diff options
| author | David Mitchell <davem@iabyn.com> | 2010-08-25 12:15:41 +0100 |
|---|---|---|
| committer | David Mitchell <davem@iabyn.com> | 2010-08-25 12:15:41 +0100 |
| commit | 07004ebbe530fe5ce1c67e63c0b8e1c0aa77b3b9 (patch) | |
| tree | 1edfd5adf69112c113382f0ad93608189dee10d1 | |
| parent | 3f9bb6b034fc3e91c3576718cf4783d1f5fa55f9 (diff) | |
| download | perl-07004ebbe530fe5ce1c67e63c0b8e1c0aa77b3b9.tar.gz | |
don't taint $DB::sub
[perl #76872] showed a case where code like the following, run under -d,
would cause $DB::sub to get set:
$tainted_expression && func()
The tainted expression sets PL_tainted, so calling func() under -d, which
sets $DB::sub, causes it to get tainted.
Consequently any further sub calls would set PL_tainted while getting the
old value of $DB::sub (and cause the new value to be tainted too), and if
the sub was XS, then its code would be executed with PL_tainted set.
It isn't an issue with perl subs as the first nextstate op resets
PL_tainted.
| -rw-r--r-- | MANIFEST | 1 | ||||
| -rw-r--r-- | lib/perl5db.t | 11 | ||||
| -rw-r--r-- | lib/perl5db/t/taint | 17 | ||||
| -rw-r--r-- | util.c | 4 |
4 files changed, 32 insertions, 1 deletions
@@ -3603,6 +3603,7 @@ lib/perl5db/t/proxy-constants Tests for the Perl debugger lib/perl5db/t/rt-61222 Tests for the Perl debugger lib/perl5db/t/rt-66110 Tests for the Perl debugger lib/perl5db/t/symbol-table-bug Tests for the Perl debugger +lib/perl5db/t/taint Tests for the Perl debugger lib/PerlIO.pm PerlIO support module lib/Pod/Functions.pm used by pod/splitpod lib/Pod/Html.pm Convert POD data to HTML diff --git a/lib/perl5db.t b/lib/perl5db.t index 3f68759efe..b2f72661c6 100644 --- a/lib/perl5db.t +++ b/lib/perl5db.t @@ -27,7 +27,7 @@ my $dev_tty = '/dev/tty'; } } -plan(8); +plan(9); sub rc { open RC, ">", ".perldb" or die $!; @@ -167,6 +167,15 @@ SKIP: { like($output, "All tests successful.", "[perl #66110]"); } +# taint tests + +{ + local $ENV{PERLDB_OPTS} = "ReadLine=0 NonStop=1"; + my $output = runperl(switches => [ '-d', '-T' ], stderr => 1, + progfile => '../lib/perl5db/t/taint'); + is($output, '[$^X][done]', "taint"); +} + # clean up. diff --git a/lib/perl5db/t/taint b/lib/perl5db/t/taint new file mode 100644 index 0000000000..e40f1945c7 --- /dev/null +++ b/lib/perl5db/t/taint @@ -0,0 +1,17 @@ +#!/usr/bin/perl -T +# +# This code is used by lib/perl5db.t !!! +# +use Scalar::Util qw(tainted); + +# [perl #76872] don't taint $DB::sub + +sub f {} + +BEGIN { + print "[\$^X]" if tainted($^X); + ($^X || 1) && f(); # maybe taint $DB::sub; + print "[\$DB::sub]" if tainted($DB::sub); +} +print "[done]"; + @@ -6489,12 +6489,15 @@ Perl_get_db_sub(pTHX_ SV **svp, CV *cv) { dVAR; SV * const dbsv = GvSVn(PL_DBsub); + const bool save_taint = PL_tainted; + /* We do not care about using sv to call CV; * it's for informational purposes only. */ PERL_ARGS_ASSERT_GET_DB_SUB; + PL_tainted = FALSE; save_item(dbsv); if (!PERLDB_SUB_NN) { GV * const gv = CvGV(cv); @@ -6521,6 +6524,7 @@ Perl_get_db_sub(pTHX_ SV **svp, CV *cv) (void)SvIOK_on(dbsv); SvIV_set(dbsv, PTR2IV(cv)); /* Do it the quickest way */ } + TAINT_IF(save_taint); } int |