[perl #33689] no warning that variables names cannot contain NUL bytes

# New Ticket Created by  Nicholas Clark 
# Please include the string:  [perl #33689]
# in the subject line of all future correspondence about this issue. 
# <URL: http://rt.perl.org:80/rt3/Ticket/Display.html?id=33689 >


This is a bug report for perl from nick@ccl4.org,
generated with the help of perlbug 1.26 running under perl 5.008004.


-----------------------------------------------------------------
[Please enter your report here]

Perl is consistently very proud that it can handle NUL bytes within data
without flinching. However, variable names can't have NUL bytes in them.
There's no underlying reason why they couldn't, because the hashes used to
store variables names can store embedded NUL byes. However, it seems that
variable names are always passed around internally as NUL terminated
C strings (eg Perl_gv_fetchpv).

The upshot of this is that a symbolic reference containing a NUL doesn't
work as might be expected. This doesn't seem to be mentioned in the docs, and
certainly doesn't generate any warning:

$ cat 0names
#!perl -wl

$a = "\0chalk";
$b = "\0cheese";

print "Values ", $a eq $b ? "Same" : "Different";

print "Point to ", \($$a) == \($$b) ? "Same" : "Different";

print \($$a), ", ", \($$b);

$$a = 4;

print $$b;

print ${""};

__END__
$ ./perl 0names 
Values Different
Point to Same
SCALAR(0x180118c), SCALAR(0x180118c)
4
4


My gut feeling is that the ability to make two (or more) different strings
soft reference to the same location could be used for malice, although
probably only on badly written perl 4 era CGI scripts. [that's the vast
majority of the installed base of perl, isn't it? :-(]

Presumably this should be documented. Should it also warn? Should it be
fixed (presumably with a gv_fetchpvn) ? Has anyone used this for an
obfuscation yet?

Nicholas Clark

[Please do not change anything below this line]
-----------------------------------------------------------------

---
This perlbug was built using Perl 5.00503 - Fri Jan  2 21:35:26 GMT 2004
It is being executed now by  Perl 5.008004 - Fri Apr 16 10:16:08 BST 2004.

Site configuration information for perl 5.008004:

Configured by nwc10 at Fri Apr 16 10:16:08 BST 2004.

Summary of my perl5 (revision 5 version 8 subversion 4) configuration:
  Platform:
    osname=freebsd, osvers=4.9-stable, archname=i386-freebsd
    uname='freebsd colon.colondot.net 4.9-stable freebsd 4.9-stable #5: fri feb 
20 16:12:05 gmt 2004 mbm@colon.colondot.net:usrobjusrsrcsyscolondot i386 '
    config_args='-Dusedevel=y -Dcc=ccache gcc -Dld=gcc -Ubincompat5005 -Uinstall
usrbinperl -Dcf_email=nick@ccl4.org -Dperladmin=nick@ccl4.org -Dinc_version_list
=  -Dinc_version_list_init=0 -Doptimize=-g -O2 -Dusethreads=n -Uuse64bitint -Uus
emymalloc -Dprefix=~/Install/perl584 -Dinstallman1dir=none -Dinstallman3dir=none
 -de'
    hint=recommended, useposix=true, d_sigaction=define
    usethreads=undef use5005threads=undef useithreads=undef usemultiplicity=unde
f
    useperlio=define d_sfio=undef uselargefiles=define usesocks=undef
    use64bitint=undef use64bitall=undef uselongdouble=undef
    usemymalloc=n, bincompat5005=undef
  Compiler:
    cc='ccache gcc', ccflags ='-DHAS_FPSETMASK -DHAS_FLOATINGPOINT_H -DDEBUGGING
 -fno-strict-aliasing -I/usr/local/include',
    optimize='-g -O2',
    cppflags='-DHAS_FPSETMASK -DHAS_FLOATINGPOINT_H -DDEBUGGING -fno-strict-alia
sing -I/usr/local/include'
    ccversion='', gccversion='2.95.4 20020320 [FreeBSD]', gccosandvers=''
    intsize=4, longsize=4, ptrsize=4, doublesize=8, byteorder=1234
    d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=12
    ivtype='long', ivsize=4, nvtype='double', nvsize=8, Off_t='off_t', lseeksize
=8
    alignbytes=4, prototype=define
  Linker and Libraries:
    ld='gcc', ldflags ='-Wl,-E  -L/usr/local/lib'
    libpth=/usr/lib /usr/local/lib
    libs=-lgdbm -lm -lcrypt -lutil -lc
    perllibs=-lm -lcrypt -lutil -lc
    libc=, so=so, useshrplib=false, libperl=libperl.a
    gnulibc_version=''
  Dynamic Linking:
    dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags=' '
    cccdlflags='-DPIC -fPIC', lddlflags='-shared  -L/usr/local/lib'

Locally applied patches:
    

---
@INC for perl 5.008004:
    /export/home/nwc10/Install/perl584/lib/5.8.4/i386-freebsd
    /export/home/nwc10/Install/perl584/lib/5.8.4
    /export/home/nwc10/Install/perl584/lib/site_perl/5.8.4/i386-freebsd
    /export/home/nwc10/Install/perl584/lib/site_perl/5.8.4
    /export/home/nwc10/Install/perl584/lib/site_perl
    .

---
@INC for perl 5.008004:
    /export/home/nwc10/Install/perl584/lib/5.8.4/i386-freebsd
    /export/home/nwc10/Install/perl584/lib/5.8.4
    /export/home/nwc10/Install/perl584/lib/site_perl/5.8.4/i386-freebsd
    /export/home/nwc10/Install/perl584/lib/site_perl/5.8.4
    /export/home/nwc10/Install/perl584/lib/site_perl
    .

---
Environment for perl 5.008004:
    HOME=/export/home/nwc10
    LANG (unset)
    LANGUAGE (unset)
    LD_LIBRARY_PATH (unset)
    LOGDIR (unset)
    PATH=/export/home/nwc10/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/games:/usr/lo
cal/sbin:/usr/local/bin:/usr/X11R6/bin:/export/home/nwc10/bin:/sbin:/usr/sbin:/u
sr/local/sbin
    PERL_BADLANG (unset)
    SHELL=/usr/local/bin/bash

• [perl #33689] no warning that variables names cannot contain NUL bytes by Nicholas Clark
• Re: [perl #33689] no warning that variables names cannot containNUL bytes by Marcus Holland-Moritz
• Re: [perl #33689] no warning that variables names cannot containNUL bytes by perl5-porters
• Re: [perl #33689] no warning that variables names cannot containNUL bytes by perl5-porters
• Re: [perl #33689] no warning that variables names cannot containNUL bytes by Marcus Holland-Moritz
• Re: [perl #33689] no warning that variables names cannot contain NUL bytes by Nicholas Clark