diff options
| author | Craig A. Berry <craigberry@mac.com> | 2013-09-14 18:25:58 -0500 |
|---|---|---|
| committer | Craig A. Berry <craigberry@mac.com> | 2013-09-16 21:06:53 -0500 |
| commit | ddc65b67716e249b363fe390e4bc08a259b2fed1 (patch) | |
| tree | 6321dd17dd47c29e94999918d895ddcafd151506 | |
| parent | 21869cac5ad982d653d92969f57df591682e8998 (diff) | |
| download | perl-ddc65b67716e249b363fe390e4bc08a259b2fed1.tar.gz | |
Earlier safety check for @INC entry in pp_require.
In order to make sure we find embedded NULs early enough, before
the directories in @INC have been through library calls that use C
strings, check each directory in pp_require before concatenating
a filename onto it.
| -rw-r--r-- | pp_ctl.c | 2 | ||||
| -rw-r--r-- | t/op/require_errors.t | 2 |
2 files changed, 3 insertions, 1 deletions
@@ -3969,6 +3969,8 @@ PP(pp_require) dirlen = 0; } + if (!IS_SAFE_SYSCALL(dir, dirlen, "@INC entry", "require")) + continue; #ifdef VMS if (((unixdirbuf = SvPVX(sv_2mortal(newSVpv("", VMS_MAXRSS-1)))) == NULL) || ((unixdir = tounixpath(dir, unixdirbuf)) == NULL)) diff --git a/t/op/require_errors.t b/t/op/require_errors.t index 28a52e35d9..ec7a12261d 100644 --- a/t/op/require_errors.t +++ b/t/op/require_errors.t @@ -128,7 +128,7 @@ like $@, qr/^Can't locate strict\.pm\\0invalid: /, 'do nul check'; local @INC = @INC; unshift @INC, "lib\0invalid"; eval { require "unknown.pm" }; - like $WARN, qr{^Invalid \\0 character in pathname for require: lib\\0invalid/unknown\.pm at }, 'nul warning'; + like $WARN, qr{^Invalid \\0 character in \@INC entry for require: lib\\0invalid at }, 'nul warning'; } eval "require strict\0::invalid;"; like $@, qr/^syntax error at \(eval \d+\) line 1/, 'parse error with \0 in barewords module names'; |