diff options
| author | Jarkko Hietaniemi <jhi@iki.fi> | 2001-09-04 21:03:17 +0000 |
|---|---|---|
| committer | Jarkko Hietaniemi <jhi@iki.fi> | 2001-09-04 21:03:17 +0000 |
| commit | ea7154893ee587d7e47bcebff9e70757b48a38bd (patch) | |
| tree | 89306d510949a89b900db58c3f67a411466d5476 | |
| parent | 7c474504105f41654af9663caa833041d25306dc (diff) | |
| download | perl-ea7154893ee587d7e47bcebff9e70757b48a38bd.tar.gz | |
Fix Cwd::getcwd() not being tainted, as noticed
by Schwern.
p4raw-id: //depot/perl@11873
| -rw-r--r-- | MANIFEST | 7 | ||||
| -rw-r--r-- | ext/Cwd/Cwd.xs | 14 | ||||
| -rw-r--r-- | ext/Cwd/t/cwd.t (renamed from ext/Cwd/Cwd.t) | 0 | ||||
| -rw-r--r-- | ext/Cwd/t/taint.t | 21 | ||||
| -rw-r--r-- | util.c | 4 |
5 files changed, 35 insertions, 11 deletions
@@ -103,9 +103,10 @@ ext/ByteLoader/byterun.c Runtime support for bytecode loader ext/ByteLoader/byterun.h Header for byterun.c ext/ByteLoader/hints/sunos.pl Hints for named architecture ext/ByteLoader/Makefile.PL Bytecode loader makefile writer -ext/Cwd/Cwd.t See if Cwd works -ext/Cwd/Cwd.xs Cwd extension external subroutines -ext/Cwd/Makefile.PL Cwd extension makefile maker +ext/Cwd/Cwd.xs Cwd extension external subroutines +ext/Cwd/t/cwd.t See if Cwd works +ext/Cwd/t/taint.t See if Cwd works with taint +ext/Cwd/Makefile.PL Cwd extension makefile maker ext/Data/Dumper/Changes Data pretty printer, changelog ext/Data/Dumper/Dumper.pm Data pretty printer, module ext/Data/Dumper/Dumper.xs Data pretty printer, externals diff --git a/ext/Cwd/Cwd.xs b/ext/Cwd/Cwd.xs index 303ef70a02..a82404f156 100644 --- a/ext/Cwd/Cwd.xs +++ b/ext/Cwd/Cwd.xs @@ -226,22 +226,20 @@ PPCODE: { dXSTARG; char *path; - STRLEN len; char buf[MAXPATHLEN]; - if (pathsv) - path = SvPV(pathsv, len); - else { - path = "."; - len = 1; - } + path = pathsv ? SvPV_nolen(pathsv) : "."; if (bsd_realpath(path, buf)) { sv_setpvn(TARG, buf, strlen(buf)); SvPOK_only(TARG); + SvTAINTED_on(TARG); } else - sv_setsv(TARG, &PL_sv_undef); + sv_setsv(TARG, &PL_sv_undef); XSprePUSH; PUSHTARG; +#ifndef INCOMPLETE_TAINTS + SvTAINTED_on(TARG); +#endif } diff --git a/ext/Cwd/Cwd.t b/ext/Cwd/t/cwd.t index 09b45d6004..09b45d6004 100644 --- a/ext/Cwd/Cwd.t +++ b/ext/Cwd/t/cwd.t diff --git a/ext/Cwd/t/taint.t b/ext/Cwd/t/taint.t new file mode 100644 index 0000000000..036b2b1b8e --- /dev/null +++ b/ext/Cwd/t/taint.t @@ -0,0 +1,21 @@ +#!./perl -Tw +# Testing Cwd under taint mode. + +BEGIN { + chdir 't' if -d 't'; + @INC = '../lib'; +} + +use Cwd; +use Test::More tests => 2; + +# The normal kill() trick is not portable. +sub is_tainted { + return ! eval { eval("#" . substr(join("", @_), 0, 0)); 1 }; +} + +my $cwd; +eval { $cwd = getcwd; }; +is( $@, '', 'getcwd() does not explode under taint mode' ); +ok( is_tainted($cwd), "it's return value is tainted" ); + @@ -3719,6 +3719,10 @@ Perl_getcwd_sv(pTHX_ register SV *sv) { #ifndef PERL_MICRO +#ifndef INCOMPLETE_TAINTS + SvTAINTED_on(sv); +#endif + #ifdef HAS_GETCWD { char buf[MAXPATHLEN]; |