Security hole in taint checking in open()

Message-Id: <Pine.LNX.4.33.0107182248330.11996-100000@chaos.tentacle.net> p4raw-id: //depot/perl@11410
author: deekoo <deekoo@tentacle.net> 2001-07-18 17:03:46 -0700
committer: Nick Ing-Simmons <nik@tiuk.ti.com> 2001-07-19 06:39:35 +0000
commit: dd531b3b18052c3e70d0cb325e89704d77851a3f (patch)
tree: 5946bda295b8d5bff5d925af12662decd8dc5f96
parent: f9d00e575aebafe3654e695fbdbbf992a84f7b30 (diff)
download: perl-dd531b3b18052c3e70d0cb325e89704d77851a3f.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/doio.c b/doio.c
index d0d28b026c..e8ee679f52 100644
--- a/doio.c
+++ b/doio.c
@@ -235,6 +235,7 @@ Perl_do_openn(pTHX_ GV *gv, register char *name, I32 len, int as_raw,
 	if ((*type == IoTYPE_RDWR) && /* scary */
            (*(type+1) == IoTYPE_RDONLY || *(type+1) == IoTYPE_WRONLY) &&
 	    ((!num_svs || (tend > type+1 && tend[-1] != IoTYPE_PIPE)))) {
+        TAINT_PROPER("open");
 	    mode[1] = *type++;
 	    writing = 1;
 	}
author	deekoo <deekoo@tentacle.net>	2001-07-18 17:03:46 -0700
committer	Nick Ing-Simmons <nik@tiuk.ti.com>	2001-07-19 06:39:35 +0000
commit	dd531b3b18052c3e70d0cb325e89704d77851a3f (patch)
tree	5946bda295b8d5bff5d925af12662decd8dc5f96
parent	f9d00e575aebafe3654e695fbdbbf992a84f7b30 (diff)
download	perl-dd531b3b18052c3e70d0cb325e89704d77851a3f.tar.gz