Beefy Boxes and Bandwidth Generously Provided by pair Networks
Welcome to the Monastery

Re^2: Taint, CGI and perl 5.10

by nextguru (Scribe)
on Mar 11, 2010 at 03:52 UTC ( #827934=note: print w/ replies, xml ) Need Help??

in reply to Re: Taint, CGI and perl 5.10
in thread Taint, CGI and perl 5.10

The following code exhibits the trouble.

#!/usr/bin/perl -wT use strict my $tainteddata = $ARGV[0]; my ($untainteddata) = $tainteddata =~ /^([\w]+)$/; open(my $fh, ">", $untainteddata) or die; printf $fh <<EOMEOM; removing the next line of output allows the script to work the tainted data: $tainteddata script works with or without the following line the untainted data: $untainteddata EOMEOM close ($fh); exit;
In trying other solutions, I've determined that the here document appears to be the culprit. The following code works fine.
#!/usr/bin/perl -wT use strict; my $tainteddata = $ARGV[0]; my ($untainteddata) = $tainteddata =~ /^([\w]+)$/; open(my $fh, ">", $untainteddata) or die; printf $fh $tainteddata, "\n"; close ($fh); exit;
This is curious to me. Why the different behavior for here documents? Original version of perl was 5.8.9, now 5.10.1.

Comment on Re^2: Taint, CGI and perl 5.10
Select or Download Code
Replies are listed 'Best First'.
Re^3: Taint, CGI and perl 5.10
by ikegami (Pope) on Mar 11, 2010 at 05:21 UTC

    Your problem can be demonstrated using

    perl -Te'printf $ARGV[0]' foo

    The first argument of printf (optional fh aside) is the format pattern. It makes sense to require the pattern to be trusted. Consider %n, for example.

    printf $fh <<EOMEOM;
    should be
    printf $fh "%s", <<EOMEOM;
    or simply
    print $fh <<EOMEOM;

    Your code is buggy, and 5.10 catches your bug.

      That was it. Thanks much.

      Man ... that was a *spot* the bug for these eyes. Just to clarify thats:

      printf $fh
      print $fh

      It took me a while to spot the f.

Re^3: Taint, CGI and perl 5.10
by rowdog (Curate) on Mar 11, 2010 at 12:44 UTC

    perldoc perl595delta says

    When perl is run under taint mode, printf() and sprintf() will now reject any tainted format argument.

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://827934]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others cooling their heels in the Monastery: (9)
As of 2016-02-12 14:31 GMT
Find Nodes?
    Voting Booth?

    How many photographs, souvenirs, artworks, trophies or other decorative objects are displayed in your home?

    Results (401 votes), past polls