On 06/27/2013 01:45 AM, Tony Cook via RT wrote: > On Tue Mar 26 14:29:41 2013, rurban wrote: >> Attached is the revised patch >> >> Check for the nul char in pathnames and string arguments to >> syscalls, return undef and set errno to ENOENT. >> Added to the default severe warnings category syscalls. >> >> Strings with embedded \0 chars were prev. ignored in the syscall but >> kept in perl. The hidden payloads in these invalid string args may cause >> unnoticed security problems, as they are hard to detect, ignored by >> the syscalls but kept around in perl PVs. >> Allow an ending \0 though, as several modules add a \0 to >> such strings without adjusting the length. >> Ignored on WinCE since this uses the wide char API. > > Hi Reini, > > I've had a look over this patch, but I can see it's treating a failure > due to \0 differently to failure due to an actual missing file, eg: > > tony@mars:.../git/perl$ ./perl -Wle 'print unlink "def", "abc\0def", "ghi"' > Invalid \0 character in pathname: abc\0def at -e line 1. > 1 > tony@mars:.../git/perl$ ./perl -Wle 'print unlink "def", "abc", "ghi"' > 0 > > I've attached a version of the patch updated to work with blead. Great, Thanks for the improvements. I've looked over it, LGTM Can someone please apply it now. -- Reini Working towards a true Modern Perl. Slim, functional, unbloated, compile-time optimizableThread Previous | Thread Next