summaryrefslogtreecommitdiff
path: root/taint.c
diff options
context:
space:
mode:
authorPerl 5 Porters <perl5-porters@africa.nicoh.com>1997-05-16 10:15:00 +1200
committerChip Salzenberg <chip@atlantic.net>1997-05-16 10:15:00 +1200
commitc90c0ff485be15aaf3ee20121299cb014ee6b1ff (patch)
tree2c69d15977fd7b00642d5daa2115ae1fa27e75f7 /taint.c
parent7b05b7e32c22894360c5332cd30232bdea49f5a8 (diff)
downloadperl-c90c0ff485be15aaf3ee20121299cb014ee6b1ff.tar.gz
[inseparable changes from match from perl-5.003_99a to perl5.004]
BUILD PROCESS Subject: Don't use 'unset' in Configure From: Chip Salzenberg <chip@perl.com> Files: Configure Subject: Protect against having no such command as 'cc' Date: Mon, 12 May 1997 16:35:34 -0400 (EDT) From: Hans Mulder <hansm@icgned.nl> Files: Configure Msg-ID: 1997May12.163534.2006434@hmivax.humgen.upenn.edu (applied based on p5p patch as commit 3bf198a5e20d135d4136d3233d58cf49a70772d9) Subject: minor wording enhancement for Configure Date: Sat, 10 May 1997 13:38:31 +0300 (EET DST) From: Jarkko Hietaniemi <Jarkko.Hietaniemi@cc.hut.fi> Files: Configure private-msgid: 199705101038.NAA00471@alpha.hut.fi CORE LANGUAGE CHANGES Subject: Make C<m//g> reset pos on failure; make C<m//gc> not reset From: Chip Salzenberg <chip@perl.com> Files: dump.c op.c op.h pod/perldelta.pod pod/perlfaq6.pod pod/perlop.pod pod/perlre.pod pp_ctl.c pp_hot.c regcomp.c t/op/pat.t toke.c Subject: SECURITY: Forbid exec() if $ENV{BASH_ENV} is tainted From: Chip Salzenberg <chip@perl.com> Files: pod/perldelta.pod pod/perlrun.pod pod/perlsec.pod t/op/taint.t taint.c Subject: Allow exec() if $ENV{TERM} is tainted but innocuous From: Chip Salzenberg <chip@perl.com> Files: pod/perldelta.pod pod/perlrun.pod pod/perlsec.pod t/op/taint.t taint.c Subject: Allow globbing when tainted under VMS (no external program) From: Chip Salzenberg <chip@perl.com> Files: pp_sys.c t/op/taint.t CORE PORTABILITY Subject: Win32 update (three patches) From: Gurusamy Sarathy <gsar@engin.umich.edu> Files: README.win32 perl.c win32/Makefile win32/config.H win32/config_h.PL win32/config_sh.PL win32/makedef.pl win32/win32.c win32/win32.h win32/win32io.c win32/win32io.h win32/win32iop.h Subject: Don't require executable bit on perl -S if DOSISH Date: Fri, 09 May 1997 12:33:18 -0400 From: Danny Sadinoff <sadinoff@olf.com> Files: perl.c Msg-ID: 337351CE.79B28DE3@olf.com (applied based on p5p patch as commit 7596f71a28f72f9e3abd6d3962d29a7752cd9303) DOCUMENTATION Subject: Tweaks for perldelta Date: Sun, 11 May 97 01:46:00 +0200 From: Unknown Contributor <hansm@euronet.nl> Files: pod/perldelta.pod Msg-ID: 199705102346.BAA17300@mail.euronet.nl (applied based on p5p patch as commit 3e10809228cc961223b894e1639b44f8e2b64de0) Subject: Mention perlfaq.pod and perlmodlib.pod in perldelta.pod From: Chip Salzenberg <chip@perl.com> Files: pod/perldelta.pod Subject: Fix example of use of lexicals with formats From: Chip Salzenberg <chip@perl.com> Files: pod/perldelta.pod OTHER CORE CHANGES Subject: In C<eval &func>, always call &func in scalar context From: Chip Salzenberg <chip@perl.com> Files: op.c Subject: Fix recursive substitution From: Chip Salzenberg <chip@perl.com> Files: cop.h global.sym pp_ctl.c proto.h scope.c Subject: Fix core dump from get*() functions returning no alias array From: Chip Salzenberg <chip@perl.com> Files: pp_sys.c Subject: Fix typo Date: Sat, 10 May 1997 17:28:35 -0500 From: Mark K Trettin <mkt@lucent.com> Files: pp_sys.c private-msgid: 199705102228.RAA11163@gv18c.ih.lucent.com
Diffstat (limited to 'taint.c')
-rw-r--r--taint.c25
1 files changed, 22 insertions, 3 deletions
diff --git a/taint.c b/taint.c
index eda48d41e4..cd9e4ec5ca 100644
--- a/taint.c
+++ b/taint.c
@@ -39,9 +39,9 @@ taint_env()
char** e;
static char* misc_env[] = {
"IFS", /* most shells' inter-field separators */
- "ENV", /* ksh dain bramage #1 */
- "CDPATH", /* ksh dain bramage #2 */
- "TERM", /* some termcap libraries' dain bramage */
+ "CDPATH", /* ksh dain bramage #1 */
+ "ENV", /* ksh dain bramage #2 */
+ "BASH_ENV", /* bash dain bramage -- I guess it's contagious */
NULL
};
@@ -79,6 +79,25 @@ taint_env()
}
}
+#ifndef VMS
+ /* tainted $TERM is okay if it contains no metachars */
+ svp = hv_fetch(GvHVn(envgv),"TERM",4,FALSE);
+ if (svp && *svp && SvTAINTED(*svp)) {
+ bool was_tainted = tainted;
+ char *t = SvPV(*svp, na);
+ char *e = t + na;
+ tainted = was_tainted;
+ if (t < e && isALNUM(*t))
+ t++;
+ while (t < e && (isALNUM(*t) || *t == '-' || *t == ':'))
+ t++;
+ if (t < e) {
+ TAINT;
+ taint_proper("Insecure $ENV{%s}%s", "TERM");
+ }
+ }
+#endif /* !VMS */
+
for (e = misc_env; *e; e++) {
svp = hv_fetch(GvHVn(envgv), *e, strlen(*e), FALSE);
if (svp && *svp != &sv_undef && SvTAINTED(*svp)) {