Change 21542: When %ENV has been turned into a non-magical hash after a

Sun, 26 Oct 2003 17:10:01 -0800 

Change 21542 by [EMAIL PROTECTED] on 2003/10/26 21:36:17

        When %ENV has been turned into a non-magical hash after a
        glob assignment, TAINT_ENV() may dump core because it
        assumes $ENV{PATH} is magical. Fix this ; add a test to
        verify that the PATH is still checked for taintedness.

Affected files ...

... //depot/perl/t/op/taint.t#57 edit
... //depot/perl/taint.c#35 edit

Differences ...

==== //depot/perl/t/op/taint.t#57 (xtext) ====
Index: perl/t/op/taint.t
--- perl/t/op/taint.t#56~19358~ Mon Apr 28 01:27:15 2003
+++ perl/t/op/taint.t   Sun Oct 26 13:36:17 2003
@@ -124,7 +124,7 @@
 
 my $TEST = catfile(curdir(), 'TEST');
 
-print "1..206\n";
+print "1..208\n";
 
 # First, let's make sure that Perl is checking the dangerous
 # environment variables. Maybe they aren't set yet, so we'll
@@ -981,4 +981,16 @@
     use re 'taint';
     $TAINT =~ /(.*)/;
     test 206, tainted(my $foo = $1);
+}
+
+{
+    # test with a non-magical %ENV (and non-magical %ENV elements)
+    our %nonmagicalenv = ( PATH => $TAINT );
+    local *ENV = \%nonmagicalenv;
+    eval { system("lskdfj"); };
+    test 207, $@ =~ /Insecure \$ENV{PATH} while running with -T switch/;
+    # [perl #24291] this used to dump core
+    %nonmagicalenv = ( PATH => "util" );
+    eval { system("lskdfj"); };
+    test 208, 1;
 }

==== //depot/perl/taint.c#35 (text) ====
Index: perl/taint.c
--- perl/taint.c#34~19242~      Wed Apr 16 13:14:01 2003
+++ perl/taint.c        Sun Oct 26 13:36:17 2003
@@ -80,7 +80,8 @@
        NULL
     };
 
-    if (!PL_envgv)
+    /* Don't bother if there's no %ENV hash */
+    if (!PL_envgv || !GvHV(PL_envgv))
        return;
 
 #ifdef VMS
@@ -98,7 +99,9 @@
            TAINT;
            taint_proper("Insecure %s%s", "$ENV{DCL$PATH}");
        }
-       if ((mg = mg_find(*svp, PERL_MAGIC_envelem)) && MgTAINTEDDIR(mg)) {
+       if (SvMAGICAL(*svp)
+               && (mg = mg_find(*svp, PERL_MAGIC_envelem))
+               && MgTAINTEDDIR(mg)) {
            TAINT;
            taint_proper("Insecure directory in %s%s", "$ENV{DCL$PATH}");
        }
@@ -113,7 +116,9 @@
            TAINT;
            taint_proper("Insecure %s%s", "$ENV{PATH}");
        }
-       if ((mg = mg_find(*svp, PERL_MAGIC_envelem)) && MgTAINTEDDIR(mg)) {
+       if (SvMAGICAL(*svp)
+               && (mg = mg_find(*svp, PERL_MAGIC_envelem))
+               && MgTAINTEDDIR(mg)) {
            TAINT;
            taint_proper("Insecure directory in %s%s", "$ENV{PATH}");
        }
End of Patch.

Reply via email to