In perl.git, the branch blead has been updated <http://perl5.git.perl.org/perl.git/commitdiff/205b8145e88fdb6ead534ed102faa8b6aecbe085?hp=883f220b1a9552b53f705c439a73a5c235feaedc>
- Log ----------------------------------------------------------------- commit 205b8145e88fdb6ead534ed102faa8b6aecbe085 Author: Rafael Garcia-Suarez <r...@consttype.org> Date: Tue Aug 5 09:27:29 2014 +0200 Fix MANIFEST and Safe's changelog M MANIFEST M dist/Safe/Changes M dist/Safe/t/safesecurity.t commit 23c3e71c90a1dea6c17d193db263796876d2ac52 Author: syber <sy...@crazypanda.ru> Date: Mon Aug 4 23:47:23 2014 +0400 Critical bugfix in module Safe (Opcode). Version increased, changelog and test added. This example hacks outside environment: package My::Controller; use strict; sub jopa { return "jopa\n"; } package main; use Safe; my $s = new Safe; my $ok = $s->reval(q{ package My::Controller; sub jopa { return "hacked\n"; } My::Controller->jopa(); }); print My::Controller->jopa(); M dist/Safe/Changes M dist/Safe/Safe.pm A dist/Safe/t/safesecurity.t M ext/Opcode/Opcode.pm M ext/Opcode/Opcode.xs ----------------------------------------------------------------------- Summary of changes: MANIFEST | 3 ++- dist/Safe/Changes | 11 ++++++++++- dist/Safe/Safe.pm | 2 +- dist/Safe/t/safesecurity.t | 32 ++++++++++++++++++++++++++++++++ ext/Opcode/Opcode.pm | 2 +- ext/Opcode/Opcode.xs | 6 +++++- 6 files changed, 51 insertions(+), 5 deletions(-) create mode 100644 dist/Safe/t/safesecurity.t diff --git a/MANIFEST b/MANIFEST index 6e86383..e1ac8bc 100644 --- a/MANIFEST +++ b/MANIFEST @@ -3217,7 +3217,8 @@ dist/Safe/t/safe3.t See if Safe works dist/Safe/t/safeload.t Tests that some modules can be loaded by Safe dist/Safe/t/safenamedcap.t Tests that Tie::Hash::NamedCapture can be loaded dist/Safe/t/safeops.t Tests that all ops can be trapped by Safe -dist/Safe/t/saferegexp.t +dist/Safe/t/saferegexp.t Tests Safe with regular expressions +dist/Safe/t/safesecurity.t Tests misc. security fixes in Safe dist/Safe/t/safesort.t Tests Safe with sort dist/Safe/t/safeuniversal.t Tests Safe with functions from universal.c dist/Safe/t/safeutf8.t Tests Safe with utf8.pm diff --git a/dist/Safe/Changes b/dist/Safe/Changes index 8cde1db..a48058a 100644 --- a/dist/Safe/Changes +++ b/dist/Safe/Changes @@ -1,3 +1,12 @@ +2.38 Mon Aug 04 2014 + - critical bugfix: outside packages could be replaced (fix in Opcode) + +2.37 Sat Jun 22 2013 + - Doc and presentation nits + +2.36 Thu May 23 18:08:48 2013 + - Doc and test fixes for newer perls + 2.35 Thu Feb 21 2013 - localize %SIG in the Safe compartment - actually check that we call execution methods on a Safe object @@ -7,7 +16,7 @@ cf Perl 5 change 42440e3c68e8bafb7e2a74763360939de0fad6be 2.33 Tue Apr 3 2012 - - Donât eval code under âno strictâ (Father Chrysostomos) + Don't eval code under "no strict" (Father Chrysostomos) cf. Perl 5 change 25dc25e774abbe993644899cf4d9f9925a9fb9a8 2.32 Sat Mar 31 2012 diff --git a/dist/Safe/Safe.pm b/dist/Safe/Safe.pm index 4db116d..2c0d56a 100644 --- a/dist/Safe/Safe.pm +++ b/dist/Safe/Safe.pm @@ -3,7 +3,7 @@ package Safe; use 5.003_11; use Scalar::Util qw(reftype refaddr); -$Safe::VERSION = "2.37"; +$Safe::VERSION = "2.38"; # *** Don't declare any lexicals above this point *** # diff --git a/dist/Safe/t/safesecurity.t b/dist/Safe/t/safesecurity.t new file mode 100644 index 0000000..7cb9712 --- /dev/null +++ b/dist/Safe/t/safesecurity.t @@ -0,0 +1,32 @@ +#!perl + +BEGIN { + require Config; + import Config; + if ($Config{'extensions'} !~ /\bOpcode\b/) { + print "1..0\n"; + exit 0; + } +} + +use strict; +use warnings; +use Test::More; +use Safe; +plan(tests => 1); + +my $c = new Safe; + +{ + package My::Controller; + sub jopa { return "jopa" } +} + +$c->reval(q{ + package My::Controller; + sub jopa { return "hacked" } + + My::Controller->jopa; # let it cache package +}); + +is(My::Controller->jopa, "jopa", "outside packages cannot be overriden"); diff --git a/ext/Opcode/Opcode.pm b/ext/Opcode/Opcode.pm index a48b01d..3da8d94 100644 --- a/ext/Opcode/Opcode.pm +++ b/ext/Opcode/Opcode.pm @@ -6,7 +6,7 @@ use strict; our($VERSION, @ISA, @EXPORT_OK); -$VERSION = "1.27"; +$VERSION = "1.28"; use Carp; use Exporter (); diff --git a/ext/Opcode/Opcode.xs b/ext/Opcode/Opcode.xs index 386dddf..594f5b2 100644 --- a/ext/Opcode/Opcode.xs +++ b/ext/Opcode/Opcode.xs @@ -310,7 +310,7 @@ PPCODE: dummy_hv = save_hash(PL_incgv); GvHV(PL_incgv) = (HV*)SvREFCNT_inc(GvHV(gv_HVadd(gv_fetchpvs("INC",GV_ADD,SVt_PVHV)))); - /* Invalidate ISA and method caches */ + /* Invalidate class and method caches */ ++PL_sub_generation; hv_clear(PL_stashcache); @@ -320,6 +320,10 @@ PPCODE: SPAGAIN; /* for the PUTBACK added by xsubpp */ LEAVE; + /* Invalidate again */ + ++PL_sub_generation; + hv_clear(PL_stashcache); + int verify_opset(opset, fatal = 0) -- Perl5 Master Repository