Closed p5pRT closed 21 years ago
This program:
#!/usr/bin/perl -Tw
sub test_tainted { my ($value\, $name) = @_; my $untainted = eval { ()=join(""\, @_)\, kill 0 => 0 }; print "$name is " . ($untainted ? "not " : "" ) . "tainted\n"; }
$tainted = $ENV{PATH}; # tainted $clean = "happy joy";
@foo = ($clean\, $tainted\, $clean);
for ($i=0; $i \< @foo; $i++) { test_tainted($foo[$i]\, "\$foo[$i]"); }
$foo = {A => $clean\, B => $tainted\, C => $clean}; for (keys %$foo) { test_tainted($foo->{$_}\, "\$foo->{$_}"); }
produces this output on 5.6.0:
$foo[0] is not tainted $foo[1] is tainted $foo[2] is not tainted $foo->{A} is not tainted $foo->{B} is tainted $foo->{C} is tainted
notice that the two identical lists behave differently when used as contents of an array or as contents of a hash. On 5.005_03 it did something differently wrong :-)
$foo[0] is tainted $foo[1] is tainted $foo[2] is tainted $foo->{A} is tainted $foo->{B} is tainted $foo->{C} is tainted
Both seem odd :-) This came up when creating a hash as an object. The tainting goes from the tainted value to the end of the contents\, and this wrongly tainted some innocent values. Tracking it down was a major pain in the ass. I don't think tainting should spread like this.
Nat
this bug appears to be fixed in 5.6.1
Regards\,
Dave M.
@iabyn - Status changed from 'open' to 'resolved'
Migrated from rt.perl.org#3483 (status was 'resolved')
Searchable as RT3483$