recent blead changes have introduced tainting problems
i'm trying to get mod_perl2 working with blead, something has changed with the tainting, I now get: eval_sv(123;, G_SCALAR|G_KEEPERR); die with: Insecure dependency in eval_sv() while running with -T Further checking shows that the TAINT flag gets raised after this code (preceding the eval_sv line above): GV *gv = gv_fetchpv(0, TRUE, SVt_PV); save_scalar(gv); /* local $0 */ running TAINT_NOT after it fixes the problem Dave? Can you reproduce this problem? Things work fine with 5.8.x -- __ Stas BekmanJAm_pH -- Just Another mod_perl Hacker http://stason.org/ mod_perl Guide --- http://perl.apache.org mailto:[EMAIL PROTECTED] http://use.perl.org http://apacheweek.com http://modperlbook.org http://apache.org http://ticketmaster.com
Re: recent blead changes have introduced tainting problems
On Thu, Jul 07, 2005 at 03:14:47PM +0300, Stas Bekman wrote: i'm trying to get mod_perl2 working with blead, something has changed with the tainting, I now get: eval_sv(123;, G_SCALAR|G_KEEPERR); die with: Insecure dependency in eval_sv() while running with -T does it still fail post change 25081 ? -- O Unicef Clearasil! Gibberish and Drivel! - Bored of the Rings
Re: recent blead changes have introduced tainting problems
On Thu, Jul 07, 2005 at 02:24:08PM +0100, Dave Mitchell wrote: On Thu, Jul 07, 2005 at 03:14:47PM +0300, Stas Bekman wrote: i'm trying to get mod_perl2 working with blead, something has changed with the tainting, I now get: eval_sv(123;, G_SCALAR|G_KEEPERR); die with: Insecure dependency in eval_sv() while running with -T does it still fail post change 25081 ? Ignore that, I can reproduce it now -- The Enterprise successfully ferries an alien VIP from one place to another without serious incident. -- Things That Never Happen in Star Trek #7
Re: recent blead changes have introduced tainting problems
On Thu, Jul 07, 2005 at 02:39:33PM +0100, Dave Mitchell wrote: eval_sv(123;, G_SCALAR|G_KEEPERR); die with: Insecure dependency in eval_sv() while running with -T does it still fail post change 25081 ? Ignore that, I can reproduce it now fixed by the change below. -- My get-up-and-go just got up and went. Change 25094 by [EMAIL PROTECTED] on 2005/07/07 14:47:51 more taint fallout from change 24943 Affected files ... ... //depot/perl/mg.c#358 edit ... //depot/perl/scope.c#156 edit ... //depot/perl/t/op/taint.t#68 edit Differences ... //depot/perl/mg.c#358 (text) @@ -1913,7 +1913,7 @@ Perl_magic_gettaint(pTHX_ SV *sv, MAGIC *mg) { PERL_UNUSED_ARG(sv); -TAINT_IF(mg-mg_len 1); +TAINT_IF((PL_localizing != 1) (mg-mg_len 1)); return 0; } //depot/perl/scope.c#156 (text) @@ -170,7 +170,9 @@ Perl_save_scalar(pTHX_ GV *gv) { SV **sptr = GvSV(gv); +PL_localizing = 1; SvGETMAGIC(*sptr); +PL_localizing = 0; SSCHECK(3); SSPUSHPTR(SvREFCNT_inc(gv)); SSPUSHPTR(SvREFCNT_inc(*sptr)); //depot/perl/t/op/taint.t#68 (xtext) @@ -17,7 +17,7 @@ use File::Spec::Functions; BEGIN { require './test.pl'; } -plan tests = 243; +plan tests = 244; $| = 1; @@ -1128,3 +1128,10 @@ test tainted $x99; } +# an mg_get of a tainted value during localization shouldn't taint the +# statement + +{ +eval { local $0, eval '1' }; +test $@ eq ''; +}