[jackhill/guix/guix.git] / gnu / packages / patches / perl-CVE-2015-8607.patch

From 3a629609084d147838368262171b923f0770e564 Mon Sep 17 00:00:00 2001
From: Tony Cook <tony@develop-help.com>
Date: Tue, 15 Dec 2015 10:56:54 +1100
Subject: ensure File::Spec::canonpath() preserves taint

Previously the unix specific XS implementation of canonpath() would
return an untainted path when supplied a tainted path.

For the empty string case, newSVpvs() already sets taint as needed on
its result.

This issue was assigned CVE-2015-8607.

Bug: https://rt.perl.org/Ticket/Display.html?id=126862
Bug-Debian: https://bugs.debian.org/810719
Origin: upstream
Patch-Name: fixes/CVE-2015-8607_file_spec_taint_fix.diff
---
 dist/PathTools/Cwd.xs    |  1 +
 dist/PathTools/t/taint.t | 19 ++++++++++++++++++-
 2 files changed, 19 insertions(+), 1 deletion(-)

diff --git a/dist/PathTools/Cwd.xs b/dist/PathTools/Cwd.xs
index 9d4dcf0..3d018dc 100644
--- a/dist/PathTools/Cwd.xs
+++ b/dist/PathTools/Cwd.xs
@@ -535,6 +535,7 @@ THX_unix_canonpath(pTHX_ SV *path)
     *o = 0;
     SvPOK_on(retval);
     SvCUR_set(retval, o - SvPVX(retval));
+    SvTAINT(retval);
     return retval;
 }
 
diff --git a/dist/PathTools/t/taint.t b/dist/PathTools/t/taint.t
index 309b3e5..48f8c5b 100644
--- a/dist/PathTools/t/taint.t
+++ b/dist/PathTools/t/taint.t
@@ -12,7 +12,7 @@ use Test::More;
 BEGIN {
     plan(
         ${^TAINT}
-        ? (tests => 17)
+        ? (tests => 21)
         : (skip_all => "A perl without taint support")
     );
 }
@@ -34,3 +34,20 @@ foreach my $func (@Functions) {
 
 # Previous versions of Cwd tainted $^O
 is !tainted($^O), 1, "\$^O should not be tainted";
+
+{
+    # [perl #126862] canonpath() loses taint
+    my $tainted = substr($ENV{PATH}, 0, 0);
+    # yes, getcwd()'s result should be tainted, and is tested above
+    # but be sure
+    ok tainted(File::Spec->canonpath($tainted . Cwd::getcwd)),
+        "canonpath() keeps taint on non-empty string";
+    ok tainted(File::Spec->canonpath($tainted)),
+        "canonpath() keeps taint on empty string";
+
+    (Cwd::getcwd() =~ /^(.*)/);
+    my $untainted = $1;
+    ok !tainted($untainted), "make sure our untainted value is untainted";
+    ok !tainted(File::Spec->canonpath($untainted)),
+        "canonpath() doesn't add taint to untainted string";
+}
Commit	Line	Data
203795ac MW	1	From 3a629609084d147838368262171b923f0770e564 Mon Sep 17 00:00:00 2001
	2	From: Tony Cook <tony@develop-help.com>
	3	Date: Tue, 15 Dec 2015 10:56:54 +1100
	4	Subject: ensure File::Spec::canonpath() preserves taint
	5
	6	Previously the unix specific XS implementation of canonpath() would
	7	return an untainted path when supplied a tainted path.
	8
	9	For the empty string case, newSVpvs() already sets taint as needed on
	10	its result.
	11
	12	This issue was assigned CVE-2015-8607.
	13
	14	Bug: https://rt.perl.org/Ticket/Display.html?id=126862
	15	Bug-Debian: https://bugs.debian.org/810719
	16	Origin: upstream
	17	Patch-Name: fixes/CVE-2015-8607_file_spec_taint_fix.diff
	18	---
	19	dist/PathTools/Cwd.xs \| 1 +
	20	dist/PathTools/t/taint.t \| 19 ++++++++++++++++++-
	21	2 files changed, 19 insertions(+), 1 deletion(-)
	22
	23	diff --git a/dist/PathTools/Cwd.xs b/dist/PathTools/Cwd.xs
	24	index 9d4dcf0..3d018dc 100644
	25	--- a/dist/PathTools/Cwd.xs
	26	+++ b/dist/PathTools/Cwd.xs
	27	@@ -535,6 +535,7 @@ THX_unix_canonpath(pTHX_ SV *path)
	28	*o = 0;
	29	SvPOK_on(retval);
	30	SvCUR_set(retval, o - SvPVX(retval));
	31	+ SvTAINT(retval);
	32	return retval;
	33	}
	34
	35	diff --git a/dist/PathTools/t/taint.t b/dist/PathTools/t/taint.t
	36	index 309b3e5..48f8c5b 100644
	37	--- a/dist/PathTools/t/taint.t
	38	+++ b/dist/PathTools/t/taint.t
	39	@@ -12,7 +12,7 @@ use Test::More;
	40	BEGIN {
	41	plan(
	42	${^TAINT}
	43	- ? (tests => 17)
	44	+ ? (tests => 21)
	45	: (skip_all => "A perl without taint support")
	46	);
	47	}
	48	@@ -34,3 +34,20 @@ foreach my $func (@Functions) {
	49
	50	# Previous versions of Cwd tainted $^O
	51	is !tainted($^O), 1, "\$^O should not be tainted";
	52	+
	53	+{
	54	+ # [perl #126862] canonpath() loses taint
	55	+ my $tainted = substr($ENV{PATH}, 0, 0);
	56	+ # yes, getcwd()'s result should be tainted, and is tested above
	57	+ # but be sure
	58	+ ok tainted(File::Spec->canonpath($tainted . Cwd::getcwd)),
	59	+ "canonpath() keeps taint on non-empty string";
	60	+ ok tainted(File::Spec->canonpath($tainted)),
	61	+ "canonpath() keeps taint on empty string";
	62	+
	63	+ (Cwd::getcwd() =~ /^(.*)/);
	64	+ my $untainted = $1;
65	+ ok !tainted($untainted), "make sure our untainted value is untainted";
66	+ ok !tainted(File::Spec->canonpath($untainted)),
67	+ "canonpath() doesn't add taint to untainted string";
68	+}