Forbid using tainted formats in printf and sprintf

p4raw-id: //depot/perl@29225
author: Rafael Garcia-Suarez <rgarciasuarez@gmail.com> 2006-11-07 14:23:08 +0000
committer: Rafael Garcia-Suarez <rgarciasuarez@gmail.com> 2006-11-07 14:23:08 +0000
commit: 20ee07fbbcfa6be9f90bb8e5474a4d69d7396617 (patch)
tree: 87e5cf2fe703defa8b16f8bfff236db0bdad5d2d /pp.c
parent: d6686524f4a322ce27e0eebf255af3fb3431796c (diff)
download: perl-20ee07fbbcfa6be9f90bb8e5474a4d69d7396617.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/pp.c b/pp.c
index 43e400bb6e..a9ca2366a6 100644
--- a/pp.c
+++ b/pp.c
@@ -3310,6 +3310,8 @@ PP(pp_index)
 PP(pp_sprintf)
 {
     dVAR; dSP; dMARK; dORIGMARK; dTARGET;
+    if (SvTAINTED(MARK[1]))
+	TAINT_PROPER("sprintf");
     do_sprintf(TARG, SP-MARK, MARK+1);
     TAINT_IF(SvTAINTED(TARG));
     SP = ORIGMARK;
author	Rafael Garcia-Suarez <rgarciasuarez@gmail.com>	2006-11-07 14:23:08 +0000
committer	Rafael Garcia-Suarez <rgarciasuarez@gmail.com>	2006-11-07 14:23:08 +0000
commit	20ee07fbbcfa6be9f90bb8e5474a4d69d7396617 (patch)
tree	87e5cf2fe703defa8b16f8bfff236db0bdad5d2d /pp.c
parent	d6686524f4a322ce27e0eebf255af3fb3431796c (diff)
download	perl-20ee07fbbcfa6be9f90bb8e5474a4d69d7396617.tar.gz