| author | David Hollister <david.hollister@oracle.com> |
| Wed, 12 Oct 2016 14:01:13 -0600 | |
| changeset 7094 | 61352b4e5af5 |
| parent 5554 | 63d6ec724bea |
| permissions | -rw-r--r-- |
|
5554
63d6ec724bea
PSARC 2016/024 Add Perl 5.22, Remove Perl 5.20
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
1 |
From b6307f728a4f842a54ea96959e386c7daa92ece1 Mon Sep 17 00:00:00 2001 |
|
63d6ec724bea
PSARC 2016/024 Add Perl 5.22, Remove Perl 5.20
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
2 |
From: Tony Cook <[email protected]> |
|
63d6ec724bea
PSARC 2016/024 Add Perl 5.22, Remove Perl 5.20
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
3 |
Date: Tue, 15 Dec 2015 10:56:54 +1100 |
|
63d6ec724bea
PSARC 2016/024 Add Perl 5.22, Remove Perl 5.20
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
4 |
Subject: [perl #126862] ensure File::Spec::canonpath() preserves taint |
|
63d6ec724bea
PSARC 2016/024 Add Perl 5.22, Remove Perl 5.20
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
5 |
|
|
63d6ec724bea
PSARC 2016/024 Add Perl 5.22, Remove Perl 5.20
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
6 |
Previously the unix specific XS implementation of canonpath() would |
|
63d6ec724bea
PSARC 2016/024 Add Perl 5.22, Remove Perl 5.20
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
7 |
return an untainted path when supplied a tainted path. |
|
63d6ec724bea
PSARC 2016/024 Add Perl 5.22, Remove Perl 5.20
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
8 |
|
|
63d6ec724bea
PSARC 2016/024 Add Perl 5.22, Remove Perl 5.20
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
9 |
For the empty string case, newSVpvs() already sets taint as needed on |
|
63d6ec724bea
PSARC 2016/024 Add Perl 5.22, Remove Perl 5.20
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
10 |
its result. |
|
63d6ec724bea
PSARC 2016/024 Add Perl 5.22, Remove Perl 5.20
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
11 |
--- |
|
63d6ec724bea
PSARC 2016/024 Add Perl 5.22, Remove Perl 5.20
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
12 |
dist/PathTools/Cwd.xs | 1 + |
|
63d6ec724bea
PSARC 2016/024 Add Perl 5.22, Remove Perl 5.20
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
13 |
dist/PathTools/t/taint.t | 19 ++++++++++++++++++- |
|
63d6ec724bea
PSARC 2016/024 Add Perl 5.22, Remove Perl 5.20
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
14 |
2 files changed, 19 insertions(+), 1 deletion(-) |
|
63d6ec724bea
PSARC 2016/024 Add Perl 5.22, Remove Perl 5.20
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
15 |
|
|
63d6ec724bea
PSARC 2016/024 Add Perl 5.22, Remove Perl 5.20
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
16 |
diff --git a/dist/PathTools/Cwd.xs b/dist/PathTools/Cwd.xs |
|
63d6ec724bea
PSARC 2016/024 Add Perl 5.22, Remove Perl 5.20
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
17 |
index 9d4dcf0..3d018dc 100644 |
|
63d6ec724bea
PSARC 2016/024 Add Perl 5.22, Remove Perl 5.20
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
18 |
--- a/dist/PathTools/Cwd.xs |
|
63d6ec724bea
PSARC 2016/024 Add Perl 5.22, Remove Perl 5.20
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
19 |
+++ b/dist/PathTools/Cwd.xs |
|
63d6ec724bea
PSARC 2016/024 Add Perl 5.22, Remove Perl 5.20
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
20 |
@@ -535,6 +535,7 @@ THX_unix_canonpath(pTHX_ SV *path) |
|
63d6ec724bea
PSARC 2016/024 Add Perl 5.22, Remove Perl 5.20
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
21 |
*o = 0; |
|
63d6ec724bea
PSARC 2016/024 Add Perl 5.22, Remove Perl 5.20
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
22 |
SvPOK_on(retval); |
|
63d6ec724bea
PSARC 2016/024 Add Perl 5.22, Remove Perl 5.20
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
23 |
SvCUR_set(retval, o - SvPVX(retval)); |
|
63d6ec724bea
PSARC 2016/024 Add Perl 5.22, Remove Perl 5.20
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
24 |
+ SvTAINT(retval); |
|
63d6ec724bea
PSARC 2016/024 Add Perl 5.22, Remove Perl 5.20
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
25 |
return retval; |
|
63d6ec724bea
PSARC 2016/024 Add Perl 5.22, Remove Perl 5.20
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
26 |
} |
|
63d6ec724bea
PSARC 2016/024 Add Perl 5.22, Remove Perl 5.20
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
27 |
|
|
63d6ec724bea
PSARC 2016/024 Add Perl 5.22, Remove Perl 5.20
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
28 |
diff --git a/dist/PathTools/t/taint.t b/dist/PathTools/t/taint.t |
|
63d6ec724bea
PSARC 2016/024 Add Perl 5.22, Remove Perl 5.20
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
29 |
index 309b3e5..48f8c5b 100644 |
|
63d6ec724bea
PSARC 2016/024 Add Perl 5.22, Remove Perl 5.20
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
30 |
--- a/dist/PathTools/t/taint.t |
|
63d6ec724bea
PSARC 2016/024 Add Perl 5.22, Remove Perl 5.20
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
31 |
+++ b/dist/PathTools/t/taint.t |
|
63d6ec724bea
PSARC 2016/024 Add Perl 5.22, Remove Perl 5.20
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
32 |
@@ -12,7 +12,7 @@ use Test::More; |
|
63d6ec724bea
PSARC 2016/024 Add Perl 5.22, Remove Perl 5.20
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
33 |
BEGIN {
|
|
63d6ec724bea
PSARC 2016/024 Add Perl 5.22, Remove Perl 5.20
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
34 |
plan( |
|
63d6ec724bea
PSARC 2016/024 Add Perl 5.22, Remove Perl 5.20
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
35 |
${^TAINT}
|
|
63d6ec724bea
PSARC 2016/024 Add Perl 5.22, Remove Perl 5.20
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
36 |
- ? (tests => 17) |
|
63d6ec724bea
PSARC 2016/024 Add Perl 5.22, Remove Perl 5.20
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
37 |
+ ? (tests => 21) |
|
63d6ec724bea
PSARC 2016/024 Add Perl 5.22, Remove Perl 5.20
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
38 |
: (skip_all => "A perl without taint support") |
|
63d6ec724bea
PSARC 2016/024 Add Perl 5.22, Remove Perl 5.20
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
39 |
); |
|
63d6ec724bea
PSARC 2016/024 Add Perl 5.22, Remove Perl 5.20
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
40 |
} |
|
63d6ec724bea
PSARC 2016/024 Add Perl 5.22, Remove Perl 5.20
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
41 |
@@ -34,3 +34,20 @@ foreach my $func (@Functions) {
|
|
63d6ec724bea
PSARC 2016/024 Add Perl 5.22, Remove Perl 5.20
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
42 |
|
|
63d6ec724bea
PSARC 2016/024 Add Perl 5.22, Remove Perl 5.20
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
43 |
# Previous versions of Cwd tainted $^O |
|
63d6ec724bea
PSARC 2016/024 Add Perl 5.22, Remove Perl 5.20
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
44 |
is !tainted($^O), 1, "\$^O should not be tainted"; |
|
63d6ec724bea
PSARC 2016/024 Add Perl 5.22, Remove Perl 5.20
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
45 |
+ |
|
63d6ec724bea
PSARC 2016/024 Add Perl 5.22, Remove Perl 5.20
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
46 |
+{
|
|
63d6ec724bea
PSARC 2016/024 Add Perl 5.22, Remove Perl 5.20
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
47 |
+ # [perl #126862] canonpath() loses taint |
|
63d6ec724bea
PSARC 2016/024 Add Perl 5.22, Remove Perl 5.20
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
48 |
+ my $tainted = substr($ENV{PATH}, 0, 0);
|
|
63d6ec724bea
PSARC 2016/024 Add Perl 5.22, Remove Perl 5.20
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
49 |
+ # yes, getcwd()'s result should be tainted, and is tested above |
|
63d6ec724bea
PSARC 2016/024 Add Perl 5.22, Remove Perl 5.20
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
50 |
+ # but be sure |
|
63d6ec724bea
PSARC 2016/024 Add Perl 5.22, Remove Perl 5.20
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
51 |
+ ok tainted(File::Spec->canonpath($tainted . Cwd::getcwd)), |
|
63d6ec724bea
PSARC 2016/024 Add Perl 5.22, Remove Perl 5.20
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
52 |
+ "canonpath() keeps taint on non-empty string"; |
|
63d6ec724bea
PSARC 2016/024 Add Perl 5.22, Remove Perl 5.20
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
53 |
+ ok tainted(File::Spec->canonpath($tainted)), |
|
63d6ec724bea
PSARC 2016/024 Add Perl 5.22, Remove Perl 5.20
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
54 |
+ "canonpath() keeps taint on empty string"; |
|
63d6ec724bea
PSARC 2016/024 Add Perl 5.22, Remove Perl 5.20
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
55 |
+ |
|
63d6ec724bea
PSARC 2016/024 Add Perl 5.22, Remove Perl 5.20
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
56 |
+ (Cwd::getcwd() =~ /^(.*)/); |
|
63d6ec724bea
PSARC 2016/024 Add Perl 5.22, Remove Perl 5.20
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
57 |
+ my $untainted = $1; |
|
63d6ec724bea
PSARC 2016/024 Add Perl 5.22, Remove Perl 5.20
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
58 |
+ ok !tainted($untainted), "make sure our untainted value is untainted"; |
|
63d6ec724bea
PSARC 2016/024 Add Perl 5.22, Remove Perl 5.20
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
59 |
+ ok !tainted(File::Spec->canonpath($untainted)), |
|
63d6ec724bea
PSARC 2016/024 Add Perl 5.22, Remove Perl 5.20
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
60 |
+ "canonpath() doesn't add taint to untainted string"; |
|
63d6ec724bea
PSARC 2016/024 Add Perl 5.22, Remove Perl 5.20
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
61 |
+} |
|
63d6ec724bea
PSARC 2016/024 Add Perl 5.22, Remove Perl 5.20
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
62 |
-- |
|
63d6ec724bea
PSARC 2016/024 Add Perl 5.22, Remove Perl 5.20
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
63 |
2.1.4 |
|
63d6ec724bea
PSARC 2016/024 Add Perl 5.22, Remove Perl 5.20
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
64 |