diff options
author | Tony Cook <tony@develop-help.com> | 2015-12-15 10:56:54 +1100 |
---|---|---|
committer | Ricardo Signes <rjbs@cpan.org> | 2016-01-11 08:23:46 -0500 |
commit | 95b0d348019c20bd1197f702907c849c64a86cb7 (patch) | |
tree | c6f07ac30ed16aa670557ffa4b3ec78748c86718 /dist/PathTools/Cwd.xs | |
parent | 51d2955976e83fc2a9befaf685f4553a0a1c82b2 (diff) | |
download | perl-95b0d348019c20bd1197f702907c849c64a86cb7.tar.gz |
ensure File::Spec::canonpath() preserves taint
Previously the unix specific XS implementation of canonpath() would
return an untainted path when supplied a tainted path.
For the empty string case, newSVpvs() already sets taint as needed on
its result.
This issue was assigned CVE-2015-8607. [perl #126862]
Diffstat (limited to 'dist/PathTools/Cwd.xs')
-rw-r--r-- | dist/PathTools/Cwd.xs | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/dist/PathTools/Cwd.xs b/dist/PathTools/Cwd.xs index 1f174bf451..22e90c5114 100644 --- a/dist/PathTools/Cwd.xs +++ b/dist/PathTools/Cwd.xs @@ -512,6 +512,7 @@ THX_unix_canonpath(pTHX_ SV *path) *o = 0; SvPOK_on(retval); SvCUR_set(retval, o - SvPVX(retval)); + SvTAINT(retval); return retval; } |