Skip Menu |

This queue is for tickets about the Mail-Box CPAN distribution.

Report information
The Basics
Id: 5243
Status: resolved
Priority: 0/
Queue: Mail-Box
People
Owner: Nobody in particular
Requestors: ville.skytta [...] iki.fi
Cc:
AdminCc:
Bug Information
Severity: Normal
Broken in: 2.053
Fixed in: (no value)

History Show all quoted text
  Sat Feb 07 05:51:38 2004 scop [...] cpan.org - Ticket created
Subject: Taint-related make test failure
(Note: this is actually with 2.054, but there's no such choice in the RT UI at the moment.) "make test" of Mail-Box-2.054 on a Fedora Core 1 system, perl-5.8.1-92 fails with: 31fgroups/20list......ok 18/119Insecure dependency in eval while running with -T switch at ../lib/Mail/Message/Field/Full.pm line 60, <GEN1> line 1078. The attached patch works around by untainting the hash key fed to %implementations in Mail/Message/Field/Full.pm. I find it a bit surprising that this is needed though, but it should not hurt.
--- lib/Mail/Message/Field/Full.pm~ 2004-02-07 12:37:13.000000000 +0200 +++ lib/Mail/Message/Field/Full.pm 2004-02-07 12:48:17.000000000 +0200 @@ -54,8 +54,9 @@ if $class ne __PACKAGE__; # Look for best class to suit this field + my ($impl) = (lc($name) =~ /^([a-z-]+)$/); # untaint my $myclass = 'Mail::Message::Field::' - . ($implementation{lc $name} || 'Unstructured'); + . ($implementation{$impl} || 'Unstructured'); eval "require $myclass"; return if $@;
  Wed Mar 10 04:27:17 2004 MARKOV [...] cpan.org - Status changed from 'new' to 'resolved'
  Wed Mar 10 04:27:17 2004 MARKOV [...] cpan.org - Correspondence added
Sorry: message got lost in bulk spam and viruses. I cannot reproduce the bug with Perl5.8.1 on SuSE. Maybe something else is wrong. Your patch may solce the problem, but should be located closer to the source of the data... now it slows-down each field access. Sorry, not included.
  Sat Mar 20 11:57:03 2004 The RT System itself - Status changed from 'resolved' to 'open'
  Sat Mar 20 11:57:03 2004 scop [...] cpan.org - Correspondence added
Show quoted text
> I cannot reproduce the bug with Perl5.8.1 on SuSE.
FYI: this problem still occurs on Fedora Core 1, perl-5.8.3-10. Show quoted text
> Maybe something > else > is wrong. Your patch may solce the problem, but should be located > closer to the source of the data... now it slows-down each field > access. > Sorry, not included.
Ok, np, but I would like to reopen this bug since I can still reliably reproduce it. (Even if it's not perfect, the original attached patch still fixes it with Perl 5.8.3 here.)
  Mon Aug 02 08:43:42 2004 MARKOV [...] cpan.org - Correspondence added
This patch will never, ever make it into MailBox: it would break other applications. The lc() problem is caused by a known bug in PerlIO in 5.8.3, so: install 5.8.4!
  Mon Aug 02 08:43:42 2004 MARKOV [...] cpan.org - Status changed from 'open' to 'resolved'