develooper Front page | perl.perl5.porters | Postings from January 2001

[ID 20010127.003] Bug in taint+regex+hash/arrays

January 27, 2001 01:33
[ID 20010127.003] Bug in taint+regex+hash/arrays
Message ID:
This is a bug report for perl from,
generated with the help of perlbug 1.28 running under perl v5.6.0.

[Please enter your report here]

Hello. It seems that in hashes and arrays, 
if tainting is activated, the "g" action in regexp does not works
correctly. This is a snipped example, "", invoked with
" 'area=S::=A{emit(`ls -la`)} A::=b' 'req=b'"

#!/usr/bin/perl -T
# --- part 1 ---
foreach $i (0 .. $#in) {
   ($key, $val) = split(/=/,$in[$i],2);
   # <...snip...>
   $in{$key} = $val;
# --- end of part 1 ---
# if you use the following line in place of "part 1" above, it works!
# (in this case hash is not tainted)
# $in{area} = 'S::=A{emit(`ls -la`)} A::=b';
# ----
# but here this b...rd enters in an infinite loop if taint is on
while( $in{area} =~ /([A-Z])::=(.+?)(?=([A-Z]::=|$))/sg ) {
   # print for debug
   print "$1 is equal to $2\n"; }

Just FYI, the regexp explores user's grammar productions, coming from a
<textarea></textarea> tags, e.g.

S::=aA{#a=A1.s+1; S.s=#a; emit("String is #a chars long")}
A::=xA{A.s=A1.s+1} | @{A.s=0}

I posted the problem on comp.lang.perl.misc, and with another user, Joe
Schaefer, we have analyzed and tried to understand this problem.

Joe wrote also:

I can reproduce it on linux 5.005_03 and 5.6.
I think the taint flag is causing the regexp to fail 
to set pos() for tainted hash and array elements.  Binding to 
a tainted scalar seems to work fine, though.

Try testing it with the following lines substituted for 
the while(...) line above:

        $_ = $in{area};
        while ( $_ =~ /([A-Z])::=(.+?)(?=([A-Z]::=|$))/sg ) {     

        $_[0] = $in{area};
        while ( $_[0] =~ /([A-Z])::=(.+?)(?=([A-Z]::=|$))/sg ) {     


   Samuele Manfrin - Pisa, Italy (home) - (work)

[Please do not change anything below this line]
Site configuration information for perl v5.6.0:

Configured by samuele at Thu Nov  9 18:07:40 MET 2000.

Summary of my perl5 (revision 5.0 version 6 subversion 0) configuration:
    osname=linux, osvers=2.0.32, archname=i486-linux
    uname='linux 486lenna 2.0.32 #23 fri apr 24 14:39:36 met dst 1998 i486 '
    hint=recommended, useposix=true, d_sigaction=define
    usethreads=undef use5005threads=undef useithreads=undef usemultiplicity=undef
    useperlio=undef d_sfio=undef uselargefiles=define 
    use64bitint=undef use64bitall=undef uselongdouble=undef usesocks=undef
    cc='cc', optimize='-O2', gccversion=2.7.2
    ccflags ='-I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64'
    stdchar='char', d_stdstdio=define, usevfork=false
    intsize=4, longsize=4, ptrsize=4, doublesize=8
    d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=12
    ivtype='long', ivsize=4, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=4
    alignbytes=4, usemymalloc=n, prototype=define
  Linker and Libraries:
    ld='cc', ldflags =' -L/usr/local/lib'
    libpth=/usr/local/lib /lib /usr/lib
    libs=-lndbm -lgdbm -ldbm -ldb -ldl -lm -lc
    libc=/lib/, so=so, useshrplib=false, libperl=libperl.a
  Dynamic Linking:
    dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-rdynamic'
    cccdlflags='-fpic', lddlflags='-shared -L/usr/local/lib'

Locally applied patches:

@INC for perl v5.6.0:

Environment for perl v5.6.0:
    LANG (unset)
    LANGUAGE (unset)
    LD_LIBRARY_PATH (unset)
    LOGDIR (unset)
    PERL_BADLANG (unset)
    SHELL=/bin/tcsh Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at | Group listing | About