Change 34860 by [EMAIL PROTECTED] on 2008/11/17 07:33:24
Subject: Re: [perl #59998] [PATCH] crypt() returns tainted data even
when input strings are detainted
From: Chip Salzenberg <[EMAIL PROTECTED]>
Date: Sun, 16 Nov 2008 23:14:30 -0800
Message-ID: <[EMAIL PROTECTED]>
Affected files ...
... //depot/perl/pp.c#644 edit
... //depot/perl/t/op/taint.t#91 edit
Differences ...
==== //depot/perl/pp.c#644 (text) ====
Index: perl/pp.c
--- perl/pp.c#643~34829~ 2008-11-12 21:47:34.000000000 -0800
+++ perl/pp.c 2008-11-16 23:33:24.000000000 -0800
@@ -2553,7 +2553,7 @@
sv_usepvn_flags(TARG, (char*)result, nchar, SV_HAS_TRAILING_NUL);
SvUTF8_off(TARG);
}
- SETs(TARG);
+ SETTARG;
RETURN;
}
#ifdef LIBERAL
@@ -2569,8 +2569,7 @@
#endif
for ( ; anum > 0; anum--, tmps++)
*tmps = ~*tmps;
-
- SETs(TARG);
+ SETTARG;
}
RETURN;
}
@@ -3514,7 +3513,7 @@
# else
sv_setpv(TARG, PerlProc_crypt(tmps, SvPV_nolen_const(right)));
# endif
- SETs(TARG);
+ SETTARG;
RETURN;
#else
DIE(aTHX_
@@ -3899,9 +3898,7 @@
}
else
sv_setpvn(TARG, s, len);
- SETs(TARG);
- if (SvSMAGICAL(TARG))
- mg_set(TARG);
+ SETTARG;
RETURN;
}
==== //depot/perl/t/op/taint.t#91 (xtext) ====
Index: perl/t/op/taint.t
--- perl/t/op/taint.t#90~34180~ 2008-08-07 03:12:44.000000000 -0700
+++ perl/t/op/taint.t 2008-11-16 23:33:24.000000000 -0800
@@ -17,7 +17,7 @@
use File::Spec::Functions;
BEGIN { require './test.pl'; }
-plan tests => 267;
+plan tests => 271;
$| = 1;
@@ -1252,6 +1252,21 @@
ok(!tainted($1), "\\S match with chr $ord");
}
+{
+ # 59998
+ sub cr { my $x = crypt($_[0], $_[1]); $x }
+ sub co { my $x = ~$_[0]; $x }
+ my ($a, $b);
+ $a = cr('hello', 'foo' . $TAINT);
+ $b = cr('hello', 'foo');
+ ok(tainted($a), "tainted crypt");
+ ok(!tainted($b), "untainted crypt");
+ $a = co('foo' . $TAINT);
+ $b = co('foo');
+ ok(tainted($a), "tainted complement");
+ ok(!tainted($b), "untainted complement");
+}
+
# This may bomb out with the alarm signal so keep it last
SKIP: {
skip "No alarm()" unless $Config{d_alarm};
End of Patch.
