[inseparable changes from match from perl-5.003_99a to perl5.004]

BUILD PROCESS Subject: Don't use 'unset' in Configure From: Chip Salzenberg <chip@perl.com> Files: Configure Subject: Protect against having no such command as 'cc' Date: Mon, 12 May 1997 16:35:34 -0400 (EDT) From: Hans Mulder <hansm@icgned.nl> Files: Configure Msg-ID: 1997May12.163534.2006434@hmivax.humgen.upenn.edu (applied based on p5p patch as commit 3bf198a5e20d135d4136d3233d58cf49a70772d9) Subject: minor wording enhancement for Configure Date: Sat, 10 May 1997 13:38:31 +0300 (EET DST) From: Jarkko Hietaniemi <Jarkko.Hietaniemi@cc.hut.fi> Files: Configure private-msgid: 199705101038.NAA00471@alpha.hut.fi CORE LANGUAGE CHANGES Subject: Make C<m//g> reset pos on failure; make C<m//gc> not reset From: Chip Salzenberg <chip@perl.com> Files: dump.c op.c op.h pod/perldelta.pod pod/perlfaq6.pod pod/perlop.pod pod/perlre.pod pp_ctl.c pp_hot.c regcomp.c t/op/pat.t toke.c Subject: SECURITY: Forbid exec() if $ENV{BASH_ENV} is tainted From: Chip Salzenberg <chip@perl.com> Files: pod/perldelta.pod pod/perlrun.pod pod/perlsec.pod t/op/taint.t taint.c Subject: Allow exec() if $ENV{TERM} is tainted but innocuous From: Chip Salzenberg <chip@perl.com> Files: pod/perldelta.pod pod/perlrun.pod pod/perlsec.pod t/op/taint.t taint.c Subject: Allow globbing when tainted under VMS (no external program) From: Chip Salzenberg <chip@perl.com> Files: pp_sys.c t/op/taint.t CORE PORTABILITY Subject: Win32 update (three patches) From: Gurusamy Sarathy <gsar@engin.umich.edu> Files: README.win32 perl.c win32/Makefile win32/config.H win32/config_h.PL win32/config_sh.PL win32/makedef.pl win32/win32.c win32/win32.h win32/win32io.c win32/win32io.h win32/win32iop.h Subject: Don't require executable bit on perl -S if DOSISH Date: Fri, 09 May 1997 12:33:18 -0400 From: Danny Sadinoff <sadinoff@olf.com> Files: perl.c Msg-ID: 337351CE.79B28DE3@olf.com (applied based on p5p patch as commit 7596f71a28f72f9e3abd6d3962d29a7752cd9303) DOCUMENTATION Subject: Tweaks for perldelta Date: Sun, 11 May 97 01:46:00 +0200 From: Unknown Contributor <hansm@euronet.nl> Files: pod/perldelta.pod Msg-ID: 199705102346.BAA17300@mail.euronet.nl (applied based on p5p patch as commit 3e10809228cc961223b894e1639b44f8e2b64de0) Subject: Mention perlfaq.pod and perlmodlib.pod in perldelta.pod From: Chip Salzenberg <chip@perl.com> Files: pod/perldelta.pod Subject: Fix example of use of lexicals with formats From: Chip Salzenberg <chip@perl.com> Files: pod/perldelta.pod OTHER CORE CHANGES Subject: In C<eval &func>, always call &func in scalar context From: Chip Salzenberg <chip@perl.com> Files: op.c Subject: Fix recursive substitution From: Chip Salzenberg <chip@perl.com> Files: cop.h global.sym pp_ctl.c proto.h scope.c Subject: Fix core dump from get*() functions returning no alias array From: Chip Salzenberg <chip@perl.com> Files: pp_sys.c Subject: Fix typo Date: Sat, 10 May 1997 17:28:35 -0500 From: Mark K Trettin <mkt@lucent.com> Files: pp_sys.c private-msgid: 199705102228.RAA11163@gv18c.ih.lucent.com
author: Perl 5 Porters <perl5-porters@africa.nicoh.com> 1997-05-16 10:15:00 +1200
committer: Chip Salzenberg <chip@atlantic.net> 1997-05-16 10:15:00 +1200
commit: c90c0ff485be15aaf3ee20121299cb014ee6b1ff (patch)
tree: 2c69d15977fd7b00642d5daa2115ae1fa27e75f7 /taint.c
parent: 7b05b7e32c22894360c5332cd30232bdea49f5a8 (diff)
download: perl-c90c0ff485be15aaf3ee20121299cb014ee6b1ff.tar.gz
1 files changed, 22 insertions, 3 deletions
diff --git a/taint.c b/taint.c
index eda48d41e4..cd9e4ec5ca 100644
--- a/taint.c
+++ b/taint.c
@@ -39,9 +39,9 @@ taint_env()
     char** e;
     static char* misc_env[] = {
 	"IFS",		/* most shells' inter-field separators */
-	"ENV",		/* ksh dain bramage #1 */
-	"CDPATH",	/* ksh dain bramage #2 */
-	"TERM",		/* some termcap libraries' dain bramage */
+	"CDPATH",	/* ksh dain bramage #1 */
+	"ENV",		/* ksh dain bramage #2 */
+	"BASH_ENV",	/* bash dain bramage -- I guess it's contagious */
 	NULL
     };
 
@@ -79,6 +79,25 @@ taint_env()
 	}
     }
 
+#ifndef VMS
+    /* tainted $TERM is okay if it contains no metachars */
+    svp = hv_fetch(GvHVn(envgv),"TERM",4,FALSE);
+    if (svp && *svp && SvTAINTED(*svp)) {
+	bool was_tainted = tainted;
+	char *t = SvPV(*svp, na);
+	char *e = t + na;
+	tainted = was_tainted;
+	if (t < e && isALNUM(*t))
+	    t++;
+	while (t < e && (isALNUM(*t) || *t == '-' || *t == ':'))
+	    t++;
+	if (t < e) {
+	    TAINT;
+	    taint_proper("Insecure $ENV{%s}%s", "TERM");
+	}
+    }
+#endif /* !VMS */
+
     for (e = misc_env; *e; e++) {
 	svp = hv_fetch(GvHVn(envgv), *e, strlen(*e), FALSE);
 	if (svp && *svp != &sv_undef && SvTAINTED(*svp)) {
author	Perl 5 Porters <perl5-porters@africa.nicoh.com>	1997-05-16 10:15:00 +1200
committer	Chip Salzenberg <chip@atlantic.net>	1997-05-16 10:15:00 +1200
commit	c90c0ff485be15aaf3ee20121299cb014ee6b1ff (patch)
tree	2c69d15977fd7b00642d5daa2115ae1fa27e75f7 /taint.c
parent	7b05b7e32c22894360c5332cd30232bdea49f5a8 (diff)
download	perl-c90c0ff485be15aaf3ee20121299cb014ee6b1ff.tar.gz