Closed Bug 297928 Opened 20 years ago Closed 20 years ago

detaint_natural and trick_taint shouldn't rely on $1.

Categories

(Bugzilla :: Bugzilla-General, defect)

Product:
Bugzilla
Component:
Bugzilla-General
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED
Milestone:
Bugzilla 2.16

People

(Reporter: kiko, Assigned: kiko)

Details

Attachments

(2 files)

kiko_v1: use the return value of the match instead of $1
988 bytes, patch
justdave
: review+
Details | Diff | Splinter Review
2.16 backport, v1
708 bytes, patch
justdave
: review+
Details | Diff | Splinter Review 
detaint_natural and trick_taint currently rely on $1 being defined or not after
a match. However, Perl doesn't reset $1 when a match fails! This causes very
hard-to-debug failures inside our detainting functions. 

The workaround is to use the return value of the match expression.

sub detaint_natural {
  ($ret) = $_[0] =~ /^(\d+)$/;
  $_[0] = $ret;
  return (defined($_[0]));
}

This may have hidden some errors deep down in Bugzilla's regexp-land..
If you are observant you will notice there is still a $1 used in
detaint_signed. I think that one's safe because we test the return value of the
match before using it.
Attachment #186491 - Flags: review?(LpSolit)
Severity: normal → critical
Status: NEW → ASSIGNED
Flags: blocking2.20?
Flags: blocking2.16.11?
Target Milestone: --- → Bugzilla 2.16
Flags: blocking2.18.2?
How about....

sub detaint_natural {
  if ($_[0] =~ /^(\d+)$/) {
      return $_[0];
  } else {
      return undef;
  }
}

??
Attachment #186491 - Flags: review?(LpSolit) → review+
which branch does that apply to, and do we have backports for the others yet?
That was against head -- I produced no branch patches.
(In reply to comment #3)
> which branch does that apply to, and do we have backports for the others yet?

This patch applies cleanly to 2.18. 2.16 does not have detaint_signed.
Flags: approval?
Flags: approval2.18?
OS: Linux → All
Hardware: PC → All

        Attachment #186492 -
        Flags: review?(justdave)

        Attachment #186492 -
        Flags: review?(justdave) → review+

    
  
Flags: approval2.16?
Flags: blocking2.20?
Flags: blocking2.20+
Flags: blocking2.18.2?
Flags: blocking2.18.2+
Flags: blocking2.16.11?
Flags: blocking2.16.11+
Flags: approval?
Flags: approval2.18?
Flags: approval2.18+
Flags: approval2.16?
Flags: approval2.16+
Flags: approval+

    
    

    
  
Tip:

Checking in Bugzilla/Util.pm;
/cvsroot/mozilla/webtools/bugzilla/Bugzilla/Util.pm,v  <--  Util.pm
new revision: 1.28; previous revision: 1.27
done


2.18.1:

Checking in Bugzilla/Util.pm;
/cvsroot/mozilla/webtools/bugzilla/Bugzilla/Util.pm,v  <--  Util.pm
new revision: 1.12.2.4; previous revision: 1.12.2.3
done


2.16.10:

Checking in globals.pl;
/cvsroot/mozilla/webtools/bugzilla/globals.pl,v  <--  globals.pl
new revision: 1.169.2.30; previous revision: 1.169.2.29
done

Status: ASSIGNED → RESOLVED
Closed: 20 years ago
Keywords: relnote
Resolution: --- → FIXED

    
    

    
  
What about this would you like in the relnotes?

    
    

    
  
I can't figure out what to relnote about this. If you'd like to have it
relnoted, please re-add the keyword and explain what should go in the relnotes.
Keywords: relnote

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: