recent blead changes have introduced tainting problems

2005-07-07 Thread Stas Bekman 
i'm trying to get mod_perl2 working with blead, something has changed with 
the tainting, I now get:


  eval_sv(123;, G_SCALAR|G_KEEPERR);

die with:

  Insecure dependency in eval_sv() while running with -T

Further checking shows that the TAINT flag gets raised after this code 
(preceding the eval_sv line above):


  GV *gv = gv_fetchpv(0, TRUE, SVt_PV);
  save_scalar(gv); /* local $0 */

running TAINT_NOT after it fixes the problem

Dave? Can you reproduce this problem?

Things work fine with 5.8.x

--
__
Stas BekmanJAm_pH -- Just Another mod_perl Hacker
http://stason.org/ mod_perl Guide --- http://perl.apache.org
mailto:[EMAIL PROTECTED] http://use.perl.org http://apacheweek.com
http://modperlbook.org http://apache.org   http://ticketmaster.com

Re: recent blead changes have introduced tainting problems

2005-07-07 Thread Dave Mitchell 
On Thu, Jul 07, 2005 at 03:14:47PM +0300, Stas Bekman wrote:
 i'm trying to get mod_perl2 working with blead, something has changed with 
 the tainting, I now get:
 
   eval_sv(123;, G_SCALAR|G_KEEPERR);
 
 die with:
 
   Insecure dependency in eval_sv() while running with -T

does it still fail post change 25081 ?

-- 
O Unicef Clearasil!
Gibberish and Drivel!
  - Bored of the Rings

Re: recent blead changes have introduced tainting problems

2005-07-07 Thread Dave Mitchell 
On Thu, Jul 07, 2005 at 02:24:08PM +0100, Dave Mitchell wrote:
 On Thu, Jul 07, 2005 at 03:14:47PM +0300, Stas Bekman wrote:
  i'm trying to get mod_perl2 working with blead, something has changed with 
  the tainting, I now get:
  
eval_sv(123;, G_SCALAR|G_KEEPERR);
  
  die with:
  
Insecure dependency in eval_sv() while running with -T
 
 does it still fail post change 25081 ?

Ignore that, I can reproduce it now

-- 
The Enterprise successfully ferries an alien VIP from one place to another
without serious incident.
-- Things That Never Happen in Star Trek #7

Re: recent blead changes have introduced tainting problems

2005-07-07 Thread Dave Mitchell 
On Thu, Jul 07, 2005 at 02:39:33PM +0100, Dave Mitchell wrote:
 eval_sv(123;, G_SCALAR|G_KEEPERR);
   
   die with:
   
 Insecure dependency in eval_sv() while running with -T
  
  does it still fail post change 25081 ?
 
 Ignore that, I can reproduce it now

fixed by the change below.

-- 
My get-up-and-go just got up and went.


Change 25094 by [EMAIL PROTECTED] on 2005/07/07 14:47:51

more taint fallout from change 24943

Affected files ...

... //depot/perl/mg.c#358 edit
... //depot/perl/scope.c#156 edit
... //depot/perl/t/op/taint.t#68 edit

Differences ...

 //depot/perl/mg.c#358 (text) 

@@ -1913,7 +1913,7 @@
 Perl_magic_gettaint(pTHX_ SV *sv, MAGIC *mg)
 {
 PERL_UNUSED_ARG(sv);
-TAINT_IF(mg-mg_len  1);
+TAINT_IF((PL_localizing != 1)  (mg-mg_len  1));
 return 0;
 }
 

 //depot/perl/scope.c#156 (text) 

@@ -170,7 +170,9 @@
 Perl_save_scalar(pTHX_ GV *gv)
 {
 SV **sptr = GvSV(gv);
+PL_localizing = 1;
 SvGETMAGIC(*sptr);
+PL_localizing = 0;
 SSCHECK(3);
 SSPUSHPTR(SvREFCNT_inc(gv));
 SSPUSHPTR(SvREFCNT_inc(*sptr));

 //depot/perl/t/op/taint.t#68 (xtext) 

@@ -17,7 +17,7 @@
 use File::Spec::Functions;
 
 BEGIN { require './test.pl'; }
-plan tests = 243;
+plan tests = 244;
 
 
 $| = 1;
@@ -1128,3 +1128,10 @@
 test tainted $x99;
 }
 
+# an mg_get of a tainted value during localization shouldn't taint the
+# statement
+
+{
+eval { local $0, eval '1' };
+test $@ eq '';
+}