[perl #24674]

stop $^O getting tainted on read access, and disallow tainted
assignment to it

p4raw-id: //depot/perl@22071

diff --git a/mg.c b/mg.c
index 66e02b7..f79210e 100644 (file)
--- a/mg.c
+++ b/mg.c
@@ -648,8 +648,10 @@ Perl_magic_get(pTHX_ SV *sv, MAGIC *mg)
            sv_setsv(sv, &PL_sv_undef);
        break;
     case '\017':               /* ^O & ^OPEN */
-       if (*(mg->mg_ptr+1) == '\0')
+       if (*(mg->mg_ptr+1) == '\0') {
            sv_setpv(sv, PL_osname);
+           SvTAINTED_off(sv);
+       }
        else if (strEQ(mg->mg_ptr, "\017PEN")) {
            if (!PL_compiling.cop_io)
                sv_setsv(sv, &PL_sv_undef);
@@ -2091,8 +2093,10 @@ Perl_magic_set(pTHX_ SV *sv, MAGIC *mg)
        if (*(mg->mg_ptr+1) == '\0') {
            if (PL_osname)
                Safefree(PL_osname);
-           if (SvOK(sv))
+           if (SvOK(sv)) {
+               TAINT_PROPER("assigning to $^O");
                PL_osname = savepv(SvPV(sv,len));
+           }
            else
                PL_osname = Nullch;
        }

diff --git a/t/op/taint.t b/t/op/taint.t
index 579545a..6c35e86 100755 (executable)
--- a/t/op/taint.t
+++ b/t/op/taint.t
@@ -124,7 +124,7 @@ my $echo = "$Invoke_Perl $ECHO";
 
 my $TEST = catfile(curdir(), 'TEST');
 
-print "1..220\n";
+print "1..223\n";
 
 # First, let's make sure that Perl is checking the dangerous
 # environment variables. Maybe they aren't set yet, so we'll
@@ -1034,4 +1034,14 @@ else
     test 219, !tainted($1);
     ($r = $TAINT) =~ /($TAINT)/;
     test 220, tainted($1);
+
+    #  [perl #24674]
+    # accessing $^O  shoudn't taint it as a side-effect;
+    # assigning tainted data to it is now an error
+
+    test 221, !tainted($^O);
+    if (!$^X) { } elsif ($^O eq 'bar') { }
+    test 222, !tainted($^O);
+    eval '$^O = $^X';
+    test 223, $@ =~ /Insecure dependency in/;
 }