Bug #70174 for Params-Validate: Params::ValidateXS is not taint-safe

RT for rt.cpan.org

This queue is for tickets about the Params-Validate CPAN distribution.

Report information

The Basics

Id:	70174
Status:	resolved
Priority:	0/
Queue:	Params-Validate

People

Owner:	Nobody in particular
Requestors:	mark [...] mcs.vuw.ac.nz mhasch-cpanbugs [...] cozap.com
Cc:
AdminCc:

Bug Information

Severity:	Important
Broken in:	1.00
Fixed in:	1.09

History Show all quoted text

Tue May 22 21:06:13 2007 mark [...] mcs.vuw.ac.nz - Ticket #27255: Ticket created

CC:	Duncan McEwan <duncan [...] mcs.vuw.ac.nz>
Subject:	Tainting issue with Params-Validate and Log-Dispatch
Date:	Wed, 23 May 2007 13:05:44 +1200
To:	bug-Params-Validate [...] rt.cpan.org
From:	Mark Davies <mark [...] mcs.vuw.ac.nz>

Hi, The test program below demonstrates a problem with either Params-Validate or Log-Dispatch. Using Params-Validate-0.86 the test program runs, however with either 0.87 or 0.88 it dies with the error: Insecure dependency in eval_sv() while running with -T switch at /usr/pkg/lib/perl5/vendor_perl/5.8.0/Log/Dispatch/Syslog.pm line 42. cheers mark #!/usr/pkg/bin/perl -Tw use Log::Dispatch 1.6; use Log::Dispatch::Syslog; my $logger = Log::Dispatch->new(); $logger->add(Log::Dispatch::Syslog->new ( name => 'syslog', ident => 'test', min_level => 'info', callbacks => sub { return "hi again" }, stderr => 1, (facility => 'local1') ) ); print "hi there\n"; exit 0;

Tue Aug 09 12:30:59 2011 hasch-cpan [...] cozap.com - Ticket created

Subject:

Params::ValidateXS is not taint-safe

Apparently, Params::ValidateXS from Params-Validate-1.00 tries to do something insecure when preparing a diagnostic message involving some tainted value. I observed this using perl 5.14.1 and Params::Validate 1.00 on a Linux system. Sample code: ---- begin sample code "eat.pl" ---- #!/usr/bin/perl -T use strict; use warnings; use Params::Validate; sub eat { my @food = validate_pos(@_, { regex => qr/^b/ } ); print "eating @food\n"; } eat(@ARGV); ---- end sample code "eat.pl" ---- Sample command line: ./eat.pl biscuit Sample output: eating biscuit Command line exposing bug: ./eat.pl cheese Expected output: Parameter #1 ("cheese") to main::eat did not pass regex check at ./eat.pl line 8 main::eat('cheese') called at ./eat.pl line 12 Actual output: Insecure dependency in eval_sv() while running with -T switch at ./eat.pl line 8.

Sun May 04 04:42:06 2014 DROLSKY [...] cpan.org - Ticket #27255: Merged into ticket #70174

Sun May 04 04:42:06 2014 DROLSKY [...] cpan.org - Merged into ticket #70174

Sun May 04 21:36:19 2014 DROLSKY [...] cpan.org - Status changed from 'new' to 'resolved'

Sun May 04 21:36:20 2014 DROLSKY [...] cpan.org - Fixed in 1.09 added