Re: [perl #117265] [PATCH] e213661 no warnings 'safesyscalls', fatalnul checks

On 06/27/2013 01:45 AM, Tony Cook via RT wrote:
> On Tue Mar 26 14:29:41 2013, rurban wrote:
>> Attached is the revised patch
>>
>> Check for the nul char in pathnames and string arguments to
>> syscalls, return undef and set errno to ENOENT.
>> Added to the default severe warnings category syscalls.
>>
>> Strings with embedded \0 chars were prev. ignored in the syscall but
>> kept in perl. The hidden payloads in these invalid string args may cause
>> unnoticed security problems, as they are hard to detect, ignored by
>> the syscalls but kept around in perl PVs.
>> Allow an ending \0 though, as several modules add a \0 to
>> such strings without adjusting the length.
>> Ignored on WinCE since this uses the wide char API.
>
> Hi Reini,
>
> I've had a look over this patch, but I can see it's treating a failure
> due to \0 differently to failure due to an actual missing file, eg:
>
> tony@mars:.../git/perl$ ./perl -Wle 'print unlink "def", "abc\0def", "ghi"'
> Invalid \0 character in pathname: abc\0def at -e line 1.
> 1
> tony@mars:.../git/perl$ ./perl -Wle 'print unlink "def", "abc", "ghi"'
> 0
>
> I've attached a version of the patch updated to work with blead.

Great, Thanks for the improvements.
I've looked over it, LGTM

Can someone please apply it now.

-- 
Reini

Working towards a true Modern Perl.
Slim, functional, unbloated, compile-time optimizable

• Re: [perl #117265] [PATCH] e213661 no warnings 'safesyscalls', fatalnul checks by Lukas Mai
• Re: [perl #117265] [PATCH] e213661 no warnings 'safesyscalls', fatalnul checks by Ricardo Signes
• Re: [perl #117265] [PATCH] e213661 no warnings 'safesyscalls', fatalnul checks by Reini Urban
• [perl #117265] [PATCH] e213661 no warnings 'safesyscalls', fatal nul checks by Father Chrysostomos via RT
• Re: [perl #117265] [PATCH] e213661 no warnings 'safesyscalls', fatalnul checks by Ricardo Signes
• Re: [perl #117265] [PATCH] e213661 no warnings 'safesyscalls', fatalnul checks by Reini Urban
• Re: [perl #117265] [PATCH] e213661 no warnings 'safesyscalls', fatalnul checks by demerphq
• Re: [perl #117265] [PATCH] e213661 no warnings 'safesyscalls', fatalnul checks by Leon Timmermans
• RE: [perl #117265] [PATCH] e213661 no warnings 'safesyscalls', fatal nul checks by Steve Hay
• Re: [perl #117265] [PATCH] e213661 no warnings 'safesyscalls', fatalnul checks by demerphq
• RE: [perl #117265] [PATCH] e213661 no warnings 'safesyscalls', fatal nul checks by Steve Hay
• Re: [perl #117265] [PATCH] e213661 no warnings 'safesyscalls', fatalnul checks by demerphq
• Re: [perl #117265] [PATCH] e213661 no warnings 'safesyscalls', fatalnul checks by Leon Timmermans
• Re: [perl #117265] [PATCH] e213661 no warnings 'safesyscalls', fatalnul checks by Reini Urban
• Re: [perl #117265] [PATCH] e213661 no warnings 'safesyscalls', fatalnul checks by Reini Urban
• [perl #117265] [PATCH] e213661 no warnings 'safesyscalls', fatal nul checks by Tony Cook via RT
• Re: [perl #117265] [PATCH] e213661 no warnings 'safesyscalls', fatalnul checks by Leon Timmermans
• Re: [perl #117265] [PATCH] e213661 no warnings 'safesyscalls', fatalnul checks by Reini Urban
• [perl #117265] [PATCH] e213661 no warnings 'safesyscalls', fatal nul checks by Reini Urban via RT
• [perl #117265] [PATCH] e213661 no warnings 'safesyscalls', fatal nul checks by Tony Cook via RT
• [perl #117265] [PATCH] e213661 no warnings 'safesyscalls', fatal nul checks by Reini Urban via RT
• Re: [perl #117265] [PATCH] e213661 no warnings 'safesyscalls', fatalnul checks by Dave Mitchell
• Re: [perl #117265] [PATCH] e213661 no warnings 'safesyscalls', fatal nul checks by Reini Urban
• Re: [perl #117265] [PATCH] e213661 no warnings 'safesyscalls', fatal nul checks by Tom Christiansen
• Re: [perl #117265] [PATCH] e213661 no warnings 'safesyscalls', fatalnul checks by Dave Mitchell
• [perl #117265] [PATCH] e213661 no warnings 'safesyscalls', fatal nul checks by rurban @ cpanel . net