X-Git-Url: https://perl5.git.perl.org/perl5.git/blobdiff_plain/abec5bedacd77b2152e61ec3216ab47bd7272fc9..831124b556f4486f9582458f096ede67617cdc42:/taint.c

diff --git a/taint.c b/taint.c
index b357628..5834548 100644
--- a/taint.c
+++ b/taint.c
@@ -26,6 +26,9 @@
 void
 Perl_taint_proper(pTHX_ const char *f, const char *const s)
 {
+    /* Output a tainting violation, croaking unless we're just to warn.
+     * '_proper' is just to throw you off the scent */
+
 #if defined(HAS_SETEUID) && defined(DEBUGGING)
     PERL_ARGS_ASSERT_TAINT_PROPER;
 
@@ -35,11 +38,11 @@ Perl_taint_proper(pTHX_ const char *f, const char *const s)
 
 #if Uid_t_sign == 1 /* uid_t is unsigned. */
 	DEBUG_u(PerlIO_printf(Perl_debug_log,
-                              "%s %d %"UVuf" %"UVuf"\n",
+                              "%s %d %" UVuf " %" UVuf "\n",
                               s, TAINT_get, (UV)uid, (UV)euid));
 #else /* uid_t is signed (Uid_t_sign == -1), or don't know. */
 	DEBUG_u(PerlIO_printf(Perl_debug_log,
-                              "%s %d %"IVdf" %"IVdf"\n",
+                              "%s %d %" IVdf " %" IVdf "\n",
                               s, TAINT_get, (IV)uid, (IV)euid));
 #endif
     }
@@ -60,16 +63,16 @@ Perl_taint_proper(pTHX_ const char *f, const char *const s)
 	    ug = " while running with -T switch";
 
         /* XXX because taint_proper adds extra format args, we can't
-         * get the caller to check properly; o we just silence the warning
+         * get the caller to check properly; so we just silence the warning
          * and hope the callers aren't naughty */
-        GCC_DIAG_IGNORE(-Wformat-nonliteral);
+        GCC_DIAG_IGNORE_STMT(-Wformat-nonliteral);
 	if (PL_unsafe || TAINT_WARN_get) {
 	    Perl_ck_warner_d(aTHX_ packWARN(WARN_TAINT), f, s, ug);
         }
         else {
             Perl_croak(aTHX_ f, s, ug);
         }
-        GCC_DIAG_RESTORE;
+        GCC_DIAG_RESTORE_STMT;
 
     }
 }
@@ -78,7 +81,6 @@ void
 Perl_taint_env(pTHX)
 {
     SV** svp;
-    MAGIC* mg;
     const char* const *e;
     static const char* const misc_env[] = {
 	"IFS",		/* most shells' inter-field separators */
@@ -121,8 +123,9 @@ Perl_taint_env(pTHX)
     STRLEN len = 8; /* strlen(name)  */
 
     while (1) {
+        MAGIC* mg;
 	if (i)
-	    len = my_sprintf(name,"DCL$PATH;%d", i);
+	    len = my_snprintf(name, sizeof name, "DCL$PATH;%d", i);
 	svp = hv_fetch(GvHVn(PL_envgv), name, len, FALSE);
 	if (!svp || *svp == &PL_sv_undef)
 	    break;
@@ -141,6 +144,7 @@ Perl_taint_env(pTHX)
 
     svp = hv_fetchs(GvHVn(PL_envgv),"PATH",FALSE);
     if (svp && *svp) {
+        MAGIC* mg;
 	if (SvTAINTED(*svp)) {
 	    TAINT;
 	    taint_proper("Insecure %s%s", "$ENV{PATH}");
@@ -166,7 +170,7 @@ Perl_taint_env(pTHX)
 #endif
 	if (t < e && isWORDCHAR(*t))
 	    t++;
-	while (t < e && (isWORDCHAR(*t) || strchr("-_.+", *t)))
+	while (t < e && (isWORDCHAR(*t) || memCHRs("-_.+", *t)))
 	    t++;
 	if (t < e) {
 	    TAINT;