diff options
| author | Rafael Garcia-Suarez <rgarciasuarez@gmail.com> | 2003-10-26 21:36:17 +0000 |
|---|---|---|
| committer | Rafael Garcia-Suarez <rgarciasuarez@gmail.com> | 2003-10-26 21:36:17 +0000 |
| commit | 7b756e0a3e6b2a4af093cd9686b01f419d3acefc (patch) | |
| tree | 6995276b62b65b2f4f515fce0b11080ec654b543 | |
| parent | 0d7509de16bc60421fced9c9069b224cfd591b45 (diff) | |
| download | perl-7b756e0a3e6b2a4af093cd9686b01f419d3acefc.tar.gz | |
When %ENV has been turned into a non-magical hash after a
glob assignment, TAINT_ENV() may dump core because it
assumes $ENV{PATH} is magical. Fix this ; add a test to
verify that the PATH is still checked for taintedness.
p4raw-id: //depot/perl@21542
| -rwxr-xr-x | t/op/taint.t | 14 | ||||
| -rw-r--r-- | taint.c | 11 |
2 files changed, 21 insertions, 4 deletions
diff --git a/t/op/taint.t b/t/op/taint.t index e6e1265466..557b15f20c 100755 --- a/t/op/taint.t +++ b/t/op/taint.t @@ -124,7 +124,7 @@ my $echo = "$Invoke_Perl $ECHO"; my $TEST = catfile(curdir(), 'TEST'); -print "1..206\n"; +print "1..208\n"; # First, let's make sure that Perl is checking the dangerous # environment variables. Maybe they aren't set yet, so we'll @@ -982,3 +982,15 @@ else $TAINT =~ /(.*)/; test 206, tainted(my $foo = $1); } + +{ + # test with a non-magical %ENV (and non-magical %ENV elements) + our %nonmagicalenv = ( PATH => $TAINT ); + local *ENV = \%nonmagicalenv; + eval { system("lskdfj"); }; + test 207, $@ =~ /Insecure \$ENV{PATH} while running with -T switch/; + # [perl #24291] this used to dump core + %nonmagicalenv = ( PATH => "util" ); + eval { system("lskdfj"); }; + test 208, 1; +} @@ -80,7 +80,8 @@ Perl_taint_env(pTHX) NULL }; - if (!PL_envgv) + /* Don't bother if there's no %ENV hash */ + if (!PL_envgv || !GvHV(PL_envgv)) return; #ifdef VMS @@ -98,7 +99,9 @@ Perl_taint_env(pTHX) TAINT; taint_proper("Insecure %s%s", "$ENV{DCL$PATH}"); } - if ((mg = mg_find(*svp, PERL_MAGIC_envelem)) && MgTAINTEDDIR(mg)) { + if (SvMAGICAL(*svp) + && (mg = mg_find(*svp, PERL_MAGIC_envelem)) + && MgTAINTEDDIR(mg)) { TAINT; taint_proper("Insecure directory in %s%s", "$ENV{DCL$PATH}"); } @@ -113,7 +116,9 @@ Perl_taint_env(pTHX) TAINT; taint_proper("Insecure %s%s", "$ENV{PATH}"); } - if ((mg = mg_find(*svp, PERL_MAGIC_envelem)) && MgTAINTEDDIR(mg)) { + if (SvMAGICAL(*svp) + && (mg = mg_find(*svp, PERL_MAGIC_envelem)) + && MgTAINTEDDIR(mg)) { TAINT; taint_proper("Insecure directory in %s%s", "$ENV{PATH}"); } |