don't taint $$ determined by getpid()

Reading $$ in a tainted expression was tainting the internal sv_setiv() on $$. Since the value being set came directly from getpid(), it's always safe, so override the tainting there. Fixes [perl #109688].
author: Zefram <zefram@fysh.org> 2012-02-25 20:32:09 +0000
committer: Zefram <zefram@fysh.org> 2012-02-25 20:38:12 +0000
commit: 19db9fb7213e8d346c88f2b573e378f35d81ffcf (patch)
tree: 60e83adf4deb9104d21bb3c3ec71b04b9fc65c8e /mg.c
parent: e0f138939ac28fffc7b06bea23950f5dd6a72f37 (diff)
download: perl-19db9fb7213e8d346c88f2b573e378f35d81ffcf.tar.gz
1 files changed, 4 insertions, 1 deletions
diff --git a/mg.c b/mg.c
index f450d17000..8b30f93497 100644
--- a/mg.c
+++ b/mg.c
@@ -1079,9 +1079,12 @@ Perl_magic_get(pTHX_ SV *sv, MAGIC *mg)
     case '$': /* $$ */
 	{
 	    IV const pid = (IV)PerlProc_getpid();
-	    if (isGV(mg->mg_obj) || SvIV(mg->mg_obj) != pid)
+	    if (isGV(mg->mg_obj) || SvIV(mg->mg_obj) != pid) {
 		/* never set manually, or at least not since last fork */
 		sv_setiv(sv, pid);
+		/* never unsafe, even if reading in a tainted expression */
+		SvTAINTED_off(sv);
+	    }
 	    /* else a value has been assigned manually, so do nothing */
 	}
 	break;
author	Zefram <zefram@fysh.org>	2012-02-25 20:32:09 +0000
committer	Zefram <zefram@fysh.org>	2012-02-25 20:38:12 +0000
commit	19db9fb7213e8d346c88f2b573e378f35d81ffcf (patch)
tree	60e83adf4deb9104d21bb3c3ec71b04b9fc65c8e /mg.c
parent	e0f138939ac28fffc7b06bea23950f5dd6a72f37 (diff)
download	perl-19db9fb7213e8d346c88f2b573e378f35d81ffcf.tar.gz