This is a live mirror of the Perl 5 development currently hosted at
https://github.com/perl/perl5
https://perl5.git.perl.org
/
perl5.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Configure regen to pick up the new installation directories
[perl5.git]
/
taint.c
diff --git
a/taint.c
b/taint.c
index
af943e0
..
c272066
100644
(file)
--- a/
taint.c
+++ b/
taint.c
@@
-5,35
+5,41
@@
*/
#include "EXTERN.h"
*/
#include "EXTERN.h"
+#define PERL_IN_TAINT_C
#include "perl.h"
void
#include "perl.h"
void
-taint_proper(f, s)
-const char *f;
-char *s;
+Perl_taint_proper(pTHX_ const char *f, char *s)
{
dTHR; /* just for taint */
char *ug;
{
dTHR; /* just for taint */
char *ug;
+#if Uid_t_SIGN == -1
DEBUG_u(PerlIO_printf(Perl_debug_log,
DEBUG_u(PerlIO_printf(Perl_debug_log,
- "%s %d %d %d\n", s, tainted, uid, euid));
+ "%s %d %"IVdf" %"IVdf"\n", s, PL_tainted, (IV)PL_uid, (IV)PL_euid));
+#else
+ DEBUG_u(PerlIO_printf(Perl_debug_log,
+ "%s %d %"UVuf" %"UVuf"\n", s, PL_tainted, (UV)PL_uid, (UV)PL_euid));
+#endif
- if (tainted) {
- if (euid != uid)
+ if (PL_tainted) {
+ if (!f)
+ f = PL_no_security;
+ if (PL_euid != PL_uid)
ug = " while running setuid";
ug = " while running setuid";
- else if (
egid !=
gid)
+ else if (
PL_egid != PL_
gid)
ug = " while running setgid";
else
ug = " while running with -T switch";
ug = " while running setgid";
else
ug = " while running with -T switch";
- if (!unsafe)
-
croak(
f, s, ug);
- else if (
dowarn
)
-
warn(
f, s, ug);
+ if (!
PL_
unsafe)
+
Perl_croak(aTHX_
f, s, ug);
+ else if (
ckWARN(WARN_TAINT)
)
+
Perl_warner(aTHX_ WARN_TAINT,
f, s, ug);
}
}
void
}
}
void
-
taint_env(
)
+
Perl_taint_env(pTHX
)
{
SV** svp;
MAGIC* mg;
{
SV** svp;
MAGIC* mg;
@@
-46,29
+52,36
@@
taint_env()
NULL
};
NULL
};
+ if (!PL_envgv)
+ return;
+
#ifdef VMS
#ifdef VMS
+ {
int i = 0;
char name[10 + TYPE_DIGITS(int)] = "DCL$PATH";
while (1) {
if (i)
(void)sprintf(name,"DCL$PATH;%d", i);
int i = 0;
char name[10 + TYPE_DIGITS(int)] = "DCL$PATH";
while (1) {
if (i)
(void)sprintf(name,"DCL$PATH;%d", i);
- svp = hv_fetch(GvHVn(envgv), name, strlen(name), FALSE);
- if (!svp || *svp == &sv_undef)
+ svp = hv_fetch(GvHVn(
PL_
envgv), name, strlen(name), FALSE);
+ if (!svp || *svp == &
PL_
sv_undef)
break;
if (SvTAINTED(*svp)) {
break;
if (SvTAINTED(*svp)) {
+ dTHR;
TAINT;
taint_proper("Insecure %s%s", "$ENV{DCL$PATH}");
}
if ((mg = mg_find(*svp, 'e')) && MgTAINTEDDIR(mg)) {
TAINT;
taint_proper("Insecure %s%s", "$ENV{DCL$PATH}");
}
if ((mg = mg_find(*svp, 'e')) && MgTAINTEDDIR(mg)) {
+ dTHR;
TAINT;
taint_proper("Insecure directory in %s%s", "$ENV{DCL$PATH}");
}
i++;
}
TAINT;
taint_proper("Insecure directory in %s%s", "$ENV{DCL$PATH}");
}
i++;
}
+ }
#endif /* VMS */
#endif /* VMS */
- svp = hv_fetch(GvHVn(envgv),"PATH",4,FALSE);
+ svp = hv_fetch(GvHVn(
PL_
envgv),"PATH",4,FALSE);
if (svp && *svp) {
if (SvTAINTED(*svp)) {
dTHR;
if (svp && *svp) {
if (SvTAINTED(*svp)) {
dTHR;
@@
-84,13
+97,14
@@
taint_env()
#ifndef VMS
/* tainted $TERM is okay if it contains no metachars */
#ifndef VMS
/* tainted $TERM is okay if it contains no metachars */
- svp = hv_fetch(GvHVn(envgv),"TERM",4,FALSE);
+ svp = hv_fetch(GvHVn(
PL_
envgv),"TERM",4,FALSE);
if (svp && *svp && SvTAINTED(*svp)) {
dTHR; /* just for taint */
if (svp && *svp && SvTAINTED(*svp)) {
dTHR; /* just for taint */
- bool was_tainted = tainted;
- char *t = SvPV(*svp, na);
- char *e = t + na;
- tainted = was_tainted;
+ STRLEN n_a;
+ bool was_tainted = PL_tainted;
+ char *t = SvPV(*svp, n_a);
+ char *e = t + n_a;
+ PL_tainted = was_tainted;
if (t < e && isALNUM(*t))
t++;
while (t < e && (isALNUM(*t) || *t == '-' || *t == ':'))
if (t < e && isALNUM(*t))
t++;
while (t < e && (isALNUM(*t) || *t == '-' || *t == ':'))
@@
-103,8
+117,8
@@
taint_env()
#endif /* !VMS */
for (e = misc_env; *e; e++) {
#endif /* !VMS */
for (e = misc_env; *e; e++) {
- svp = hv_fetch(GvHVn(envgv), *e, strlen(*e), FALSE);
- if (svp && *svp != &sv_undef && SvTAINTED(*svp)) {
+ svp = hv_fetch(GvHVn(
PL_
envgv), *e, strlen(*e), FALSE);
+ if (svp && *svp != &
PL_
sv_undef && SvTAINTED(*svp)) {
dTHR; /* just for taint */
TAINT;
taint_proper("Insecure $ENV{%s}%s", *e);
dTHR; /* just for taint */
TAINT;
taint_proper("Insecure $ENV{%s}%s", *e);