develooper Front page | perl.perl5.porters | Postings from June 2012

Disallow nul in names

Thread Next
From:
Reini Urban
Date:
June 10, 2012 08:19
Subject:
Disallow nul in names
Message ID:
CAHiT=DEP5D9ddWrzVTeJvxwH3qf1XUMa0GdMACCvra1zX+TYHQ@mail.gmail.com
Since 5.16 we allow \0 - binary nul-  not only in PVs, but also in
internal names,
GV names, constant names and stash names (symbols, functions and packages).
The perl parser is happy to reject such attempts, but the internals
unfortunately not.
I propose to disallow nul in GV and stash names with no strict 'refs'.
t/op/gv.t should fail with its last package lrcg  test subsequently.

GV name handling:
I would like to see everything behind the nul silently dropped. Maybe warn.
I would like to see the various name len fields to be dropped, or only
used internally as cached value for faster malloc's, but not exposed.
The utf-8 flag is enough to get or set the length of any name.

Zefram said binary comparison on gv names containing nul must succeed,
when abused.
I propose to drop nul, and let comparisons fail, because they should
be disallowed when
using a PV with nul as GV names.
Allowing this is no language feature, just a security problem, an API
problem and probably abuse.

As we support only utf-8 and single-byte locales the len of any name can
be calculated in linear time for any API. It was a thinko to apply our
PV handling
(allow nul and carry around the len) to GV names.

Why?
Consistency with the parser, the langauge and esp. security concerns.
You can easily hide payloads in PVs, hash keys, but now also in names,
and since we use names in our super simplified pp_require logic to load
modules we pass nul to system calls.

If someone really wants to abuse 5.16 behaviour we could invent a new
strict field, like
no strict 'refs-nul' which would allow nul in gv names.

hash keys:
We have the same problem in hash keys. We have more problems in hash keys
by not passing around the taint flag, but allowing nul exposes the
problem even more.
Unfortunately this problem is not easy to solve, as users expect hash
keys to be PVs.
Maybe another pragma could restrict hash keys to disallow nul.
-- 
Reini Urban
http://cpanel.net/   http://www.perl-compiler.org/

Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About