https://perl5.git.perl.org / perl5.git / blame
| Commit | Line | Data |
|---|---|---|
| a0d0e21e LW |
1 | /* |
| 2 | * "...we will have peace, when you and all your works have perished--and | |
| 3 | * the works of your dark master to whom you would deliver us. You are a | |
| 4 | * liar, Saruman, and a corrupter of men's hearts." --Theoden | |
| 5 | */ | |
| 6 | ||
| 463ee0b2 LW |
7 | #include "EXTERN.h" |
| 8 | #include "perl.h" | |
| 9 | ||
| 10 | void | |
| 79072805 | 11 | taint_proper(f, s) |
| 71be2cbc | 12 | const char *f; |
| 79072805 LW |
13 | char *s; |
| 14 | { | |
| bbce6d69 | 15 | char *ug; |
| 16 | ||
| 17 | if (tainted) { | |
| 18 | DEBUG_u(PerlIO_printf(PerlIO_stderr(), | |
| 19 | "%s %d %d %d\n", s, tainted, uid, euid)); | |
| 20 | if (euid != uid) | |
| 21 | ug = " while running setuid"; | |
| 22 | else if (egid != gid) | |
| 23 | ug = " while running setgid"; | |
| 24 | else | |
| 25 | ug = " while running with -T switch"; | |
| 26 | if (!unsafe) | |
| 27 | croak(f, s, ug); | |
| 28 | else if (dowarn) | |
| 29 | warn(f, s, ug); | |
| 79072805 LW |
30 | } |
| 31 | } | |
| 32 | ||
| 33 | void | |
| 34 | taint_env() | |
| 35 | { | |
| 36 | SV** svp; | |
| bbce6d69 | 37 | MAGIC *mg = 0; |
| 79072805 | 38 | |
| bbce6d69 | 39 | svp = hv_fetch(GvHVn(envgv),"PATH",4,FALSE); |
| 40 | if (!svp || *svp == &sv_undef || | |
| 41 | ((mg = mg_find(*svp, 't')) && mg->mg_len & 1)) | |
| 42 | { | |
| 43 | TAINT; | |
| 44 | if (mg && MgTAINTEDDIR(mg)) | |
| 45 | taint_proper("Insecure directory in %s%s", "$ENV{PATH}"); | |
| 46 | else | |
| 47 | taint_proper("Insecure %s%s", "$ENV{PATH}"); | |
| 79072805 | 48 | } |
| 79072805 | 49 | |
| bbce6d69 | 50 | svp = hv_fetch(GvHVn(envgv),"IFS",3,FALSE); |
| 51 | if (svp && *svp != &sv_undef && | |
| 52 | (mg = mg_find(*svp, 't')) && mg->mg_len & 1) | |
| 53 | { | |
| 54 | TAINT; | |
| 55 | taint_proper("Insecure %s%s", "$ENV{IFS}"); | |
| 56 | } | |
| 57 | } |