diff options
| author | Nicholas Clark <nick@ccl4.org> | 2011-11-24 18:11:32 +0100 |
|---|---|---|
| committer | Nicholas Clark <nick@ccl4.org> | 2011-12-03 13:34:21 +0100 |
| commit | fc81b7184d0fd04bc43121a2a4a96d7863dfc569 (patch) | |
| tree | 8ccc5929502152ffb4092be4ffabf04d44c5ed19 /perl.c | |
| parent | c29067d7797853039f1acba2cddf71786ecd4b16 (diff) | |
| download | perl-fc81b7184d0fd04bc43121a2a4a96d7863dfc569.tar.gz | |
Avoid attacks on sitecustomize by using NUL delimiters to wrap filenames.
Previously the generated code used regular '' strings, which meant that a
crafted pathname containing ' characters could be used to inject code.
Until the previous commit, this was only a problem if building in or
Configuring to install to such a directory. Which, hopefully, would be
"obviously wrong" to anyone capable of building Perl from source.
However, fixing the bug that prevented sitecustomize being subject to
relocatable include now means that for a relocatable pearl, an end-user
controlled path can now reach the sitecusomize code.
Diffstat (limited to 'perl.c')
| -rw-r--r-- | perl.c | 12 |
1 files changed, 9 insertions, 3 deletions
@@ -2023,7 +2023,9 @@ S_parse_body(pTHX_ char **env, XSINIT_t xsinit) #if defined(USE_SITECUSTOMIZE) if (!minus_f) { /* The games with local $! are to avoid setting errno if there is no - sitecustomize script. */ + sitecustomize script. "q%c...%c", 0, ..., 0 becomes "q\0...\0", + ie a q() operator with a NUL byte as a the delimiter. This avoids + problems with pathnames containing (say) ' */ # ifdef PERL_IS_MINIPERL AV *const inc = GvAV(PL_incgv); SV **const inc0 = inc ? av_fetch(inc, 0, FALSE) : NULL; @@ -2031,7 +2033,9 @@ S_parse_body(pTHX_ char **env, XSINIT_t xsinit) if (inc0) { (void)Perl_av_create_and_unshift_one(aTHX_ &PL_preambleav, Perl_newSVpvf(aTHX_ - "BEGIN { do {local $!; -f '%"SVf"/buildcustomize.pl'} && do '%"SVf"/buildcustomize.pl' }", *inc0, *inc0)); + "BEGIN { do {local $!; -f q%c%"SVf"/buildcustomize.pl%c} && do q%c%"SVf"/buildcustomize.pl%c }", + 0, *inc0, 0, + 0, *inc0, 0)); } # else /* SITELIB_EXP is a function call on Win32. */ @@ -2042,7 +2046,9 @@ S_parse_body(pTHX_ char **env, XSINIT_t xsinit) const char *const sitelib = SvPVX(sitelib_sv); (void)Perl_av_create_and_unshift_one(aTHX_ &PL_preambleav, Perl_newSVpvf(aTHX_ - "BEGIN { do {local $!; -f '%s/sitecustomize.pl'} && do '%s/sitecustomize.pl' }", sitelib, sitelib)); + "BEGIN { do {local $!; -f q%c%s/sitecustomize.pl%c} && do q%c%s/sitecustomize.pl%c }", + 0, sitelib, 0, + 0, sitelib, 0)); assert (SvREFCNT(sitelib_sv) == 1); SvREFCNT_dec(sitelib_sv); # endif |