develooper Front page | perl.perl5.porters | Postings from November 1999

[ID 19991112.004] Bug in IO::Socket (patch included)

Scott Gifford
November 12, 1999 15:55
[ID 19991112.004] Bug in IO::Socket (patch included)
Message ID:
I've found a bug in the IO::Socket module distributed with the latest
version of Perl (5.005_03).  Basically, the problem is that if an
unexpected error happens inside the eval statement in
IO::Socket::connect, the error isn't detected, and the method appears
to succeed.

The case where it caused me problems was trying to create a socket
with a tainted hostname, returned from Net::DNS.  The tainted
information from DNS caused the $addr parameter inside
IO::Socket::connect to be tainted, which made the connect fail.
Because the connect is inside an eval, the tainted variable just
causes $@ to be set, and skips the rest of the eval block.  However,
$@ is never checked after this, so the error goes unnoticed.
IO::Socket::connect reports success, and the application doesn't find
out anything's wrong until it tries to use the socket.

I've attached a minimal program which demonstrates the bug.  Here's
what you see with the broken IO::Socket:

sgifford@sgifford perl5.005_03]$ ./perl -I lib -T ~/prog/sockprob
Connect succeeded!
Couldn't read from socket; connect probably incorrectly reported success

and here's how my patched IO::Socket handles it:

[sgifford@sgifford perl5.005_03]$ ./perl -I newlib -T ~/prog/sockprob
Insecure dependency in connect while running with -T switch at newlib/IO/ line 215.
 at /home/sgifford/prog/smtptest line 15

The patch I've attached is a two-liner which just checks $@ after the
eval, and if $fh hasn't been undef'ed (which the code in the eval
block does if it detects an error), it croaks with the same error


------ScottG. Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at | Group listing | About