develooper Front page | perl.perl5.porters | Postings from October 2015

Re: Bug#776270: perl: CVE-2012-3878 module loading security weakness

Thread Previous
From:
Reini Urban
Date:
October 1, 2015 15:37
Subject:
Re: Bug#776270: perl: CVE-2012-3878 module loading security weakness
Message ID:
F1B3202C-5734-463D-B293-CDECB91CAD85@gmail.com
> On Oct 1, 2015, at 2:41 PM, Reini Urban <reini.urban@gmail.com> wrote:
> regarding the 3 commits:
> 
> 3d83cce Treat require ::foo::bar; the same as require foo::bar;
> 
> One could think of treating ::foo::bar as main::foo:bar instead, and main as implicit stash root is 
> never looked up on disc. so the alternative variant would be to treat it as syntax error.
> 
> 5fc2378 Split the guts of pp_require into S_require_version() and S_require_file().
> 
> Optional. require is not hot, so why not.
> 
> 5d1f12f Validate the module filename created for bareword require.
> 
> The important missing part.

You can take the fixes from my branch:
https://github.com/perl11/cperl/issues/58 
(3 commits)

As you’ll see I treat a starting :: bareword for require as error, 
and didn’t split pp_require into 2 parts.


Thread Previous


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About