From: Chip Salzenberg Date: Sun, 16 Nov 2008 23:14:30 +0000 (-0800) Subject: Re: [perl #59998] [PATCH] crypt() returns tainted data even when input strings are... X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?a=commitdiff_plain;h=ec93b65fd8c6a7ae08d0f88100de0c755ed21a94;p=p5sagit%2Fp5-mst-13.2.git Re: [perl #59998] [PATCH] crypt() returns tainted data even when input strings are detainted Message-ID: <20081117071429.GD5495@tytlal.topaz.cx> p4raw-id: //depot/perl@34860 --- diff --git a/pp.c b/pp.c index 739a457..166c315 100644 --- a/pp.c +++ b/pp.c @@ -2553,7 +2553,7 @@ PP(pp_complement) sv_usepvn_flags(TARG, (char*)result, nchar, SV_HAS_TRAILING_NUL); SvUTF8_off(TARG); } - SETs(TARG); + SETTARG; RETURN; } #ifdef LIBERAL @@ -2569,8 +2569,7 @@ PP(pp_complement) #endif for ( ; anum > 0; anum--, tmps++) *tmps = ~*tmps; - - SETs(TARG); + SETTARG; } RETURN; } @@ -3514,7 +3513,7 @@ PP(pp_crypt) # else sv_setpv(TARG, PerlProc_crypt(tmps, SvPV_nolen_const(right))); # endif - SETs(TARG); + SETTARG; RETURN; #else DIE(aTHX_ @@ -3899,9 +3898,7 @@ PP(pp_quotemeta) } else sv_setpvn(TARG, s, len); - SETs(TARG); - if (SvSMAGICAL(TARG)) - mg_set(TARG); + SETTARG; RETURN; } diff --git a/t/op/taint.t b/t/op/taint.t index f578423..29fc436 100755 --- a/t/op/taint.t +++ b/t/op/taint.t @@ -17,7 +17,7 @@ use Config; use File::Spec::Functions; BEGIN { require './test.pl'; } -plan tests => 267; +plan tests => 271; $| = 1; @@ -1252,6 +1252,21 @@ foreach my $ord (78, 163, 256) { ok(!tainted($1), "\\S match with chr $ord"); } +{ + # 59998 + sub cr { my $x = crypt($_[0], $_[1]); $x } + sub co { my $x = ~$_[0]; $x } + my ($a, $b); + $a = cr('hello', 'foo' . $TAINT); + $b = cr('hello', 'foo'); + ok(tainted($a), "tainted crypt"); + ok(!tainted($b), "untainted crypt"); + $a = co('foo' . $TAINT); + $b = co('foo'); + ok(tainted($a), "tainted complement"); + ok(!tainted($b), "untainted complement"); +} + # This may bomb out with the alarm signal so keep it last SKIP: { skip "No alarm()" unless $Config{d_alarm};