stas 2004/09/30 20:30:12
Modified: . Changes t/filter/TestFilter out_str_lc.pm t/lib/TestAPRlib bucket.pm t/lib/TestCommon Utils.pm t/protocol/TestProtocol echo_block.pm t/response/TestAPR flatten.pm t/response/TestApache read.pm xs/APR/Bucket APR__Bucket.h xs/Apache/Filter Apache__Filter.h xs/Apache/RequestIO Apache__RequestIO.h Log: make sure that Apache::Filter::read, APR::Socket::recv, Apache::RequestIO::read, APR::Brigade::flatten, and APR::Bucket::read all return tainted data under -T Revision Changes Path 1.506 +4 -0 modperl-2.0/Changes Index: Changes =================================================================== RCS file: /home/cvs/modperl-2.0/Changes,v retrieving revision 1.505 retrieving revision 1.506 diff -u -u -r1.505 -r1.506 --- Changes 30 Sep 2004 03:39:24 -0000 1.505 +++ Changes 1 Oct 2004 03:30:11 -0000 1.506 @@ -12,6 +12,10 @@ =item 1.99_17-dev +make sure that Apache::Filter::read, APR::Socket::recv, +Apache::RequestIO::read, APR::Brigade::flatten, and APR::Bucket::read +all return tainted data under -T [Stas] + tag the custom pools created by mod_perl for easier pools debug [Joe Orton] 1.2 +7 -0 modperl-2.0/t/filter/TestFilter/out_str_lc.pm Index: out_str_lc.pm =================================================================== RCS file: /home/cvs/modperl-2.0/t/filter/TestFilter/out_str_lc.pm,v retrieving revision 1.1 retrieving revision 1.2 diff -u -u -r1.1 -r1.2 --- out_str_lc.pm 15 Jan 2003 06:47:15 -0000 1.1 +++ out_str_lc.pm 1 Oct 2004 03:30:11 -0000 1.2 @@ -5,12 +5,19 @@ use Apache::Filter (); +use TestCommon::Utils; + use Apache::Const -compile => 'OK'; sub handler { my $filter = shift; while ($filter->read(my $buffer, 1024)) { + + # test that read() returns tainted data + die "read() has returned untainted data" + unless TestCommon::Utils::is_tainted($buffer); + $filter->print(lc $buffer); } 1.5 +11 -1 modperl-2.0/t/lib/TestAPRlib/bucket.pm Index: bucket.pm =================================================================== RCS file: /home/cvs/modperl-2.0/t/lib/TestAPRlib/bucket.pm,v retrieving revision 1.4 retrieving revision 1.5 diff -u -u -r1.4 -r1.5 --- bucket.pm 21 Aug 2004 00:41:36 -0000 1.4 +++ bucket.pm 1 Oct 2004 03:30:11 -0000 1.5 @@ -7,12 +7,13 @@ use Apache::Test; use Apache::TestUtil; +use TestCommon::Utils; use APR::Bucket (); use APR::BucketType (); sub num_of_tests { - return 14; + return 16; } sub test { @@ -118,6 +119,15 @@ return APR::Bucket->new(lc $data); } + } + + # read data is tainted + { + my $data = "xxx"; + my $b = APR::Bucket->new($data); + $b->read(my $read); + ok t_cmp($read, $data, 'new($data)'); + ok TestCommon::Utils::is_tainted($read); } # remove/destroy 1.2 +2 -0 modperl-2.0/t/lib/TestCommon/Utils.pm Index: Utils.pm =================================================================== RCS file: /home/cvs/modperl-2.0/t/lib/TestCommon/Utils.pm,v retrieving revision 1.1 retrieving revision 1.2 diff -u -u -r1.1 -r1.2 --- Utils.pm 1 Oct 2004 03:05:04 -0000 1.1 +++ Utils.pm 1 Oct 2004 03:30:11 -0000 1.2 @@ -20,7 +20,9 @@ use TestCommon::Utils; + # test whether some SV is tainted $b->read(my $data); + ok TestCommon::Utils::is_tainted($data); 1.9 +8 -2 modperl-2.0/t/protocol/TestProtocol/echo_block.pm Index: echo_block.pm =================================================================== RCS file: /home/cvs/modperl-2.0/t/protocol/TestProtocol/echo_block.pm,v retrieving revision 1.8 retrieving revision 1.9 diff -u -u -r1.8 -r1.9 --- echo_block.pm 28 Sep 2004 01:47:23 -0000 1.8 +++ echo_block.pm 1 Oct 2004 03:30:11 -0000 1.9 @@ -11,6 +11,8 @@ use Apache::Connection (); use APR::Socket (); +use TestCommon::Utils; + use Apache::Const -compile => 'OK'; use APR::Const -compile => qw(SO_NONBLOCK); @@ -31,8 +33,12 @@ or die "failed to set blocking mode"; } - while ($socket->recv(my $buff, BUFF_LEN)) { - $socket->send($buff); + while ($socket->recv(my $buffer, BUFF_LEN)) { + + die "recv() has returned untainted data:" + unless TestCommon::Utils::is_tainted($buffer); + + $socket->send($buffer); } Apache::OK; 1.7 +6 -1 modperl-2.0/t/response/TestAPR/flatten.pm Index: flatten.pm =================================================================== RCS file: /home/cvs/modperl-2.0/t/response/TestAPR/flatten.pm,v retrieving revision 1.6 retrieving revision 1.7 diff -u -u -r1.6 -r1.7 --- flatten.pm 8 Jul 2004 06:06:33 -0000 1.6 +++ flatten.pm 1 Oct 2004 03:30:12 -0000 1.7 @@ -5,6 +5,7 @@ use Apache::Test; use Apache::TestUtil; +use TestCommon::Utils; use Apache::RequestRec (); use APR::Bucket (); @@ -16,7 +17,7 @@ my $r = shift; - plan $r, tests => 20; + plan $r, tests => 26; # first, create a brigade my $pool = $r->pool; @@ -95,6 +96,8 @@ Apache::OK; } +# this sub runs 3 sub-tests with a false $check_content +# and 4 otherwise sub verify { my($len, $expected_len, $data, $check_content) = @_; @@ -104,6 +107,8 @@ ok t_cmp(length($data), $len, "\$bb->flatten(\$data, $len) returned all expected data"); + + ok TestCommon::Utils::is_tainted($data); if ($check_content) { # don't use t_cmp() here, else we get 200,000 characters 1.5 +6 -1 modperl-2.0/t/response/TestApache/read.pm Index: read.pm =================================================================== RCS file: /home/cvs/modperl-2.0/t/response/TestApache/read.pm,v retrieving revision 1.4 retrieving revision 1.5 diff -u -u -r1.4 -r1.5 --- read.pm 7 Nov 2003 08:55:32 -0000 1.4 +++ read.pm 1 Oct 2004 03:30:12 -0000 1.5 @@ -6,6 +6,8 @@ use Apache::RequestRec (); use Apache::RequestIO (); +use TestCommon::Utils; + use Apache::Const -compile => 'OK'; use constant BUFSIZ => 512; #small for testing @@ -29,7 +31,10 @@ $offset += $read; } - #make sure we dont block after all data is read + die "read() has returned untainted data:" + unless TestCommon::Utils::is_tainted($buffer); + + # make sure we dont block after all data is read my $n = $r->read(my $x, BUFSIZ); die unless $n == 0; 1.14 +8 -1 modperl-2.0/xs/APR/Bucket/APR__Bucket.h Index: APR__Bucket.h =================================================================== RCS file: /home/cvs/modperl-2.0/xs/APR/Bucket/APR__Bucket.h,v retrieving revision 1.13 retrieving revision 1.14 diff -u -u -r1.13 -r1.14 --- APR__Bucket.h 20 Aug 2004 21:11:00 -0000 1.13 +++ APR__Bucket.h 1 Oct 2004 03:30:12 -0000 1.14 @@ -52,10 +52,17 @@ modperl_croak(aTHX_ rc, "APR::Bucket::read"); } - sv_setpvn(buffer, (len ? str : ""), len); + if (len) { + sv_setpvn(buffer, str, len); + } + else { + sv_setpvn(buffer, "", 0); + } /* must run any set magic */ SvSETMAGIC(buffer); + + SvTAINTED_on(buffer); return len; } 1.42 +2 -0 modperl-2.0/xs/Apache/Filter/Apache__Filter.h Index: Apache__Filter.h =================================================================== RCS file: /home/cvs/modperl-2.0/xs/Apache/Filter/Apache__Filter.h,v retrieving revision 1.41 retrieving revision 1.42 diff -u -u -r1.41 -r1.42 --- Apache__Filter.h 12 Jul 2004 07:32:07 -0000 1.41 +++ Apache__Filter.h 1 Oct 2004 03:30:12 -0000 1.42 @@ -80,6 +80,8 @@ /* must run any set magic */ SvSETMAGIC(buffer); + SvTAINTED_on(buffer); + return len; } 1.56 +2 -1 modperl-2.0/xs/Apache/RequestIO/Apache__RequestIO.h Index: Apache__RequestIO.h =================================================================== RCS file: /home/cvs/modperl-2.0/xs/Apache/RequestIO/Apache__RequestIO.h,v retrieving revision 1.55 retrieving revision 1.56 diff -u -u -r1.55 -r1.56 --- Apache__RequestIO.h 15 Aug 2004 00:20:34 -0000 1.55 +++ Apache__RequestIO.h 1 Oct 2004 03:30:12 -0000 1.56 @@ -251,7 +251,6 @@ if (total > 0) { mpxs_sv_cur_set(buffer, offset+total); - SvTAINTED_on(buffer); } else { sv_setpvn(buffer, "", 0); @@ -259,6 +258,8 @@ /* must run any set magic */ SvSETMAGIC(buffer); + + SvTAINTED_on(buffer); return newSViv(total); }