summaryrefslogtreecommitdiff
path: root/ext/Cwd
diff options
context:
space:
mode:
authorJarkko Hietaniemi <jhi@iki.fi>2001-09-04 21:03:17 +0000
committerJarkko Hietaniemi <jhi@iki.fi>2001-09-04 21:03:17 +0000
commitea7154893ee587d7e47bcebff9e70757b48a38bd (patch)
tree89306d510949a89b900db58c3f67a411466d5476 /ext/Cwd
parent7c474504105f41654af9663caa833041d25306dc (diff)
downloadperl-ea7154893ee587d7e47bcebff9e70757b48a38bd.tar.gz
Fix Cwd::getcwd() not being tainted, as noticed
by Schwern. p4raw-id: //depot/perl@11873
Diffstat (limited to 'ext/Cwd')
-rw-r--r--ext/Cwd/Cwd.xs14
-rw-r--r--ext/Cwd/t/cwd.t (renamed from ext/Cwd/Cwd.t)0
-rw-r--r--ext/Cwd/t/taint.t21
3 files changed, 27 insertions, 8 deletions
diff --git a/ext/Cwd/Cwd.xs b/ext/Cwd/Cwd.xs
index 303ef70a02..a82404f156 100644
--- a/ext/Cwd/Cwd.xs
+++ b/ext/Cwd/Cwd.xs
@@ -226,22 +226,20 @@ PPCODE:
{
dXSTARG;
char *path;
- STRLEN len;
char buf[MAXPATHLEN];
- if (pathsv)
- path = SvPV(pathsv, len);
- else {
- path = ".";
- len = 1;
- }
+ path = pathsv ? SvPV_nolen(pathsv) : ".";
if (bsd_realpath(path, buf)) {
sv_setpvn(TARG, buf, strlen(buf));
SvPOK_only(TARG);
+ SvTAINTED_on(TARG);
}
else
- sv_setsv(TARG, &PL_sv_undef);
+ sv_setsv(TARG, &PL_sv_undef);
XSprePUSH; PUSHTARG;
+#ifndef INCOMPLETE_TAINTS
+ SvTAINTED_on(TARG);
+#endif
}
diff --git a/ext/Cwd/Cwd.t b/ext/Cwd/t/cwd.t
index 09b45d6004..09b45d6004 100644
--- a/ext/Cwd/Cwd.t
+++ b/ext/Cwd/t/cwd.t
diff --git a/ext/Cwd/t/taint.t b/ext/Cwd/t/taint.t
new file mode 100644
index 0000000000..036b2b1b8e
--- /dev/null
+++ b/ext/Cwd/t/taint.t
@@ -0,0 +1,21 @@
+#!./perl -Tw
+# Testing Cwd under taint mode.
+
+BEGIN {
+ chdir 't' if -d 't';
+ @INC = '../lib';
+}
+
+use Cwd;
+use Test::More tests => 2;
+
+# The normal kill() trick is not portable.
+sub is_tainted {
+ return ! eval { eval("#" . substr(join("", @_), 0, 0)); 1 };
+}
+
+my $cwd;
+eval { $cwd = getcwd; };
+is( $@, '', 'getcwd() does not explode under taint mode' );
+ok( is_tainted($cwd), "it's return value is tainted" );
+