Front page | perl.perl5.porters |
Postings from November 1999
I've found a bug in the IO::Socket module distributed with the latest version of Perl (5.005_03). Basically, the problem is that if an unexpected error happens inside the eval statement in IO::Socket::connect, the error isn't detected, and the method appears to succeed. The case where it caused me problems was trying to create a socket with a tainted hostname, returned from Net::DNS. The tainted information from DNS caused the $addr parameter inside IO::Socket::connect to be tainted, which made the connect fail. Because the connect is inside an eval, the tainted variable just causes $@ to be set, and skips the rest of the eval block. However, $@ is never checked after this, so the error goes unnoticed. IO::Socket::connect reports success, and the application doesn't find out anything's wrong until it tries to use the socket. I've attached a minimal program which demonstrates the bug. Here's what you see with the broken IO::Socket: sgifford@sgifford perl5.005_03]$ ./perl -I lib -T ~/prog/sockprob mail.tir.com Connect succeeded! Couldn't read from socket; connect probably incorrectly reported success and here's how my patched IO::Socket handles it: [sgifford@sgifford perl5.005_03]$ ./perl -I newlib -T ~/prog/sockprob mail.tir.com Insecure dependency in connect while running with -T switch at newlib/IO/Socket.pm line 215. at /home/sgifford/prog/smtptest line 15 The patch I've attached is a two-liner which just checks $@ after the eval, and if $fh hasn't been undef'ed (which the code in the eval block does if it detects an error), it croaks with the same error message. Thanks, ------ScottG.