develooper Front page | perl.perl5.porters | Postings from November 1999

[ID 19991124.006]

From:
David Muir Sharnoff
Date:
November 24, 1999 17:01
Subject:
[ID 19991124.006]
Message ID:
199911250101.RAA43255@idiom.com
~s Untaint by regex match not reliable?
~c current@freebsd.org
This is a bug report for perl from muir@idiom.com,
generated with the help of perlbug 1.26 running under perl 5.00502.


-----------------------------------------------------------------
[Please enter your report here]

I've long believed that the way to untaint something was to do a
regex match against it and then use one of the numbered matches...

The following code shows that this does not always work:

--------------------- cut here -----------------
#!/bin/sh 
exec env PT=zz/yy perl -Tx $0
#!/usr/local/bin/perl -T

my $pcold = "/yy";
my $tainted, $nottainted;
if ($ENV{'PT'} =~ m,^(.*)\Q$pcold\E$,) {
	$tainted = "$1/pp";
}
if ($ENV{'PT'} =~ m,^([.]*)\Q$pcold\E$,) {
	$nottainted = "$1/pp";
}

print (STDERR is_tainted($tainted) ? "TAINTED\n" : "NOT TAINTED\n");
print (STDERR is_tainted($nottainted) ? "TAINTED\n" : "NOT TAINTED\n");

sub is_tainted 
{
       return ! eval {
		join('',@_), kill 0;
		1;
       };
}

--------------------- cut here -----------------

Correct behavior would be to print "NOT TAINTED" twice. 


Interestingly enough, the taintedness of the variable showed up
a little late.

	$tainted above got inserted into @INC
	A module was found in the directory $tainted
	In that module, fastcwd() was called.   It died in Cwd.pm




This is also true with 5.005_03.

[Please do not change anything below this line]
-----------------------------------------------------------------

---
Site configuration information for perl 5.00502:

Configured by markm at $Date: 1999/01/17 09:53:34 $.

Summary of my perl5 (5.0 patchlevel 5 subversion 2) configuration:
  Platform:
    osname=freebsd, osvers=3.0-current, archname=i386-freebsd
    uname='freebsd 3.0-current #0: '
    hint=recommended, useposix=true, d_sigaction=define
    usethreads=undef useperlio=undef d_sfio=undef
  Compiler:
    cc='cc', optimize='undef', gccversion=2.7.2.1
    cppflags=''
    ccflags =''
    stdchar='char', d_stdstdio=undef, usevfork=true
    intsize=4, longsize=4, ptrsize=4, doublesize=8
    d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=12
    alignbytes=4, usemymalloc=n, prototype=define
  Linker and Libraries:
    ld='ld', ldflags ='-Wl,-E '
    libpth=/usr/lib
    libs=-lm -lc -lcrypt
    libc=undef, so=so, useshrplib=true, libperl=libperl.so.3
  Dynamic Linking:
    dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags=' '
    cccdlflags='-DPIC -fpic', lddlflags='-shared '

Locally applied patches:
    

---
@INC for perl 5.00502:
    /usr/libdata/perl/5.00502/mach
    /usr/libdata/perl/5.00502
    /usr/local/lib/perl5/site_perl/5.005/i386-freebsd
    /usr/local/lib/perl5/site_perl/5.005
    .

---
Environment for perl 5.00502:
    HOME=/home/muir
    LANG (unset)
    LD_LIBRARY_PATH=.:/usr/lib:/usr/local/lib
    LOGDIR (unset)
    PATH=.:/home/muir/bin/idiom:/home/muir/bin:/home/muir/bin/share:/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/shbin:/usr/local/sbin:/usr/local/bin:/usr/local/ptybin:/usr/X11R6/bin:/usr/bin/X11:/usr/local/tex/bin:/usr/ucb:/usr/bin:/bin:/etc:/usr/etc:/usr/games:/lib:/usr/lib:/usr/local/java/bin:/usr/lib/uucp:/usr/openwin/bin:/usr/openwin/bin/xview:/usr/openwin/demo:/usr/adm:/home/muir/tmp
    PERL_BADLANG (unset)
    SHELL=/bin/tcsh



nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About