This is a live mirror of the Perl 5 development currently hosted at https://github.com/perl/perl5
Fix possible buffer overflow under VMS
[perl5.git] / taint.c
CommitLineData
a0d0e21e
LW
1/*
2 * "...we will have peace, when you and all your works have perished--and
3 * the works of your dark master to whom you would deliver us. You are a
4 * liar, Saruman, and a corrupter of men's hearts." --Theoden
5 */
6
463ee0b2
LW
7#include "EXTERN.h"
8#include "perl.h"
9
10void
79072805 11taint_proper(f, s)
71be2cbc 12const char *f;
79072805
LW
13char *s;
14{
bbce6d69
PP
15 char *ug;
16
1e422769
PP
17 DEBUG_u(PerlIO_printf(PerlIO_stderr(),
18 "%s %d %d %d\n", s, tainted, uid, euid));
19
bbce6d69 20 if (tainted) {
bbce6d69
PP
21 if (euid != uid)
22 ug = " while running setuid";
23 else if (egid != gid)
24 ug = " while running setgid";
25 else
26 ug = " while running with -T switch";
27 if (!unsafe)
28 croak(f, s, ug);
29 else if (dowarn)
30 warn(f, s, ug);
79072805
LW
31 }
32}
33
34void
35taint_env()
36{
37 SV** svp;
1e422769
PP
38 MAGIC *mg;
39
40#ifdef VMS
41 int i = 0;
0dc443ab 42 char name[10 + TYPE_DIGITS(int)] = "DCL$PATH";
1e422769
PP
43
44 while (1) {
45 if (i)
46 (void)sprintf(name,"DCL$PATH;%d", i);
47 svp = hv_fetch(GvHVn(envgv), name, strlen(name), FALSE);
48 if (!svp || *svp == &sv_undef)
49 break;
50 if (SvTAINTED(*svp)) {
51 TAINT;
52 taint_proper("Insecure %s%s", "$ENV{DCL$PATH}");
53 }
54 if ((mg = mg_find(*svp, 'e')) && MgTAINTEDDIR(mg)) {
55 TAINT;
56 taint_proper("Insecure directory in %s%s", "$ENV{DCL$PATH}");
57 }
58 i++;
59 }
60#endif /* VMS */
79072805 61
bbce6d69 62 svp = hv_fetch(GvHVn(envgv),"PATH",4,FALSE);
1e422769
PP
63 if (svp && *svp) {
64 if (SvTAINTED(*svp)) {
65 TAINT;
bbce6d69 66 taint_proper("Insecure %s%s", "$ENV{PATH}");
1e422769
PP
67 }
68 if ((mg = mg_find(*svp, 'e')) && MgTAINTEDDIR(mg)) {
69 TAINT;
70 taint_proper("Insecure directory in %s%s", "$ENV{PATH}");
71 }
79072805 72 }
79072805 73
bbce6d69 74 svp = hv_fetch(GvHVn(envgv),"IFS",3,FALSE);
1e422769 75 if (svp && *svp != &sv_undef && SvTAINTED(*svp)) {
bbce6d69
PP
76 TAINT;
77 taint_proper("Insecure %s%s", "$ENV{IFS}");
78 }
79}