tag 303308 + pending thanks On Sun, Oct 30, 2005 at 03:45:52PM -0500, Chris Heath wrote: >On Sat, 2005-10-29 at 16:07 +1000, Brendan O'Dea wrote: >> See: http://bugs.debian.org/303308 . >> >> The following patch appears to correct the problem, although I'm not >> sufficiently versed in the taint implementation to say that it's the >> correct fix. An alternate fix is included in the bug report. > >My reason for patching mg.c is that anywhere mg_get is called with >PL_tainted == 1, this corruption could occur. Here's another test case, >which patching scope.c doesn't fix: > >#!/usr/bin/perl -Tw >my $tainted = substr($ENV{'PATH'}, 0, 0); >"foo" =~ m/(.*)/; >my $s = $1 . $tainted; >"bar" =~ m/(.$tainted*)/; >my $bar = $1; >my $test = 'print "OK\n"' . $tainted; >$test =~ m/(.*)/; >$test = $1; # try to untaint >eval($test);
OK. Applied, thanks. --bod -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]