develooper Front page | perl.perl5.porters | Postings from March 2013

[perl #117265] [PATCH] e213661 no warnings 'safesyscalls', fatal nul checks

Thread Previous | Thread Next
Reini Urban via RT
March 26, 2013 21:29
[perl #117265] [PATCH] e213661 no warnings 'safesyscalls', fatal nul checks
Message ID:
Attached is the revised patch

Check for the nul char in pathnames and string arguments to
syscalls, return undef and set errno to ENOENT.
Added to the default severe warnings category syscalls.
Strings with embedded \0 chars were prev. ignored in the syscall but
kept in perl. The hidden payloads in these invalid string args may cause
unnoticed security problems, as they are hard to detect, ignored by
the syscalls but kept around in perl PVs.
Allow an ending \0 though, as several modules add a \0 to
such strings without adjusting the length.
Ignored on WinCE since this uses the wide char API.

Reini Urban

via perlbug:  queue: perl5 status: open

Thread Previous | Thread Next Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at | Group listing | About