https://bz.apache.org/SpamAssassin/show_bug.cgi?id=8089
Sidney Markowitz <sidney@sidney.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|WONTFIX |---
Target Milestone|Undefined |4.0.2
Status|RESOLVED |REOPENED
--- Comment #5 from Sidney Markowitz <sidney@sidney.com> ---
I have some more insight on this, so I'm re-opening the issue to commit a patch
that will keep this apparent Perl bug from triggering.
I still can't duplicate an environment in which it happens, but there are a few
CPAN test machines running certain old versions of perl where it consistently
happens. The trigger is to have a tainted value, for example in variable
$pathdir and the expression
(-d $pathdir) and File::Spec->file_name_is_absolute($pathdir)
followed soon after by a call to File::Temp::tempdir($template, DIR=>"log")
The bug makes no sense, but it doesn't have to in order to work around it.
The patch for t/SATest.pm I'll upload will do the following, which removes the
trigger in two independent ways:
- Untaint the path variable before the offending expression
- Swap the order of the expression, i.e., the -d comes second. For whatever
strange reason, the bug is only triggered if it comes first.
Some small cleanup I noticed while editing this:
- Remove redundant calls to File::Spec->canonpath since Cwd::realpath($pathdir)
already canonicalizes before returning
- Replace a few places where variables are untainted in code with calls to
untaint_var so untainting is done in a consistent way
--
You are receiving this mail because:
You are the assignee for the bug.
Sidney Markowitz <sidney@sidney.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|WONTFIX |---
Target Milestone|Undefined |4.0.2
Status|RESOLVED |REOPENED
--- Comment #5 from Sidney Markowitz <sidney@sidney.com> ---
I have some more insight on this, so I'm re-opening the issue to commit a patch
that will keep this apparent Perl bug from triggering.
I still can't duplicate an environment in which it happens, but there are a few
CPAN test machines running certain old versions of perl where it consistently
happens. The trigger is to have a tainted value, for example in variable
$pathdir and the expression
(-d $pathdir) and File::Spec->file_name_is_absolute($pathdir)
followed soon after by a call to File::Temp::tempdir($template, DIR=>"log")
The bug makes no sense, but it doesn't have to in order to work around it.
The patch for t/SATest.pm I'll upload will do the following, which removes the
trigger in two independent ways:
- Untaint the path variable before the offending expression
- Swap the order of the expression, i.e., the -d comes second. For whatever
strange reason, the bug is only triggered if it comes first.
Some small cleanup I noticed while editing this:
- Remove redundant calls to File::Spec->canonpath since Cwd::realpath($pathdir)
already canonicalizes before returning
- Replace a few places where variables are untainted in code with calls to
untaint_var so untainting is done in a consistent way
--
You are receiving this mail because:
You are the assignee for the bug.