X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?a=blobdiff_plain;f=taint.c;h=ab0b697ebb67a3163a96d9f02250e66a2c5f8712;hb=a5ff3b9ad25c72d5b32019260730131002679dcd;hp=d9fac77b5f672987ff0089c24236ff4b4214ba50;hpb=bbce6d69784bf43b0e69e8d312042d65f258af23;p=p5sagit%2Fp5-mst-13.2.git

diff --git a/taint.c b/taint.c
index d9fac77..ab0b697 100644
--- a/taint.c
+++ b/taint.c
@@ -5,53 +5,113 @@
  */
 
 #include "EXTERN.h"
+#define PERL_IN_TAINT_C
 #include "perl.h"
 
 void
-taint_proper(f, s)
-char *f;
-char *s;
+Perl_taint_proper(pTHX_ const char *f, const char *s)
 {
     char *ug;
 
-    if (tainted) {
-	DEBUG_u(PerlIO_printf(PerlIO_stderr(),
-			      "%s %d %d %d\n", s, tainted, uid, euid));
-	if (euid != uid)
+#ifdef HAS_SETEUID
+    DEBUG_u(PerlIO_printf(Perl_debug_log,
+            "%s %d %"Uid_t_f" %"Uid_t_f"\n", s, PL_tainted, PL_uid, PL_euid));
+#endif
+
+    if (PL_tainted) {
+	if (!f)
+	    f = PL_no_security;
+	if (PL_euid != PL_uid)
 	    ug = " while running setuid";
-	else if (egid != gid)
+	else if (PL_egid != PL_gid)
 	    ug = " while running setgid";
 	else
 	    ug = " while running with -T switch";
-	if (!unsafe)
-	    croak(f, s, ug);
-	else if (dowarn)
-	    warn(f, s, ug);
+	if (!PL_unsafe)
+	    Perl_croak(aTHX_ f, s, ug);
+	else if (ckWARN(WARN_TAINT))
+	    Perl_warner(aTHX_ WARN_TAINT, f, s, ug);
     }
 }
 
 void
-taint_env()
+Perl_taint_env(pTHX)
 {
     SV** svp;
-    MAGIC *mg = 0;
+    MAGIC* mg;
+    char** e;
+    static char* misc_env[] = {
+	"IFS",		/* most shells' inter-field separators */
+	"CDPATH",	/* ksh dain bramage #1 */
+	"ENV",		/* ksh dain bramage #2 */
+	"BASH_ENV",	/* bash dain bramage -- I guess it's contagious */
+	NULL
+    };
+
+    if (!PL_envgv)
+	return;
 
-    svp = hv_fetch(GvHVn(envgv),"PATH",4,FALSE);
-    if (!svp || *svp == &sv_undef ||
-	((mg = mg_find(*svp, 't')) && mg->mg_len & 1))
+#ifdef VMS
     {
-	TAINT;
-	if (mg && MgTAINTEDDIR(mg))
-	    taint_proper("Insecure directory in %s%s", "$ENV{PATH}");
-	else
+    int i = 0;
+    char name[10 + TYPE_DIGITS(int)] = "DCL$PATH";
+
+    while (1) {
+	if (i)
+	    (void)sprintf(name,"DCL$PATH;%d", i);
+	svp = hv_fetch(GvHVn(PL_envgv), name, strlen(name), FALSE);
+	if (!svp || *svp == &PL_sv_undef)
+	    break;
+	if (SvTAINTED(*svp)) {
+	    TAINT;
+	    taint_proper("Insecure %s%s", "$ENV{DCL$PATH}");
+	}
+	if ((mg = mg_find(*svp, PERL_MAGIC_envelem)) && MgTAINTEDDIR(mg)) {
+	    TAINT;
+	    taint_proper("Insecure directory in %s%s", "$ENV{DCL$PATH}");
+	}
+	i++;
+    }
+  }
+#endif /* VMS */
+
+    svp = hv_fetch(GvHVn(PL_envgv),"PATH",4,FALSE);
+    if (svp && *svp) {
+	if (SvTAINTED(*svp)) {
+	    TAINT;
 	    taint_proper("Insecure %s%s", "$ENV{PATH}");
+	}
+	if ((mg = mg_find(*svp, PERL_MAGIC_envelem)) && MgTAINTEDDIR(mg)) {
+	    TAINT;
+	    taint_proper("Insecure directory in %s%s", "$ENV{PATH}");
+	}
     }
 
-    svp = hv_fetch(GvHVn(envgv),"IFS",3,FALSE);
-    if (svp && *svp != &sv_undef &&
-	(mg = mg_find(*svp, 't')) && mg->mg_len & 1)
-    {
-	TAINT;
-	taint_proper("Insecure %s%s", "$ENV{IFS}");
+#ifndef VMS
+    /* tainted $TERM is okay if it contains no metachars */
+    svp = hv_fetch(GvHVn(PL_envgv),"TERM",4,FALSE);
+    if (svp && *svp && SvTAINTED(*svp)) {
+	STRLEN n_a;
+	bool was_tainted = PL_tainted;
+	char *t = SvPV(*svp, n_a);
+	char *e = t + n_a;
+	PL_tainted = was_tainted;
+	if (t < e && isALNUM(*t))
+	    t++;
+	while (t < e && (isALNUM(*t) || *t == '-' || *t == ':'))
+	    t++;
+	if (t < e) {
+	    TAINT;
+	    taint_proper("Insecure $ENV{%s}%s", "TERM");
+	}
+    }
+#endif /* !VMS */
+
+    for (e = misc_env; *e; e++) {
+	svp = hv_fetch(GvHVn(PL_envgv), *e, strlen(*e), FALSE);
+	if (svp && *svp != &PL_sv_undef && SvTAINTED(*svp)) {
+	    TAINT;
+	    taint_proper("Insecure $ENV{%s}%s", *e);
+	}
     }
 }