develooper Front page | perl.perl5.porters | Postings from January 2004

[perl #25267] Tainting problem in

Thread Previous | Thread Next
Michael Yount
January 25, 2004 22:16
[perl #25267] Tainting problem in
Message ID:
# New Ticket Created by  Michael Yount 
# Please include the string:  [perl #25267]
# in the subject line of all future correspondence about this issue. 
# <URL: >

In, the AUTOLOAD routine uses braces to preserve match
variables.  In taint mode on perl 5.8.0 and perl 5.8.1, this causes the
script to die with an "Insecure dependency in require" error during
autoloading if the $1 match variable was previously tainted.  

The problem occurs on line 53 of

  $filename =~ s#^(.*)$pkg\.pm\z#$1auto/$pkg/$;

The tainted $1 variable taints the previously untainted $filename.

This behavior does not occur with perl 5.6.1 or earlier versions.


Thread Previous | Thread Next Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at | Group listing | About