Subject: [ID
20001004.007] taint propogation is inconsistent
Message-Id: <m13h1XU-000SEmC@nolfolan.idiomtech.com>
The culprit was sv_setsv() which was rather blindly
propagating taint, which lead to behaviour where if
a tainted anon hash value was seen all the hash values
from then on at that level became tainted, or at any
upper levels in the case of nested anon hashes.
p4raw-id: //depot/perl@7553
SvIVX(dstr) = SvIVX(sstr);
if (SvIsUV(sstr))
SvIsUV_on(dstr);
- SvTAINT(dstr);
+ if (SvTAINTED(sstr))
+ SvTAINT(dstr);
return;
}
goto undef_sstr;
}
SvNVX(dstr) = SvNVX(sstr);
(void)SvNOK_only(dstr);
- SvTAINT(dstr);
+ if (SvTAINTED(sstr))
+ SvTAINT(dstr);
return;
}
goto undef_sstr;
GvINTRO_off(dstr); /* one-shot flag */
gp_free((GV*)dstr);
GvGP(dstr) = gp_ref(GvGP(sstr));
- SvTAINT(dstr);
+ if (SvTAINTED(sstr))
+ SvTAINT(dstr);
if (GvIMPORTED(dstr) != GVf_IMPORTED
&& CopSTASH_ne(PL_curcop, GvSTASH(dstr)))
{
SvREFCNT_dec(dref);
if (intro)
SAVEFREESV(sref);
- SvTAINT(dstr);
+ if (SvTAINTED(sstr))
+ SvTAINT(dstr);
return;
}
if (SvPVX(dstr)) {
else
(void)SvOK_off(dstr);
}
- SvTAINT(dstr);
+ if (SvTAINTED(sstr))
+ SvTAINT(dstr);
}
/*
close PROG;
my $echo = "$Invoke_Perl $ECHO";
-print "1..152\n";
+print "1..155\n";
# First, let's make sure that Perl is checking the dangerous
# environment variables. Maybe they aren't set yet, so we'll
my $b = <IN>;
print "not " unless tainted($a) && tainted($b) && !defined($b);
print "ok 152\n";
+ close IN;
}
+
+{
+ # bug id 20001004.007
+
+ open IN, "./TEST" or warn "$0: cannot read ./TEST: $!" ;
+ my $a = <IN>;
+
+ my $c = { a => 42,
+ b => $a };
+ print "not " unless !tainted($c->{a}) && tainted($c->{b});
+ print "ok 153\n";
+
+ my $d = { a => $a,
+ b => 42 };
+ print "not " unless tainted($d->{a}) && !tainted($d->{b});
+ print "ok 154\n";
+
+ my $e = { a => 42,
+ b => { c => $a, d => 42 } };
+ print "not " unless !tainted($e->{a}) &&
+ !tainted($e->{b}) &&
+ tainted($e->{b}->{c}) &&
+ !tainted($e->{b}->{d});
+ print "ok 155\n";
+
+ close IN;
+}
+