develooper Front page | perl.perl5.porters | Postings from June 2008

[perl #56058] LWP::Simple _get() function taints its arguments sometimes

Thread Next
June 19, 2008 09:54
[perl #56058] LWP::Simple _get() function taints its arguments sometimes
Message ID:
# New Ticket Created by 
# Please include the string:  [perl #56058]
# in the subject line of all future correspondence about this issue. 
# <URL: >

This is a bug report for perl from,
generated with the help of perlbug 1.35 running under perl v5.8.8.

[Please enter your report here]

Untainting is not working in LWP::Simple?

I'm writing a short program that reads an RSS feed and downloads an article.
I'm using XML::RSS::Parser to process the RSS feed, and LWP::Simple to get it.
I've untainted the url, and checked it with tainted() from
Scalar::Util, but I'm still unable to download the article, despite
untainting it as best I know how.

The error message: 
Insecure dependency in connect while running with -T switch at
/usr/lib/perl5/5.8.8/i386-linux-thread-multi/IO/ line 115.

I've inserted debugging statements into LWP::Simple, and found that
_get() sometimes taints the data...?

Here is sample code:
#!/usr/bin/perl -wT
use strict;

use XML::RSS::Parser;
use LWP::Simple;
use Scalar::Util qw(tainted);

# Succeed (assuming this url is still valid):
print "\n";

my $p = XML::RSS::Parser->new;
my $feed = $p->parse_uri('');
#my $feed = $p->parse_file('rss.jsp');
if (!defined $feed) { die("parse: ".($p->errstr)); }
my @list=$feed->query('//item');

# Fail:

sub process {
  my $l=$_[0];
  print $l,"\n";

  # This does untaint the data:
  if ($l!~m/email=([a-z]+)&msgid=(\d+)/i) {
    die("Abnormal link for message: $l");
  my $email=$1;
  my $msgid=$2;

  print "email=$email  msgid=$msgid\n";
  if (tainted($email)) { die("email is tainted"); }
  if (tainted($msgid)) { die("msgid is tainted"); }

  my $url="$1&msgid=$2";

  print "url=$url\n";
  if (tainted($url)) { die("url is tainted"); }

  # This dies with a taint error?!?
  my $content=get($url);

  #print $content;

[Please do not change anything below this line]
This perlbug was built using Perl v5.8.8 in the Red Hat build system.
It is being executed now by Perl v5.8.8 - Mon Jun  9 04:43:24 EDT 2008.

Site configuration information for perl v5.8.8:

Configured by Red Hat, Inc. at Mon Jun  9 04:43:24 EDT 2008.

Summary of my perl5 (revision 5 version 8 subversion 8) configuration:
    osname=linux, osvers=2.6.18-53.1.19.el5xen, archname=i386-linux-thread-multi
    uname='linux 2.6.18-53.1.19.el5xen #1 smp tue apr 22 03:15:33 edt 2008 i686 i686 i386 gnulinux '
    config_args='-des -Doptimize=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m32 -march=i386 -mtune=generic -fasynchronous-unwind-tables -Dversion=5.8.8 -Dmyhostname=localhost -Dperladmin=root@localhost -Dcc=gcc -Dcf_by=Red Hat, Inc. -Dinstallprefix=/usr -Dprefix=/usr -Darchname=i386-linux -Dvendorprefix=/usr -Dsiteprefix=/usr -Duseshrplib -Dusethreads -Duseithreads -Duselargefiles -Dd_dosuid -Dd_semctl_semun -Di_db -Ui_ndbm -Di_gdbm -Di_shadow -Di_syslog -Dman3ext=3pm -Duseperlio -Dinstallusrbinperl=n -Ubincompat5005 -Uversiononly -Dpager=/usr/bin/less -isr -Dd_gethostent_r_proto -Ud_endhostent_r_proto -Ud_sethostent_r_proto -Ud_endprotoent_r_proto -Ud_setprotoent_r_proto -Ud_endservent_r_proto -Ud_setservent_r_proto -Dinc_version_list=5.8.7 5.8.6 5.8.5 -Dscriptdir=/usr/bin'
    hint=recommended, useposix=true, d_sigaction=define
    usethreads=define use5005threads=undef useithreads=define usemultiplicity=define
    useperlio=define d_sfio=undef uselargefiles=define usesocks=undef
    use64bitint=undef use64bitall=undef uselongdouble=undef
    usemymalloc=n, bincompat5005=undef
    cc='gcc', ccflags ='-D_REENTRANT -D_GNU_SOURCE -fno-strict-aliasing -pipe -Wdeclaration-after-statement -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm',
    optimize='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m32 -march=i386 -mtune=generic -fasynchronous-unwind-tables',
    cppflags='-D_REENTRANT -D_GNU_SOURCE -fno-strict-aliasing -pipe -Wdeclaration-after-statement -I/usr/local/include -I/usr/include/gdbm'
    ccversion='', gccversion='4.1.2 20070925 (Red Hat 4.1.2-33)', gccosandvers=''
    intsize=4, longsize=4, ptrsize=4, doublesize=8, byteorder=1234
    d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=12
    ivtype='long', ivsize=4, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8
    alignbytes=4, prototype=define
  Linker and Libraries:
    ld='gcc', ldflags =' -L/usr/local/lib'
    libpth=/usr/local/lib /lib /usr/lib
    libs=-lresolv -lnsl -lgdbm -ldb -ldl -lm -lcrypt -lutil -lpthread -lc
    perllibs=-lresolv -lnsl -ldl -lm -lcrypt -lutil -lpthread -lc
    libc=/lib/, so=so, useshrplib=true,
  Dynamic Linking:
    dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-Wl,-E -Wl,-rpath,/usr/lib/perl5/5.8.8/i386-linux-thread-multi/CORE'
    cccdlflags='-fPIC', lddlflags='-shared -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m32 -march=i386 -mtune=generic -fasynchronous-unwind-tables -L/usr/local/lib'

Locally applied patches:

@INC for perl v5.8.8:

Environment for perl v5.8.8:
    LANGUAGE (unset)
    LOGDIR (unset)
    PERL_BADLANG (unset)

Thread Next Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at | Group listing | About