lc launders tainted flag, RT #87336

This commit is contained in:
Marcela Mašláňová 2011-04-02 09:38:33 +02:00
parent 8d64ee7006
commit 724ab9627b
2 changed files with 73 additions and 1 deletions

View File

@ -0,0 +1,62 @@
diff -up perl-5.12.3/pp.c.87 perl-5.12.3/pp.c
--- perl-5.12.3/pp.c.87 2011-01-09 21:20:58.000000000 +0100
+++ perl-5.12.3/pp.c 2011-04-01 15:06:23.000000000 +0200
@@ -3949,6 +3949,8 @@ PP(pp_ucfirst)
SvCUR_set(dest, need - 1);
}
}
+ if (dest != source && SvTAINTED(source))
+ SvTAINT(dest);
SvSETMAGIC(dest);
RETURN;
}
@@ -4008,7 +4010,8 @@ PP(pp_uc)
SvUPGRADE(dest, SVt_PV);
d = (U8*)SvGROW(dest, min);
(void)SvPOK_only(dest);
-
+ if (dest != source && SvTAINTED(source))
+ SvTAINT(dest);
SETs(dest);
}
@@ -4433,6 +4436,8 @@ PP(pp_lc)
SvCUR_set(dest, d - (U8*)SvPVX_const(dest));
}
}
+ if (dest != source && SvTAINTED(source))
+ SvTAINT(dest);
SvSETMAGIC(dest);
RETURN;
}
diff -up perl-5.12.3/t/op/taint.t.87 perl-5.12.3/t/op/taint.t
--- perl-5.12.3/t/op/taint.t.87 2011-01-09 21:20:58.000000000 +0100
+++ perl-5.12.3/t/op/taint.t 2011-04-01 15:07:43.000000000 +0200
@@ -17,7 +17,7 @@ use Config;
use File::Spec::Functions;
BEGIN { require './test.pl'; }
-plan tests => 302;
+plan tests => 306;
$| = 1;
@@ -1318,6 +1318,18 @@ foreach my $ord (78, 163, 256) {
unlike($err, qr/^\d+$/, 'tainted $!');
}
+{
+ # [perl #87336] lc/uc(first) failing to taint the returned string
+ my $source = "foo$TAINT";
+ my $dest = lc $source;
+ test $dest, "lc(tainted) taints its return value";
+ $dest = lcfirst $source;
+ test $dest, "lcfirst(tainted) taints its return value";
+ $dest = uc $source;
+ test $dest, "uc(tainted) taints its return value";
+ $dest = ucfirst $source;
+ test $dest, "ucfirst(tainted) taints its return value";
+}
# This may bomb out with the alarm signal so keep it last
SKIP: {

View File

@ -21,7 +21,7 @@
Name: perl Name: perl
Version: %{perl_version} Version: %{perl_version}
# release number must be even higher, becase dual-lived modules will be broken otherwise # release number must be even higher, becase dual-lived modules will be broken otherwise
Release: 157%{?dist} Release: 158%{?dist}
Epoch: %{perl_epoch} Epoch: %{perl_epoch}
Summary: Practical Extraction and Report Language Summary: Practical Extraction and Report Language
Group: Development/Languages Group: Development/Languages
@ -81,6 +81,11 @@ Patch9: perl-5.12.2-h2ph.patch
# Update ExtUtils::ParseXS to 2.2206 # Update ExtUtils::ParseXS to 2.2206
Patch10: perl-ExtUtils-ParseXS-2.2206.patch Patch10: perl-ExtUtils-ParseXS-2.2206.patch
# 692900 - lc launders tainted flag, RT #87336
Patch11: perl-87336-lc-uc-first-fail-to-taint-the-returned-st.patch
# Update some of the bundled modules
# see http://fedoraproject.org/wiki/Perl/perl.spec for instructions
BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
BuildRequires: db4-devel, gdbm-devel, groff, tcsh, zlib-devel, systemtap-sdt-devel BuildRequires: db4-devel, gdbm-devel, groff, tcsh, zlib-devel, systemtap-sdt-devel
@ -951,6 +956,7 @@ tarball from perl.org.
%patch8 -p1 %patch8 -p1
%patch9 -p1 %patch9 -p1
%patch10 -p1 %patch10 -p1
%patch11 -p1
#copy the example script #copy the example script
cp -a %{SOURCE5} . cp -a %{SOURCE5} .
@ -1164,6 +1170,7 @@ pushd %{build_archlib}/CORE/
'Fedora Patch8: Do not leak when destroying thread; RT #77352' \ 'Fedora Patch8: Do not leak when destroying thread; RT #77352' \
'Fedora Patch9: h2ph produces incorrect code in preamble, based mainly on RT #74614 ' \ 'Fedora Patch9: h2ph produces incorrect code in preamble, based mainly on RT #74614 ' \
'Fedora Patch10: Update ExtUtils::ParseXS to 2.2206' \ 'Fedora Patch10: Update ExtUtils::ParseXS to 2.2206' \
'Fedora Patch11: lc launders tainted flag RT #87336' \
%{nil} %{nil}
rm patchlevel.bak rm patchlevel.bak
@ -1964,6 +1971,9 @@ rm -rf $RPM_BUILD_ROOT
# Old changelog entries are preserved in CVS. # Old changelog entries are preserved in CVS.
%changelog %changelog
* Fri Apr 1 2011 Marcela Mašláňová <mmaslano@redhat.com> - 4:5.12.3-158
- 692900 - lc launders tainted flag, RT #87336
* Fri Apr 1 2011 Robin Lee <cheeselee@fedoraproject.org> - 4:5.12.3-157 * Fri Apr 1 2011 Robin Lee <cheeselee@fedoraproject.org> - 4:5.12.3-157
- Cwd.so go to the PathTools sub-package - Cwd.so go to the PathTools sub-package