develooper Front page | perl.perl5.porters | Postings from June 2011

Re: [perl #64804] tainting breakage with index() of a constant

Thread Previous
From:
Dave Mitchell
Date:
June 28, 2011 09:11
Subject:
Re: [perl #64804] tainting breakage with index() of a constant
Message ID:
20110628161143.GE2847@iabyn.com
On Fri, Apr 17, 2009 at 11:43:36AM -0700, Niko Tyni wrote:
> As reported by Adrian Irving-Beer in <http://bugs.debian.org/291450>,
> this unexpectedly throws a fatal taint error when invoked with
> two arguments:
>     
>         #!/usr/bin/perl -T
>         use constant C_A => $ARGV[0];
>         use constant C_B => $ARGV[1];
>         index(C_A, C_B);
>         open(FOO, "-|");
> 
> Reported with 5.8.4, verified with current blead, 5.10.0 and 5.8.8. 
> 
> The first attached patch adds a TODO test reduced from this.

Thanks, applied as 0d1104b41d261582aa0acf80a85ad039e46c89d7
 
> The second patch fixes it for me, but I'm unsure if this is more like
> a workaround. Maybe tainted values shouldn't be inlined at all?

I applied an alternative fix as 3b36395d31cf0a2f3a017505cd0ea857a7acb5d1.

-- 
"Do not dabble in paradox, Edward, it puts you in danger of fortuitous wit."
    -- Lady Croom, "Arcadia"

Thread Previous


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About