Bug #43796 for CGI: PATCH: Temporary directory bug on Windows in version 3.43

Mon Mar 02 20:10:34 2009 Peter.Hancock [...] mincom.com - Ticket created

Subject:	Temporary directory bug in version 3.41
Date:	Tue, 3 Mar 2009 11:10:11 +1000
To:	bug-CGI.pm [...] rt.cpan.org
From:	Peter.Hancock [...] mincom.com

Download image001.gif
image/gif 3.7k

Hi, I'm using a Windows Vista SP1 workstation. As part of a FosWiki pilot study, I installed the ActivePerl 5.8.9 distribution (CGI.pm 3.42) along with Apache 2.2.11 ... Characteristics of this binary (from libperl): Compile-time options: MULTIPLICITY PERL_IMPLICIT_CONTEXT PERL_IMPLICIT_SYS PERL_MALLOC_WRAP PL_OP_SLAB_ALLOC USE_FAST_STDIO USE_ITHREADS USE_LARGE_FILES USE_PERLIO USE_SITECUSTOMIZE Locally applied patches: ActivePerl Build 825 [288577] Iin_load_module moved for compatibility with build 806 Less verbose ExtUtils::Install and Pod::Find Rearrange @INC so that 'site' is searched before 'perl' Partly reverted 24733 to preserve binary compatibility 31188 Problem killing a pseudo-forked child on Win32 29732 ANSIfy the PATH environment variable on Windows 27527,29868 win32_async_check() can loop indefinitely 26379 Fix alarm() for Windows 2003 Built under MSWin32 Compiled at Dec 14 2008 21:07:41 @INC: C:/Perl/site/lib C:/Perl/lib . I found that FosWiki was reporting errors during searching ... [Thu Feb 26 12:12:04 2009] [error] [client 172.17.118.55] [Thu Feb 26 12:11:33 2009] CGI.pm: Use of uninitialized value in -d at C:/Perl/lib/CGI.pm line 4083. ... and tracked the problem to the following code in CGI.pm (commencing line 4064) which was added in version 3.41 ... if( $CGI::OS eq 'WINDOWS' ){ unshift @TEMP, $ENV{TEMP}, $ENV{TMP}, $ENV{WINDIR} . $SL . 'TEMP'; } When Apache is running as a service (presumably with untainting in effect), the first two evars are not defined and are added to the array as undef elements. When referenced a few lines later, the error occurs (from line 4082) ... foreach (@TEMP) { do {$TMPDIRECTORY = $_; last} if -d $_ && -w _; } Presumably, this error only occurs when the "-w" option is in effect. My suggested replacement code for the above lines (4064 through 4069) is ... if( $CGI::OS eq 'WINDOWS' ){ # PeterH: These evars may not exist if this is invoked within a service and untainting # is in effect - with 'use warnings' the undefined array entries causes Perl to die unshift(@TEMP,$ENV{TEMP}) if defined $ENV{TEMP}; unshift(@TEMP,$ENV{TMP}) if defined $ENV{TMP}; unshift(@TEMP,$ENV{WINDIR} . $SL . 'TEMP') if defined $ENV{WINDIR}; } I hope that this is enough information for you to implement the fix in a future release. Regards, signature_with_contact_details Mincom. <http://www.mincom.com/> The People. The Experience. The Vision. This transmission is for the intended addressee only and is confidential information. If you have received this transmission in error, please notify the sender and delete the transmission. The contents of this e-mail are the opinion of the writer only and are not endorsed by Mincom Pty Ltd unless expressly stated otherwise. -- This transmission is for the intended addressee only and is confidential information. If you have received this transmission in error, please notify the sender and delete the transmission. The contents of this e-mail are the opinion of the writer only and are not endorsed by the Mincom Group of companies unless expressly stated otherwise. --

Message body is not shown because it is too large.

Sun Jul 19 21:24:37 2009 MARKSTOS [...] cpan.org - Taken

Sun Jul 19 21:25:46 2009 MARKSTOS [...] cpan.org - Correspondence added

Thanks for the report and patch, Peter. Your solution looks reasonable to me, and I recommend that it is included in a future release. Mark On Mon Mar 02 20:10:34 2009, Peter.Hancock@mincom.com wrote: Show quoted text

> Hi, > > > > I'm using a Windows Vista SP1 workstation. > > > > As part of a FosWiki pilot study, I installed the ActivePerl 5.8.9 > distribution (CGI.pm 3.42) along with Apache 2.2.11 ... > > > > Characteristics of this binary (from libperl): > > Compile-time options: MULTIPLICITY PERL_IMPLICIT_CONTEXT > PERL_IMPLICIT_SYS > > PERL_MALLOC_WRAP PL_OP_SLAB_ALLOC USE_FAST_STDIO > > USE_ITHREADS USE_LARGE_FILES USE_PERLIO > > USE_SITECUSTOMIZE > > Locally applied patches: > > ActivePerl Build 825 [288577] > > Iin_load_module moved for compatibility with build 806 > > Less verbose ExtUtils::Install and Pod::Find > > Rearrange @INC so that 'site' is searched before 'perl' > > Partly reverted 24733 to preserve binary compatibility > > 31188 Problem killing a pseudo-forked child on Win32 > > 29732 ANSIfy the PATH environment variable on Windows > > 27527,29868 win32_async_check() can loop indefinitely > > 26379 Fix alarm() for Windows 2003 > > Built under MSWin32 > > Compiled at Dec 14 2008 21:07:41 > > @INC: > > C:/Perl/site/lib > > C:/Perl/lib > > . > > > > I found that FosWiki was reporting errors during searching ... > > > > [Thu Feb 26 12:12:04 2009] [error] [client 172.17.118.55] [Thu Feb 26 > 12:11:33 2009] CGI.pm: Use of uninitialized value in -d at > C:/Perl/lib/CGI.pm line 4083. > > > > ... and tracked the problem to the following code in CGI.pm (commencing > line 4064) which was added in version 3.41 ... > > > > if( $CGI::OS eq 'WINDOWS' ){ > > unshift @TEMP, > > $ENV{TEMP}, > > $ENV{TMP}, > > $ENV{WINDIR} . $SL . 'TEMP'; > > } > > > > When Apache is running as a service (presumably with untainting in > effect), the first two evars are not defined and are added to the array > as undef elements. When referenced a few lines later, the error occurs > (from line 4082) ... > > > > foreach (@TEMP) { > > do {$TMPDIRECTORY = $_; last} if -d $_ && -w _; > > } > > > > Presumably, this error only occurs when the "-w" option is in effect. > > > > My suggested replacement code for the above lines (4064 through 4069) > is ... > > > > if( $CGI::OS eq 'WINDOWS' ){ > > # PeterH: These evars may not exist if this is invoked within a > service and untainting > > # is in effect - with 'use warnings' the undefined array entries > causes Perl to die > > unshift(@TEMP,$ENV{TEMP}) if defined $ENV{TEMP}; > > unshift(@TEMP,$ENV{TMP}) if defined $ENV{TMP}; > > unshift(@TEMP,$ENV{WINDIR} . $SL . 'TEMP') if defined > $ENV{WINDIR}; > > } > > > > I hope that this is enough information for you to implement the fix in a > future release. > > > > Regards, > > signature_with_contact_details > > Mincom. <http://www.mincom.com/> The People. The Experience. The > Vision. > > This transmission is for the intended addressee only and is confidential > information. If you have received this transmission in error, please > notify the sender and delete the transmission. The contents of this > e-mail are the opinion of the writer only and are not endorsed by Mincom > Pty Ltd unless expressly stated otherwise. > > >

Sun Jul 19 21:25:48 2009 The RT System itself - Status changed from 'new' to 'open'

Sun Jul 19 21:26:16 2009 MARKSTOS [...] cpan.org - Subject changed from 'Temporary directory bug in version 3.41' to 'PATCH: Temporary directory bug on Windows in version 3.43'

Sun Jul 19 21:26:16 2009 MARKSTOS [...] cpan.org - Broken in 3.43 added

Fri Jul 31 23:02:00 2009 MARKSTOS [...] cpan.org - Correspondence added

Thanks for the patch. I've applied it to my git repo now.

Fri Jul 31 23:02:01 2009 MARKSTOS [...] cpan.org - Status changed from 'open' to 'patched'

Fri Aug 14 21:41:44 2009 MARKSTOS [...] cpan.org - Correspondence added

Subject:

released, thanks.

I believe this change was released today as part of CGI.pm 3.45. Thanks for the contribution.

Fri Aug 14 21:41:44 2009 The RT System itself - Status changed from 'patched' to 'open'

Fri Aug 14 21:41:45 2009 MARKSTOS [...] cpan.org - Status changed from 'open' to 'resolved'

Fri May 23 14:29:29 2014 The RT System itself - Queue changed from CGI.pm to CGI

Bug #43796 for CGI: PATCH: Temporary directory bug on Windows in version 3.43

Preferred bug tracker