Re: [perl #33689] no warning that variables names cannot containNUL bytes

On 2005-01-05, at 22:00:18 -0000, Nicholas Clark (via RT) wrote:

> # New Ticket Created by  Nicholas Clark 
> # Please include the string:  [perl #33689]
> # in the subject line of all future correspondence about this issue. 
> # <URL: http://rt.perl.org:80/rt3/Ticket/Display.html?id=33689 >
> 
> 
> This is a bug report for perl from nick@ccl4.org,
> generated with the help of perlbug 1.26 running under perl 5.008004.
> 
> 
> -----------------------------------------------------------------
> [Please enter your report here]
> 
> Perl is consistently very proud that it can handle NUL bytes within data
> without flinching. However, variable names can't have NUL bytes in them.
> There's no underlying reason why they couldn't, because the hashes used to
> store variables names can store embedded NUL byes. However, it seems that
> variable names are always passed around internally as NUL terminated
> C strings (eg Perl_gv_fetchpv).
> 
> The upshot of this is that a symbolic reference containing a NUL doesn't
> work as might be expected. This doesn't seem to be mentioned in the docs, and
> certainly doesn't generate any warning:
> 
> $ cat 0names
> #!perl -wl
> 
> $a = "\0chalk";
> $b = "\0cheese";
> 
> print "Values ", $a eq $b ? "Same" : "Different";
> 
> print "Point to ", \($$a) == \($$b) ? "Same" : "Different";
> 
> print \($$a), ", ", \($$b);
> 
> $$a = 4;
> 
> print $$b;
> 
> print ${""};
> 
> __END__
> $ ./perl 0names 
> Values Different
> Point to Same
> SCALAR(0x180118c), SCALAR(0x180118c)
> 4
> 4
> 
> 
> My gut feeling is that the ability to make two (or more) different strings
> soft reference to the same location could be used for malice, although
> probably only on badly written perl 4 era CGI scripts. [that's the vast
> majority of the installed base of perl, isn't it? :-(]
> 
> Presumably this should be documented. Should it also warn? Should it be
> fixed (presumably with a gv_fetchpvn) ? Has anyone used this for an
> obfuscation yet?

I'd guess it wouldn't be a big difference in effort to make it emit
a warning or to fix it. But emitting a warning would require to scan
a string for a NUL byte (which it won't contain in most cases) each
time, so this might slow things down.

Marcus

-- 
Bombeck's Rule of Medicine:
	Never go to a doctor whose office plants have died.

• [perl #33689] no warning that variables names cannot contain NUL bytes by Nicholas Clark
• Re: [perl #33689] no warning that variables names cannot containNUL bytes by Marcus Holland-Moritz
• Re: [perl #33689] no warning that variables names cannot containNUL bytes by perl5-porters
• Re: [perl #33689] no warning that variables names cannot containNUL bytes by perl5-porters
• Re: [perl #33689] no warning that variables names cannot containNUL bytes by Marcus Holland-Moritz
• Re: [perl #33689] no warning that variables names cannot contain NUL bytes by Nicholas Clark