diff options
| author | syber <syber@crazypanda.ru> | 2014-08-04 23:47:23 +0400 |
|---|---|---|
| committer | Rafael Garcia-Suarez <rgs@consttype.org> | 2014-08-05 09:10:37 +0200 |
| commit | 23c3e71c90a1dea6c17d193db263796876d2ac52 (patch) | |
| tree | fc084c11b7a941adec03a5c04d6ccf312c6a5609 | |
| parent | 883f220b1a9552b53f705c439a73a5c235feaedc (diff) | |
| download | perl-23c3e71c90a1dea6c17d193db263796876d2ac52.tar.gz | |
Critical bugfix in module Safe (Opcode). Version increased, changelog and test added.
This example hacks outside environment:
package My::Controller;
use strict;
sub jopa { return "jopa\n"; }
package main;
use Safe;
my $s = new Safe;
my $ok = $s->reval(q{
package My::Controller;
sub jopa { return "hacked\n"; }
My::Controller->jopa();
});
print My::Controller->jopa();
| -rw-r--r-- | dist/Safe/Changes | 3 | ||||
| -rw-r--r-- | dist/Safe/Safe.pm | 2 | ||||
| -rw-r--r-- | dist/Safe/t/safesecurity.t | 32 | ||||
| -rw-r--r-- | ext/Opcode/Opcode.pm | 2 | ||||
| -rw-r--r-- | ext/Opcode/Opcode.xs | 6 |
5 files changed, 42 insertions, 3 deletions
diff --git a/dist/Safe/Changes b/dist/Safe/Changes index 8cde1db330..66b3b5103b 100644 --- a/dist/Safe/Changes +++ b/dist/Safe/Changes @@ -1,3 +1,6 @@ +2.36 Mon Aug 04 2014 + - critical bugfix: outside packages could be replaced (fix in Opcode) + 2.35 Thu Feb 21 2013 - localize %SIG in the Safe compartment - actually check that we call execution methods on a Safe object diff --git a/dist/Safe/Safe.pm b/dist/Safe/Safe.pm index 4db116dff5..2c0d56a43e 100644 --- a/dist/Safe/Safe.pm +++ b/dist/Safe/Safe.pm @@ -3,7 +3,7 @@ package Safe; use 5.003_11; use Scalar::Util qw(reftype refaddr); -$Safe::VERSION = "2.37"; +$Safe::VERSION = "2.38"; # *** Don't declare any lexicals above this point *** # diff --git a/dist/Safe/t/safesecurity.t b/dist/Safe/t/safesecurity.t new file mode 100644 index 0000000000..92cd124e67 --- /dev/null +++ b/dist/Safe/t/safesecurity.t @@ -0,0 +1,32 @@ +#!perl + +BEGIN { + require Config; + import Config; + if ($Config{'extensions'} !~ /\bOpcode\b/) { + print "1..0\n"; + exit 0; + } +} + +use strict; +use warnings; +use Test::More; +use Safe; +plan(tests => 1); + +my $c = new Safe; + +{ + package My::Controller; + sub jopa { return "jopa" } +} + +$c->reval(q{ + package My::Controller; + sub jopa { return "hacked" } + + My::Controller->jopa; # let it cache package +}); + +is(My::Controller->jopa, "jopa", "outside packages cannot be overriden"); diff --git a/ext/Opcode/Opcode.pm b/ext/Opcode/Opcode.pm index a48b01d306..3da8d945cb 100644 --- a/ext/Opcode/Opcode.pm +++ b/ext/Opcode/Opcode.pm @@ -6,7 +6,7 @@ use strict; our($VERSION, @ISA, @EXPORT_OK); -$VERSION = "1.27"; +$VERSION = "1.28"; use Carp; use Exporter (); diff --git a/ext/Opcode/Opcode.xs b/ext/Opcode/Opcode.xs index 386dddf508..594f5b2723 100644 --- a/ext/Opcode/Opcode.xs +++ b/ext/Opcode/Opcode.xs @@ -310,7 +310,7 @@ PPCODE: dummy_hv = save_hash(PL_incgv); GvHV(PL_incgv) = (HV*)SvREFCNT_inc(GvHV(gv_HVadd(gv_fetchpvs("INC",GV_ADD,SVt_PVHV)))); - /* Invalidate ISA and method caches */ + /* Invalidate class and method caches */ ++PL_sub_generation; hv_clear(PL_stashcache); @@ -320,6 +320,10 @@ PPCODE: SPAGAIN; /* for the PUTBACK added by xsubpp */ LEAVE; + /* Invalidate again */ + ++PL_sub_generation; + hv_clear(PL_stashcache); + int verify_opset(opset, fatal = 0) |