diff options
| author | Tony Cook <tony@develop-help.com> | 2013-08-26 11:26:19 +1000 |
|---|---|---|
| committer | Tony Cook <tony@develop-help.com> | 2013-08-26 14:06:16 +1000 |
| commit | c8028aa68dedb3c7683abb0bcf0fdba782a1190e (patch) | |
| tree | 0c1acb4263f2d3d1b08e2e42d1ad18b2686617d8 /embed.fnc | |
| parent | 5f7c1602dfa694a4a6761e9e4fc077ce794f7ff0 (diff) | |
| download | perl-c8028aa68dedb3c7683abb0bcf0fdba782a1190e.tar.gz | |
[perl #117265] safesyscalls: check embedded nul in syscall args
Check for the nul char in pathnames and string arguments to
syscalls, return undef and set errno to ENOENT.
Added to the io warnings category syscalls.
Strings with embedded \0 chars were prev. ignored in the syscall but
kept in perl. The hidden payloads in these invalid string args may cause
unnoticed security problems, as they are hard to detect, ignored by
the syscalls but kept around in perl PVs.
Allow an ending \0 though, as several modules add a \0 to
such strings without adjusting the length.
This is based on a change originally by Reini Urban, but pretty much
all of the code has been replaced.
Diffstat (limited to 'embed.fnc')
| -rw-r--r-- | embed.fnc | 6 |
1 files changed, 4 insertions, 2 deletions
@@ -1601,6 +1601,8 @@ Am |I32 |whichsig |NN const char* sig Ap |I32 |whichsig_sv |NN SV* sigsv Ap |I32 |whichsig_pv |NN const char* sig Ap |I32 |whichsig_pvn |NN const char* sig|STRLEN len +: used to check for NULs in pathnames and other names +AiR |bool |is_safe_syscall|NN SV *pv|NN const char *what|NN const char *op_name : Used in pp_ctl.c p |void |write_to_stderr|NN SV* msv : Used in op.c @@ -2280,7 +2282,7 @@ s |void |printbuf |NN const char *const fmt|NN const char *const s EXMp |bool |validate_proto |NN SV *name|NULLOK SV *proto|bool warn #if defined(PERL_IN_UNIVERSAL_C) -s |bool|isa_lookup |NN HV *stash|NN const char * const name \ +s |bool |isa_lookup |NN HV *stash|NN const char * const name \ |STRLEN len|U32 flags #endif @@ -2292,7 +2294,7 @@ s |bool |is_cur_LC_category_utf8|int category #if defined(PERL_IN_UTIL_C) s |const COP*|closest_cop |NN const COP *cop|NULLOK const OP *o s |SV* |mess_alloc -s |SV *|with_queued_errors|NN SV *ex +s |SV * |with_queued_errors|NN SV *ex s |bool |invoke_exception_hook|NULLOK SV *ex|bool warn #if defined(PERL_MEM_LOG) && !defined(PERL_MEM_LOG_NOIMPL) sn |void |mem_log_common |enum mem_log_type mlt|const UV n|const UV typesize \ |