develooper Front page | perl.perl5.porters | Postings from November 2010

[perl #79680] [PATCH] overload 1.10 sprintf fails taint checking

From:
Michael Fig
Date:
November 24, 2010 05:59
Subject:
[perl #79680] [PATCH] overload 1.10 sprintf fails taint checking
Message ID:
rt-3.6.HEAD-13564-1290542208-1231.79680-75-0@perl.org
# New Ticket Created by  Michael Fig 
# Please include the string:  [perl #79680]
# in the subject line of all future correspondence about this issue. 
# <URL: http://rt.perl.org/rt3/Ticket/Display.html?id=79680 >



This is a bug report for perl from michael@liveblockauctions.com, 
generated with the help of perlbug 1.39 running under perl 5.10.1. 




----------------------------------------------------------------- 
I noticed when using Carp under taint mode that tainted objects in 
Carp's backtrace caused perl to die with an insecure dependency in 
sprintf error. 


The problem is easily solved: just patch overload::AddrRef so that it 
doesn't interpolate potentially tainted variables in a format 
string, instead passing them as string arguments to a constant 
format. 


Thanks, 
Michael. 


--- /usr/share/perl/5.10.1/overload.pm 2010-04-23 02:23:10.000000000 -0600 
+++ overload.pm 2010-11-23 13:47:34.000000000 -0600 
@@ -96,7 +96,7 @@ 
my $class_prefix = defined($class) ? "$class=" : ""; 
my $type = Scalar::Util::reftype($_[0]); 
my $addr = Scalar::Util::refaddr($_[0]); 
- return sprintf("$class_prefix$type(0x%x)", $addr); 
+ return sprintf("%s%s(0x%x)", $class_prefix, $type, $addr); 
} 

*StrVal = *AddrRef; 


----------------------------------------------------------------- 
--- 
Flags: 
category=library 
severity=low 
module=overload 
--- 
Site configuration information for perl 5.10.1: 


Configured by Debian Project at Fri Apr 23 07:59:14 UTC 2010. 


Summary of my perl5 (revision 5 version 10 subversion 1) configuration: 

Platform: 
osname=linux, osvers=2.6.24-27-server, archname=i486-linux-gnu-thread-multi 
uname='linux vernadsky 2.6.24-27-server #1 smp fri mar 12 01:45:06 utc 2010 i686 gnulinux ' 
config_args='-Dusethreads -Duselargefiles -Dccflags=-DDEBIAN -Dcccdlflags=-fPIC -Darchname=i486-linux-gnu -Dprefix=/usr -Dprivlib=/usr/share/perl/5.10 -Darchlib=/usr/lib/perl/5.10 -Dvendorprefix=/usr -Dvendorlib=/usr/share/perl5 -Dvendorarch=/usr/lib/perl5 -Dsiteprefix=/usr/local -Dsitelib=/usr/local/share/perl/5.10.1 -Dsitearch=/usr/local/lib/perl/5.10.1 -Dman1dir=/usr/share/man/man1 -Dman3dir=/usr/share/man/man3 -Dsiteman1dir=/usr/local/man/man1 -Dsiteman3dir=/usr/local/man/man3 -Dman1ext=1 -Dman3ext=3perl -Dpager=/usr/bin/sensible-pager -Uafs -Ud_csh -Ud_ualarm -Uusesfio -Uusenm -DDEBUGGING=-g -Doptimize=-O2 -Duseshrplib -Dlibperl=libperl.so.5.10.1 -Dd_dosuid -des' 
hint=recommended, useposix=true, d_sigaction=define 
useithreads=define, usemultiplicity=define 
useperlio=define, d_sfio=undef, uselargefiles=define, usesocks=undef 
use64bitint=undef, use64bitall=undef, uselongdouble=undef 
usemymalloc=n, bincompat5005=undef 
Compiler: 
cc='cc', ccflags ='-D_REENTRANT -D_GNU_SOURCE -DDEBIAN -fno-strict-aliasing -pipe -fstack-protector -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64', 
optimize='-O2 -g', 
cppflags='-D_REENTRANT -D_GNU_SOURCE -DDEBIAN -fno-strict-aliasing -pipe -fstack-protector -I/usr/local/include' 
ccversion='', gccversion='4.4.3', gccosandvers='' 
intsize=4, longsize=4, ptrsize=4, doublesize=8, byteorder=1234 
d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=12 
ivtype='long', ivsize=4, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8 
alignbytes=4, prototype=define 
Linker and Libraries: 
ld='cc', ldflags =' -fstack-protector -L/usr/local/lib' 
libpth=/usr/local/lib /lib /usr/lib /usr/lib64 
libs=-lgdbm -lgdbm_compat -ldb -ldl -lm -lpthread -lc -lcrypt 
perllibs=-ldl -lm -lpthread -lc -lcrypt 
libc=/lib/libc-2.11.1.so, so=so, useshrplib=true, libperl=libperl.so.5.10.1 
gnulibc_version='2.11.1' 
Dynamic Linking: 
dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-Wl,-E' 
cccdlflags='-fPIC', lddlflags='-shared -O2 -g -L/usr/local/lib -fstack-protector' 


Locally applied patches: 



--- 
@INC for perl 5.10.1: 
/etc/perl 
/usr/local/lib/perl/5.10.1 
/usr/local/share/perl/5.10.1 
/usr/lib/perl5 
/usr/share/perl5 
/usr/lib/perl/5.10 
/usr/share/perl/5.10 
/usr/local/lib/site_perl 
. 


--- 
Environment for perl 5.10.1: 
HOME=/home/michael 
LANG=en_CA.utf8 
LANGUAGE (unset) 
LD_LIBRARY_PATH (unset) 
LOGDIR (unset) 
PATH=/home/michael/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games 
PERL_BADLANG (unset) 
SHELL=/bin/bash

nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About