Change 30173 by [EMAIL PROTECTED] on 2007/02/08 14:22:18
Integrate:
[ 30167]
TODO tests for eval of tainted scalars. (change 29193's regression)
[ 30168]
opening $0 doesn't work if you change directory. So use test.pl
[ 30171]
Subject: [PATCH] Re: Change 29193 is a regression
From: Rick Delaney <[EMAIL PROTECTED]>
Date: Thu, 8 Feb 2007 08:21:37 -0500
Message-ID: <[EMAIL PROTECTED]>
Affected files ...
... //depot/maint-5.8/perl/pp_ctl.c#172 integrate
... //depot/maint-5.8/perl/t/op/taint.t#20 integrate
Differences ...
==== //depot/maint-5.8/perl/pp_ctl.c#172 (text) ====
Index: perl/pp_ctl.c
--- perl/pp_ctl.c#171~30130~ 2007-02-05 08:25:02.000000000 -0800
+++ perl/pp_ctl.c 2007-02-08 06:22:18.000000000 -0800
@@ -3411,6 +3411,7 @@
const char * const fakestr = "_<(eval )";
const int fakelen = 9 + 1;
+ TAINT_IF(SvTAINTED(sv));
TAINT_PROPER("eval");
ENTER;
==== //depot/maint-5.8/perl/t/op/taint.t#20 (xtext) ====
Index: perl/t/op/taint.t
--- perl/t/op/taint.t#19~30107~ 2007-02-03 10:08:37.000000000 -0800
+++ perl/t/op/taint.t 2007-02-08 06:22:18.000000000 -0800
@@ -17,7 +17,7 @@
use File::Spec::Functions;
BEGIN { require './test.pl'; }
-plan tests => 249;
+plan tests => 252;
$| = 1;
@@ -1168,3 +1168,19 @@
test $@ =~ /Insecure \$ENV/, 'popen neglects %ENV check';
}
}
+
+{
+ my $val = 0;
+ my $tainted = '1' . $TAINT;
+ eval '$val = eval $tainted;';
+ is ($val, 0, "eval doesn't like tainted strings");
+ like ($@, qr/^Insecure dependency in eval/);
+
+ # Rather nice code to get a tainted undef by from Rick Delaney
+ open FH, "test.pl" or die $!;
+ seek FH, 0, 2 or die $!;
+ $tainted = <FH>;
+
+ eval 'eval $tainted';
+ like ($@, qr/^Insecure dependency in eval/);
+}
End of Patch.
