develooper Front page | perl.perl5.porters | Postings from February 2001

[ID 20010224.002] $1 still tainted after regex

From:
ken
Date:
February 24, 2001 13:40
Subject:
[ID 20010224.002] $1 still tainted after regex
Message ID:
E14WmQS-0002f3-00@lorien.nsds.com

This is a bug report for perl from ken@lorien.nsds.com,
generated with the help of perlbug 1.28 running under perl v5.6.0.


-----------------------------------------------------------------
[Please enter your report here]

Under very specific circumstances, $1 (and the others I assume) are
not untainted after a regular expression.  I ran into this problem
while trying to untaint command line options.  I think there are two
factors that must be present:

  1) The regular expression contains a scalar variable
  2) The regular expression appears in an elsif clause

Here is some code to demonstrate the problem:

    #!/usr/local/bin/perl5.6 -T

    use strict;

    sub tainted {
        not eval { join("",@_), kill 0; 1 };
    }

    my $valid_chars = 'a-z';
    my $foo = "abcdefghi" . substr($^X, 0, 0); # taints foo
    if ( not tainted $foo ) {
        print "foo should be tainted but it is not\n";
    }

    if ( $foo eq '' ) {
    }
    elsif ( $foo =~ /([$valid_chars]+)/o ) {
        if ( tainted $1 ) {
            print "\$1 should not be tainted but it is\n";
        }
        else {
            print "test worked fine; no problem here\n";
        }
    }

And here are some lines that you are free to use in the perl test
suite, specifically in t/op/taint.t, to test for this problem.  Note
that for my own testing I simply replaced tests 41 and 42 with the two
tests below.  But if you want to add these two tests to the suite,
then of course all the test numbers have to be updated.

    my $valid_chars = 'a-z';
    if ( $foo eq '' ) {
    }
    elsif ( $foo =~ /([$valid_chars]+)/o ) {
        test 41, not tainted $1;
    }

    if ( $foo eq '' ) {
    }
    elsif ( my @bar = $foo =~ /([$valid_chars]+)/o ) {
        test 42, not any_tainted @bar;
    }

The problem exists in perl 5.005_03 as well, but there is an
additional factor that must be present:

   3) The variable to which the regular expression is bound must be a
      hash element

Here's some code (all I did was replace "$foo" with "$opt->{foo}"):

    #!/usr/local/bin/perl5.005 -T

    use strict;

    sub tainted {
        not eval { join("",@_), kill 0; 1 };
    }

    my $valid_chars = 'a-z';
    my $opt = {};
    $opt->{foo} = "abcdefghi" . substr($^X, 0, 0);
    if ( not tainted $opt->{foo} ) {
        print "foo should be tainted but it is not\n";
    }

    if ( $opt->{foo} eq '' ) {
    }
    elsif ( $opt->{foo} =~ /([$valid_chars]+)/o ) {
        if ( tainted $1 ) {
            print "\$1 should not be tainted but it is\n";
        }
        else {
            print "test worked fine; no problem here\n";
        }
    }

[Please do not change anything below this line]
-----------------------------------------------------------------
---
Flags:
    category=core
    severity=medium
---
Site configuration information for perl v5.6.0:

Configured by ken at Sat Feb 24 12:36:13 PST 2001.

Summary of my perl5 (revision 5.0 version 6 subversion 0) configuration:
  Platform:
    osname=linux, osvers=2.2.13, archname=i686-linux
    uname='linux lorien 2.2.13 #1 sat jan 22 21:25:37 pst 2000 i686 unknown '
    config_args='-de'
    hint=recommended, useposix=true, d_sigaction=define
    usethreads=undef use5005threads=undef useithreads=undef usemultiplicity=undef
    useperlio=undef d_sfio=undef uselargefiles=define 
    use64bitint=undef use64bitall=undef uselongdouble=undef usesocks=undef
  Compiler:
    cc='cc', optimize='-O2', gccversion=2.95.2 20000220 (Debian GNU/Linux)
    cppflags='-fno-strict-aliasing -I/usr/local/include'
    ccflags ='-fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64'
    stdchar='char', d_stdstdio=define, usevfork=false
    intsize=4, longsize=4, ptrsize=4, doublesize=8
    d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=12
    ivtype='long', ivsize=4, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8
    alignbytes=4, usemymalloc=n, prototype=define
  Linker and Libraries:
    ld='cc', ldflags =' -L/usr/local/lib'
    libpth=/usr/local/lib /lib /usr/lib
    libs=-lnsl -ldl -lm -lc -lcrypt
    libc=/lib/libc-2.2.so, so=so, useshrplib=false, libperl=libperl.a
  Dynamic Linking:
    dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-rdynamic'
    cccdlflags='-fpic', lddlflags='-shared -L/usr/local/lib'

Locally applied patches:
    

---
@INC for perl v5.6.0:
    ./lib
    /usr/local/lib/perl5/5.6.0/i686-linux
    /usr/local/lib/perl5/5.6.0
    /usr/local/lib/perl5/site_perl/5.6.0/i686-linux
    /usr/local/lib/perl5/site_perl/5.6.0
    /usr/local/lib/perl5/site_perl
    .

---
Environment for perl v5.6.0:
    HOME=/home/ken
    LANG=C
    LANGUAGE (unset)
    LD_LIBRARY_PATH (unset)
    LOGDIR (unset)
    PATH=~/bin:/usr/local/bin:/usr/bin:/bin:/usr/bin/X11:/usr/games
    PERL_BADLANG (unset)
    SHELL=/bin/bash




nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About