Odd taint behaviours

[p5pRT]

Migrated from rt.perl.org#3483 (status was 'resolved')

Searchable as RT3483$

[p5pRT]

From gnat@frii.com

This program​:

  #!/usr/bin/perl -Tw

  sub test_tainted {   my ($value\, $name) = @​_;   my $untainted = eval { ()=join(""\, @​_)\, kill 0 => 0 };   print "$name is " . ($untainted ? "not " : "" ) . "tainted\n";   }

  $tainted = $ENV{PATH}; # tainted   $clean = "happy joy";

  @​foo = ($clean\, $tainted\, $clean);

  for ($i=0; $i \< @​foo; $i++) {   test_tainted($foo[$i]\, "\$foo[$i]");   }

  $foo = {A => $clean\, B => $tainted\, C => $clean};   for (keys %$foo) {   test_tainted($foo->{$_}\, "\$foo->{$_}");   }

produces this output on 5.6.0​:

$foo[0] is not tainted $foo[1] is tainted $foo[2] is not tainted $foo->{A} is not tainted $foo->{B} is tainted $foo->{C} is tainted

notice that the two identical lists behave differently when used as contents of an array or as contents of a hash. On 5.005_03 it did something differently wrong :-)

$foo[0] is tainted $foo[1] is tainted $foo[2] is tainted $foo->{A} is tainted $foo->{B} is tainted $foo->{C} is tainted

Both seem odd :-) This came up when creating a hash as an object. The tainting goes from the tainted value to the end of the contents\, and this wrongly tainted some innocent values. Tracking it down was a major pain in the ass. I don't think tainting should spread like this.

Nat

[p5pRT]

From @iabyn

this bug appears to be fixed in 5.6.1

Regards\,

Dave M.

[p5pRT]

@iabyn - Status changed from 'open' to 'resolved'