#include "perl.h"
void
-taint_proper(f, s)
-const char *f;
-char *s;
+taint_proper(const char *f, char *s)
{
+ dTHR; /* just for taint */
char *ug;
- DEBUG_u(PerlIO_printf(PerlIO_stderr(),
+ DEBUG_u(PerlIO_printf(Perl_debug_log,
"%s %d %d %d\n", s, tainted, uid, euid));
if (tainted) {
}
void
-taint_env()
+taint_env(void)
{
SV** svp;
- MAGIC *mg;
+ MAGIC* mg;
+ char** e;
+ static char* misc_env[] = {
+ "IFS", /* most shells' inter-field separators */
+ "CDPATH", /* ksh dain bramage #1 */
+ "ENV", /* ksh dain bramage #2 */
+ "BASH_ENV", /* bash dain bramage -- I guess it's contagious */
+ NULL
+ };
#ifdef VMS
int i = 0;
- char name[14] = "DCL$PATH";
+ char name[10 + TYPE_DIGITS(int)] = "DCL$PATH";
while (1) {
if (i)
if (!svp || *svp == &sv_undef)
break;
if (SvTAINTED(*svp)) {
+ dTHR;
TAINT;
taint_proper("Insecure %s%s", "$ENV{DCL$PATH}");
}
if ((mg = mg_find(*svp, 'e')) && MgTAINTEDDIR(mg)) {
+ dTHR;
TAINT;
taint_proper("Insecure directory in %s%s", "$ENV{DCL$PATH}");
}
svp = hv_fetch(GvHVn(envgv),"PATH",4,FALSE);
if (svp && *svp) {
if (SvTAINTED(*svp)) {
+ dTHR;
TAINT;
taint_proper("Insecure %s%s", "$ENV{PATH}");
}
if ((mg = mg_find(*svp, 'e')) && MgTAINTEDDIR(mg)) {
+ dTHR;
TAINT;
taint_proper("Insecure directory in %s%s", "$ENV{PATH}");
}
}
- svp = hv_fetch(GvHVn(envgv),"IFS",3,FALSE);
- if (svp && *svp != &sv_undef && SvTAINTED(*svp)) {
- TAINT;
- taint_proper("Insecure %s%s", "$ENV{IFS}");
+#ifndef VMS
+ /* tainted $TERM is okay if it contains no metachars */
+ svp = hv_fetch(GvHVn(envgv),"TERM",4,FALSE);
+ if (svp && *svp && SvTAINTED(*svp)) {
+ dTHR; /* just for taint */
+ bool was_tainted = tainted;
+ char *t = SvPV(*svp, na);
+ char *e = t + na;
+ tainted = was_tainted;
+ if (t < e && isALNUM(*t))
+ t++;
+ while (t < e && (isALNUM(*t) || *t == '-' || *t == ':'))
+ t++;
+ if (t < e) {
+ TAINT;
+ taint_proper("Insecure $ENV{%s}%s", "TERM");
+ }
+ }
+#endif /* !VMS */
+
+ for (e = misc_env; *e; e++) {
+ svp = hv_fetch(GvHVn(envgv), *e, strlen(*e), FALSE);
+ if (svp && *svp != &sv_undef && SvTAINTED(*svp)) {
+ dTHR; /* just for taint */
+ TAINT;
+ taint_proper("Insecure $ENV{%s}%s", *e);
+ }
}
}