perl-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stas Bekman <s...@stason.org>
Subject Re: Error with t\api\slurp_filename + t\filter\in_error?
Date Tue, 06 Jul 2004 07:53:05 GMT
Randy Kobes wrote:
> On Mon, 5 Jul 2004, Steve Hay wrote:
> 
> 
>>Further to my "Problem running "nmake test" on Win32"
>>posting (sorry I can't "Reply", but I never received the
>>message back from the list -- I may have got unsubscribed
>>AGAIN!) I have now reduced the failure to the following
>>(with the aid of t/SMOKE):
>>
>>This works:perl t/TEST -v t\filter\in_error.t t\filter\in_init_basic.t
>>
>>and this works:perl t/TEST -v t\api\slurp_filename.t
>>
>>but this fails:perl t/TEST -v
>>t\api\slurp_filename.t t\filter\in_error.t t\filter\in_init_basic.t
> 
> 
>>The Apache server dies after in_error, so in_init_basic
>>fails to connect:
> 
> 
> I think this has something to do with tainting - reducing
> slurp_filename.pm to (using non-utf8 data, to eliminate
> one possibility):
> ==========================================================
> package TestAPI::slurp_filename;
> # test with non-utf8 data
> my $expected = <<EOI;
> English: Internet
> Hebrew : Junk
> EOI
> 
> sub handler {
>     my $r = shift;
> 
>     plan $r, tests => 1;
> 
>     {
>         my $data = $r->slurp_filename;
>         my $received;
>         eval {$received = eval $$data};
>         ok t_cmp($@, qr/Insecure dependency in eval/, "slurp filename tainted");
>     }
> 
>     Apache::OK;
> }
> # ...
> ================================================================
> then the sequence Steve mentioned for the disconnect
> occurs, but changing to
>       my $data = $r->slurp_filename(0);
> causes no such problem.

So does the worker really crash as Steve has suggested?

Can you add something after the eval test above and see whether it still gets 
executed/printed/sent to the client?

Does it have anything to do with the nested eval?

   eval {$received = eval $$data};

Can you use any different approach to cause a taint error (e.g. qx[ls $data]) 
or something? Does the problem persist?

-- 
__________________________________________________________________
Stas Bekman            JAm_pH ------> Just Another mod_perl Hacker
http://stason.org/     mod_perl Guide ---> http://perl.apache.org
mailto:stas@stason.org http://use.perl.org http://apacheweek.com
http://modperlbook.org http://apache.org   http://ticketmaster.com

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@perl.apache.org
For additional commands, e-mail: dev-help@perl.apache.org


Mime
View raw message