develooper Front page | perl.perl5.porters | Postings from December 2016

Method name terminates at first null-byte

Thread Next
From:
Lasse Makholm
Date:
December 20, 2016 15:52
Subject:
Method name terminates at first null-byte
Message ID:
CAB7pA09FbLYzzUYnKsf71DHb_sWCGh8GtfeRbH3mgWJ89fSZuw@mail.gmail.com
Hi,

Looking into some security stuff involving dynamically constructed
method names, I was horrified to learn that a null-byte apparently
terminates a method name:

$ perl -le 'package Foo; sub bar { 42 }; print Foo->can("bar"); print
Foo->can("bar\x00baz"); print Foo->${\"bar\x00baz"}'
CODE(0x698880)
CODE(0x698880)
42
$

This is on 5.14 and seems to be fixed in blead, but I'd like a but
more detail on where, how and when it was fixed. I grepped the commit
logs for a few things but I'm not sure what to look for.

Any hints would be much appreciated.

Thanks!

/L

Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About