There are two components of the native VMS security model that trigger
tainting very early in the startup of Perl. One of these is if the Perl
image has been installed with privileges; the other is the presence of
an identifier with the subsystem attribute set in the process's rightslist.
If either of these conditions is met, we insert a -T into the argument
vector since it's too early in startup to enable tainting any other way.
The implementation has a couple of pointer bugs that cause an access
violation whenever this code is exercised (apparently quite rarely).
The attached patch fixes the argv manipulation so we avoid the crash and
successfully insert the -T. The patch is against bleadperl but applies
to all versions of Perl since the functionality was first introduced
somewhere in the 5.5 timeframe.
Thanks to Patrick Spinler for the detailed bug report.
--- vms/vms.c;-0 Sat Oct 19 09:21:16 2002
+++ vms/vms.c Fri Feb 14 10:37:55 2003
@@ -4449,15 +4449,19 @@
* hasn't been allocated when vms_image_init() is called.
*/
if (will_taint) {
- char ***newap;
- New(1320,newap,*argcp+2,char **);
- newap[0] = argvp[0];
- *newap[1] = "-T";
- Copy(argvp[1],newap[2],*argcp-1,char **);
+ char **newargv, **oldargv;
+ oldargv = *argvp;
+ New(1320,newargv,(*argcp)+2,char *);
+ newargv[0] = oldargv[0];
+ New(1320,newargv[1],3,char);
+ strcpy(newargv[1], "-T");
+ Copy(&oldargv[1],&newargv[2],(*argcp)-1,char **);
+ (*argcp)++;
+ newargv[*argcp] = NULL;
/* We orphan the old argv, since we don't know where it's come from,
* so we don't know how to free it.
*/
- *argcp++; argvp = newap;
+ *argvp = newargv;
}
else { /* Did user explicitly request tainting? */
int i;
