Security hole in taint checking in open()
deekoo [Thu, 19 Jul 2001 00:03:46 +0000 (17:03 -0700)]
Message-Id:  <Pine.LNX.4.33.0107182248330.11996-100000@chaos.tentacle.net>

p4raw-id: //depot/perl@11410

doio.c

diff --git a/doio.c b/doio.c
index d0d28b0..e8ee679 100644 (file)
--- a/doio.c
+++ b/doio.c
@@ -235,6 +235,7 @@ Perl_do_openn(pTHX_ GV *gv, register char *name, I32 len, int as_raw,
        if ((*type == IoTYPE_RDWR) && /* scary */
            (*(type+1) == IoTYPE_RDONLY || *(type+1) == IoTYPE_WRONLY) &&
            ((!num_svs || (tend > type+1 && tend[-1] != IoTYPE_PIPE)))) {
+        TAINT_PROPER("open");
            mode[1] = *type++;
            writing = 1;
        }