Re: sync sync sync: have I missed any patches?

Message-ID: <15006.42826.747914.669893@ix.netsoft.ro>

Fixes the bugs 20010221.005 and 20010221.008: "the taint checker
was checking argv[0] regardless of whether a different pathname
will actually be executed."  Test case not supplied because
drafting that, ironically enough, revealed another bug
(or a feature).

p4raw-id: //depot/perl@8982

diff --git a/doio.c b/doio.c
index 53863b6..3ed517b 100644 (file)
--- a/doio.c
+++ b/doio.c
@@ -1294,15 +1294,18 @@ Perl_do_aexec5(pTHX_ SV *really, register SV **mark, register SV **sp,
                *a++ = "";
        }
        *a = Nullch;
-       if (*PL_Argv[0] != '/') /* will execvp use PATH? */
+       if (really)
+           tmps = SvPV(really, n_a);
+       if ((!really && *PL_Argv[0] != '/') ||
+           (really && *tmps != '/'))           /* will execvp use PATH? */
            TAINT_ENV();                /* testing IFS here is overkill, probably */
-       if (really && *(tmps = SvPV(really, n_a)))
+       if (really && *tmps)
            PerlProc_execvp(tmps,EXEC_ARGV_CAST(PL_Argv));
        else
            PerlProc_execvp(PL_Argv[0],EXEC_ARGV_CAST(PL_Argv));
        if (ckWARN(WARN_EXEC))
            Perl_warner(aTHX_ WARN_EXEC, "Can't exec \"%s\": %s",
-               PL_Argv[0], Strerror(errno));
+               (really ? tmps : PL_Argv[0]), Strerror(errno));
        if (do_report) {
            int e = errno;