Taint functions and $1

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Taint functions and $1

Christian Robottom Reis

I'm not a Perl wizard, and therefore running into

    https://bugzilla.mozilla.org/show_bug.cgi?id=297928

was a surprise for me today. Moral of the story: don't rely on the
value of $1 if the match for something failed; failed matches don't
reset $1. Code that does

    $foo =~ /(\d+)/;
    $bar = $1;

is buggy for the same reason.

Take care,
--
Christian Robottom Reis | http://async.com.br/~kiko/ | [+55 16] 3376 0125
-
To view or change your list settings, click here:
<http://bugzilla.org/cgi-bin/mj_wwwusr?user=lists@...>
Reply | Threaded
Open this post in threaded view
|

Re: Taint functions and $1

Frédéric Buclin
Christian Robottom Reis a écrit :

> I'm not a Perl wizard, and therefore running into
>
>     https://bugzilla.mozilla.org/show_bug.cgi?id=297928
>
> was a surprise for me today. Moral of the story: don't rely on the
> value of $1 if the match for something failed; failed matches don't
> reset $1. Code that does
>
>     $foo =~ /(\d+)/;
>     $bar = $1;
>
> is buggy for the same reason.


Bug 297928: detaint_natural, detaint_signed and trick_taint shouldn't
rely on $1

FIXED on the trunk, 2.18 and 2.16 branches!

Tip:

Checking in Bugzilla/Util.pm;
/cvsroot/mozilla/webtools/bugzilla/Bugzilla/Util.pm,v  <--  Util.pm
new revision: 1.28; previous revision: 1.27
done

2.18.1:

Checking in Bugzilla/Util.pm;
/cvsroot/mozilla/webtools/bugzilla/Bugzilla/Util.pm,v  <--  Util.pm
new revision: 1.12.2.4; previous revision: 1.12.2.3
done

2.16.10:

Checking in globals.pl;
/cvsroot/mozilla/webtools/bugzilla/globals.pl,v  <--  globals.pl
new revision: 1.169.2.30; previous revision: 1.169.2.29
done
-
To view or change your list settings, click here:
<http://bugzilla.org/cgi-bin/mj_wwwusr?user=lists@...>