=head1 Incompatible Changes
+=head2 Tainting and printf
+
+When perl is run under taint mode, C<printf()> and C<sprintf()> will now
+reject any tainted format argument.
+
=head2 Removal of the bytecode compiler and of perlcc
C<perlcc>, the byteloader and the supporting modules (B::C, B::CC,
PP(pp_sprintf)
{
dVAR; dSP; dMARK; dORIGMARK; dTARGET;
+ if (SvTAINTED(MARK[1]))
+ TAINT_PROPER("sprintf");
do_sprintf(TARG, SP-MARK, MARK+1);
TAINT_IF(SvTAINTED(TARG));
SP = ORIGMARK;
goto just_say_no;
}
else {
+ if (SvTAINTED(MARK[1]))
+ TAINT_PROPER("printf");
do_sprintf(sv, SP - MARK, MARK + 1);
if (!do_print(sv, fp))
goto just_say_no;
use File::Spec::Functions;
BEGIN { require './test.pl'; }
-plan tests => 251;
+plan tests => 255;
$| = 1;
$o->untainted;
}
+{
+ # tests for tainted format in s?printf
+ eval { printf($TAINT . "# %s\n", "foo") };
+ like($@, qr/^Insecure dependency in printf/, q/printf doesn't like tainted formats/);
+ eval { printf("# %s\n", $TAINT . "foo") };
+ ok(!$@, q/printf accepts other tainted args/);
+ eval { sprintf($TAINT . "# %s\n", "foo") };
+ like($@, qr/^Insecure dependency in sprintf/, q/sprintf doesn't like tainted formats/);
+ eval { sprintf("# %s\n", $TAINT . "foo") };
+ ok(!$@, q/sprintf accepts other tainted args/);
+}
projects / p5sagit/p5-mst-13.2.git / commitdiff