diff options
| author | Perl 5 Porters <perl5-porters@africa.nicoh.com> | 1997-05-08 00:00:00 +1200 |
|---|---|---|
| committer | Chip Salzenberg <chip@atlantic.net> | 1997-05-08 00:00:00 +1200 |
| commit | 7bac28a0157dcaf170649e8928f053f76dda4253 (patch) | |
| tree | 88eadd917e84141a07d7cf3db90686edb67fe5a6 /taint.c | |
| parent | eb447b8692d1c89cd24ab421497dcff667570be4 (diff) | |
| download | perl-7bac28a0157dcaf170649e8928f053f76dda4253.tar.gz | |
[inseparable changes from match from perl-5.003_99 to perl-5.003_99a]
BUILD PROCESS
Subject: AFS patches
From: Chip Salzenberg <chip@perl.com>
Files: Configure installperl
CORE LANGUAGE CHANGES
Subject: SECURITY: Forbid glob() when tainting (-T or setuid)
From: Chip Salzenberg <chip@perl.com>
Files: pod/perlrun.pod pod/perlsec.pod pp_sys.c
Subject: SECURITY: Forbid exec() if $ENV{TERM} or $ENV{ENV} is tainted
From: Chip Salzenberg <chip@perl.com>
Files: pod/perlrun.pod pod/perlsec.pod t/op/taint.t taint.c
CORE PORTABILITY
Subject: (NeXT|Open)Step update
Date: Wed, 7 May 97 17:47:02 -0500
From: Gerd Knops <gerti@BITart.com>
Files: Configure MANIFEST config_h.SH hints/next_3.sh hints/next_4.sh
private-msgid: 9705072247.AA18882@BITart.com
Subject: Win32 update (consolidated patch plus three followups)
From: Gurusamy Sarathy <gsar@engin.umich.edu>
Files: EXTERN.h README.win32 lib/Sys/Hostname.pm pod/perldelta.pod win32/config.H win32/config.w32 win32/config_sh.PL win32/perllib.c win32/win32.c win32/win32.h win32/include/sys/socket.h
DOCUMENTATION
Subject: Updates to perldelta
From: Chip Salzenberg <chip@perl.com>
Files: pod/perldelta.pod
Subject: Document 'Possible attempt to separate words with commas'
Date: 06 May 1997 23:27:55 +0200
From: Gisle Aas <gisle@aas.no>
Files: pod/perlop.pod
Msg-ID: hyb9snvdw.fsf@bergen.sn.no
(applied based on p5p patch as commit 18270fd3b8aafde2f9ea21ea13adde95ef24b149)
Subject: Document that C<m?x?> is just like C<?x?>
From: Chip Salzenberg <chip@perl.com>
Files: pod/perlop.pod
OTHER CORE CHANGES
Subject: Fix for redefined sort subs nastiness
Date: Thu, 08 May 1997 20:04:18 -0400
From: Gurusamy Sarathy <gsar@engin.umich.edu>
Files: op.c pod/perldelta.pod pod/perldiag.pod sv.c t/op/sort.t
Msg-ID: 199705090004.UAA15032@aatma.engin.umich.edu
(applied based on p5p patch as commit e9e069932a0db06904b29e2b09a435afd40ed35c)
Diffstat (limited to 'taint.c')
| -rw-r--r-- | taint.c | 20 |
1 files changed, 15 insertions, 5 deletions
@@ -35,7 +35,15 @@ void taint_env() { SV** svp; - MAGIC *mg; + MAGIC* mg; + char** e; + static char* misc_env[] = { + "IFS", /* most shells' inter-field separators */ + "ENV", /* ksh dain bramage #1 */ + "CDPATH", /* ksh dain bramage #2 */ + "TERM", /* some termcap libraries' dain bramage */ + NULL + }; #ifdef VMS int i = 0; @@ -71,9 +79,11 @@ taint_env() } } - svp = hv_fetch(GvHVn(envgv),"IFS",3,FALSE); - if (svp && *svp != &sv_undef && SvTAINTED(*svp)) { - TAINT; - taint_proper("Insecure %s%s", "$ENV{IFS}"); + for (e = misc_env; *e; e++) { + svp = hv_fetch(GvHVn(envgv), *e, strlen(*e), FALSE); + if (svp && *svp != &sv_undef && SvTAINTED(*svp)) { + TAINT; + taint_proper("Insecure $ENV{%s}%s", *e); + } } } |