Change 34860 by [EMAIL PROTECTED] on 2008/11/17 07:33:24 Subject: Re: [perl #59998] [PATCH] crypt() returns tainted data even when input strings are detainted From: Chip Salzenberg <[EMAIL PROTECTED]> Date: Sun, 16 Nov 2008 23:14:30 -0800 Message-ID: <[EMAIL PROTECTED]>
Affected files ... ... //depot/perl/pp.c#644 edit ... //depot/perl/t/op/taint.t#91 edit Differences ... ==== //depot/perl/pp.c#644 (text) ==== Index: perl/pp.c --- perl/pp.c#643~34829~ 2008-11-12 21:47:34.000000000 -0800 +++ perl/pp.c 2008-11-16 23:33:24.000000000 -0800 @@ -2553,7 +2553,7 @@ sv_usepvn_flags(TARG, (char*)result, nchar, SV_HAS_TRAILING_NUL); SvUTF8_off(TARG); } - SETs(TARG); + SETTARG; RETURN; } #ifdef LIBERAL @@ -2569,8 +2569,7 @@ #endif for ( ; anum > 0; anum--, tmps++) *tmps = ~*tmps; - - SETs(TARG); + SETTARG; } RETURN; } @@ -3514,7 +3513,7 @@ # else sv_setpv(TARG, PerlProc_crypt(tmps, SvPV_nolen_const(right))); # endif - SETs(TARG); + SETTARG; RETURN; #else DIE(aTHX_ @@ -3899,9 +3898,7 @@ } else sv_setpvn(TARG, s, len); - SETs(TARG); - if (SvSMAGICAL(TARG)) - mg_set(TARG); + SETTARG; RETURN; } ==== //depot/perl/t/op/taint.t#91 (xtext) ==== Index: perl/t/op/taint.t --- perl/t/op/taint.t#90~34180~ 2008-08-07 03:12:44.000000000 -0700 +++ perl/t/op/taint.t 2008-11-16 23:33:24.000000000 -0800 @@ -17,7 +17,7 @@ use File::Spec::Functions; BEGIN { require './test.pl'; } -plan tests => 267; +plan tests => 271; $| = 1; @@ -1252,6 +1252,21 @@ ok(!tainted($1), "\\S match with chr $ord"); } +{ + # 59998 + sub cr { my $x = crypt($_[0], $_[1]); $x } + sub co { my $x = ~$_[0]; $x } + my ($a, $b); + $a = cr('hello', 'foo' . $TAINT); + $b = cr('hello', 'foo'); + ok(tainted($a), "tainted crypt"); + ok(!tainted($b), "untainted crypt"); + $a = co('foo' . $TAINT); + $b = co('foo'); + ok(tainted($a), "tainted complement"); + ok(!tainted($b), "untainted complement"); +} + # This may bomb out with the alarm signal so keep it last SKIP: { skip "No alarm()" unless $Config{d_alarm}; End of Patch.