Front page | perl.perl5.porters |
Postings from June 2008
[perl #56058] LWP::Simple _get() function taints its arguments sometimes
Thread Next
From:
perlbug-followup
Date:
June 19, 2008 09:54
Subject:
[perl #56058] LWP::Simple _get() function taints its arguments sometimes
Message ID:
rt-3.6.HEAD-6656-1213815234-1851.56058-75-0@perl.org
# New Ticket Created by perlbugs@ch.pkts.ca
# Please include the string: [perl #56058]
# in the subject line of all future correspondence about this issue.
# <URL: http://rt.perl.org/rt3/Ticket/Display.html?id=56058 >
This is a bug report for perl from perlbugs@ch.pkts.ca,
generated with the help of perlbug 1.35 running under perl v5.8.8.
-----------------------------------------------------------------
[Please enter your report here]
Untainting is not working in LWP::Simple?
I'm writing a short program that reads an RSS feed and downloads an article.
I'm using XML::RSS::Parser to process the RSS feed, and LWP::Simple to get it.
I've untainted the url, and checked it with tainted() from
Scalar::Util, but I'm still unable to download the article, despite
untainting it as best I know how.
The error message:
Insecure dependency in connect while running with -T switch at
/usr/lib/perl5/5.8.8/i386-linux-thread-multi/IO/Socket.pm line 115.
I've inserted debugging statements into LWP::Simple, and found that
_get() sometimes taints the data...?
Here is sample code:
-------------
#!/usr/bin/perl -wT
use strict;
use XML::RSS::Parser;
use LWP::Simple;
use Scalar::Util qw(tainted);
# Succeed (assuming this url is still valid):
process("http://www.mailinator.com/showmail.jsp?email=billgates&msgid=21924179");
print "\n";
my $p = XML::RSS::Parser->new;
my $feed = $p->parse_uri('http://www.mailinator.com/rss.jsp?email=billgates');
#my $feed = $p->parse_file('rss.jsp');
if (!defined $feed) { die("parse: ".($p->errstr)); }
my @list=$feed->query('//item');
# Fail:
process($list[0]->query('link')->text_content);
sub process {
my $l=$_[0];
print $l,"\n";
# This does untaint the data:
if ($l!~m/email=([a-z]+)&msgid=(\d+)/i) {
die("Abnormal link for message: $l");
}
my $email=$1;
my $msgid=$2;
print "email=$email msgid=$msgid\n";
if (tainted($email)) { die("email is tainted"); }
if (tainted($msgid)) { die("msgid is tainted"); }
my $url="http://www.mailinator.com/showmail2.jsp?email=$1&msgid=$2";
print "url=$url\n";
if (tainted($url)) { die("url is tainted"); }
# This dies with a taint error?!?
my $content=get($url);
#print $content;
}
[Please do not change anything below this line]
-----------------------------------------------------------------
---
Flags:
category=core
severity=medium
---
This perlbug was built using Perl v5.8.8 in the Red Hat build system.
It is being executed now by Perl v5.8.8 - Mon Jun 9 04:43:24 EDT 2008.
Site configuration information for perl v5.8.8:
Configured by Red Hat, Inc. at Mon Jun 9 04:43:24 EDT 2008.
Summary of my perl5 (revision 5 version 8 subversion 8) configuration:
Platform:
osname=linux, osvers=2.6.18-53.1.19.el5xen, archname=i386-linux-thread-multi
uname='linux xenbuilder4.fedora.phx.redhat.com 2.6.18-53.1.19.el5xen #1 smp tue apr 22 03:15:33 edt 2008 i686 i686 i386 gnulinux '
config_args='-des -Doptimize=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m32 -march=i386 -mtune=generic -fasynchronous-unwind-tables -Dversion=5.8.8 -Dmyhostname=localhost -Dperladmin=root@localhost -Dcc=gcc -Dcf_by=Red Hat, Inc. -Dinstallprefix=/usr -Dprefix=/usr -Darchname=i386-linux -Dvendorprefix=/usr -Dsiteprefix=/usr -Duseshrplib -Dusethreads -Duseithreads -Duselargefiles -Dd_dosuid -Dd_semctl_semun -Di_db -Ui_ndbm -Di_gdbm -Di_shadow -Di_syslog -Dman3ext=3pm -Duseperlio -Dinstallusrbinperl=n -Ubincompat5005 -Uversiononly -Dpager=/usr/bin/less -isr -Dd_gethostent_r_proto -Ud_endhostent_r_proto -Ud_sethostent_r_proto -Ud_endprotoent_r_proto -Ud_setprotoent_r_proto -Ud_endservent_r_proto -Ud_setservent_r_proto -Dinc_version_list=5.8.7 5.8.6 5.8.5 -Dscriptdir=/usr/bin'
hint=recommended, useposix=true, d_sigaction=define
usethreads=define use5005threads=undef useithreads=define usemultiplicity=define
useperlio=define d_sfio=undef uselargefiles=define usesocks=undef
use64bitint=undef use64bitall=undef uselongdouble=undef
usemymalloc=n, bincompat5005=undef
Compiler:
cc='gcc', ccflags ='-D_REENTRANT -D_GNU_SOURCE -fno-strict-aliasing -pipe -Wdeclaration-after-statement -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm',
optimize='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m32 -march=i386 -mtune=generic -fasynchronous-unwind-tables',
cppflags='-D_REENTRANT -D_GNU_SOURCE -fno-strict-aliasing -pipe -Wdeclaration-after-statement -I/usr/local/include -I/usr/include/gdbm'
ccversion='', gccversion='4.1.2 20070925 (Red Hat 4.1.2-33)', gccosandvers=''
intsize=4, longsize=4, ptrsize=4, doublesize=8, byteorder=1234
d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=12
ivtype='long', ivsize=4, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8
alignbytes=4, prototype=define
Linker and Libraries:
ld='gcc', ldflags =' -L/usr/local/lib'
libpth=/usr/local/lib /lib /usr/lib
libs=-lresolv -lnsl -lgdbm -ldb -ldl -lm -lcrypt -lutil -lpthread -lc
perllibs=-lresolv -lnsl -ldl -lm -lcrypt -lutil -lpthread -lc
libc=/lib/libc-2.7.so, so=so, useshrplib=true, libperl=libperl.so
gnulibc_version='2.7'
Dynamic Linking:
dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-Wl,-E -Wl,-rpath,/usr/lib/perl5/5.8.8/i386-linux-thread-multi/CORE'
cccdlflags='-fPIC', lddlflags='-shared -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m32 -march=i386 -mtune=generic -fasynchronous-unwind-tables -L/usr/local/lib'
Locally applied patches:
---
@INC for perl v5.8.8:
/usr/lib/perl5/site_perl/5.8.8/i386-linux-thread-multi
/usr/lib/perl5/site_perl/5.8.7/i386-linux-thread-multi
/usr/lib/perl5/site_perl/5.8.6/i386-linux-thread-multi
/usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi
/usr/lib/perl5/site_perl/5.8.8
/usr/lib/perl5/site_perl/5.8.7
/usr/lib/perl5/site_perl/5.8.6
/usr/lib/perl5/site_perl/5.8.5
/usr/lib/perl5/site_perl
/usr/lib/perl5/vendor_perl/5.8.8/i386-linux-thread-multi
/usr/lib/perl5/vendor_perl/5.8.7/i386-linux-thread-multi
/usr/lib/perl5/vendor_perl/5.8.6/i386-linux-thread-multi
/usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi
/usr/lib/perl5/vendor_perl/5.8.8
/usr/lib/perl5/vendor_perl/5.8.7
/usr/lib/perl5/vendor_perl/5.8.6
/usr/lib/perl5/vendor_perl/5.8.5
/usr/lib/perl5/vendor_perl
/usr/lib/perl5/5.8.8/i386-linux-thread-multi
/usr/lib/perl5/5.8.8
.
---
Environment for perl v5.8.8:
HOME=/home/croot
LANG=en_US.UTF-8
LANGUAGE (unset)
LD_LIBRARY_PATH=/usr/arb/lib
LOGDIR (unset)
PATH=/usr/arb/bin:/home/croot/bin:/home/croot/bin/LINUX:/home/croot/pubbin/LINUX:/usr/depot/ccache-2.2/mybin:/usr/depot/distcc/mybin:/usr/local/bin:/bin:/usr/local/etc:/usr/sbin:/usr/ucb:/sbin:/usr/5bin:/usr/X11/bin:/usr/bin:/usr/bin/X11:/usr/bsd:/usr/ccs/bin:/usr/etc:/usr/games:/usr/lib:/usr/libexec:/usr/X11R6/bin:/usr/local/sbin:.
PERL_BADLANG (unset)
SHELL=/bin/csh
Thread Next
-
[perl #56058] LWP::Simple _get() function taints its arguments sometimes
by perlbug-followup