X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?a=blobdiff_plain;f=taint.c;h=655cec84ef443fccc1b6e818f9d32303a2dfea7f;hb=be425529213e9b149dcb8e489b8c142dbfdda50e;hp=cd9e4ec5ca899fc63af43df66ab0527a5ba1c2c6;hpb=c90c0ff485be15aaf3ee20121299cb014ee6b1ff;p=p5sagit%2Fp5-mst-13.2.git

diff --git a/taint.c b/taint.c
index cd9e4ec..655cec8 100644
--- a/taint.c
+++ b/taint.c
@@ -8,31 +8,32 @@
 #include "perl.h"
 
 void
-taint_proper(f, s)
-const char *f;
-char *s;
+taint_proper(const char *f, char *s)
 {
+    dTHR;	/* just for taint */
     char *ug;
 
-    DEBUG_u(PerlIO_printf(PerlIO_stderr(),
-            "%s %d %d %d\n", s, tainted, uid, euid));
+    DEBUG_u(PerlIO_printf(Perl_debug_log,
+            "%s %d %d %d\n", s, PL_tainted, PL_uid, PL_euid));
 
-    if (tainted) {
-	if (euid != uid)
+    if (PL_tainted) {
+	if (!f)
+	    f = PL_no_security;
+	if (PL_euid != PL_uid)
 	    ug = " while running setuid";
-	else if (egid != gid)
+	else if (PL_egid != PL_gid)
 	    ug = " while running setgid";
 	else
 	    ug = " while running with -T switch";
-	if (!unsafe)
+	if (!PL_unsafe)
 	    croak(f, s, ug);
-	else if (dowarn)
-	    warn(f, s, ug);
+	else if (ckWARN(WARN_TAINT))
+	    warner(WARN_TAINT, f, s, ug);
     }
 }
 
 void
-taint_env()
+taint_env(void)
 {
     SV** svp;
     MAGIC* mg;
@@ -52,14 +53,16 @@ taint_env()
     while (1) {
 	if (i)
 	    (void)sprintf(name,"DCL$PATH;%d", i);
-	svp = hv_fetch(GvHVn(envgv), name, strlen(name), FALSE);
-	if (!svp || *svp == &sv_undef)
+	svp = hv_fetch(GvHVn(PL_envgv), name, strlen(name), FALSE);
+	if (!svp || *svp == &PL_sv_undef)
 	    break;
 	if (SvTAINTED(*svp)) {
+	    dTHR;
 	    TAINT;
 	    taint_proper("Insecure %s%s", "$ENV{DCL$PATH}");
 	}
 	if ((mg = mg_find(*svp, 'e')) && MgTAINTEDDIR(mg)) {
+	    dTHR;
 	    TAINT;
 	    taint_proper("Insecure directory in %s%s", "$ENV{DCL$PATH}");
 	}
@@ -67,13 +70,15 @@ taint_env()
     }
 #endif /* VMS */
 
-    svp = hv_fetch(GvHVn(envgv),"PATH",4,FALSE);
+    svp = hv_fetch(GvHVn(PL_envgv),"PATH",4,FALSE);
     if (svp && *svp) {
 	if (SvTAINTED(*svp)) {
+	    dTHR;
 	    TAINT;
 	    taint_proper("Insecure %s%s", "$ENV{PATH}");
 	}
 	if ((mg = mg_find(*svp, 'e')) && MgTAINTEDDIR(mg)) {
+	    dTHR;
 	    TAINT;
 	    taint_proper("Insecure directory in %s%s", "$ENV{PATH}");
 	}
@@ -81,12 +86,14 @@ taint_env()
 
 #ifndef VMS
     /* tainted $TERM is okay if it contains no metachars */
-    svp = hv_fetch(GvHVn(envgv),"TERM",4,FALSE);
+    svp = hv_fetch(GvHVn(PL_envgv),"TERM",4,FALSE);
     if (svp && *svp && SvTAINTED(*svp)) {
-	bool was_tainted = tainted;
-	char *t = SvPV(*svp, na);
-	char *e = t + na;
-	tainted = was_tainted;
+    	dTHR;	/* just for taint */
+	STRLEN n_a;
+	bool was_tainted = PL_tainted;
+	char *t = SvPV(*svp, n_a);
+	char *e = t + n_a;
+	PL_tainted = was_tainted;
 	if (t < e && isALNUM(*t))
 	    t++;
 	while (t < e && (isALNUM(*t) || *t == '-' || *t == ':'))
@@ -99,8 +106,9 @@ taint_env()
 #endif /* !VMS */
 
     for (e = misc_env; *e; e++) {
-	svp = hv_fetch(GvHVn(envgv), *e, strlen(*e), FALSE);
-	if (svp && *svp != &sv_undef && SvTAINTED(*svp)) {
+	svp = hv_fetch(GvHVn(PL_envgv), *e, strlen(*e), FALSE);
+	if (svp && *svp != &PL_sv_undef && SvTAINTED(*svp)) {
+	    dTHR;	/* just for taint */
 	    TAINT;
 	    taint_proper("Insecure $ENV{%s}%s", *e);
 	}