900-CVE-2015-8607.patch 1.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657
  1. From b6307f728a4f842a54ea96959e386c7daa92ece1 Mon Sep 17 00:00:00 2001
  2. From: Tony Cook <tony@develop-help.com>
  3. Date: Tue, 15 Dec 2015 10:56:54 +1100
  4. Subject: [perl #126862] ensure File::Spec::canonpath() preserves taint
  5. Previously the unix specific XS implementation of canonpath() would
  6. return an untainted path when supplied a tainted path.
  7. For the empty string case, newSVpvs() already sets taint as needed on
  8. its result.
  9. ---
  10. dist/PathTools/Cwd.xs | 1 +
  11. dist/PathTools/t/taint.t | 19 ++++++++++++++++++-
  12. 2 files changed, 19 insertions(+), 1 deletion(-)
  13. --- a/dist/PathTools/Cwd.xs
  14. +++ b/dist/PathTools/Cwd.xs
  15. @@ -535,6 +535,7 @@ THX_unix_canonpath(pTHX_ SV *path)
  16. *o = 0;
  17. SvPOK_on(retval);
  18. SvCUR_set(retval, o - SvPVX(retval));
  19. + SvTAINT(retval);
  20. return retval;
  21. }
  22. --- a/dist/PathTools/t/taint.t
  23. +++ b/dist/PathTools/t/taint.t
  24. @@ -12,7 +12,7 @@ use Test::More;
  25. BEGIN {
  26. plan(
  27. ${^TAINT}
  28. - ? (tests => 17)
  29. + ? (tests => 21)
  30. : (skip_all => "A perl without taint support")
  31. );
  32. }
  33. @@ -34,3 +34,20 @@ foreach my $func (@Functions) {
  34. # Previous versions of Cwd tainted $^O
  35. is !tainted($^O), 1, "\$^O should not be tainted";
  36. +
  37. +{
  38. + # [perl #126862] canonpath() loses taint
  39. + my $tainted = substr($ENV{PATH}, 0, 0);
  40. + # yes, getcwd()'s result should be tainted, and is tested above
  41. + # but be sure
  42. + ok tainted(File::Spec->canonpath($tainted . Cwd::getcwd)),
  43. + "canonpath() keeps taint on non-empty string";
  44. + ok tainted(File::Spec->canonpath($tainted)),
  45. + "canonpath() keeps taint on empty string";
  46. +
  47. + (Cwd::getcwd() =~ /^(.*)/);
  48. + my $untainted = $1;
  49. + ok !tainted($untainted), "make sure our untainted value is untainted";
  50. + ok !tainted(File::Spec->canonpath($untainted)),
  51. + "canonpath() doesn't add taint to untainted string";
  52. +}