[perl #38709] Opening '|-' triggers unjustified taint check

From: mhasch@cpan.org (via RT) <perlbug-followup@perl.org>
Message-ID: <rt-3.0.11-38709-130993.2.89182805885773@perl.org>

p4raw-id: //depot/perl@27951

diff --git a/doio.c b/doio.c
index 3d29b59..6910cf1 100644 (file)
--- a/doio.c
+++ b/doio.c
@@ -246,7 +246,7 @@ Perl_do_openn(pTHX_ GV *gv, register const char *oname, I32 len, int as_raw,
                errno = EPIPE;
                goto say_false;
            }
-           if ((*name == '-' && name[1] == '\0') || num_svs)
+           if (!(*name == '-' && name[1] == '\0') || num_svs)
                TAINT_ENV();
            TAINT_PROPER("piped open");
            if (!num_svs && name[len-1] == '|') {

diff --git a/t/op/taint.t b/t/op/taint.t
index 76b553b..03bcc65 100755 (executable)
--- a/t/op/taint.t
+++ b/t/op/taint.t
@@ -17,8 +17,7 @@ use Config;
 use File::Spec::Functions;
 
 BEGIN { require './test.pl'; }
-plan tests => 246;
-
+plan tests => 249;
 
 $| = 1;
 
@@ -1158,3 +1157,31 @@ SKIP:
     my $b = $a + 5;
     is ($b, 8, "Arithmetic on tainted dualvars works");
 }
+
+# opening '|-' should not trigger $ENV{PATH} check
+
+{
+    SKIP: {
+       skip "fork() is not available", 3 unless $Config{'d_fork'};
+
+       $ENV{'PATH'} = $TAINT;
+       local $SIG{'PIPE'} = 'IGNORE';
+       eval {
+           my $pid = open my $pipe, '|-';
+           if (!defined $pid) {
+               die "open failed: $!";
+           }
+           if (!$pid) {
+               kill 'KILL', $$;        # child suicide
+           }
+           close $pipe;
+       };
+       test $@ !~ /Insecure \$ENV/, 'fork triggers %ENV check';
+       test $@ eq '',               'pipe/fork/open/close failed';
+       eval {
+           open my $pipe, "|$Invoke_Perl -e 1";
+           close $pipe;
+       };
+       test $@ =~ /Insecure \$ENV/, 'popen neglects %ENV check';
+    }
+}