Front page | perl.perl5.porters |
Postings from April 2014
On Sat Apr 26 12:58:05 2014, jhi wrote:
> Dozens of too trusting fileno calls (and then using the returned fds for
> fstat etc.), plus two similar cases for getgroups().
>
> Attached.
Fails to build with -Duseithreads due to missing aTHX_ in:
if (fd < 0) {
Perl_croak("Illegal suidscript");
} else {
if (PerlLIO_fstat(fd, &PL_statbuf) < 0) { /* may be either wrapped or real suid */
Perl_croak("Illegal suidscript");
}
}
Some other issues, the original code here for example (doio.c):
@@ -1775,8 +1797,9 @@ Perl_apply(pTHX_ I32 type, SV **mark, SV **sp)
if ((gv = MAYBE_DEREF_GV(*mark))) {
if (GvIO(gv) && IoIFP(GvIOp(gv))) {
#ifdef HAS_FCHOWN
+ int fd = PerlIO_fileno(IoIFP(GvIOn(gv)));
APPLY_TAINT_PROPER();
- if (fchown(PerlIO_fileno(IoIFP(GvIOn(gv))), val, val2))
+ if (fd >= 0 && fchown(fd, val, val2))
tot--;
#else
Perl_die(aTHX_ PL_no_func, "fchown");
will sensibly set errno to EBADF when fchown() fails, but the modified code doesn't.
Similarly for the others in Perl_apply(), pp_sysread(), pp_syswrite(), pp_truncate(), pp_getpeername(), pp_stat(), pp_fttty(), pp_fttext() and possibly for PerlIO::mmap.
Tony
---
via perlbug: queue: perl5 status: new
https://rt.perl.org/Ticket/Display.html?id=121743
Thread Previous