Front page | perl.perl5.porters |
Postings from November 1999
[ID 19991124.006]
From:
David Muir Sharnoff
Date:
November 24, 1999 17:01
Subject:
[ID 19991124.006]
Message ID:
199911250101.RAA43255@idiom.com
~s Untaint by regex match not reliable?
~c current@freebsd.org
This is a bug report for perl from muir@idiom.com,
generated with the help of perlbug 1.26 running under perl 5.00502.
-----------------------------------------------------------------
[Please enter your report here]
I've long believed that the way to untaint something was to do a
regex match against it and then use one of the numbered matches...
The following code shows that this does not always work:
--------------------- cut here -----------------
#!/bin/sh
exec env PT=zz/yy perl -Tx $0
#!/usr/local/bin/perl -T
my $pcold = "/yy";
my $tainted, $nottainted;
if ($ENV{'PT'} =~ m,^(.*)\Q$pcold\E$,) {
$tainted = "$1/pp";
}
if ($ENV{'PT'} =~ m,^([.]*)\Q$pcold\E$,) {
$nottainted = "$1/pp";
}
print (STDERR is_tainted($tainted) ? "TAINTED\n" : "NOT TAINTED\n");
print (STDERR is_tainted($nottainted) ? "TAINTED\n" : "NOT TAINTED\n");
sub is_tainted
{
return ! eval {
join('',@_), kill 0;
1;
};
}
--------------------- cut here -----------------
Correct behavior would be to print "NOT TAINTED" twice.
Interestingly enough, the taintedness of the variable showed up
a little late.
$tainted above got inserted into @INC
A module was found in the directory $tainted
In that module, fastcwd() was called. It died in Cwd.pm
This is also true with 5.005_03.
[Please do not change anything below this line]
-----------------------------------------------------------------
---
Site configuration information for perl 5.00502:
Configured by markm at $Date: 1999/01/17 09:53:34 $.
Summary of my perl5 (5.0 patchlevel 5 subversion 2) configuration:
Platform:
osname=freebsd, osvers=3.0-current, archname=i386-freebsd
uname='freebsd 3.0-current #0: '
hint=recommended, useposix=true, d_sigaction=define
usethreads=undef useperlio=undef d_sfio=undef
Compiler:
cc='cc', optimize='undef', gccversion=2.7.2.1
cppflags=''
ccflags =''
stdchar='char', d_stdstdio=undef, usevfork=true
intsize=4, longsize=4, ptrsize=4, doublesize=8
d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=12
alignbytes=4, usemymalloc=n, prototype=define
Linker and Libraries:
ld='ld', ldflags ='-Wl,-E '
libpth=/usr/lib
libs=-lm -lc -lcrypt
libc=undef, so=so, useshrplib=true, libperl=libperl.so.3
Dynamic Linking:
dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags=' '
cccdlflags='-DPIC -fpic', lddlflags='-shared '
Locally applied patches:
---
@INC for perl 5.00502:
/usr/libdata/perl/5.00502/mach
/usr/libdata/perl/5.00502
/usr/local/lib/perl5/site_perl/5.005/i386-freebsd
/usr/local/lib/perl5/site_perl/5.005
.
---
Environment for perl 5.00502:
HOME=/home/muir
LANG (unset)
LD_LIBRARY_PATH=.:/usr/lib:/usr/local/lib
LOGDIR (unset)
PATH=.:/home/muir/bin/idiom:/home/muir/bin:/home/muir/bin/share:/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/shbin:/usr/local/sbin:/usr/local/bin:/usr/local/ptybin:/usr/X11R6/bin:/usr/bin/X11:/usr/local/tex/bin:/usr/ucb:/usr/bin:/bin:/etc:/usr/etc:/usr/games:/lib:/usr/lib:/usr/local/java/bin:/usr/lib/uucp:/usr/openwin/bin:/usr/openwin/bin/xview:/usr/openwin/demo:/usr/adm:/home/muir/tmp
PERL_BADLANG (unset)
SHELL=/bin/tcsh
-
[ID 19991124.006]
by David Muir Sharnoff