Re: [Patch] for problem with shellwords.pl

From: "Curtis Poe" <cp@onsitetech.com>
Date: Tue, 21 May 2002 11:17:40 -0700
Message-ID: <015c01c200f3$cb691670$1a01a8c0@ot.onsitetech.com>

Subject: [Patch] for security problem with Text::ParseWords
From: "Curtis Poe" <cp@onsitetech.com>
Date: Tue, 21 May 2002 15:10:18 -0700
Message-ID: <022f01c20114$4b3c4550$1a01a8c0@ot.onsitetech.com>

p4raw-id: //depot/perl@16727

diff --git a/lib/Text/ParseWords.pm b/lib/Text/ParseWords.pm
index e370f6f..6949c45 100644 (file)
--- a/lib/Text/ParseWords.pm
+++ b/lib/Text/ParseWords.pm
@@ -50,6 +50,7 @@ sub nested_quotewords {
 sub parse_line {
        # We will be testing undef strings
        no warnings;
+       use re 'taint'; # if it's tainted, leave it as such
 
     my($delimiter, $keep, $line) = @_;
     my($quote, $quoted, $unquoted, $delim, $word, @pieces);

diff --git a/lib/shellwords.pl b/lib/shellwords.pl
index 1c45a5a..ca7dc7e 100644 (file)
--- a/lib/shellwords.pl
+++ b/lib/shellwords.pl
@@ -17,6 +17,7 @@ sub shellwords {
     while ($_ ne '') {
        $field = '';
        for (;;) {
+           use re 'taint'; # leave strings tainted
            if (s/^"(([^"\\]|\\.)*)"//) {
                ($snippet = $1) =~ s#\\(.)#$1#g;
            }