Front page | perl.perl5.porters |
Postings from October 1999
On Sun, 24 Oct 1999 15:47:43 PDT, Chip Salzenberg wrote:
>According to Gurusamy Sarathy:
>> I don't really think the tainting behavior makes much sense.
>
>Nor I. If the locale can be overridden without Perl's knowledge, then
>it can be overridden without the knowledge of other suid programs as
>well.
Good, that's settled then.
I'm not sure when the numeric locale stuff went in, but I wish the
LC_NUMERIC stuff would default to "off". Normal NV->PV conversions
are "unsafe" as it stands, because they follow the numeric locale
if your Gconvert() does.
OTOH, sprintf() always uses the "C" locale, so it is relatively
safer.
Sarathy
gsar@ActiveState.com
-----------------------------------8<-----------------------------------
Change 4449 by gsar@auger on 1999/10/24 23:20:10
remove inconsistent tainting behavior of sprintf("%e",...)
(all bets are off is "C" locale is compromised)
Affected files ...
... //depot/perl/pod/perlfunc.pod#113 edit
... //depot/perl/pod/perllocale.pod#17 edit
... //depot/perl/sv.c#155 edit
Differences ...
==== //depot/perl/pod/perlfunc.pod#113 (text) ====
Index: perl/pod/perlfunc.pod
--- perl/pod/perlfunc.pod.~1~ Sun Oct 24 16:20:15 1999
+++ perl/pod/perlfunc.pod Sun Oct 24 16:20:15 1999
@@ -4195,13 +4195,6 @@
point in formatted real numbers is affected by the LC_NUMERIC locale.
See L<perllocale>.
-To cope with broken systems that allow the standard locales to be
-overridden by malicious users, the return value may be tainted
-if any of the floating point formats are used and the conversion
-yields something that doesn't look like a normal C-locale floating
-point number. This happens regardless of whether C<use locale> is
-in effect or not.
-
If Perl understands "quads" (64-bit integers) (this requires
either that the platform natively supports quads or that Perl
has been specifically compiled to support quads), the characters
==== //depot/perl/pod/perllocale.pod#17 (text) ====
Index: perl/pod/perllocale.pod
--- perl/pod/perllocale.pod.~1~ Sun Oct 24 16:20:15 1999
+++ perl/pod/perllocale.pod Sun Oct 24 16:20:15 1999
@@ -641,11 +641,12 @@
=item *
-If the decimal point character in the C<LC_NUMERIC> locale is
-surreptitiously changed from a dot to a comma, C<sprintf("%g",
-0.123456e3)> produces a string result of "123,456". Many people would
-interpret this as one hundred and twenty-three thousand, four hundred
-and fifty-six.
+Some systems are broken in that they allow the "C" locale to be
+overridden by users. If the decimal point character in the
+C<LC_NUMERIC> category of the "C" locale is surreptitiously changed
+from a dot to a comma, C<sprintf("%g", 0.123456e3)> produces a
+string result of "123,456". Many people would interpret this as
+one hundred and twenty-three thousand, four hundred and fifty-six.
=item *
@@ -713,10 +714,6 @@
if modified as a result of a substitution based on a regular
expression match involving C<\w>, C<\W>, C<\s>, or C<\S>; or of
case-mapping with C<\l>, C<\L>,C<\u> or C<\U>.
-
-=item B<In-memory formatting function> (sprintf()):
-
-Result is tainted if C<use locale> is in effect.
=item B<Output formatting functions> (printf() and write()):
==== //depot/perl/sv.c#155 (text) ====
Index: perl/sv.c
--- perl/sv.c.~1~ Sun Oct 24 16:20:15 1999
+++ perl/sv.c Sun Oct 24 16:20:15 1999
@@ -5478,38 +5478,6 @@
eptr = PL_efloatbuf;
elen = strlen(PL_efloatbuf);
-
-#ifdef USE_LOCALE_NUMERIC
- /*
- * User-defined locales may include arbitrary characters.
- * And, unfortunately, some (broken) systems may allow the
- * "C" locale to be overridden by a malicious user.
- * XXX This is an extreme way to cope with broken systems.
- */
- if (maybe_tainted && PL_tainting) {
- /* safe if it matches /[-+]?\d*(\.\d*)?([eE][-+]?\d*)?/ */
- if (*eptr == '-' || *eptr == '+')
- ++eptr;
- while (isDIGIT(*eptr))
- ++eptr;
- if (*eptr == '.') {
- ++eptr;
- while (isDIGIT(*eptr))
- ++eptr;
- }
- if (*eptr == 'e' || *eptr == 'E') {
- ++eptr;
- if (*eptr == '-' || *eptr == '+')
- ++eptr;
- while (isDIGIT(*eptr))
- ++eptr;
- }
- if (*eptr)
- *maybe_tainted = TRUE; /* results are suspect */
- eptr = PL_efloatbuf;
- }
-#endif /* USE_LOCALE_NUMERIC */
-
break;
/* SPECIAL */
End of Patch.
Thread Previous