Front page | perl.perl5.porters |
Postings from January 2005
[perl #33689] no warning that variables names cannot contain NUL bytes
Thread Next
From:
Nicholas Clark
Date:
January 5, 2005 14:00
Subject:
[perl #33689] no warning that variables names cannot contain NUL bytes
Message ID:
rt-3.0.11-33689-105251.18.5910147079742@perl.org
# New Ticket Created by Nicholas Clark
# Please include the string: [perl #33689]
# in the subject line of all future correspondence about this issue.
# <URL: http://rt.perl.org:80/rt3/Ticket/Display.html?id=33689 >
This is a bug report for perl from nick@ccl4.org,
generated with the help of perlbug 1.26 running under perl 5.008004.
-----------------------------------------------------------------
[Please enter your report here]
Perl is consistently very proud that it can handle NUL bytes within data
without flinching. However, variable names can't have NUL bytes in them.
There's no underlying reason why they couldn't, because the hashes used to
store variables names can store embedded NUL byes. However, it seems that
variable names are always passed around internally as NUL terminated
C strings (eg Perl_gv_fetchpv).
The upshot of this is that a symbolic reference containing a NUL doesn't
work as might be expected. This doesn't seem to be mentioned in the docs, and
certainly doesn't generate any warning:
$ cat 0names
#!perl -wl
$a = "\0chalk";
$b = "\0cheese";
print "Values ", $a eq $b ? "Same" : "Different";
print "Point to ", \($$a) == \($$b) ? "Same" : "Different";
print \($$a), ", ", \($$b);
$$a = 4;
print $$b;
print ${""};
__END__
$ ./perl 0names
Values Different
Point to Same
SCALAR(0x180118c), SCALAR(0x180118c)
4
4
My gut feeling is that the ability to make two (or more) different strings
soft reference to the same location could be used for malice, although
probably only on badly written perl 4 era CGI scripts. [that's the vast
majority of the installed base of perl, isn't it? :-(]
Presumably this should be documented. Should it also warn? Should it be
fixed (presumably with a gv_fetchpvn) ? Has anyone used this for an
obfuscation yet?
Nicholas Clark
[Please do not change anything below this line]
-----------------------------------------------------------------
---
This perlbug was built using Perl 5.00503 - Fri Jan 2 21:35:26 GMT 2004
It is being executed now by Perl 5.008004 - Fri Apr 16 10:16:08 BST 2004.
Site configuration information for perl 5.008004:
Configured by nwc10 at Fri Apr 16 10:16:08 BST 2004.
Summary of my perl5 (revision 5 version 8 subversion 4) configuration:
Platform:
osname=freebsd, osvers=4.9-stable, archname=i386-freebsd
uname='freebsd colon.colondot.net 4.9-stable freebsd 4.9-stable #5: fri feb
20 16:12:05 gmt 2004 mbm@colon.colondot.net:usrobjusrsrcsyscolondot i386 '
config_args='-Dusedevel=y -Dcc=ccache gcc -Dld=gcc -Ubincompat5005 -Uinstall
usrbinperl -Dcf_email=nick@ccl4.org -Dperladmin=nick@ccl4.org -Dinc_version_list
= -Dinc_version_list_init=0 -Doptimize=-g -O2 -Dusethreads=n -Uuse64bitint -Uus
emymalloc -Dprefix=~/Install/perl584 -Dinstallman1dir=none -Dinstallman3dir=none
-de'
hint=recommended, useposix=true, d_sigaction=define
usethreads=undef use5005threads=undef useithreads=undef usemultiplicity=unde
f
useperlio=define d_sfio=undef uselargefiles=define usesocks=undef
use64bitint=undef use64bitall=undef uselongdouble=undef
usemymalloc=n, bincompat5005=undef
Compiler:
cc='ccache gcc', ccflags ='-DHAS_FPSETMASK -DHAS_FLOATINGPOINT_H -DDEBUGGING
-fno-strict-aliasing -I/usr/local/include',
optimize='-g -O2',
cppflags='-DHAS_FPSETMASK -DHAS_FLOATINGPOINT_H -DDEBUGGING -fno-strict-alia
sing -I/usr/local/include'
ccversion='', gccversion='2.95.4 20020320 [FreeBSD]', gccosandvers=''
intsize=4, longsize=4, ptrsize=4, doublesize=8, byteorder=1234
d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=12
ivtype='long', ivsize=4, nvtype='double', nvsize=8, Off_t='off_t', lseeksize
=8
alignbytes=4, prototype=define
Linker and Libraries:
ld='gcc', ldflags ='-Wl,-E -L/usr/local/lib'
libpth=/usr/lib /usr/local/lib
libs=-lgdbm -lm -lcrypt -lutil -lc
perllibs=-lm -lcrypt -lutil -lc
libc=, so=so, useshrplib=false, libperl=libperl.a
gnulibc_version=''
Dynamic Linking:
dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags=' '
cccdlflags='-DPIC -fPIC', lddlflags='-shared -L/usr/local/lib'
Locally applied patches:
---
@INC for perl 5.008004:
/export/home/nwc10/Install/perl584/lib/5.8.4/i386-freebsd
/export/home/nwc10/Install/perl584/lib/5.8.4
/export/home/nwc10/Install/perl584/lib/site_perl/5.8.4/i386-freebsd
/export/home/nwc10/Install/perl584/lib/site_perl/5.8.4
/export/home/nwc10/Install/perl584/lib/site_perl
.
---
@INC for perl 5.008004:
/export/home/nwc10/Install/perl584/lib/5.8.4/i386-freebsd
/export/home/nwc10/Install/perl584/lib/5.8.4
/export/home/nwc10/Install/perl584/lib/site_perl/5.8.4/i386-freebsd
/export/home/nwc10/Install/perl584/lib/site_perl/5.8.4
/export/home/nwc10/Install/perl584/lib/site_perl
.
---
Environment for perl 5.008004:
HOME=/export/home/nwc10
LANG (unset)
LANGUAGE (unset)
LD_LIBRARY_PATH (unset)
LOGDIR (unset)
PATH=/export/home/nwc10/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/games:/usr/lo
cal/sbin:/usr/local/bin:/usr/X11R6/bin:/export/home/nwc10/bin:/sbin:/usr/sbin:/u
sr/local/sbin
PERL_BADLANG (unset)
SHELL=/usr/local/bin/bash
Thread Next
-
[perl #33689] no warning that variables names cannot contain NUL bytes
by Nicholas Clark