diff options
Diffstat (limited to 'meta/recipes-devtools/perl/perl-5.14.3/debian/fixes/index-tainting.diff')
-rw-r--r-- | meta/recipes-devtools/perl/perl-5.14.3/debian/fixes/index-tainting.diff | 74 |
1 files changed, 74 insertions, 0 deletions
diff --git a/meta/recipes-devtools/perl/perl-5.14.3/debian/fixes/index-tainting.diff b/meta/recipes-devtools/perl/perl-5.14.3/debian/fixes/index-tainting.diff new file mode 100644 index 0000000000..ee00ca3cdf --- /dev/null +++ b/meta/recipes-devtools/perl/perl-5.14.3/debian/fixes/index-tainting.diff | |||
@@ -0,0 +1,74 @@ | |||
1 | Upstream-Status:Inappropriate [debian patches] | ||
2 | From e25298a339dd6679f1b080f0125ac1b237b87950 Mon Sep 17 00:00:00 2001 | ||
3 | From: David Mitchell <davem@iabyn.com> | ||
4 | Date: Tue, 28 Jun 2011 17:04:40 +0100 | ||
5 | Subject: RT 64804: tainting with index() of a constant | ||
6 | |||
7 | Bug: http://rt.perl.org/rt3/Public/Bug/Display.html?id=64804 | ||
8 | Bug-Debian: http://bugs.debian.org/291450 | ||
9 | Origin: upstream, http://perl5.git.perl.org/perl.git/commit/3b36395d31cf0a2f3a017505cd0ea857a7acb5d1 | ||
10 | |||
11 | At compile time, ck_index with a tainted constant set PL_tainted, | ||
12 | which remained on during the rest of compilation, tainting all other | ||
13 | constants. | ||
14 | |||
15 | Fix this by saving and restoring PL_tainted across the call to | ||
16 | fbm_compile, which is what sets PL_tainted. | ||
17 | |||
18 | Patch-Name: fixes/index-tainting.diff | ||
19 | --- | ||
20 | op.c | 5 ++++- | ||
21 | t/op/taint.t | 16 +++++++++++++++- | ||
22 | 2 files changed, 19 insertions(+), 2 deletions(-) | ||
23 | |||
24 | diff --git a/op.c b/op.c | ||
25 | index e21b9a4..973df13 100644 | ||
26 | --- a/op.c | ||
27 | +++ b/op.c | ||
28 | @@ -7780,8 +7780,11 @@ Perl_ck_index(pTHX_ OP *o) | ||
29 | OP *kid = cLISTOPo->op_first->op_sibling; /* get past pushmark */ | ||
30 | if (kid) | ||
31 | kid = kid->op_sibling; /* get past "big" */ | ||
32 | - if (kid && kid->op_type == OP_CONST) | ||
33 | + if (kid && kid->op_type == OP_CONST) { | ||
34 | + const bool save_taint = PL_tainted; | ||
35 | fbm_compile(((SVOP*)kid)->op_sv, 0); | ||
36 | + PL_tainted = save_taint; | ||
37 | + } | ||
38 | } | ||
39 | return ck_fun(o); | ||
40 | } | ||
41 | diff --git a/t/op/taint.t b/t/op/taint.t | ||
42 | index 9df6fee..a300b9b 100644 | ||
43 | --- a/t/op/taint.t | ||
44 | +++ b/t/op/taint.t | ||
45 | @@ -17,7 +17,7 @@ BEGIN { | ||
46 | use strict; | ||
47 | use Config; | ||
48 | |||
49 | -plan tests => 774; | ||
50 | +plan tests => 778; | ||
51 | |||
52 | $| = 1; | ||
53 | |||
54 | @@ -2144,6 +2144,20 @@ end | ||
55 | is_tainted $dest, "ucfirst(tainted) taints its return value"; | ||
56 | } | ||
57 | |||
58 | + | ||
59 | +# tainted constants and index() | ||
60 | +# RT 64804; http://bugs.debian.org/291450 | ||
61 | +{ | ||
62 | + ok(tainted $old_env_path, "initial taintedness"); | ||
63 | + BEGIN { no strict 'refs'; my $v = $old_env_path; *{"::C"} = sub () { $v }; } | ||
64 | + ok(tainted C, "constant is tainted properly"); | ||
65 | + ok(!tainted "", "tainting not broken yet"); | ||
66 | + index(undef, C); | ||
67 | + ok(!tainted "", "tainting still works after index() of the constant"); | ||
68 | +} | ||
69 | + | ||
70 | + | ||
71 | + | ||
72 | # This may bomb out with the alarm signal so keep it last | ||
73 | SKIP: { | ||
74 | skip "No alarm()" unless $Config{d_alarm}; | ||