Fix bug #17744, suggested by Andreas Jurenda,

tweaked by rgs (security hole in Safe). p4raw-id: //depot/perl@17976
author: Rafael Garcia-Suarez <rgarciasuarez@gmail.com> 2002-10-04 19:44:48 +0000
committer: Rafael Garcia-Suarez <rgarciasuarez@gmail.com> 2002-10-04 19:44:48 +0000
commit: 33f7e1aa9bf0173d92dc0c0b35d57754dbf6c87e (patch)
tree: 1911bd901dde52ce9f5b8c8f211ef60770685c62 /ext/Opcode/Safe.pm
parent: abd09b040152a602af03b16a52533ea7fefb2da7 (diff)
download: perl-33f7e1aa9bf0173d92dc0c0b35d57754dbf6c87e.tar.gz
1 files changed, 3 insertions, 3 deletions
diff --git a/ext/Opcode/Safe.pm b/ext/Opcode/Safe.pm
index e8efaa941d..8d875ef5b2 100644
--- a/ext/Opcode/Safe.pm
+++ b/ext/Opcode/Safe.pm
@@ -214,11 +214,11 @@ sub reval {
     # Create anon sub ref in root of compartment.
     # Uses a closure (on $expr) to pass in the code to be executed.
     # (eval on one line to keep line numbers as expected by caller)
-	my $evalcode = sprintf('package %s; sub { eval $expr; }', $root);
+    my $evalcode = sprintf('package %s; sub { @_ = (); eval $expr; }', $root);
     my $evalsub;
 
-	if ($strict) { use strict; $evalsub = eval $evalcode; }
-	else         {  no strict; $evalsub = eval $evalcode; }
+    if ($strict) { use strict; $evalsub = eval $evalcode; }
+    else         {  no strict; $evalsub = eval $evalcode; }
 
     return Opcode::_safe_call_sv($root, $obj->{Mask}, $evalsub);
 }
author	Rafael Garcia-Suarez <rgarciasuarez@gmail.com>	2002-10-04 19:44:48 +0000
committer	Rafael Garcia-Suarez <rgarciasuarez@gmail.com>	2002-10-04 19:44:48 +0000
commit	33f7e1aa9bf0173d92dc0c0b35d57754dbf6c87e (patch)
tree	1911bd901dde52ce9f5b8c8f211ef60770685c62 /ext/Opcode/Safe.pm
parent	abd09b040152a602af03b16a52533ea7fefb2da7 (diff)
download	perl-33f7e1aa9bf0173d92dc0c0b35d57754dbf6c87e.tar.gz