p5pRT
commented
15 years ago From dean@cs.serenevy.net
This is a bug report for perl from dean@cs.serenevy.net\, generated with the help of perlbug 1.35 running under perl v5.8.8.
perlsec states that:
$result = $tainted_value ? "Untainted" : "Also untainted";
is effectively
if ( $tainted_value ) { $result = "Untainted"; } else { $result = "Also untainted"; }
Thus $result will not be tainted. This is not the case when the value contains an interpolated value.
$foo = "untainted"; $result = $tainted_value ? "is $foo" : "Also $foo";
$result will be tainted following the above expression.
It would be nice if this could be made to work\, however if it can not be done due to "the principle of 'one tainted value taints the whole expression'" then the exception outlined in persec should be qualified.
Test script attached.
#!/usr/bin/perl -T use warnings; use strict; use Scalar::Util qw/tainted/; use Test::More tests => 16;
my $tainted = "true" . substr($^X\,0\,0); my $const = "blah"; my $value;
# Assumptions #------------ ok( tainted( $tainted )\, "tainted value is tainted" ); ok( $tainted\, "tainted value is boolean true" );
ok( !tainted( $const )\, "constant value is not tainted" ); ok( !tainted( "the $const" )\, "interpolated value is not tainted" );
# ternary #-------- $value = $tainted ? "the $const" : 1; is( $value\, "the $const"\, "ternary interpolation: check value" ); ok( !tainted( $value )\, "ternary interpolation: not tainted" );
$value = $tainted ? "the const" : 1; is( $value\, "the const"\, "ternary constant: check value" ); ok( !tainted( $value )\, "ternary constant: not tainted" );
# if-else #-------- if ($tainted) { $value = "the $const"; } else { $value = 1; } is( $value\, "the $const"\, "if-else interpolation: check value" ); ok( !tainted( $value )\, "if-else interpolation: not tainted" );
if ($tainted) { $value = "the const"; } else { $value = 1; } is( $value\, "the const"\, "if-else constant: check value" ); ok( !tainted( $value )\, "if-else constant: not tainted" );
# modifier #--------- $value = 1; $value = "the $const" if $tainted; is( $value\, "the $const"\, "modifier interpolation: check value" ); ok( !tainted( $value )\, "modifier interpolation: not tainted" );
$value = 1; $value = "the const" if $tainted; is( $value\, "the const"\, "modifier constant: check value" ); ok( !tainted( $value )\, "modifier constant: not tainted" );
Flags: category=core severity=low
Site configuration information for perl v5.8.8:
Configured by Debian Project at Fri Apr 25 20:33:47 UTC 2008.
Summary of my perl5 (revision 5 version 8 subversion 8) configuration: Platform: osname=linux\, osvers=2.6.24.4\, archname=i486-linux-gnu-thread-multi uname='linux ninsei 2.6.24.4 #1 smp preempt fri apr 18 15:36:09 pdt 2008 i686 gnulinux ' config_args='-Dusethreads -Duselargefiles -Dccflags=-DDEBIAN -Dcccdlflags=-fPIC -Darchname=i486-linux-gnu -Dprefix=/usr -Dprivlib=/usr/share/perl/5.8 -Darchlib=/usr/lib/perl/5.8 -Dvendorprefix=/usr -Dvendorlib=/usr/share/perl5 -Dvendorarch=/usr/lib/perl5 -Dsiteprefix=/usr/local -Dsitelib=/usr/local/share/perl/5.8.8 -Dsitearch=/usr/local/lib/perl/5.8.8 -Dman1dir=/usr/share/man/man1 -Dman3dir=/usr/share/man/man3 -Dsiteman1dir=/usr/local/man/man1 -Dsiteman3dir=/usr/local/man/man3 -Dman1ext=1 -Dman3ext=3perl -Dpager=/usr/bin/sensible-pager -Uafs -Ud_csh -Uusesfio -Uusenm -Duseshrplib -Dlibperl=libperl.so.5.8.8 -Dd_dosuid -des' hint=recommended\, useposix=true\, d_sigaction=define usethreads=define use5005threads=undef useithreads=define usemultiplicity=define useperlio=define d_sfio=undef uselargefiles=define usesocks=undef use64bitint=undef use64bitall=undef uselongdouble=undef usemymalloc=n\, bincompat5005=undef Compiler: cc='cc'\, ccflags ='-D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBIAN -fno-strict-aliasing -pipe -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64'\, optimize='-O2'\, cppflags='-D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBIAN -fno-strict-aliasing -pipe -I/usr/local/include' ccversion=''\, gccversion='4.1.2 20061115 (prerelease) (Debian 4.1.1-21)'\, gccosandvers='' intsize=4\, longsize=4\, ptrsize=4\, doublesize=8\, byteorder=1234 d_longlong=define\, longlongsize=8\, d_longdbl=define\, longdblsize=12 ivtype='long'\, ivsize=4\, nvtype='double'\, nvsize=8\, Off_t='off_t'\, lseeksize=8 alignbytes=4\, prototype=define Linker and Libraries: ld='cc'\, ldflags =' -L/usr/local/lib' libpth=/usr/local/lib /lib /usr/lib libs=-lgdbm -lgdbm_compat -ldb -ldl -lm -lpthread -lc -lcrypt perllibs=-ldl -lm -lpthread -lc -lcrypt libc=/lib/libc-2.3.6.so\, so=so\, useshrplib=true\, libperl=libperl.so.5.8.8 gnulibc_version='2.3.6' Dynamic Linking: dlsrc=dl_dlopen.xs\, dlext=so\, d_dlsymun=undef\, ccdlflags='-Wl\,-E' cccdlflags='-fPIC'\, lddlflags='-shared -L/usr/local/lib'
Locally applied patches:
@INC for perl v5.8.8: /home/duelafn/Perl/lib /etc/perl /usr/local/lib/perl/5.8.8 /usr/local/share/perl/5.8.8 /usr/lib/perl5 /usr/share/perl5 /usr/lib/perl/5.8 /usr/share/perl/5.8 /usr/local/lib/site_perl .
Environment for perl v5.8.8: HOME=/home/duelafn LANG=en_US.UTF-8 LANGUAGE (unset) LD_LIBRARY_PATH (unset) LOGDIR (unset) PATH=/Local/bin:/Local/bin/rcs:/usr/local/bin:/usr/bin:/bin:/usr/games PERL5LIB=:/home/duelafn/Perl/lib PERL_BADLANG (unset) SHELL=/bin/bash
Migrated from rt.perl.org#59916 (status was 'open')
Searchable as RT59916$