stas 2004/09/25 16:27:10
Modified: src/modules/perl modperl_callback.c . Changes Log: make sure that each handler callback starts with a pristine tainted-ness state, so that previous callback calls won't affect the consequent ones. Without this change any handler triggering eval or another function call, that checks TAINT_PROPER, will crash mod_perl with: "Insecure dependency in eval while running setgid. Callback called exit." farewell message Revision Changes Path 1.76 +18 -1 modperl-2.0/src/modules/perl/modperl_callback.c Index: modperl_callback.c =================================================================== RCS file: /home/cvs/modperl-2.0/src/modules/perl/modperl_callback.c,v retrieving revision 1.75 retrieving revision 1.76 diff -u -u -r1.75 -r1.76 --- modperl_callback.c 9 Jul 2004 08:01:20 -0000 1.75 +++ modperl_callback.c 25 Sep 2004 23:27:10 -0000 1.76 @@ -22,8 +22,23 @@ I32 flags = G_EVAL|G_SCALAR; dSP; int count, status = OK; + int tainted_orig = PL_tainted; + /* handler callbacks shouldn't affect each other's taintedness + * state, so start every callback with a clear record and restore + * at the end. one of the main problems we are trying to solve is + * that when modperl_croak called (which calls perl's + * croak(Nullch) to throw an error object) it leaves the + * interprter in the tainted state (which supposedly will be fixed + * in 5.8.6) which later affects other callbacks that call eval, + * etc, which triggers perl crash with: + * Insecure dependency in eval while running setgid. + * Callback called exit. + */ + PL_tainted = TAINT_NOT; + if ((status = modperl_handler_resolve(aTHX_ &handler, p, s)) != OK) { + PL_tainted = tainted_orig; return status; } @@ -147,7 +162,9 @@ apr_table_set(r->notes, "error-notes", SvPV_nolen(ERRSV)); } } - + + PL_tainted = tainted_orig; + return status; } 1.499 +7 -0 modperl-2.0/Changes Index: Changes =================================================================== RCS file: /home/cvs/modperl-2.0/Changes,v retrieving revision 1.498 retrieving revision 1.499 diff -u -u -r1.498 -r1.499 --- Changes 25 Sep 2004 01:53:34 -0000 1.498 +++ Changes 25 Sep 2004 23:27:10 -0000 1.499 @@ -12,6 +12,13 @@ =item 1.99_17-dev +make sure that each handler callback starts with a pristine +tainted-ness state, so that previous callback calls won't affect the +consequent ones. Without this change any handler triggering eval or +another function call, that checks TAINT_PROPER, will crash mod_perl +with: "Insecure dependency in eval while running setgid. Callback +called exit." farewell message [Stas] + make sure that 'make distclean' cleans all the autogenerated files [Stas]