X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?a=blobdiff_plain;f=taint.c;h=dbb0a1e9dc82e117b8b8403ae34cc57906bdd499;hb=b8e6d11c134e93a7795379ceb62b7f950607c667;hp=5178ee2250a0e4b26869979e7908789ab6a45082;hpb=79072805bf63abe5b5978b5928ab00d360ea3e7f;p=p5sagit%2Fp5-mst-13.2.git

diff --git a/taint.c b/taint.c
index 5178ee2..dbb0a1e 100644
--- a/taint.c
+++ b/taint.c
@@ -1,14 +1,32 @@
+/*
+ * "...we will have peace, when you and all your works have perished--and
+ * the works of your dark master to whom you would deliver us.  You are a
+ * liar, Saruman, and a corrupter of men's hearts."  --Theoden
+ */
+
+#include "EXTERN.h"
+#include "perl.h"
+
 void
 taint_proper(f, s)
-char *f;
+const char *f;
 char *s;
 {
-    DEBUG_u(fprintf(stderr,"%s %d %d %d\n",s,tainted,uid, euid));
-    if (tainted && (!euid || euid != uid || egid != gid || taintanyway)) {
+    char *ug;
+
+    if (tainted) {
+	DEBUG_u(PerlIO_printf(PerlIO_stderr(),
+			      "%s %d %d %d\n", s, tainted, uid, euid));
+	if (euid != uid)
+	    ug = " while running setuid";
+	else if (egid != gid)
+	    ug = " while running setgid";
+	else
+	    ug = " while running with -T switch";
 	if (!unsafe)
-	    fatal(f, s);
+	    croak(f, s, ug);
 	else if (dowarn)
-	    warn(f, s);
+	    warn(f, s, ug);
     }
 }
 
@@ -16,19 +34,24 @@ void
 taint_env()
 {
     SV** svp;
+    MAGIC *mg = 0;
 
     svp = hv_fetch(GvHVn(envgv),"PATH",4,FALSE);
-    if (!svp || *svp == &sv_undef || (*svp)->sv_tainted) {
-	tainted = 1;
-	if ((*svp)->sv_tainted == 2)
-	    taint_proper("Insecure directory in %s", "PATH");
+    if (!svp || *svp == &sv_undef ||
+	((mg = mg_find(*svp, 't')) && mg->mg_len & 1))
+    {
+	TAINT;
+	if (mg && MgTAINTEDDIR(mg))
+	    taint_proper("Insecure directory in %s%s", "$ENV{PATH}");
 	else
-	    taint_proper("Insecure %s", "PATH");
+	    taint_proper("Insecure %s%s", "$ENV{PATH}");
     }
+
     svp = hv_fetch(GvHVn(envgv),"IFS",3,FALSE);
-    if (svp && *svp != &sv_undef && (*svp)->sv_tainted) {
-	tainted = 1;
-	taint_proper("Insecure %s", "IFS");
+    if (svp && *svp != &sv_undef &&
+	(mg = mg_find(*svp, 't')) && mg->mg_len & 1)
+    {
+	TAINT;
+	taint_proper("Insecure %s%s", "$ENV{IFS}");
     }
 }
-