diff options
| author | Rafael Garcia-Suarez <rgarciasuarez@gmail.com> | 2006-11-07 14:23:08 +0000 |
|---|---|---|
| committer | Rafael Garcia-Suarez <rgarciasuarez@gmail.com> | 2006-11-07 14:23:08 +0000 |
| commit | 20ee07fbbcfa6be9f90bb8e5474a4d69d7396617 (patch) | |
| tree | 87e5cf2fe703defa8b16f8bfff236db0bdad5d2d | |
| parent | d6686524f4a322ce27e0eebf255af3fb3431796c (diff) | |
| download | perl-20ee07fbbcfa6be9f90bb8e5474a4d69d7396617.tar.gz | |
Forbid using tainted formats in printf and sprintf
p4raw-id: //depot/perl@29225
| -rw-r--r-- | pod/perl595delta.pod | 5 | ||||
| -rw-r--r-- | pp.c | 2 | ||||
| -rw-r--r-- | pp_sys.c | 2 | ||||
| -rwxr-xr-x | t/op/taint.t | 13 |
4 files changed, 21 insertions, 1 deletions
diff --git a/pod/perl595delta.pod b/pod/perl595delta.pod index a7e3b40508..98044d85f4 100644 --- a/pod/perl595delta.pod +++ b/pod/perl595delta.pod @@ -11,6 +11,11 @@ between 5.8.0 and 5.9.4. =head1 Incompatible Changes +=head2 Tainting and printf + +When perl is run under taint mode, C<printf()> and C<sprintf()> will now +reject any tainted format argument. + =head2 Removal of the bytecode compiler and of perlcc C<perlcc>, the byteloader and the supporting modules (B::C, B::CC, @@ -3310,6 +3310,8 @@ PP(pp_index) PP(pp_sprintf) { dVAR; dSP; dMARK; dORIGMARK; dTARGET; + if (SvTAINTED(MARK[1])) + TAINT_PROPER("sprintf"); do_sprintf(TARG, SP-MARK, MARK+1); TAINT_IF(SvTAINTED(TARG)); SP = ORIGMARK; @@ -1485,6 +1485,8 @@ PP(pp_prtf) goto just_say_no; } else { + if (SvTAINTED(MARK[1])) + TAINT_PROPER("printf"); do_sprintf(sv, SP - MARK, MARK + 1); if (!do_print(sv, fp)) goto just_say_no; diff --git a/t/op/taint.t b/t/op/taint.t index 8311690194..be9071fdd2 100755 --- a/t/op/taint.t +++ b/t/op/taint.t @@ -17,7 +17,7 @@ use Config; use File::Spec::Functions; BEGIN { require './test.pl'; } -plan tests => 251; +plan tests => 255; $| = 1; @@ -1204,3 +1204,14 @@ SKIP: $o->untainted; } +{ + # tests for tainted format in s?printf + eval { printf($TAINT . "# %s\n", "foo") }; + like($@, qr/^Insecure dependency in printf/, q/printf doesn't like tainted formats/); + eval { printf("# %s\n", $TAINT . "foo") }; + ok(!$@, q/printf accepts other tainted args/); + eval { sprintf($TAINT . "# %s\n", "foo") }; + like($@, qr/^Insecure dependency in sprintf/, q/sprintf doesn't like tainted formats/); + eval { sprintf("# %s\n", $TAINT . "foo") }; + ok(!$@, q/sprintf accepts other tainted args/); +} |