[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index][Top&Search][Original]

[perl #56490] %+ still untaints data when 'use re qw(taint)' is in scope

From: Paul Fenwick (via RT) <perlbug-followup@perl.org>
Reply-To: perl5-porters@perl.org
To: bugs-bitbucket@netlabs.develooper.com
Date: Mon, 30 Jun 2008 23:02:41 -0700
Message-ID: <rt-3.6.HEAD-27577-1214892160-104.56490-75-0@perl.org>

# New Ticket Created by  Paul Fenwick 
# Please include the string:  [perl #56490]
# in the subject line of all future correspondence about this issue. 
# <URL: http://rt.perl.org/rt3/Ticket/Display.html?id=56490 >


This is a bug report for perl from pjf@cpan.org,
generated with the help of perlbug 1.36 running under perl 5.10.0.


-----------------------------------------------------------------
[Please enter your report here]

Under Perl 5.10, the contents of %+ are always considered to be
untainted, even if 'use re qw(taint)' is in scope.  This makes
it easier for programs that use the new named-capture syntax
to accidentally untaint data by accident.

Below is an example program that demonstrates the issue.  I also
have a patch to t/op/taint.t which I'll be posting through shortly.

#!/usr/bin/perl -wT
use strict;
use Scalar::Util qw(tainted);
use 5.010;
use re 'taint';		# Regexps should not untaint data.

say '$ARGV[0] is tainted' if tainted($ARGV[0]);

$ARGV[0] =~ /(?<word>\w+)/;

say "Matched $+{word}/$1";

say '$+{word} is ', tainted($+{word}) ? 'tainted' : 'not tainted';
say '$1 is ',       tainted($1)       ? 'tainted' : 'not tainted';

__END__

$ARGV[0] is tainted
Matched foobar/foobar
$+{word} is not tainted
$1 is tainted


[Please do not change anything below this line]
-----------------------------------------------------------------
---
Flags:
     category=core
     severity=medium
---
Site configuration information for perl 5.10.0:

Configured by SYSTEM at Thu Jan 10 11:00:30 2008.

Summary of my perl5 (revision 5 version 10 subversion 0) configuration:
   Platform:
     osname=MSWin32, osvers=5.00, archname=MSWin32-x86-multi-thread
     uname=''
     config_args='undef'
     hint=recommended, useposix=true, d_sigaction=undef
     useithreads=define, usemultiplicity=define
     useperlio=define, d_sfio=undef, uselargefiles=define, usesocks=undef
     use64bitint=undef, use64bitall=undef, uselongdouble=undef
     usemymalloc=n, bincompat5005=undef
   Compiler:
     cc='gcc', ccflags ='-DNDEBUG -DWIN32 -D_CONSOLE -DNO_STRICT 
-DHAVE_DES_FCRYPT -DUSE_SITECUSTOMIZE -DPRIVLIB_LAST_IN_INC 
-DPERL_IMPLICIT_CONTEXT -DPERL_IMPLICIT_SYS -DUSE_PERLIO 
-DPERL_MSVCRT_READFIX -DHASATTRIBUTE -fno-strict-aliasing',
     optimize='-O2',
     cppflags='-DWIN32'
     ccversion='', gccversion='3.4.2 (mingw-special)', gccosandvers=''
     intsize=4, longsize=4, ptrsize=4, doublesize=8, byteorder=1234
     d_longlong=undef, longlongsize=8, d_longdbl=define, longdblsize=10
     ivtype='long', ivsize=4, nvtype='double', nvsize=8, Off_t='__int64', 
lseeksize=8
     alignbytes=8, prototype=define
   Linker and Libraries:
     ld='g++', ldflags ='-L"C:\Perl\lib\CORE"'
     libpth=\lib
     libs=-lkernel32 -luser32 -lgdi32 -lwinspool -lcomdlg32 -ladvapi32 
-lshell32 -lole32 -loleaut32 -lnetapi32 -luuid -lws2_32 -lmpr -lwinmm 
-lversion -lodbc32 -lodbccp32 -lmsvcrt
     perllibs=-lkernel32 -luser32 -lgdi32 -lwinspool -lcomdlg32 -ladvapi32 
-lshell32 -lole32 -loleaut32 -lnetapi32 -luuid -lws2_32 -lmpr -lwinmm 
-lversion -lodbc32 -lodbccp32 -lmsvcrt
     libc=msvcrt.lib, so=dll, useshrplib=true, libperl=perl510.lib
     gnulibc_version=''
   Dynamic Linking:
     dlsrc=dl_win32.xs, dlext=dll, d_dlsymun=undef, ccdlflags=' '
     cccdlflags=' ', lddlflags='-mdll -L"C:\Perl\lib\CORE"'

Locally applied patches:
     ACTIVEPERL_LOCAL_PATCHES_ENTRY
     32809 Load 'loadable object' with non-default file extension
     32728 64-bit fix for Time::Local

---
@INC for perl 5.10.0:
     C:/Perl/site/lib
     C:/Perl/lib
     .

---
Environment for perl 5.10.0:
     HOME (unset)
     LANG (unset)
     LANGUAGE (unset)
     LD_LIBRARY_PATH (unset)
     LOGDIR (unset)
 
PATH=C:\PROGRA~1\PerlEdit;C:\Perl\site\bin;C:\Perl\bin;C:\Perl\bin\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program 
Files\VDMSound\;C:\Program Files\Common 
Files\GTK\2.0\bin;C:\MinGW\bin;C:\Program Files\gs\gs8.54\bin;C:\Program 
Files\QuickTime\QTSystem\
     PERL_BADLANG (unset)
     SHELL (unset)

Follow-Ups from:: "Rafael Garcia-Suarez" <rgarciasuarez@gmail.com>
Rick Delaney <rick@bort.ca>

[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index][Top&Search][Original]