cvs commit: modperl-2.0 Changes

stas Sat, 25 Sep 2004 16:27:15 -0700

stas        2004/09/25 16:27:10


  Modified:    src/modules/perl modperl_callback.c
               .        Changes
  Log:
  make sure that each handler callback starts with a pristine
  tainted-ness state, so that previous callback calls won't affect the
  consequent ones. Without this change any handler triggering eval or
  another function call, that checks TAINT_PROPER, will crash mod_perl
  with: "Insecure dependency in eval while running setgid. Callback
  called exit." farewell message
  
  Revision  Changes    Path
  1.76      +18 -1     modperl-2.0/src/modules/perl/modperl_callback.c
  
  Index: modperl_callback.c
  ===================================================================
  RCS file: /home/cvs/modperl-2.0/src/modules/perl/modperl_callback.c,v
  retrieving revision 1.75
  retrieving revision 1.76
  diff -u -u -r1.75 -r1.76
  --- modperl_callback.c        9 Jul 2004 08:01:20 -0000       1.75
  +++ modperl_callback.c        25 Sep 2004 23:27:10 -0000      1.76
  @@ -22,8 +22,23 @@
       I32 flags = G_EVAL|G_SCALAR;
       dSP;
       int count, status = OK;
  +    int tainted_orig = PL_tainted;
   
  +    /* handler callbacks shouldn't affect each other's taintedness
  +     * state, so start every callback with a clear record and restore
  +     * at the end. one of the main problems we are trying to solve is
  +     * that when modperl_croak called (which calls perl's
  +     * croak(Nullch) to throw an error object) it leaves the
  +     * interprter in the tainted state (which supposedly will be fixed
  +     * in 5.8.6) which later affects other callbacks that call eval,
  +     * etc, which triggers perl crash with:
  +     * Insecure dependency in eval while running setgid.
  +     * Callback called exit.
  +     */
  +    PL_tainted = TAINT_NOT;
  +    
       if ((status = modperl_handler_resolve(aTHX_ &handler, p, s)) != OK) {
  +        PL_tainted = tainted_orig;
           return status;
       }
   
  @@ -147,7 +162,9 @@
               apr_table_set(r->notes, "error-notes", SvPV_nolen(ERRSV));
           }
       }
  -    
  +
  +    PL_tainted = tainted_orig;
  +
       return status;
   }
   
  
  
  
  1.499     +7 -0      modperl-2.0/Changes
  
  Index: Changes
  ===================================================================
  RCS file: /home/cvs/modperl-2.0/Changes,v
  retrieving revision 1.498
  retrieving revision 1.499
  diff -u -u -r1.498 -r1.499
  --- Changes   25 Sep 2004 01:53:34 -0000      1.498
  +++ Changes   25 Sep 2004 23:27:10 -0000      1.499
  @@ -12,6 +12,13 @@
   
   =item 1.99_17-dev
   
  +make sure that each handler callback starts with a pristine
  +tainted-ness state, so that previous callback calls won't affect the
  +consequent ones. Without this change any handler triggering eval or
  +another function call, that checks TAINT_PROPER, will crash mod_perl
  +with: "Insecure dependency in eval while running setgid. Callback
  +called exit." farewell message [Stas]
  +
   make sure that 'make distclean' cleans all the autogenerated files
   [Stas]

cvs commit: modperl-2.0 Changes

Reply via email to