summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorZefram <zefram@fysh.org>2012-02-25 20:32:09 +0000
committerZefram <zefram@fysh.org>2012-02-25 20:38:12 +0000
commit19db9fb7213e8d346c88f2b573e378f35d81ffcf (patch)
tree60e83adf4deb9104d21bb3c3ec71b04b9fc65c8e
parente0f138939ac28fffc7b06bea23950f5dd6a72f37 (diff)
downloadperl-19db9fb7213e8d346c88f2b573e378f35d81ffcf.tar.gz
don't taint $$ determined by getpid()
Reading $$ in a tainted expression was tainting the internal sv_setiv() on $$. Since the value being set came directly from getpid(), it's always safe, so override the tainting there. Fixes [perl #109688].
-rw-r--r--mg.c5
-rw-r--r--t/op/taint.t9
2 files changed, 12 insertions, 2 deletions
diff --git a/mg.c b/mg.c
index f450d17000..8b30f93497 100644
--- a/mg.c
+++ b/mg.c
@@ -1079,9 +1079,12 @@ Perl_magic_get(pTHX_ SV *sv, MAGIC *mg)
case '$': /* $$ */
{
IV const pid = (IV)PerlProc_getpid();
- if (isGV(mg->mg_obj) || SvIV(mg->mg_obj) != pid)
+ if (isGV(mg->mg_obj) || SvIV(mg->mg_obj) != pid) {
/* never set manually, or at least not since last fork */
sv_setiv(sv, pid);
+ /* never unsafe, even if reading in a tainted expression */
+ SvTAINTED_off(sv);
+ }
/* else a value has been assigned manually, so do nothing */
}
break;
diff --git a/t/op/taint.t b/t/op/taint.t
index 0b626f340c..1b754399f9 100644
--- a/t/op/taint.t
+++ b/t/op/taint.t
@@ -17,7 +17,7 @@ BEGIN {
use strict;
use Config;
-plan tests => 791;
+plan tests => 793;
$| = 1;
@@ -2176,6 +2176,13 @@ for(1,2) {
}
pass("no death when TARG of ref is tainted");
+# $$ should not be tainted by being read in a tainted expression.
+{
+ isnt_tainted $$, "PID not tainted initially";
+ my $x = $ENV{PATH}.$$;
+ isnt_tainted $$, "PID not tainted when read in tainted expression";
+}
+
{
use feature 'fc';
use locale;