From: Radu Greab <radu@netsoft.ro>
Date: Mon, 26 Nov 2001 18:42:29 +0000 (+0200)
Subject: system and taintedness
X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?a=commitdiff_plain;h=52a55424e4624fc79eb8894fb91c5e2f4a9018ab;p=p5sagit%2Fp5-mst-13.2.git

system and taintedness
Message-ID: <15362.28917.697078.551412@ix.netsoft.ro>

p4raw-id: //depot/perl@13287
---

diff --git a/pp_sys.c b/pp_sys.c
index 4b9b096..a2d5721 100644
--- a/pp_sys.c
+++ b/pp_sys.c
@@ -4030,6 +4030,16 @@ PP(pp_system)
 	 int status;
 	 Sigsave_t ihand,qhand;     /* place to save signals during system() */
 	 
+	 if (PL_tainting) {
+	     SV *cmd = NULL;
+	     if (PL_op->op_flags & OPf_STACKED)
+		cmd = *(MARK + 1);
+	     else if (SP - MARK != 1)
+		cmd = *SP;
+	     if (cmd && *(SvPV_nolen(cmd)) != '/')
+		TAINT_ENV();
+	 }
+
 	 if (PerlProc_pipe(pp) >= 0)
 	      did_pipes = 1;
 	 while ((childpid = PerlProc_fork()) == -1) {
diff --git a/t/op/taint.t b/t/op/taint.t
index 29b5839..21cf2fa 100755
--- a/t/op/taint.t
+++ b/t/op/taint.t
@@ -123,7 +123,7 @@ print PROG 'print "@ARGV\n"', "\n";
 close PROG;
 my $echo = "$Invoke_Perl $ECHO";
 
-print "1..182\n";
+print "1..183\n";
 
 # First, let's make sure that Perl is checking the dangerous
 # environment variables. Maybe they aren't set yet, so we'll
@@ -918,3 +918,11 @@ ok( $@ =~ /^Modification of a read-only value attempted/,
     my $re3 = "$re2";
     test 182, tainted $re3;
 }
+
+
+{
+    # bug 20010221.005
+    local $ENV{PATH} .= $TAINT;
+    eval { system { "echo" } "/arg0", "arg1" };
+    test 183, $@ =~ /^Insecure \$ENV/;
+}