develooper Front page | perl.perl5.porters | Postings from October 1999

Re: printf is tainted!?

Thread Previous
From:
Gurusamy Sarathy
Date:
October 24, 1999 16:42
Subject:
Re: printf is tainted!?
Message ID:
199910242346.QAA18184@activestate.com
On Sun, 24 Oct 1999 15:47:43 PDT, Chip Salzenberg wrote:
>According to Gurusamy Sarathy:
>> I don't really think the tainting behavior makes much sense.
>
>Nor I.  If the locale can be overridden without Perl's knowledge, then
>it can be overridden without the knowledge of other suid programs as
>well.

Good, that's settled then.

I'm not sure when the numeric locale stuff went in, but I wish the
LC_NUMERIC stuff would default to "off".  Normal NV->PV conversions
are "unsafe" as it stands, because they follow the numeric locale
if your Gconvert() does.

OTOH, sprintf() always uses the "C" locale, so it is relatively
safer.


Sarathy
gsar@ActiveState.com
-----------------------------------8<-----------------------------------
Change 4449 by gsar@auger on 1999/10/24 23:20:10

	remove inconsistent tainting behavior of sprintf("%e",...)
	(all bets are off is "C" locale is compromised)

Affected files ...

... //depot/perl/pod/perlfunc.pod#113 edit
... //depot/perl/pod/perllocale.pod#17 edit
... //depot/perl/sv.c#155 edit

Differences ...

==== //depot/perl/pod/perlfunc.pod#113 (text) ====
Index: perl/pod/perlfunc.pod
--- perl/pod/perlfunc.pod.~1~	Sun Oct 24 16:20:15 1999
+++ perl/pod/perlfunc.pod	Sun Oct 24 16:20:15 1999
@@ -4195,13 +4195,6 @@
 point in formatted real numbers is affected by the LC_NUMERIC locale.
 See L<perllocale>.
 
-To cope with broken systems that allow the standard locales to be
-overridden by malicious users, the return value may be tainted
-if any of the floating point formats are used and the conversion
-yields something that doesn't look like a normal C-locale floating
-point number.  This happens regardless of whether C<use locale> is
-in effect or not.
-
 If Perl understands "quads" (64-bit integers) (this requires
 either that the platform natively supports quads or that Perl
 has been specifically compiled to support quads), the characters

==== //depot/perl/pod/perllocale.pod#17 (text) ====
Index: perl/pod/perllocale.pod
--- perl/pod/perllocale.pod.~1~	Sun Oct 24 16:20:15 1999
+++ perl/pod/perllocale.pod	Sun Oct 24 16:20:15 1999
@@ -641,11 +641,12 @@
 
 =item *
 
-If the decimal point character in the C<LC_NUMERIC> locale is
-surreptitiously changed from a dot to a comma, C<sprintf("%g",
-0.123456e3)> produces a string result of "123,456". Many people would
-interpret this as one hundred and twenty-three thousand, four hundred
-and fifty-six.
+Some systems are broken in that they allow the "C" locale to be
+overridden by users.  If the decimal point character in the
+C<LC_NUMERIC> category of the "C" locale is surreptitiously changed
+from a dot to a comma, C<sprintf("%g", 0.123456e3)> produces a
+string result of "123,456".  Many people would interpret this as
+one hundred and twenty-three thousand, four hundred and fifty-six.
 
 =item *
 
@@ -713,10 +714,6 @@
 if modified as a result of a substitution based on a regular
 expression match involving C<\w>, C<\W>, C<\s>, or C<\S>; or of
 case-mapping with C<\l>, C<\L>,C<\u> or C<\U>.
-
-=item B<In-memory formatting function> (sprintf()):
-
-Result is tainted if C<use locale> is in effect.
 
 =item B<Output formatting functions> (printf() and write()):
 

==== //depot/perl/sv.c#155 (text) ====
Index: perl/sv.c
--- perl/sv.c.~1~	Sun Oct 24 16:20:15 1999
+++ perl/sv.c	Sun Oct 24 16:20:15 1999
@@ -5478,38 +5478,6 @@
 
 	    eptr = PL_efloatbuf;
 	    elen = strlen(PL_efloatbuf);
-
-#ifdef USE_LOCALE_NUMERIC
-	    /*
-	     * User-defined locales may include arbitrary characters.
-	     * And, unfortunately, some (broken) systems may allow the
-	     * "C" locale to be overridden by a malicious user.
-	     * XXX This is an extreme way to cope with broken systems.
-	     */
-	    if (maybe_tainted && PL_tainting) {
-		/* safe if it matches /[-+]?\d*(\.\d*)?([eE][-+]?\d*)?/ */
-		if (*eptr == '-' || *eptr == '+')
-		    ++eptr;
-		while (isDIGIT(*eptr))
-		    ++eptr;
-		if (*eptr == '.') {
-		    ++eptr;
-		    while (isDIGIT(*eptr))
-			++eptr;
-		}
-		if (*eptr == 'e' || *eptr == 'E') {
-		    ++eptr;
-		    if (*eptr == '-' || *eptr == '+')
-			++eptr;
-		    while (isDIGIT(*eptr))
-			++eptr;
-		}
-		if (*eptr)
-		    *maybe_tainted = TRUE;	/* results are suspect */
-		eptr = PL_efloatbuf;
-	    }
-#endif /* USE_LOCALE_NUMERIC */
-
 	    break;
 
 	    /* SPECIAL */
End of Patch.

Thread Previous


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About