diff options
author | Rafael Garcia-Suarez <rgarciasuarez@gmail.com> | 2002-10-04 19:44:48 +0000 |
---|---|---|
committer | Rafael Garcia-Suarez <rgarciasuarez@gmail.com> | 2002-10-04 19:44:48 +0000 |
commit | 33f7e1aa9bf0173d92dc0c0b35d57754dbf6c87e (patch) | |
tree | 1911bd901dde52ce9f5b8c8f211ef60770685c62 /ext | |
parent | abd09b040152a602af03b16a52533ea7fefb2da7 (diff) | |
download | perl-33f7e1aa9bf0173d92dc0c0b35d57754dbf6c87e.tar.gz |
Fix bug #17744, suggested by Andreas Jurenda,
tweaked by rgs (security hole in Safe).
p4raw-id: //depot/perl@17976
Diffstat (limited to 'ext')
-rw-r--r-- | ext/Opcode/Safe.pm | 6 | ||||
-rw-r--r-- | ext/Safe/safe3.t | 33 |
2 files changed, 36 insertions, 3 deletions
diff --git a/ext/Opcode/Safe.pm b/ext/Opcode/Safe.pm index e8efaa941d..8d875ef5b2 100644 --- a/ext/Opcode/Safe.pm +++ b/ext/Opcode/Safe.pm @@ -214,11 +214,11 @@ sub reval { # Create anon sub ref in root of compartment. # Uses a closure (on $expr) to pass in the code to be executed. # (eval on one line to keep line numbers as expected by caller) - my $evalcode = sprintf('package %s; sub { eval $expr; }', $root); + my $evalcode = sprintf('package %s; sub { @_ = (); eval $expr; }', $root); my $evalsub; - if ($strict) { use strict; $evalsub = eval $evalcode; } - else { no strict; $evalsub = eval $evalcode; } + if ($strict) { use strict; $evalsub = eval $evalcode; } + else { no strict; $evalsub = eval $evalcode; } return Opcode::_safe_call_sv($root, $obj->{Mask}, $evalsub); } diff --git a/ext/Safe/safe3.t b/ext/Safe/safe3.t new file mode 100644 index 0000000000..c924762faa --- /dev/null +++ b/ext/Safe/safe3.t @@ -0,0 +1,33 @@ +#!perl + +BEGIN { + if ($ENV{PERL_CORE}) { + chdir 't' if -d 't'; + @INC = '../lib'; + require Config; import Config; + if ($Config{'extensions'} !~ /\bOpcode\b/ + && $Config{'extensions'} !~ /\bPOSIX\b/ + && $Config{'osname'} ne 'VMS') + { + print "1..0\n"; + exit 0; + } + } +} + +use strict; +use warnings; +use POSIX qw(ceil); +use Test::More tests => 1; +use Safe; + +my $safe = new Safe; +$safe->deny('add'); + +# Attempt to change the opmask from within the safe compartment +$safe->reval( qq{\$_[1] = q/\0/ x } . ceil( Opcode::opcodes / 8 ) ); + +# Check that it didn't work +$safe->reval( q{$x + $y} ); +like( $@, qr/^'?addition \(\+\)'? trapped by operation mask/, + 'opmask still in place' ); |