system and taintedness

author Radu Greab <radu@netsoft.ro>

Mon, 26 Nov 2001 18:42:29 +0000 (20:42 +0200)

committer Jarkko Hietaniemi <jhi@iki.fi>

Mon, 26 Nov 2001 23:55:02 +0000 (23:55 +0000)
author Radu Greab <radu@netsoft.ro>
Mon, 26 Nov 2001 18:42:29 +0000 (20:42 +0200)
committer Jarkko Hietaniemi <jhi@iki.fi>
Mon, 26 Nov 2001 23:55:02 +0000 (23:55 +0000)
diff --git a/pp_sys.c b/pp_sys.c

index 4b9b096..a2d5721 100644 (file)
--- a/pp_sys.c
+++ b/pp_sys.c
@@ -4030,6 +4030,16 @@ PP(pp_system)
          int status;
          Sigsave_t ihand,qhand;     /* place to save signals during system() */
          
+        if (PL_tainting) {
+            SV *cmd = NULL;
+            if (PL_op->op_flags & OPf_STACKED)
+               cmd = *(MARK + 1);
+            else if (SP - MARK != 1)
+               cmd = *SP;
+            if (cmd && *(SvPV_nolen(cmd)) != '/')
+               TAINT_ENV();
+        }
+
          if (PerlProc_pipe(pp) >= 0)
               did_pipes = 1;
          while ((childpid = PerlProc_fork()) == -1) {
diff --git a/t/op/taint.t b/t/op/taint.t

index 29b5839..21cf2fa 100755 (executable)
--- a/t/op/taint.t
+++ b/t/op/taint.t
@@ -123,7 +123,7 @@ print PROG 'print "@ARGV\n"', "\n";
  close PROG;
  my $echo = "$Invoke_Perl $ECHO";
  
-print "1..182\n";
+print "1..183\n";
  
  # First, let's make sure that Perl is checking the dangerous
  # environment variables. Maybe they aren't set yet, so we'll
@@ -918,3 +918,11 @@ ok( $@ =~ /^Modification of a read-only value attempted/,
      my $re3 = "$re2";
      test 182, tainted $re3;
  }
+
+
+{
+    # bug 20010221.005
+    local $ENV{PATH} .= $TAINT;
+    eval { system { "echo" } "/arg0", "arg1" };
+    test 183, $@ =~ /^Insecure \$ENV/;
+}
author	Radu Greab <radu@netsoft.ro>
	Mon, 26 Nov 2001 18:42:29 +0000 (20:42 +0200)
committer	Jarkko Hietaniemi <jhi@iki.fi>
	Mon, 26 Nov 2001 23:55:02 +0000 (23:55 +0000)
pp_sys.c		patch \| blob \| history
t/op/taint.t		patch \| blob \| history