develooper Front page | perl.perl5.porters | Postings from October 2012

Re: Security Issues in perl-5.16.x

Thread Previous | Thread Next
Leon Timmermans
October 3, 2012 03:17
Re: Security Issues in perl-5.16.x
Message ID:
On Wed, Oct 3, 2012 at 1:32 AM, Jesse Luehrs <> wrote:
> The point that Chip is making is: how would you propose stopping package
> names from containing nulls? Packages are just hashes internally.
> Should all packages get set uvar magic that dies if the key contains a
> null or something like that? That seems pretty ugly.

Agreed. I'm not seeing any inherent reason why package names shouldn't
be allowed to contain binary data.

>I don't see
> anything wrong with package names (keys in a stash) containing nulls,
> although having system calls die when they are given a string containing
> a null could potentially be a good idea.

I think EINVAL is the error you're looking for ;-)


Thread Previous | Thread Next Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at | Group listing | About