Closed Bug 287926 Opened 20 years ago Closed 20 years ago

Something in Config.pm causes a taint problem in IO::Socket

Categories

(Bugzilla :: Bugzilla-General, defect)

2.19.2
x86
Linux
defect
Not set
major

Tracking

()

RESOLVED DUPLICATE of bug 287763

People

(Reporter: bugreport, Unassigned)

References

Details

Using Perl 5.8.0, if you run.... #!/usr/bin/perl -wT # -*- Mode: perl; indent-tabs-mode: nil -*- # use strict; use lib "."; require "CGI.pl"; #use Bugzilla::Config qw(:locations); use Net::SMTP; use IO::Socket; it does not fail... uncomment the Config.pm line, and it will not compile
With a clean 5.8.1 install (from source) with Bundle::CPAN and Date::Format installed from CPAN, this can be reproduced.
Just to make this nice and strange, line 22 of Socket.pm is.... require IO::Socket::UNIX if ($^O ne 'epoc'); if I change that to... #require IO::Socket::UNIX; this starts to work
a version of bugzilla i checked out on feb 18th doesn't show this problem. there's been a *lot* of work since then.
this is caused by bug 280778 -- one of mine :( choices => $^O =~ /MSWin32/i ? ['smtp', 'testfile'] : ['sendmail', 'smtp', 'qmail', 'testfile'], i don't see how this caused the problem however.
Could that have taken $^O from untainted to tainted??? It might be worth forcing it to be tainted or detainted and seeing if that makes the problem come and go.
$^O is tainted after that call. trick_taint'ing it at the end of defparams fixes this issue. however why is perl flagging $^O as tainted after that call when it's 100% constants?
running defparams in isolation doesn't taint $^O.. use strict; use Safe; sub is_tainted { return ! eval { eval("#" . substr(join("", @_), 0, 0)); 1 }; } printf "before: %s\n", is_tainted($^O) ? 'y' : 'n'; use vars qw(@param_list); unless (my $ret = do 'defparams.pl') { die "Couldn't parse defparams.pl: $@" if $@; die "Couldn't do defparams.pl: $!" unless defined $ret; die "Couldn't run defparams.pl" unless $ret; } printf "after: %s\n", is_tainted($^O) ? 'y' : 'n'; i'm so confused.
*** This bug has been marked as a duplicate of 287763 ***
Status: NEW → RESOLVED
Closed: 20 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.