perl/op.c#732 edit Differences ... ==== //depot/perl/op.c#732 (text) ==== @@ -1142,8 +1142,9 @@ ==== //depot/perl/t/op/taint.t#69 (xtext) ==== @@ -17,7 +17,7 @@ BEGIN { require './test.pl'; } $| = 1; |
@iabyn - Status changed from 'open' to 'resolved' |
Migrated from rt.perl.org#8262 (status was 'resolved')
Searchable as RT8262$
The text was updated successfully, but these errors were encountered: