summaryrefslogtreecommitdiff
path: root/gnu/usr.bin/perl/taint.c
diff options
context:
space:
mode:
authorTodd C. Miller <millert@cvs.openbsd.org>1999-04-29 22:53:00 +0000
committerTodd C. Miller <millert@cvs.openbsd.org>1999-04-29 22:53:00 +0000
commitc25c5c3c87d89b68324dc98b7c8aaabc750c7cec (patch)
tree2943af9b1f84d88d863a9ba36a234877561bf5f0 /gnu/usr.bin/perl/taint.c
parent37583d269f066aa8aa04ea18126b188d12257e6d (diff)
perl5.005_03 (stock)
Diffstat (limited to 'gnu/usr.bin/perl/taint.c')
-rw-r--r--gnu/usr.bin/perl/taint.c52
1 files changed, 31 insertions, 21 deletions
diff --git a/gnu/usr.bin/perl/taint.c b/gnu/usr.bin/perl/taint.c
index cd3ec8e2813..d5f83399502 100644
--- a/gnu/usr.bin/perl/taint.c
+++ b/gnu/usr.bin/perl/taint.c
@@ -8,31 +8,32 @@
#include "perl.h"
void
-taint_proper(f, s)
-const char *f;
-char *s;
+taint_proper(const char *f, char *s)
{
+ dTHR; /* just for taint */
char *ug;
DEBUG_u(PerlIO_printf(Perl_debug_log,
- "%s %d %d %d\n", s, tainted, uid, euid));
+ "%s %d %d %d\n", s, PL_tainted, PL_uid, PL_euid));
- if (tainted) {
- if (euid != uid)
+ if (PL_tainted) {
+ if (!f)
+ f = no_security;
+ if (PL_euid != PL_uid)
ug = " while running setuid";
- else if (egid != gid)
+ else if (PL_egid != PL_gid)
ug = " while running setgid";
else
ug = " while running with -T switch";
- if (!unsafe)
+ if (!PL_unsafe)
croak(f, s, ug);
- else if (dowarn)
+ else if (PL_dowarn)
warn(f, s, ug);
}
}
void
-taint_env()
+taint_env(void)
{
SV** svp;
MAGIC* mg;
@@ -45,38 +46,44 @@ taint_env()
NULL
};
- if (!envgv)
+ if(!PL_envgv)
return;
#ifdef VMS
+ {
int i = 0;
char name[10 + TYPE_DIGITS(int)] = "DCL$PATH";
while (1) {
if (i)
(void)sprintf(name,"DCL$PATH;%d", i);
- svp = hv_fetch(GvHVn(envgv), name, strlen(name), FALSE);
- if (!svp || *svp == &sv_undef)
+ svp = hv_fetch(GvHVn(PL_envgv), name, strlen(name), FALSE);
+ if (!svp || *svp == &PL_sv_undef)
break;
if (SvTAINTED(*svp)) {
+ dTHR;
TAINT;
taint_proper("Insecure %s%s", "$ENV{DCL$PATH}");
}
if ((mg = mg_find(*svp, 'e')) && MgTAINTEDDIR(mg)) {
+ dTHR;
TAINT;
taint_proper("Insecure directory in %s%s", "$ENV{DCL$PATH}");
}
i++;
}
+ }
#endif /* VMS */
- svp = hv_fetch(GvHVn(envgv),"PATH",4,FALSE);
+ svp = hv_fetch(GvHVn(PL_envgv),"PATH",4,FALSE);
if (svp && *svp) {
if (SvTAINTED(*svp)) {
+ dTHR;
TAINT;
taint_proper("Insecure %s%s", "$ENV{PATH}");
}
if ((mg = mg_find(*svp, 'e')) && MgTAINTEDDIR(mg)) {
+ dTHR;
TAINT;
taint_proper("Insecure directory in %s%s", "$ENV{PATH}");
}
@@ -84,12 +91,14 @@ taint_env()
#ifndef VMS
/* tainted $TERM is okay if it contains no metachars */
- svp = hv_fetch(GvHVn(envgv),"TERM",4,FALSE);
+ svp = hv_fetch(GvHVn(PL_envgv),"TERM",4,FALSE);
if (svp && *svp && SvTAINTED(*svp)) {
- bool was_tainted = tainted;
- char *t = SvPV(*svp, na);
- char *e = t + na;
- tainted = was_tainted;
+ dTHR; /* just for taint */
+ STRLEN n_a;
+ bool was_tainted = PL_tainted;
+ char *t = SvPV(*svp, n_a);
+ char *e = t + n_a;
+ PL_tainted = was_tainted;
if (t < e && isALNUM(*t))
t++;
while (t < e && (isALNUM(*t) || *t == '-' || *t == ':'))
@@ -102,8 +111,9 @@ taint_env()
#endif /* !VMS */
for (e = misc_env; *e; e++) {
- svp = hv_fetch(GvHVn(envgv), *e, strlen(*e), FALSE);
- if (svp && *svp != &sv_undef && SvTAINTED(*svp)) {
+ svp = hv_fetch(GvHVn(PL_envgv), *e, strlen(*e), FALSE);
+ if (svp && *svp != &PL_sv_undef && SvTAINTED(*svp)) {
+ dTHR; /* just for taint */
TAINT;
taint_proper("Insecure $ENV{%s}%s", *e);
}