[perl] lc launders tainted flag, RT #87336
Marcela Mašláňová
mmaslano at fedoraproject.org
Sat Apr 2 07:40:01 UTC 2011
commit 724ab9627b54985de979bb395e0670608b6230c6
Author: Marcela Mašláňová <mmaslano at redhat.com>
Date: Sat Apr 2 09:38:33 2011 +0200
lc launders tainted flag, RT #87336
...lc-uc-first-fail-to-taint-the-returned-st.patch | 62 ++++++++++++++++++++
perl.spec | 12 ++++-
2 files changed, 73 insertions(+), 1 deletions(-)
---
diff --git a/perl-87336-lc-uc-first-fail-to-taint-the-returned-st.patch b/perl-87336-lc-uc-first-fail-to-taint-the-returned-st.patch
new file mode 100644
index 0000000..fde16fc
--- /dev/null
+++ b/perl-87336-lc-uc-first-fail-to-taint-the-returned-st.patch
@@ -0,0 +1,62 @@
+diff -up perl-5.12.3/pp.c.87 perl-5.12.3/pp.c
+--- perl-5.12.3/pp.c.87 2011-01-09 21:20:58.000000000 +0100
++++ perl-5.12.3/pp.c 2011-04-01 15:06:23.000000000 +0200
+@@ -3949,6 +3949,8 @@ PP(pp_ucfirst)
+ SvCUR_set(dest, need - 1);
+ }
+ }
++ if (dest != source && SvTAINTED(source))
++ SvTAINT(dest);
+ SvSETMAGIC(dest);
+ RETURN;
+ }
+@@ -4008,7 +4010,8 @@ PP(pp_uc)
+ SvUPGRADE(dest, SVt_PV);
+ d = (U8*)SvGROW(dest, min);
+ (void)SvPOK_only(dest);
+-
++ if (dest != source && SvTAINTED(source))
++ SvTAINT(dest);
+ SETs(dest);
+ }
+
+@@ -4433,6 +4436,8 @@ PP(pp_lc)
+ SvCUR_set(dest, d - (U8*)SvPVX_const(dest));
+ }
+ }
++ if (dest != source && SvTAINTED(source))
++ SvTAINT(dest);
+ SvSETMAGIC(dest);
+ RETURN;
+ }
+diff -up perl-5.12.3/t/op/taint.t.87 perl-5.12.3/t/op/taint.t
+--- perl-5.12.3/t/op/taint.t.87 2011-01-09 21:20:58.000000000 +0100
++++ perl-5.12.3/t/op/taint.t 2011-04-01 15:07:43.000000000 +0200
+@@ -17,7 +17,7 @@ use Config;
+ use File::Spec::Functions;
+
+ BEGIN { require './test.pl'; }
+-plan tests => 302;
++plan tests => 306;
+
+ $| = 1;
+
+@@ -1318,6 +1318,18 @@ foreach my $ord (78, 163, 256) {
+ unlike($err, qr/^\d+$/, 'tainted $!');
+ }
+
++{
++ # [perl #87336] lc/uc(first) failing to taint the returned string
++ my $source = "foo$TAINT";
++ my $dest = lc $source;
++ test $dest, "lc(tainted) taints its return value";
++ $dest = lcfirst $source;
++ test $dest, "lcfirst(tainted) taints its return value";
++ $dest = uc $source;
++ test $dest, "uc(tainted) taints its return value";
++ $dest = ucfirst $source;
++ test $dest, "ucfirst(tainted) taints its return value";
++}
+
+ # This may bomb out with the alarm signal so keep it last
+ SKIP: {
diff --git a/perl.spec b/perl.spec
index 0b89b18..60715e5 100644
--- a/perl.spec
+++ b/perl.spec
@@ -21,7 +21,7 @@
Name: perl
Version: %{perl_version}
# release number must be even higher, becase dual-lived modules will be broken otherwise
-Release: 157%{?dist}
+Release: 158%{?dist}
Epoch: %{perl_epoch}
Summary: Practical Extraction and Report Language
Group: Development/Languages
@@ -81,6 +81,11 @@ Patch9: perl-5.12.2-h2ph.patch
# Update ExtUtils::ParseXS to 2.2206
Patch10: perl-ExtUtils-ParseXS-2.2206.patch
+# 692900 - lc launders tainted flag, RT #87336
+Patch11: perl-87336-lc-uc-first-fail-to-taint-the-returned-st.patch
+
+# Update some of the bundled modules
+# see http://fedoraproject.org/wiki/Perl/perl.spec for instructions
BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
BuildRequires: db4-devel, gdbm-devel, groff, tcsh, zlib-devel, systemtap-sdt-devel
@@ -951,6 +956,7 @@ tarball from perl.org.
%patch8 -p1
%patch9 -p1
%patch10 -p1
+%patch11 -p1
#copy the example script
cp -a %{SOURCE5} .
@@ -1164,6 +1170,7 @@ pushd %{build_archlib}/CORE/
'Fedora Patch8: Do not leak when destroying thread; RT #77352' \
'Fedora Patch9: h2ph produces incorrect code in preamble, based mainly on RT #74614 ' \
'Fedora Patch10: Update ExtUtils::ParseXS to 2.2206' \
+ 'Fedora Patch11: lc launders tainted flag RT #87336' \
%{nil}
rm patchlevel.bak
@@ -1964,6 +1971,9 @@ rm -rf $RPM_BUILD_ROOT
# Old changelog entries are preserved in CVS.
%changelog
+* Fri Apr 1 2011 Marcela Mašláňová <mmaslano at redhat.com> - 4:5.12.3-158
+- 692900 - lc launders tainted flag, RT #87336
+
* Fri Apr 1 2011 Robin Lee <cheeselee at fedoraproject.org> - 4:5.12.3-157
- Cwd.so go to the PathTools sub-package
More information about the scm-commits
mailing list