diff options
| author | David Mitchell <davem@iabyn.com> | 2010-08-25 12:15:41 +0100 |
|---|---|---|
| committer | David Mitchell <davem@iabyn.com> | 2010-08-25 12:15:41 +0100 |
| commit | 07004ebbe530fe5ce1c67e63c0b8e1c0aa77b3b9 (patch) | |
| tree | 1edfd5adf69112c113382f0ad93608189dee10d1 /util.c | |
| parent | 3f9bb6b034fc3e91c3576718cf4783d1f5fa55f9 (diff) | |
| download | perl-07004ebbe530fe5ce1c67e63c0b8e1c0aa77b3b9.tar.gz | |
don't taint $DB::sub
[perl #76872] showed a case where code like the following, run under -d,
would cause $DB::sub to get set:
$tainted_expression && func()
The tainted expression sets PL_tainted, so calling func() under -d, which
sets $DB::sub, causes it to get tainted.
Consequently any further sub calls would set PL_tainted while getting the
old value of $DB::sub (and cause the new value to be tainted too), and if
the sub was XS, then its code would be executed with PL_tainted set.
It isn't an issue with perl subs as the first nextstate op resets
PL_tainted.
Diffstat (limited to 'util.c')
| -rw-r--r-- | util.c | 4 |
1 files changed, 4 insertions, 0 deletions
@@ -6489,12 +6489,15 @@ Perl_get_db_sub(pTHX_ SV **svp, CV *cv) { dVAR; SV * const dbsv = GvSVn(PL_DBsub); + const bool save_taint = PL_tainted; + /* We do not care about using sv to call CV; * it's for informational purposes only. */ PERL_ARGS_ASSERT_GET_DB_SUB; + PL_tainted = FALSE; save_item(dbsv); if (!PERLDB_SUB_NN) { GV * const gv = CvGV(cv); @@ -6521,6 +6524,7 @@ Perl_get_db_sub(pTHX_ SV **svp, CV *cv) (void)SvIOK_on(dbsv); SvIV_set(dbsv, PTR2IV(cv)); /* Do it the quickest way */ } + TAINT_IF(save_taint); } int |