ensure File::Spec::canonpath() preserves taint

Previously the unix specific XS implementation of canonpath() would return an untainted path when supplied a tainted path. For the empty string case, newSVpvs() already sets taint as needed on its result. This issue was assigned CVE-2015-8607. [perl #126862]
author: Tony Cook <tony@develop-help.com> 2015-12-15 10:56:54 +1100
committer: Ricardo Signes <rjbs@cpan.org> 2016-01-11 08:23:46 -0500
commit: 95b0d348019c20bd1197f702907c849c64a86cb7 (patch)
tree: c6f07ac30ed16aa670557ffa4b3ec78748c86718 /dist/PathTools/Cwd.xs
parent: 51d2955976e83fc2a9befaf685f4553a0a1c82b2 (diff)
download: perl-95b0d348019c20bd1197f702907c849c64a86cb7.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/dist/PathTools/Cwd.xs b/dist/PathTools/Cwd.xs
index 1f174bf451..22e90c5114 100644
--- a/dist/PathTools/Cwd.xs
+++ b/dist/PathTools/Cwd.xs
@@ -512,6 +512,7 @@ THX_unix_canonpath(pTHX_ SV *path)
     *o = 0;
     SvPOK_on(retval);
     SvCUR_set(retval, o - SvPVX(retval));
+    SvTAINT(retval);
     return retval;
 }
author	Tony Cook <tony@develop-help.com>	2015-12-15 10:56:54 +1100
committer	Ricardo Signes <rjbs@cpan.org>	2016-01-11 08:23:46 -0500
commit	95b0d348019c20bd1197f702907c849c64a86cb7 (patch)
tree	c6f07ac30ed16aa670557ffa4b3ec78748c86718 /dist/PathTools/Cwd.xs
parent	51d2955976e83fc2a9befaf685f4553a0a1c82b2 (diff)
download	perl-95b0d348019c20bd1197f702907c849c64a86cb7.tar.gz