X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?a=blobdiff_plain;f=pp_sys.c;h=03a10fea732f30baaecd93ea16a07940e1a578c2;hb=84c476bd7dc489e0b953be0e097d1a3adfd610d4;hp=a03d9a48903ae855c39c1050a1d41575b2aeb8d8;hpb=324aa91a3e6fd44523a86df7c5575563c5adf45c;p=p5sagit%2Fp5-mst-13.2.git diff --git a/pp_sys.c b/pp_sys.c index a03d9a4..03a10fe 100644 --- a/pp_sys.c +++ b/pp_sys.c @@ -224,6 +224,17 @@ PP(pp_glob) OP *result; ENTER; +#ifndef VMS + if (tainting) { + /* + * The external globbing program may use things we can't control, + * so for security reasons we must assume the worst. + */ + TAINT; + taint_proper(no_security, "glob"); + } +#endif /* !VMS */ + SAVESPTR(last_in_gv); /* We don't want this to be permanent. */ last_in_gv = (GV*)*stack_sp--; @@ -1195,7 +1206,7 @@ PP(pp_sysread) MAGIC *mg; gv = (GV*)*++MARK; - if (op->op_type == OP_READ && + if ((op->op_type == OP_READ || op->op_type == OP_SYSREAD) && SvMAGICAL(gv) && (mg = mg_find((SV*)gv, 'q'))) { SV *sv; @@ -3204,7 +3215,7 @@ PP(pp_setpgrp) #ifdef BSD_SETPGRP SETi( BSD_SETPGRP(pid, pgrp) >= 0 ); #else - if ((pgrp != 0 && pgrp != getpid())) || (pid != 0 && pid != getpid())) + if ((pgrp != 0 && pgrp != getpid()) || (pid != 0 && pid != getpid())) DIE("POSIX setpgrp can't take an argument"); SETi( setpgrp() >= 0 ); #endif /* USE_BSDPGRP */ @@ -3675,7 +3686,7 @@ PP(pp_gnetent) PUSHs(sv = sv_mortalcopy(&sv_no)); sv_setpv(sv, nent->n_name); PUSHs(sv = sv_mortalcopy(&sv_no)); - for (elem = nent->n_aliases; *elem; elem++) { + for (elem = nent->n_aliases; elem && *elem; elem++) { sv_catpv(sv, *elem); if (elem[1]) sv_catpvn(sv, " ", 1); @@ -3745,7 +3756,7 @@ PP(pp_gprotoent) PUSHs(sv = sv_mortalcopy(&sv_no)); sv_setpv(sv, pent->p_name); PUSHs(sv = sv_mortalcopy(&sv_no)); - for (elem = pent->p_aliases; *elem; elem++) { + for (elem = pent->p_aliases; elem && *elem; elem++) { sv_catpv(sv, *elem); if (elem[1]) sv_catpvn(sv, " ", 1); @@ -3832,7 +3843,7 @@ PP(pp_gservent) PUSHs(sv = sv_mortalcopy(&sv_no)); sv_setpv(sv, sent->s_name); PUSHs(sv = sv_mortalcopy(&sv_no)); - for (elem = sent->s_aliases; *elem; elem++) { + for (elem = sent->s_aliases; elem && *elem; elem++) { sv_catpv(sv, *elem); if (elem[1]) sv_catpvn(sv, " ", 1); @@ -4112,7 +4123,7 @@ PP(pp_ggrent) PUSHs(sv = sv_mortalcopy(&sv_no)); sv_setiv(sv, (IV)grent->gr_gid); PUSHs(sv = sv_mortalcopy(&sv_no)); - for (elem = grent->gr_mem; *elem; elem++) { + for (elem = grent->gr_mem; elem && *elem; elem++) { sv_catpv(sv, *elem); if (elem[1]) sv_catpvn(sv, " ", 1);