Front page | perl.perl5.porters |
Postings from September 2000
[ID 20000912.008] substr replacement of tainted data (bug)
Thread Next
From:
thospel
Date:
September 12, 2000 13:31
Subject:
[ID 20000912.008] substr replacement of tainted data (bug)
Message ID:
20000912203034.25521.qmail@quasar.home.lunix
This is a bug report for perl from thospel@mail.dma.be,
generated with the help of perlbug 1.31 running under perl v5.6.0.
-----------------------------------------------------------------
[Please enter your report here]
Consider the following program:
----
#! /usr/bin/perl -wT-
use strict;
local *FUN;
# The file here is not important, just a way to get tainted data
open(FUN, "/etc/group") || die "Could not open /dev/null: $!";
my $val = <FUN>;
$val =~ s/.*\n/firstlast/;
my %data;
my $ind = "a";
$data{$ind} = $val;
print "Initial string ->$data{$ind}<-\n";
print "Strip of ->", substr($data{$ind}, 0, 5, ""), "<-\n";
print "Which leaves us: ->$data{$ind}<-\n";
----
$data{$ind} will begin it's life as the string "firstlast",
the substr() extracts the first 5 chars, and replaces them by ""
The result should be the string "last"
That is indeed what happens without the -T option, or if $data{$ind} is
replaced by just a scalar variable.
However, in the given code, the value will remain "firstlast"
verified on linux and solaris, both in 5.6.0 and some 5.005 versions,
so it's probably an old bug.
[Please do not change anything below this line]
-----------------------------------------------------------------
---
Flags:
category=core
severity=medium
---
Site configuration information for perl v5.6.0:
Configured by ton at Wed Aug 9 23:24:07 CEST 2000.
Summary of my perl5 (revision 5.0 version 6 subversion 0) configuration:
Platform:
osname=linux, osvers=2.4.0-test5, archname=i686-linux
uname='linux quasar 2.4.0-test5 #2 sat jul 29 04:45:14 cest 2000 i686 unknown '
config_args=''
hint=recommended, useposix=true, d_sigaction=define
usethreads=undef use5005threads=undef useithreads=undef usemultiplicity=undef
useperlio=undef d_sfio=undef uselargefiles=undef
use64bitint=undef use64bitall=undef uselongdouble=undef usesocks=undef
Compiler:
cc='cc', optimize='-O2 -fomit-frame-pointer', gccversion=egcs-2.91.66 19990314 (egcs-1.1.2 release), gccosandvers=
cppflags='-fno-strict-aliasing -I/usr/local/include'
ccflags ='-fno-strict-aliasing -I/usr/local/include'
stdchar='char', d_stdstdio=define, usevfork=false
intsize=4, longsize=4, ptrsize=4, doublesize=8
d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=12
ivtype='long', ivsize=4, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=4
alignbytes=4, usemymalloc=y, prototype=define
Linker and Libraries:
ld='cc', ldflags =' -L/usr/local/lib -L/opt/gnu/lib'
libpth=/usr/local/lib /opt/gnu/lib /lib /usr/lib
libs=-lnsl -lndbm -ldl -lm -lc -lposix -lcrypt -lutil
libc=/lib/libc-2.1.1.so, so=so, useshrplib=true, libperl=libperl.so
Dynamic Linking:
dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-rdynamic -Wl,-rpath,/usr/lib/perl5/5.6.0/i686-linux/CORE'
cccdlflags='-fpic', lddlflags='-shared -L/usr/local/lib -L/opt/gnu/lib'
Locally applied patches:
---
@INC for perl v5.6.0:
/usr/lib/perl5/5.6.0/i686-linux
/usr/lib/perl5/5.6.0
/usr/lib/perl5/site_perl/5.6.0/i686-linux
/usr/lib/perl5/site_perl/5.6.0
/usr/lib/perl5/site_perl
.
---
Environment for perl v5.6.0:
HOME=/home/ton
LANG (unset)
LANGUAGE (unset)
LD_LIBRARY_PATH (unset)
LOGDIR (unset)
PATH=/home/ton/bin.Linux:/home/ton/bin:/home/ton/bin.SampleSetup:/usr/local/bin:/usr/local/sbin:/usr/local/jre/bin:/usr/local/jdk116_v5/bin:/usr/games/bin:/usr/X11R6/bin:/usr/share/bin:/usr/bin:/usr/sbin:/bin:/sbin:.
PERL_BADLANG (unset)
SHELL=/bin/bash
Thread Next
-
[ID 20000912.008] substr replacement of tainted data (bug)
by thospel