From 9274aefd575ecb452e8b3e33659780c198ca43ab Mon Sep 17 00:00:00 2001 From: David Mitchell Date: Thu, 17 Feb 2011 14:50:04 +0000 Subject: [PATCH] taint REGEX SVs as well as refs to them Now that REGEX is actually a first-class SV type, we can taint the regex SV directly, as well as the RV pointing to it. This means that this now taints: $rr = qr/$tainted/; $r = $$r; /$r/; --- pp_ctl.c | 4 +++- pp_hot.c | 4 +++- t/op/taint.t | 14 +++++++++++++- 3 files changed, 19 insertions(+), 3 deletions(-) diff --git a/pp_ctl.c b/pp_ctl.c index 7ff109f..f5a7a48 100644 --- a/pp_ctl.c +++ b/pp_ctl.c @@ -240,8 +240,10 @@ PP(pp_regcomp) #ifndef INCOMPLETE_TAINTS if (PL_tainting) { - if (PL_tainted) + if (PL_tainted) { + SvTAINTED_on((SV*)re); RX_EXTFLAGS(re) |= RXf_TAINTED; + } else RX_EXTFLAGS(re) &= ~RXf_TAINTED; } diff --git a/pp_hot.c b/pp_hot.c index 4fb5f01..e452f07 100644 --- a/pp_hot.c +++ b/pp_hot.c @@ -1235,8 +1235,10 @@ PP(pp_qr) (void)sv_bless(rv, stash); } - if (RX_EXTFLAGS(rx) & RXf_TAINTED) + if (RX_EXTFLAGS(rx) & RXf_TAINTED) { SvTAINTED_on(rv); + SvTAINTED_on(SvRV(rv)); + } XPUSHs(rv); RETURN; } diff --git a/t/op/taint.t b/t/op/taint.t index dcec7aa..c2ab75d 100644 --- a/t/op/taint.t +++ b/t/op/taint.t @@ -17,7 +17,7 @@ use Config; use File::Spec::Functions; BEGIN { require './test.pl'; } -plan tests => 684; +plan tests => 687; $| = 1; @@ -2176,6 +2176,18 @@ end ok( ! tainted($z), "Constants folded value not tainted"); } +{ + # now that regexes are first class SVs, make sure that they themselves + # as well as references to them are tainted + + my $rr = qr/(.)$TAINT/; + my $r = $$rr; # bare REGEX + my $s ="abc"; + ok($s =~ s/$r/x/, "match bare regex"); + ok(tainted($s), "match bare regex taint"); + is($s, 'xbc', "match bare regex taint value"); +} + # This may bomb out with the alarm signal so keep it last SKIP: { skip "No alarm()" unless $Config{d_alarm}; -- 2.7.4