From: Rafael Garcia-Suarez <rgarciasuarez@gmail.com>
Date: Sun, 26 Oct 2003 21:36:17 +0000 (+0000)
Subject: When %ENV has been turned into a non-magical hash after a
X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?a=commitdiff_plain;h=7b756e0a3e6b2a4af093cd9686b01f419d3acefc;p=p5sagit%2Fp5-mst-13.2.git

When %ENV has been turned into a non-magical hash after a
glob assignment, TAINT_ENV() may dump core because it
assumes $ENV{PATH} is magical. Fix this ; add a test to
verify that the PATH is still checked for taintedness.

p4raw-id: //depot/perl@21542
---

diff --git a/t/op/taint.t b/t/op/taint.t
index e6e1265..557b15f 100755
--- a/t/op/taint.t
+++ b/t/op/taint.t
@@ -124,7 +124,7 @@ my $echo = "$Invoke_Perl $ECHO";
 
 my $TEST = catfile(curdir(), 'TEST');
 
-print "1..206\n";
+print "1..208\n";
 
 # First, let's make sure that Perl is checking the dangerous
 # environment variables. Maybe they aren't set yet, so we'll
@@ -982,3 +982,15 @@ else
     $TAINT =~ /(.*)/;
     test 206, tainted(my $foo = $1);
 }
+
+{
+    # test with a non-magical %ENV (and non-magical %ENV elements)
+    our %nonmagicalenv = ( PATH => $TAINT );
+    local *ENV = \%nonmagicalenv;
+    eval { system("lskdfj"); };
+    test 207, $@ =~ /Insecure \$ENV{PATH} while running with -T switch/;
+    # [perl #24291] this used to dump core
+    %nonmagicalenv = ( PATH => "util" );
+    eval { system("lskdfj"); };
+    test 208, 1;
+}
diff --git a/taint.c b/taint.c
index 7d4eb41..c591e3f 100644
--- a/taint.c
+++ b/taint.c
@@ -80,7 +80,8 @@ Perl_taint_env(pTHX)
 	NULL
     };
 
-    if (!PL_envgv)
+    /* Don't bother if there's no %ENV hash */
+    if (!PL_envgv || !GvHV(PL_envgv))
 	return;
 
 #ifdef VMS
@@ -98,7 +99,9 @@ Perl_taint_env(pTHX)
 	    TAINT;
 	    taint_proper("Insecure %s%s", "$ENV{DCL$PATH}");
 	}
-	if ((mg = mg_find(*svp, PERL_MAGIC_envelem)) && MgTAINTEDDIR(mg)) {
+	if (SvMAGICAL(*svp)
+		&& (mg = mg_find(*svp, PERL_MAGIC_envelem))
+		&& MgTAINTEDDIR(mg)) {
 	    TAINT;
 	    taint_proper("Insecure directory in %s%s", "$ENV{DCL$PATH}");
 	}
@@ -113,7 +116,9 @@ Perl_taint_env(pTHX)
 	    TAINT;
 	    taint_proper("Insecure %s%s", "$ENV{PATH}");
 	}
-	if ((mg = mg_find(*svp, PERL_MAGIC_envelem)) && MgTAINTEDDIR(mg)) {
+	if (SvMAGICAL(*svp)
+		&& (mg = mg_find(*svp, PERL_MAGIC_envelem))
+		&& MgTAINTEDDIR(mg)) {
 	    TAINT;
 	    taint_proper("Insecure directory in %s%s", "$ENV{PATH}");
 	}