Fix checks for tainted dir in $ENV{PATH}

$ cat > foo #!/usr/bin/perl print "What?!\n" ^D $ chmod +x foo $ ./perl -Ilib -Te '$ENV{PATH}="."; exec "foo"' Insecure directory in $ENV{PATH} while running with -T switch at -e line 1. That is what I expect to see. But: $ ./perl -Ilib -Te '$ENV{PATH}="/\\:."; exec "foo"' What?! Perl is allowing the \ to escape the :, but the \ is not treated as an escape by the system, allowing a relative path in PATH to be consid- ered safe.
author: Father Chrysostomos <sprout@cpan.org> 2016-09-03 13:30:22 -0700
committer: Father Chrysostomos <sprout@cpan.org> 2016-09-03 18:51:41 -0700
commit: ba0a4150f6f1604df236035adf6df18bd43de88e (patch)
tree: 04c01c3acb428079b256a36f99efb832403e68d7 /mg.c
parent: fac2c98c83b1d3b5039146aa7b14e3ed41f65cc4 (diff)
download: perl-ba0a4150f6f1604df236035adf6df18bd43de88e.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/mg.c b/mg.c
index 874933f6ff..8b182e6f24 100644
--- a/mg.c
+++ b/mg.c
@@ -1217,7 +1217,7 @@ Perl_magic_setenv(pTHX_ SV *sv, MAGIC *mg)
 #else
 		const char path_sep = ':';
 #endif
-		s = delimcpy(tmpbuf, tmpbuf + sizeof tmpbuf,
+		s = delimcpy_no_escape(tmpbuf, tmpbuf + sizeof tmpbuf,
 			     s, strend, path_sep, &i);
 		s++;
 		if (i >= (I32)sizeof tmpbuf   /* too long -- assume the worst */
author	Father Chrysostomos <sprout@cpan.org>	2016-09-03 13:30:22 -0700
committer	Father Chrysostomos <sprout@cpan.org>	2016-09-03 18:51:41 -0700
commit	ba0a4150f6f1604df236035adf6df18bd43de88e (patch)
tree	04c01c3acb428079b256a36f99efb832403e68d7 /mg.c
parent	fac2c98c83b1d3b5039146aa7b14e3ed41f65cc4 (diff)
download	perl-ba0a4150f6f1604df236035adf6df18bd43de88e.tar.gz