| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If we see duplicate environment variables while iterating over
environ[]:
a) make sure we use the same value in %ENV that getenv() returns.
Previously on a duplicate, %ENV would have the last entry for the name
from environ[], but a typical getenv() would return the first entry.
Rather than assuming all getenv() implementations return the first entry
explicitly call getenv() to ensure they agree.
b) remove duplicate entries from environ
Previously if there was a duplicate definition for a name in environ[]
setting that name in %ENV could result in an unsafe value being passed
to a child process, so ensure environ[] has no duplicates.
|
| | |
|
| |
|
|
| |
This issue was assigned CVE-2015-8608. [perl #126755]
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
Previously the unix specific XS implementation of canonpath() would
return an untainted path when supplied a tainted path.
For the empty string case, newSVpvs() already sets taint as needed on
its result.
This issue was assigned CVE-2015-8607. [perl #126862]
|
| | |
|
| | |
|
| |
|
|
| |
(cherry picked from commit 6c1eaae88de7275e370af4f093763986e62b2852)
|
| |
|
|
| |
(cherry picked from commit b55fc902c338825fa489f34f9fb89dfd8a0b98a0)
|
| |
|
|
|
|
|
| |
The change in question (0b45ede/71622e4) is in 5.20.3, but its effect is
less significant here than in 5.21 and isn't worth mentioning.
Thanks to SHIRAKATA Kentaro for the spot.
|
| |
|
|
| |
(cherry picked from commit 9d05662d9cd5722c93b2da7de7a50cccf9a6b9f2)
|
| | |
|
| | |
|
| |
|
|
| |
(cherry picked from commit 9a72b8586bb4d76b58fac6715258e2b0b19eb2b9)
|
| | |
|
| | |
|
| |
|
|
| |
(cherry picked from commit 041a5927b12568eeb11917de097ce01c15eeb9e0)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Commit v5.21.8-320-ge47d32d stopped code interpolated into quote-like
operators from reading more lines of input, by making lex_next_chunk
ignore the open filehandle and return false. That causes this block
under case 0 in yylex to loop:
if (!lex_next_chunk(fake_eof)) {
CopLINE_dec(PL_curcop);
s = PL_bufptr;
TOKEN(';'); /* not infinite loop because rsfp is NULL now */
}
(rsfp is not null there.) This commit makes it check for quote-like
operators above, in the same place where it checks whether the file is
open, to avoid falling through to this code that can loop.
This changes the syntax errors for a couple of cases recently added
to t/op/lex.t, though I think the error output is now more consis-
tent overall.
(cherry picked from commit 0f9d53bbcafba2b30e50a1ad22c7759be170e14a)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
PL_sublex_info.sub_inwhat (in the parser struct) is a temporary spot
to store the value of PL_lex_inwhat (also in the parser struct)
when a sub-lexing scope (for a quote-like operator) is entered.
PL_lex_inwhat is localised, and the value is copied from its temporary
spot (sub_inwhat) into PL_lex_inwhat.
The PL_sublex_info.sub_inwhat was not localised, but instead the value
was set to 0 when a sub-lexing scope was exited. This value was being
used, in a couple of places, to determine whether we were inside a
quote-like operator. But because the value is not localised, it can
be wrong when it is set to 0, if we have nested lexing scopes.
So this ends up crashing for the same reason described in e47d32dcd5:
echo -n '/$a[m||/<<a' | ./miniperl
perl-5.005_02-1816-g09bef84 added the first use of
PL_sublex_info.sub_inwhat to determine whether we are in a quote-like
operator. (Later it got shifted around.) I copied that in e47d32dcd5
(earlier today), because I assumed the logic was correct. Other parts
of the code use PL_lex_inwhat, which is already localised, as I said,
and does not suffer this problem.
If we do not check PL_sublex_info.sub_inwhat to see if we are in
a quote-like construct, then we don’t need to clear it on lexing
scope exit.
(cherry picked from commit d27f4b916ce5819f564bdd4a135137c457156333)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The parser used to read more lines of input when parsing code interpo-
lated into quote-like operators, under some circumstance. This would
result in code like this working, even though it should be a syn-
tax error:
s||${s/.*/|;
/s}Just another Perl hacker,
print
"${;s/.*/Just an";
other Perl hacker,
/s} die or return;
print
While this was harmless, other cases, like /$a[/<<a with no trailing
newline, would cause unexpected internal state that did not meet the
reasonable assumptions made by S_scan_heredoc, resulting in a crash.
The simplest fix is to modify the function that reads more input,
namely, lex_next_chunk, and prevent it from reading more lines of
input from inside a quote-like operator. (The alternative would be to
modify all the calls to lex_next_chunk, and make them conditional.)
That breaks here-doc parsing for things like s//<<EOF/, but the
LEX_NO_TERM flag to lex_next_chunk is used only by the here-doc
parser, so lex_next_chunk can make an exception if it is set.
(cherry picked from commit e47d32dcd59a578274f445fac79e977d83055c8c)
|
| |
|
|
|
|
| |
Spotted by Lukas Mai
(cherry picked from commit 6a475a49baf3f05fd8608db42c00aabd13729c7b)
|
| |
|
|
|
|
|
| |
I was unaware of this construct when I wrote the commit that broke it,
and there were no tests for it. Now there are.
(cherry picked from commit 9a7bb2f73a8a1b561890191974201d576371e7f9)
|
| |
|
|
|
|
| |
^ caused problems under CMD.EXE; fix suggested by Nicholas Clark
(cherry picked from commit 17714d93ad51f622b105942fa06a7188a2126973)
|
| |
|
|
| |
(cherry picked from commit 4442630f9d575dd61a1ec4fc6b3dccd6756e9697)
|
| |
|
|
| |
(cherry picked from commit 1c94dd5345a075cb2cd6c423fa985d6dd98bf196)
|
| |
|
|
| |
(cherry picked from commit 68ad2faabfe37b655b47957ef53acff6d8bde216)
|
| |
|
|
| |
(cherry picked from commit 6687d2054de4c9c1fcef330f1c8ac1c9e6e9883b)
|
| |
|
|
| |
(cherry picked from commit 904c4cac2b93435ab1ae1b204e376b99fc770895)
|
| |
|
|
| |
(cherry picked from commit 4e3e12f89258dc3beac58ac290b46017f159cc68)
|
| |
|
|
| |
(cherry picked from commit 82b39489084a56af421660103282eb797f22bb00)
|
| |
|
|
| |
(cherry picked from commit 9ba8eca3c1f08bcb6ca61da981378cd9e07a2d16)
|
| |
|
|
| |
(cherry picked from commit c8d2be4def20798522e639f59f5c9ffb5b10a07e)
|
| |
|
|
| |
(manually cherry picked from commit 0516fbdf70f66445a01d3f2b81ab6a88986b084d)
|
| |
|
|
| |
(manually cherry picked from commit 94fa4f561e7b29a261e04e9a7bd57728ce8c37d2)
|
| |
|
|
| |
(cherry picked from commit 61c850155faec0ea90996b28b895db054500d92d)
|
| | |
|
| | |
|
| |
|
|
| |
(cherry picked from commit 5b5ceca34e06fac72032a14aa226ccb3f811d615)
|
| | |
|
| |
|
|
|
| |
As promised in 2b70db9cb1, this removes the stubs for the as-yet unreleased
5.23.3.
|
| |
|
|
| |
(I missed this in 2b70db9cb1.)
|
| |
|
|
| |
(cherry picked from commit c63cfb18199c0f9d7a87bd77521ab087a116d4fe)
|
| |
|
|
| |
(cherry picked from commit c1883b8b014bf0c1dad3d50b6052ef68120c7247)
|
| |
|
|
| |
(cherry picked from commit 69427f15ab5ac28f844341978315de0da82dc75a)
|
| |
|
|
| |
(manually cherry picked from commit 612a06fa463fb0eb4533e07c8f5179ca7d1d26f3)
|
| |
|
|
| |
(cherry picked from commit 8307b1f66420a49e1f6fb4b744626f4a4d87decf)
|
| |
|
|
|
|
| |
Some of this may change, but nothing significantly.
(cherry picked from commit a35a81f56020e8370e9f720efc4b3168b45ea7f5)
|
| |
|
|
| |
(cherry picked from commit 79ce1a76a68648f6b503f9be5f59f10e15c2996d)
|
| |
|
|
| |
(cherry picked from commit 3f093f9714c81e9442d5e04e641cfc9ade1c7a5c)
|
