Forbid using tainted formats in printf and sprintf

p4raw-id: //depot/perl@29225
author: Rafael Garcia-Suarez <rgarciasuarez@gmail.com> 2006-11-07 14:23:08 +0000
committer: Rafael Garcia-Suarez <rgarciasuarez@gmail.com> 2006-11-07 14:23:08 +0000
commit: 20ee07fbbcfa6be9f90bb8e5474a4d69d7396617 (patch)
tree: 87e5cf2fe703defa8b16f8bfff236db0bdad5d2d /pp_sys.c
parent: d6686524f4a322ce27e0eebf255af3fb3431796c (diff)
download: perl-20ee07fbbcfa6be9f90bb8e5474a4d69d7396617.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/pp_sys.c b/pp_sys.c
index e71eecd208..1d0b552661 100644
--- a/pp_sys.c
+++ b/pp_sys.c
@@ -1485,6 +1485,8 @@ PP(pp_prtf)
 	goto just_say_no;
     }
     else {
+	if (SvTAINTED(MARK[1]))
+	    TAINT_PROPER("printf");
 	do_sprintf(sv, SP - MARK, MARK + 1);
 	if (!do_print(sv, fp))
 	    goto just_say_no;
author	Rafael Garcia-Suarez <rgarciasuarez@gmail.com>	2006-11-07 14:23:08 +0000
committer	Rafael Garcia-Suarez <rgarciasuarez@gmail.com>	2006-11-07 14:23:08 +0000
commit	20ee07fbbcfa6be9f90bb8e5474a4d69d7396617 (patch)
tree	87e5cf2fe703defa8b16f8bfff236db0bdad5d2d /pp_sys.c
parent	d6686524f4a322ce27e0eebf255af3fb3431796c (diff)
download	perl-20ee07fbbcfa6be9f90bb8e5474a4d69d7396617.tar.gz