diff options
Diffstat (limited to 'taint.c')
| -rw-r--r-- | taint.c | 25 |
1 files changed, 22 insertions, 3 deletions
@@ -39,9 +39,9 @@ taint_env() char** e; static char* misc_env[] = { "IFS", /* most shells' inter-field separators */ - "ENV", /* ksh dain bramage #1 */ - "CDPATH", /* ksh dain bramage #2 */ - "TERM", /* some termcap libraries' dain bramage */ + "CDPATH", /* ksh dain bramage #1 */ + "ENV", /* ksh dain bramage #2 */ + "BASH_ENV", /* bash dain bramage -- I guess it's contagious */ NULL }; @@ -79,6 +79,25 @@ taint_env() } } +#ifndef VMS + /* tainted $TERM is okay if it contains no metachars */ + svp = hv_fetch(GvHVn(envgv),"TERM",4,FALSE); + if (svp && *svp && SvTAINTED(*svp)) { + bool was_tainted = tainted; + char *t = SvPV(*svp, na); + char *e = t + na; + tainted = was_tainted; + if (t < e && isALNUM(*t)) + t++; + while (t < e && (isALNUM(*t) || *t == '-' || *t == ':')) + t++; + if (t < e) { + TAINT; + taint_proper("Insecure $ENV{%s}%s", "TERM"); + } + } +#endif /* !VMS */ + for (e = misc_env; *e; e++) { svp = hv_fetch(GvHVn(envgv), *e, strlen(*e), FALSE); if (svp && *svp != &sv_undef && SvTAINTED(*svp)) { |