[perl #24651] Taint bug with multiple backticks in ref consturctors
perlbug-...@perl.org
# Please include the string: [perl #24651]
# in the subject line of all future correspondence about this issue.
# <URL: http://rt.perl.org:80/rt3/Ticket/Display.html?id=24651 >
This is a bug report for perl from l...@leeland.net,
generated with the help of perlbug 1.33 running under perl v5.6.1.
-----------------------------------------------------------------
[Please enter your report here]
If you have multiple backticks in a reference constructor with taint enabled, perl will incorrectly
throw a taint exception.
The following code run with -T throws an exception on 5.6.1 and 5.8.0
#!/usr/bin/perl -T
use strict;
use warnings;
$ENV{PATH} = '/usr/bin:/usr/local/bin:/bin';
$ENV{ENV} = '';
my $vars = [`echo "FOO"`,`echo "BAR"`];
This does not.
#!/usr/bin/perl -T
use strict;
use warnings;
$ENV{PATH} = '/usr/bin:/usr/local/bin:/bin';
$ENV{ENV} = '';
my $tainted = `echo "Tainted"`;
my $vars = [ $tainted, `echo "FOO"`];
[Please do not change anything below this line]
-----------------------------------------------------------------
---
Flags:
category=core
severity=low
---
Site configuration information for perl v5.6.1:
Configured by root at Tue Jul 10 00:51:54 EDT 2001.
Summary of my perl5 (revision 5.0 version 6 subversion 1) configuration:
Platform:
osname=linux, osvers=2.2.14-5.0, archname=sparc64-linux
uname='linux smb.xxx.xxx 2.2.14-5.0 #1 tue mar 7 21:50:41 est 2000 sparc64 unknown '
config_args=''
hint=recommended, useposix=true, d_sigaction=define
usethreads=undef use5005threads=undef useithreads=undef usemultiplicity=undef
useperlio=undef d_sfio=undef uselargefiles=define usesocks=undef
use64bitint=undef use64bitall=undef uselongdouble=define
Compiler:
cc='gcc', ccflags ='-fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64',
optimize='-O2',
cppflags='-fno-strict-aliasing -I/usr/local/include'
ccversion='', gccversion='egcs-2.91.66 19990314/Linux (egcs-1.1.2 release)', gccosandvers=''
intsize=4, longsize=4, ptrsize=4, doublesize=8, byteorder=4321
d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=8
ivtype='long', ivsize=4, nvtype='long double', nvsize=8, Off_t='off_t', lseeksize=8
alignbytes=8, usemymalloc=n, prototype=define
Linker and Libraries:
ld='gcc', ldflags =' -L/usr/local/lib'
libpth=/usr/local/lib /lib /usr/lib
libs=-lnsl -lndbm -lgdbm -ldb -ldl -lm -lc -lposix -lcrypt -lutil
perllibs=-lnsl -ldl -lm -lc -lposix -lcrypt -lutil
libc=/lib/libc-2.1.3.so, so=so, useshrplib=false, libperl=libperl.a
Dynamic Linking:
dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-rdynamic'
cccdlflags='-fpic', lddlflags='-shared -L/usr/local/lib'
Locally applied patches:
---
@INC for perl v5.6.1:
/usr/local/lib/perl5/5.6.1/sparc64-linux
/usr/local/lib/perl5/5.6.1
/usr/local/lib/perl5/site_perl/5.6.1/sparc64-linux
/usr/local/lib/perl5/site_perl/5.6.1
/usr/local/lib/perl5/site_perl/5.6.0/sparc64-linux
/usr/local/lib/perl5/site_perl/5.6.0
/usr/local/lib/perl5/site_perl
.
---
Environment for perl v5.6.1:
HOME=/home/lee
LANG=en_US
LANGUAGE (unset)
LD_LIBRARY_PATH (unset)
LOGDIR (unset)
PATH=/usr/bin:/bin:/usr/local/bin:/usr/X11R6/bin:/root/bin:/home/utils/perl
PERL_BADLANG (unset)
SHELL=/bin/bash
Yitzchak Scott-Thoennes
I think the former is more equivalent to:
my $vars = [ "$tainted", `echo "BAR"` ];
which does throw an exception.
There's a distinction between having a variable to a list and having an
expression.
I don't know if this is enough to make it not a bug, though.