develooper Front page | perl.perl5.porters | Postings from March 2013

[perl #117265] [PATCH] e213661 no warnings 'safesyscalls', fatal nul checks

Thread Previous | Thread Next
From:
Reini Urban via RT
Date:
March 26, 2013 21:29
Subject:
[perl #117265] [PATCH] e213661 no warnings 'safesyscalls', fatal nul checks
Message ID:
rt-3.6.HEAD-28177-1364333381-376.117265-15-0@perl.org
Attached is the revised patch

Check for the nul char in pathnames and string arguments to
syscalls, return undef and set errno to ENOENT.
Added to the default severe warnings category syscalls.
    
Strings with embedded \0 chars were prev. ignored in the syscall but
kept in perl. The hidden payloads in these invalid string args may cause
unnoticed security problems, as they are hard to detect, ignored by
the syscalls but kept around in perl PVs.
Allow an ending \0 though, as several modules add a \0 to
such strings without adjusting the length.
Ignored on WinCE since this uses the wide char API.

-- 
Reini Urban

---
via perlbug:  queue: perl5 status: open
https://rt.perl.org:443/rt3/Ticket/Display.html?id=117265

Thread Previous | Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About