Subject: | auto-generated salts inadvertently taint the key |
When running in Taint mode, Crypt::CBC will inadvertently taint the $key when generating a
salt automatically. It ends up bailing on its own _taintcheck in this event:
#!/usr/bin/perl -T
use Crypt::CBC 2.31;
my $cipher = Crypt::CBC->new(
-key => 'my secret key',
);
results in error:
"Taint checks are turned on and your key is tainted. Please untaint the key and try again"
The easy workaround is to provide my own salt... no problem with the following:
my $cipher = Crypt::CBC->new(
-key => 'my secret key',
-salt => 'my__salt',
);
Perl v5.8.8
Linux 2.6.18-308.20.1.el5 #1 SMP Tue Nov 6 04:38:29 EST 2012 x86_64 x86_64 x86_64
GNU/Linux