In perl.git, the branch smoke-me/khw-locale has been updated <https://perl5.git.perl.org/perl.git/commitdiff/a4fa13e976dacfb26e995046eba374eeeb7d9576?hp=34e4f25815e1b37a9d7b5267b01c169b470c9fbb>
- Log ----------------------------------------------------------------- commit a4fa13e976dacfb26e995046eba374eeeb7d9576 Author: Karl Williamson <[email protected]> Date: Thu Apr 4 10:11:06 2019 -0600 XXX taint of return commit 0fc22bb6517726cd64738f0ee9f887f797d8cc25 Author: Karl Williamson <[email protected]> Date: Thu Apr 4 10:10:52 2019 -0600 f ----------------------------------------------------------------------- Summary of changes: regcomp.c | 17 ++++++++++++++--- win32/config.ce | 2 +- win32/config.gc | 2 +- win32/config.vc | 2 +- 4 files changed, 17 insertions(+), 6 deletions(-) diff --git a/regcomp.c b/regcomp.c index 936de7f243..12d09f49ec 100644 --- a/regcomp.c +++ b/regcomp.c @@ -22991,6 +22991,7 @@ Perl_parse_uniprop_string(pTHX_ if (could_be_user_defined) { CV* user_sub; + const char tainted[] = "Insecure user-defined property"; /* Here, the name could be for a user defined property, which are * implemented as subs. */ @@ -23019,9 +23020,9 @@ Perl_parse_uniprop_string(pTHX_ /* We refuse to call a tainted subroutine; returning an error * instead */ - if (TAINT_get) { + if (UNLIKELY(TAINT_get)) { if (SvCUR(msg) > 0) sv_catpvs(msg, "; "); - sv_catpvs(msg, "Insecure user-defined property"); + sv_catpv(msg, tainted); goto append_name_to_msg; } @@ -23206,6 +23207,16 @@ Perl_parse_uniprop_string(pTHX_ prop_definition = NULL; } else { /* G_SCALAR guarantees a single return value */ + SV * contents = POPs; + + if (UNLIKELY(SvTAINTED(contents))) { + if (SvCUR(msg) > 0) sv_catpvs(msg, "; "); + sv_catpv(msg, tainted); + USER_PROP_MUTEX_LOCK; + S_delete_recursion_entry(aTHX_ SvPVX(fq_name)); + USER_PROP_MUTEX_UNLOCK; + goto append_name_to_msg; + } /* The contents is supposed to be the expansion of the property * definition. Call a function to check for valid syntax and @@ -23213,7 +23224,7 @@ Perl_parse_uniprop_string(pTHX_ prop_definition = handle_user_defined_property(name, name_len, is_utf8, to_fold, runtime, deferrable, - POPs, user_defined_ptr, + contents, user_defined_ptr, msg, level); } diff --git a/win32/config.ce b/win32/config.ce index 772926ba40..2f2d67c231 100644 --- a/win32/config.ce +++ b/win32/config.ce @@ -294,6 +294,7 @@ d_gmtime64='undef' d_gmtime_r='undef' d_gnulibc='undef' d_grpasswd='undef' +d_has_C_UTF8='undef' d_hasmntopt='undef' d_htonl='define' d_hypot='undef' @@ -480,7 +481,6 @@ d_setitimer='undef' d_setlinebuf='undef' d_setlocale='define' d_setlocale_accepts_any_locale_name='undef' -d_has_C_UTF8='undef' d_setlocale_r='undef' d_setnent='undef' d_setnetent_r='undef' diff --git a/win32/config.gc b/win32/config.gc index 0c05d01b03..5928d8beb1 100644 --- a/win32/config.gc +++ b/win32/config.gc @@ -294,6 +294,7 @@ d_gmtime64='undef' d_gmtime_r='undef' d_gnulibc='undef' d_grpasswd='undef' +d_has_C_UTF8='undef' d_hasmntopt='undef' d_htonl='define' d_hypot='define' @@ -481,7 +482,6 @@ d_setitimer='undef' d_setlinebuf='undef' d_setlocale='define' d_setlocale_accepts_any_locale_name='undef' -d_has_C_UTF8='undef' d_setlocale_r='undef' d_setnent='undef' d_setnetent_r='undef' diff --git a/win32/config.vc b/win32/config.vc index 1781d9f3d7..0855dc8c09 100644 --- a/win32/config.vc +++ b/win32/config.vc @@ -294,6 +294,7 @@ d_gmtime64='undef' d_gmtime_r='undef' d_gnulibc='undef' d_grpasswd='undef' +d_has_C_UTF8='undef' d_hasmntopt='undef' d_htonl='define' d_hypot='undef' @@ -481,7 +482,6 @@ d_setitimer='undef' d_setlinebuf='undef' d_setlocale='define' d_setlocale_accepts_any_locale_name='undef' -d_has_C_UTF8='undef' d_setlocale_r='undef' d_setnent='undef' d_setnetent_r='undef' -- Perl5 Master Repository
