develooper Front page | perl.perl5.porters | Postings from July 2001

[ID 20010731.077] variable untaint from an array fails

From:
me-01
Date:
July 31, 2001 13:52
Subject:
[ID 20010731.077] variable untaint from an array fails
Message ID:
20010731205349.10929.qmail@quasar.home.lunix
This is a bug report for perl from perl@ton.iguana.be,
generated with the help of perlbug 1.33 running under perl v5.7.1.


-----------------------------------------------------------------
[Please enter your report here]

the followin code is simply a routine to see if an argument is tainted,
picks up tainted data from @ARGV and then tries to untaint it with a
pattern in a variable.
This works if the value comes from a normal scalar, but fails if the value
comes out of an array:

perl -Twle 'my $pat = "5"; sub tainted {my $dummy; print $_[0], " gives ", eval {$dummy = join("",@_), kill 0; "not "} || "", "tainted"}; my $taint = shift; tainted("raw", $taint); $taint =~ /($pat)/; tainted("var", "$1"); my @arr = $taint; $arr[0] =~ /($pat)/; tainted("array", "$1")' 5

prints:
raw gives tainted
var gives not tainted
array gives tainted

on sufficiently old perls (5.004_04 or before) it prints
the correct result:

raw gives tainted
var gives not tainted
array gives not tainted

[Please do not change anything below this line]
-----------------------------------------------------------------
---
Flags:
    category=core
    severity=low
---
Site configuration information for perl v5.7.1:

Configured by ton at Sat May 12 18:42:24 CEST 2001.

Summary of my perl5 (revision 5.0 version 7 subversion 1) configuration:
  Platform:
    osname=linux, osvers=2.4.3, archname=i686-linux
    uname='linux quasar 2.4.3 #19 sun apr 1 10:46:29 cest 2001 i686 unknown '
    config_args='-e'
    hint=previous, useposix=true, d_sigaction=define
    usethreads=undef use5005threads=undef useithreads=undef usemultiplicity=undef
    useperlio=define d_sfio=undef uselargefiles=define usesocks=undef
    use64bitint=undef use64bitall=undef uselongdouble=undef
  Compiler:
    cc='cc', ccflags ='-fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -DDEBUGGING',
    optimize='-g',
    cppflags='-fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -DDEBUGGING'
    ccversion='', gccversion='egcs-2.91.66 19990314 (egcs-1.1.2 release)', gccosandvers=''
    intsize=4, longsize=4, ptrsize=4, doublesize=8, byteorder=1234
    d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=12
    ivtype='long', ivsize=4, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8
    alignbytes=8, usemymalloc=n, prototype=define
  Linker and Libraries:
    ld='cc', ldflags =' -L/usr/local/lib -L/opt/gnu/lib'
    libpth=/usr/local/lib /opt/gnu/lib /lib /usr/lib
    libs=-lnsl -lndbm -ldb -ldl -lm -lc -lposix -lcrypt -lutil
    perllibs=-lnsl -ldl -lm -lc -lposix -lcrypt -lutil
    libc=/lib/libc-2.1.1.so, so=so, useshrplib=false, libperl=libperl.a
  Dynamic Linking:
    dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-rdynamic -Wl,-rpath,/usr/lib/perl5/5.7.1/i686-linux/CORE'
    cccdlflags='-fpic', lddlflags='-shared -L/usr/local/lib -L/opt/gnu/lib'

Locally applied patches:
    

---
@INC for perl v5.7.1:
    /usr/lib/perl5/5.7.1/i686-linux
    /usr/lib/perl5/5.7.1
    /usr/lib/perl5/site_perl/5.7.1/i686-linux
    /usr/lib/perl5/site_perl/5.7.1
    /usr/lib/perl5/site_perl
    .

---
Environment for perl v5.7.1:
    HOME=/home/ton
    LANG (unset)
    LANGUAGE (unset)
    LD_LIBRARY_PATH (unset)
    LOGDIR (unset)
    PATH=/home/ton/bin.Linux:/home/ton/bin:/home/ton/bin.SampleSetup:/usr/local/bin:/usr/local/sbin:/usr/local/jre/bin:/usr/local/jdk116_v5/bin:/home/oracle/product/8.1.5/bin:/usr/games/bin:/usr/X11R6/bin:/usr/share/bin:/usr/bin:/usr/sbin:/bin:/sbin:.
    PERL_BADLANG (unset)
    SHELL=/bin/bash




nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About