summaryrefslogtreecommitdiff
path: root/gnu/usr.bin
diff options
context:
space:
mode:
authorAndrew Fresh <afresh1@cvs.openbsd.org>2016-01-11 17:43:31 +0000
committerAndrew Fresh <afresh1@cvs.openbsd.org>2016-01-11 17:43:31 +0000
commit983d54b1454b979ac28267ef10499dc5e1c03ecf (patch)
treefc6c7e2b7f60d29b2692b9fb33d2ab21a86498a1 /gnu/usr.bin
parentec1acd1ed5cd0c49da0a5f4a1e0d0998e8bdab02 (diff)
Fix perl CVE-2015-8607 - XS File::Spec::canonpath loses taint
https://rt.perl.org/Ticket/Display.html?id=126862
Diffstat (limited to 'gnu/usr.bin')
-rw-r--r--gnu/usr.bin/perl/dist/PathTools/Cwd.pm2
-rw-r--r--gnu/usr.bin/perl/dist/PathTools/Cwd.xs3
-rw-r--r--gnu/usr.bin/perl/dist/PathTools/lib/File/Spec.pm2
-rw-r--r--gnu/usr.bin/perl/dist/PathTools/lib/File/Spec/Cygwin.pm2
-rw-r--r--gnu/usr.bin/perl/dist/PathTools/lib/File/Spec/Epoc.pm2
-rw-r--r--gnu/usr.bin/perl/dist/PathTools/lib/File/Spec/Functions.pm2
-rw-r--r--gnu/usr.bin/perl/dist/PathTools/lib/File/Spec/Mac.pm2
-rw-r--r--gnu/usr.bin/perl/dist/PathTools/lib/File/Spec/OS2.pm2
-rw-r--r--gnu/usr.bin/perl/dist/PathTools/lib/File/Spec/Unix.pm2
-rw-r--r--gnu/usr.bin/perl/dist/PathTools/lib/File/Spec/VMS.pm2
-rw-r--r--gnu/usr.bin/perl/dist/PathTools/lib/File/Spec/Win32.pm2
-rw-r--r--gnu/usr.bin/perl/dist/PathTools/t/taint.t19
12 files changed, 30 insertions, 12 deletions
diff --git a/gnu/usr.bin/perl/dist/PathTools/Cwd.pm b/gnu/usr.bin/perl/dist/PathTools/Cwd.pm
index 01393f3369d..53b4eddfc3a 100644
--- a/gnu/usr.bin/perl/dist/PathTools/Cwd.pm
+++ b/gnu/usr.bin/perl/dist/PathTools/Cwd.pm
@@ -171,7 +171,7 @@ use strict;
use Exporter;
use vars qw(@ISA @EXPORT @EXPORT_OK $VERSION);
-$VERSION = '3.48';
+$VERSION = '3.48_02';
my $xs_version = $VERSION;
$VERSION =~ tr/_//;
diff --git a/gnu/usr.bin/perl/dist/PathTools/Cwd.xs b/gnu/usr.bin/perl/dist/PathTools/Cwd.xs
index 4ddbdac4bb3..22e90c5114e 100644
--- a/gnu/usr.bin/perl/dist/PathTools/Cwd.xs
+++ b/gnu/usr.bin/perl/dist/PathTools/Cwd.xs
@@ -197,7 +197,7 @@ bsd_realpath(const char *path, char resolved[MAXPATHLEN])
symlink[slen] = '/';
symlink[slen + 1] = 0;
}
- left_len = my_strlcat(symlink, left, sizeof(left));
+ left_len = my_strlcat(symlink, left, sizeof(symlink));
if (left_len >= sizeof(left)) {
errno = ENAMETOOLONG;
return (NULL);
@@ -512,6 +512,7 @@ THX_unix_canonpath(pTHX_ SV *path)
*o = 0;
SvPOK_on(retval);
SvCUR_set(retval, o - SvPVX(retval));
+ SvTAINT(retval);
return retval;
}
diff --git a/gnu/usr.bin/perl/dist/PathTools/lib/File/Spec.pm b/gnu/usr.bin/perl/dist/PathTools/lib/File/Spec.pm
index bf0a327953d..508382517da 100644
--- a/gnu/usr.bin/perl/dist/PathTools/lib/File/Spec.pm
+++ b/gnu/usr.bin/perl/dist/PathTools/lib/File/Spec.pm
@@ -3,7 +3,7 @@ package File::Spec;
use strict;
use vars qw(@ISA $VERSION);
-$VERSION = '3.48';
+$VERSION = '3.48_02';
$VERSION =~ tr/_//;
my %module = (MacOS => 'Mac',
diff --git a/gnu/usr.bin/perl/dist/PathTools/lib/File/Spec/Cygwin.pm b/gnu/usr.bin/perl/dist/PathTools/lib/File/Spec/Cygwin.pm
index a791a2ab92b..81e50aa560b 100644
--- a/gnu/usr.bin/perl/dist/PathTools/lib/File/Spec/Cygwin.pm
+++ b/gnu/usr.bin/perl/dist/PathTools/lib/File/Spec/Cygwin.pm
@@ -4,7 +4,7 @@ use strict;
use vars qw(@ISA $VERSION);
require File::Spec::Unix;
-$VERSION = '3.48';
+$VERSION = '3.48_02';
$VERSION =~ tr/_//;
@ISA = qw(File::Spec::Unix);
diff --git a/gnu/usr.bin/perl/dist/PathTools/lib/File/Spec/Epoc.pm b/gnu/usr.bin/perl/dist/PathTools/lib/File/Spec/Epoc.pm
index a7859c50497..e317d67da29 100644
--- a/gnu/usr.bin/perl/dist/PathTools/lib/File/Spec/Epoc.pm
+++ b/gnu/usr.bin/perl/dist/PathTools/lib/File/Spec/Epoc.pm
@@ -3,7 +3,7 @@ package File::Spec::Epoc;
use strict;
use vars qw($VERSION @ISA);
-$VERSION = '3.48';
+$VERSION = '3.48_02';
$VERSION =~ tr/_//;
require File::Spec::Unix;
diff --git a/gnu/usr.bin/perl/dist/PathTools/lib/File/Spec/Functions.pm b/gnu/usr.bin/perl/dist/PathTools/lib/File/Spec/Functions.pm
index 0170843a8aa..6c767c893c6 100644
--- a/gnu/usr.bin/perl/dist/PathTools/lib/File/Spec/Functions.pm
+++ b/gnu/usr.bin/perl/dist/PathTools/lib/File/Spec/Functions.pm
@@ -5,7 +5,7 @@ use strict;
use vars qw(@ISA @EXPORT @EXPORT_OK %EXPORT_TAGS $VERSION);
-$VERSION = '3.48';
+$VERSION = '3.48_02';
$VERSION =~ tr/_//;
require Exporter;
diff --git a/gnu/usr.bin/perl/dist/PathTools/lib/File/Spec/Mac.pm b/gnu/usr.bin/perl/dist/PathTools/lib/File/Spec/Mac.pm
index a8dc2df9423..17940c918f1 100644
--- a/gnu/usr.bin/perl/dist/PathTools/lib/File/Spec/Mac.pm
+++ b/gnu/usr.bin/perl/dist/PathTools/lib/File/Spec/Mac.pm
@@ -4,7 +4,7 @@ use strict;
use vars qw(@ISA $VERSION);
require File::Spec::Unix;
-$VERSION = '3.48';
+$VERSION = '3.48_02';
$VERSION =~ tr/_//;
@ISA = qw(File::Spec::Unix);
diff --git a/gnu/usr.bin/perl/dist/PathTools/lib/File/Spec/OS2.pm b/gnu/usr.bin/perl/dist/PathTools/lib/File/Spec/OS2.pm
index df458c9211a..613d57ebbd9 100644
--- a/gnu/usr.bin/perl/dist/PathTools/lib/File/Spec/OS2.pm
+++ b/gnu/usr.bin/perl/dist/PathTools/lib/File/Spec/OS2.pm
@@ -4,7 +4,7 @@ use strict;
use vars qw(@ISA $VERSION);
require File::Spec::Unix;
-$VERSION = '3.48';
+$VERSION = '3.48_02';
$VERSION =~ tr/_//;
@ISA = qw(File::Spec::Unix);
diff --git a/gnu/usr.bin/perl/dist/PathTools/lib/File/Spec/Unix.pm b/gnu/usr.bin/perl/dist/PathTools/lib/File/Spec/Unix.pm
index e4eddbb0180..0a35756f76e 100644
--- a/gnu/usr.bin/perl/dist/PathTools/lib/File/Spec/Unix.pm
+++ b/gnu/usr.bin/perl/dist/PathTools/lib/File/Spec/Unix.pm
@@ -3,7 +3,7 @@ package File::Spec::Unix;
use strict;
use vars qw($VERSION);
-$VERSION = '3.48';
+$VERSION = '3.48_02';
my $xs_version = $VERSION;
$VERSION =~ tr/_//;
diff --git a/gnu/usr.bin/perl/dist/PathTools/lib/File/Spec/VMS.pm b/gnu/usr.bin/perl/dist/PathTools/lib/File/Spec/VMS.pm
index b045e270caa..71df2b4db64 100644
--- a/gnu/usr.bin/perl/dist/PathTools/lib/File/Spec/VMS.pm
+++ b/gnu/usr.bin/perl/dist/PathTools/lib/File/Spec/VMS.pm
@@ -4,7 +4,7 @@ use strict;
use vars qw(@ISA $VERSION);
require File::Spec::Unix;
-$VERSION = '3.48';
+$VERSION = '3.48_02';
$VERSION =~ tr/_//;
@ISA = qw(File::Spec::Unix);
diff --git a/gnu/usr.bin/perl/dist/PathTools/lib/File/Spec/Win32.pm b/gnu/usr.bin/perl/dist/PathTools/lib/File/Spec/Win32.pm
index 352ec990db2..a2979d31534 100644
--- a/gnu/usr.bin/perl/dist/PathTools/lib/File/Spec/Win32.pm
+++ b/gnu/usr.bin/perl/dist/PathTools/lib/File/Spec/Win32.pm
@@ -5,7 +5,7 @@ use strict;
use vars qw(@ISA $VERSION);
require File::Spec::Unix;
-$VERSION = '3.48';
+$VERSION = '3.48_02';
$VERSION =~ tr/_//;
@ISA = qw(File::Spec::Unix);
diff --git a/gnu/usr.bin/perl/dist/PathTools/t/taint.t b/gnu/usr.bin/perl/dist/PathTools/t/taint.t
index 309b3e5dfcb..48f8c5bc8f6 100644
--- a/gnu/usr.bin/perl/dist/PathTools/t/taint.t
+++ b/gnu/usr.bin/perl/dist/PathTools/t/taint.t
@@ -12,7 +12,7 @@ use Test::More;
BEGIN {
plan(
${^TAINT}
- ? (tests => 17)
+ ? (tests => 21)
: (skip_all => "A perl without taint support")
);
}
@@ -34,3 +34,20 @@ foreach my $func (@Functions) {
# Previous versions of Cwd tainted $^O
is !tainted($^O), 1, "\$^O should not be tainted";
+
+{
+ # [perl #126862] canonpath() loses taint
+ my $tainted = substr($ENV{PATH}, 0, 0);
+ # yes, getcwd()'s result should be tainted, and is tested above
+ # but be sure
+ ok tainted(File::Spec->canonpath($tainted . Cwd::getcwd)),
+ "canonpath() keeps taint on non-empty string";
+ ok tainted(File::Spec->canonpath($tainted)),
+ "canonpath() keeps taint on empty string";
+
+ (Cwd::getcwd() =~ /^(.*)/);
+ my $untainted = $1;
+ ok !tainted($untainted), "make sure our untainted value is untainted";
+ ok !tainted(File::Spec->canonpath($untainted)),
+ "canonpath() doesn't add taint to untainted string";
+}
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-27 13:21:58 +0000