gnu/packages/patches/perl-CVE-2015-8607.patch

   1 From 3a629609084d147838368262171b923f0770e564 Mon Sep 17 00:00:00 2001
   2 From: Tony Cook <tony@develop-help.com>
   3 Date: Tue, 15 Dec 2015 10:56:54 +1100
   4 Subject: ensure File::Spec::canonpath() preserves taint
   5
   6 Previously the unix specific XS implementation of canonpath() would
   7 return an untainted path when supplied a tainted path.
   8
   9 For the empty string case, newSVpvs() already sets taint as needed on
  10 its result.
  11
  12 This issue was assigned CVE-2015-8607.
  13
  14 Bug: https://rt.perl.org/Ticket/Display.html?id=126862
  15 Bug-Debian: https://bugs.debian.org/810719
  16 Origin: upstream
  17 Patch-Name: fixes/CVE-2015-8607_file_spec_taint_fix.diff
  18 ---
  19  dist/PathTools/Cwd.xs    |  1 +
  20  dist/PathTools/t/taint.t | 19 ++++++++++++++++++-
  21  2 files changed, 19 insertions(+), 1 deletion(-)
  22
  23 diff --git a/dist/PathTools/Cwd.xs b/dist/PathTools/Cwd.xs
  24 index 9d4dcf0..3d018dc 100644
  25 --- a/dist/PathTools/Cwd.xs
  26 +++ b/dist/PathTools/Cwd.xs
  27 @@ -535,6 +535,7 @@ THX_unix_canonpath(pTHX_ SV *path)
  28      *o = 0;
  29      SvPOK_on(retval);
  30      SvCUR_set(retval, o - SvPVX(retval));
  31 +    SvTAINT(retval);
  32      return retval;
  33  }
  34
  35 diff --git a/dist/PathTools/t/taint.t b/dist/PathTools/t/taint.t
  36 index 309b3e5..48f8c5b 100644
  37 --- a/dist/PathTools/t/taint.t
  38 +++ b/dist/PathTools/t/taint.t
  39 @@ -12,7 +12,7 @@ use Test::More;
  40  BEGIN {
  41      plan(
  42          ${^TAINT}
  43 -        ? (tests => 17)
  44 +        ? (tests => 21)
  45          : (skip_all => "A perl without taint support")
  46      );
  47  }
  48 @@ -34,3 +34,20 @@ foreach my $func (@Functions) {
  49
  50  # Previous versions of Cwd tainted $^O
  51  is !tainted($^O), 1, "\$^O should not be tainted";
  52 +
  53 +{
  54 +    # [perl #126862] canonpath() loses taint
  55 +    my $tainted = substr($ENV{PATH}, 0, 0);
  56 +    # yes, getcwd()'s result should be tainted, and is tested above
  57 +    # but be sure
  58 +    ok tainted(File::Spec->canonpath($tainted . Cwd::getcwd)),
  59 +        "canonpath() keeps taint on non-empty string";
  60 +    ok tainted(File::Spec->canonpath($tainted)),
  61 +        "canonpath() keeps taint on empty string";
  62 +
  63 +    (Cwd::getcwd() =~ /^(.*)/);
  64 +    my $untainted = $1;
  65 +    ok !tainted($untainted), "make sure our untainted value is untainted";
  66 +    ok !tainted(File::Spec->canonpath($untainted)),
  67 +        "canonpath() doesn't add taint to untainted string";
  68 +}