1 | /* |
---|
2 | * "...we will have peace, when you and all your works have perished--and |
---|
3 | * the works of your dark master to whom you would deliver us. You are a |
---|
4 | * liar, Saruman, and a corrupter of men's hearts." --Theoden |
---|
5 | */ |
---|
6 | |
---|
7 | #include "EXTERN.h" |
---|
8 | #include "perl.h" |
---|
9 | |
---|
10 | void |
---|
11 | taint_proper(f, s) |
---|
12 | const char *f; |
---|
13 | char *s; |
---|
14 | { |
---|
15 | char *ug; |
---|
16 | |
---|
17 | DEBUG_u(PerlIO_printf(Perl_debug_log, |
---|
18 | "%s %d %d %d\n", s, tainted, uid, euid)); |
---|
19 | |
---|
20 | if (tainted) { |
---|
21 | if (euid != uid) |
---|
22 | ug = " while running setuid"; |
---|
23 | else if (egid != gid) |
---|
24 | ug = " while running setgid"; |
---|
25 | else |
---|
26 | ug = " while running with -T switch"; |
---|
27 | if (!unsafe) |
---|
28 | croak(f, s, ug); |
---|
29 | else if (dowarn) |
---|
30 | warn(f, s, ug); |
---|
31 | } |
---|
32 | } |
---|
33 | |
---|
34 | void |
---|
35 | taint_env() |
---|
36 | { |
---|
37 | SV** svp; |
---|
38 | MAGIC* mg; |
---|
39 | char** e; |
---|
40 | static char* misc_env[] = { |
---|
41 | "IFS", /* most shells' inter-field separators */ |
---|
42 | "CDPATH", /* ksh dain bramage #1 */ |
---|
43 | "ENV", /* ksh dain bramage #2 */ |
---|
44 | "BASH_ENV", /* bash dain bramage -- I guess it's contagious */ |
---|
45 | NULL |
---|
46 | }; |
---|
47 | |
---|
48 | #ifdef VMS |
---|
49 | int i = 0; |
---|
50 | char name[10 + TYPE_DIGITS(int)] = "DCL$PATH"; |
---|
51 | |
---|
52 | while (1) { |
---|
53 | if (i) |
---|
54 | (void)sprintf(name,"DCL$PATH;%d", i); |
---|
55 | svp = hv_fetch(GvHVn(envgv), name, strlen(name), FALSE); |
---|
56 | if (!svp || *svp == &sv_undef) |
---|
57 | break; |
---|
58 | if (SvTAINTED(*svp)) { |
---|
59 | TAINT; |
---|
60 | taint_proper("Insecure %s%s", "$ENV{DCL$PATH}"); |
---|
61 | } |
---|
62 | if ((mg = mg_find(*svp, 'e')) && MgTAINTEDDIR(mg)) { |
---|
63 | TAINT; |
---|
64 | taint_proper("Insecure directory in %s%s", "$ENV{DCL$PATH}"); |
---|
65 | } |
---|
66 | i++; |
---|
67 | } |
---|
68 | #endif /* VMS */ |
---|
69 | |
---|
70 | svp = hv_fetch(GvHVn(envgv),"PATH",4,FALSE); |
---|
71 | if (svp && *svp) { |
---|
72 | if (SvTAINTED(*svp)) { |
---|
73 | TAINT; |
---|
74 | taint_proper("Insecure %s%s", "$ENV{PATH}"); |
---|
75 | } |
---|
76 | if ((mg = mg_find(*svp, 'e')) && MgTAINTEDDIR(mg)) { |
---|
77 | TAINT; |
---|
78 | taint_proper("Insecure directory in %s%s", "$ENV{PATH}"); |
---|
79 | } |
---|
80 | } |
---|
81 | |
---|
82 | #ifndef VMS |
---|
83 | /* tainted $TERM is okay if it contains no metachars */ |
---|
84 | svp = hv_fetch(GvHVn(envgv),"TERM",4,FALSE); |
---|
85 | if (svp && *svp && SvTAINTED(*svp)) { |
---|
86 | bool was_tainted = tainted; |
---|
87 | char *t = SvPV(*svp, na); |
---|
88 | char *e = t + na; |
---|
89 | tainted = was_tainted; |
---|
90 | if (t < e && isALNUM(*t)) |
---|
91 | t++; |
---|
92 | while (t < e && (isALNUM(*t) || *t == '-' || *t == ':')) |
---|
93 | t++; |
---|
94 | if (t < e) { |
---|
95 | TAINT; |
---|
96 | taint_proper("Insecure $ENV{%s}%s", "TERM"); |
---|
97 | } |
---|
98 | } |
---|
99 | #endif /* !VMS */ |
---|
100 | |
---|
101 | for (e = misc_env; *e; e++) { |
---|
102 | svp = hv_fetch(GvHVn(envgv), *e, strlen(*e), FALSE); |
---|
103 | if (svp && *svp != &sv_undef && SvTAINTED(*svp)) { |
---|
104 | TAINT; |
---|
105 | taint_proper("Insecure $ENV{%s}%s", *e); |
---|
106 | } |
---|
107 | } |
---|
108 | } |
---|