From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <at@altlinux.ru>
Date: Fri, 25 Mar 2005 19:04:54 +0300
From: Alexey Tourbin <at@altlinux.ru>
To: ALT Devel discussion list <devel@altlinux.ru>
Message-ID: <20050325160454.GD7612@solemn.turbinal.org>
Mail-Followup-To: ALT Devel discussion list <devel@altlinux.ru>
References: <20050323111249.64ae83a3.dfo@antex.ru>
	<20050323112948.4b122de0.dfo@antex.ru>
	<42413A72.9020405@altlinux.ru>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="6WlEvdN9Dv0WHSBl"
Content-Disposition: inline
In-Reply-To: <42413A72.9020405@altlinux.ru>
Subject: [devel] Re: perl =?koi8-r?b?yQ==?= squid
X-BeenThere: devel@altlinux.ru
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: ALT Devel discussion list <devel@altlinux.ru>
List-Id: ALT Devel discussion list <devel.altlinux.ru>
List-Unsubscribe: <https://lists.altlinux.ru/mailman/listinfo/devel>,
	<mailto:devel-request@altlinux.ru?subject=unsubscribe>
List-Archive: <http://lists.altlinux.ru/pipermail/devel>
List-Post: <mailto:devel@altlinux.ru>
List-Help: <mailto:devel-request@altlinux.ru?subject=help>
List-Subscribe: <https://lists.altlinux.ru/mailman/listinfo/devel>,
	<mailto:devel-request@altlinux.ru?subject=subscribe>
X-List-Received-Date: Fri, 25 Mar 2005 16:09:29 -0000
Archived-At: <http://lore.altlinux.org/devel/20050325160454.GD7612@solemn.turbinal.org/>
List-Archive: <http://lore.altlinux.org/devel/>
List-Post: <mailto:devel@altlinux.org>


--6WlEvdN9Dv0WHSBl
Content-Type: text/plain; charset=koi8-r
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, Mar 23, 2005 at 11:44:18AM +0200, Andrei Bulava wrote:
> $ locate shellwords.pl
> /usr/lib/perl5/shellwords.pl
> $ rpm -qf /usr/lib/perl5/shellwords.pl
> perl4-compat-5.8.6-alt3.1

=E9=CD=C5=C5=D4=D3=D1 drop-in replacement: =D7=CD=C5=D3=D4=CF
require "shellwords.pl";
=C9=CC=C9
do "shellwords.pl";

=CE=D5=D6=CE=CF =CE=C1=D0=C9=D3=C1=D4=D8
use Text::ParseWords qw(shellwords);
=C9=CC=C9
use Text::ParseWords qw(old_shellwords);

=F0=CF=D3=CC=C5=C4=CE=C9=CA =D7=C1=D2=C9=C1=CE=D4 =CE=C1=C9=C2=CF=CC=C5=C5 =
=C2=CC=C9=DA=CB=CF mimics =D3=D4=C1=D2=D9=CA =CB=CF=C4 =C9=DA shellwords.pl,
=CB=CF=D4=CF=D2=D9=CA =C2=CF=CC=D8=DB=C5 =CE=C5 =D0=CF=C4=C4=C5=D2=D6=C9=D7=
=C1=C5=D4=D3=D1.  =F3=CF=C2=D3=D4=D7=C5=CE=CE=CF, =CE=C1=CC=C9=DE=C9=C5 =CE=
=C5=CB=CF=D4=CF=D2=CF=C7=CF
=CB=CF=CC=C9=DE=C5=D3=D4=D7=C1 =D4=C1=CB=CF=C7=CF =CB=CF=C4=C1 + =C7=C5=CE=
=C5=D2=C1=D4 h2ph =CE=C1=D7=C5=CC=CF =CD=C5=CE=D1 =CE=C1 =CD=D9=D3=CC=D8 =
=D0=CF=CD=C5=D3=D4=C9=D4=D8
=D7=D3=A3 =DC=D4=CF =D7 =CF=D4=C4=C5=CC=D8=CE=D9=CA =D0=C1=CB=C5=D4 perl4-c=
ompat.  =EE=C1=CC=C9=DE=C9=C5 =DC=D4=CF=C7=CF =D0=C1=CB=C5=D4=C1 =D7 =D3=C9=
=D3=D4=C5=CD
=CD=CF=D6=C5=D4 =CF=DA=CE=C1=DE=C1=D4=D8 =D4=C1=CB=D6=C5 =CE=C1=CC=C9=DE=C9=
=C5 =D7 =D3=C9=D3=D4=C5=CD=C5 =D0=C5=D2=CC=CF=D7=CF=C7=CF =CB=CF=C4=C1, =CE=
=C1=D0=C9=D3=C1=CE=CE=CF=C7=CF
10 =C9=CC=C9 =C2=CF=CC=C5=C5 =CC=C5=D4 =CE=C1=DA=C1=C4 (=C9 =D3 =D4=C5=C8 =
=D0=CF=D2 =D0=CF =D3=D5=DD=C5=D3=D4=D7=D5 =CE=C5 =D0=C5=D2=C5=D2=C1=C2=C1=
=D4=D9=D7=C1=D7=DB=C5=C7=CF=D3=D1).
=F0=D2=C1=D7=C4=C1, =D1 =D3=C4=C5=CC=C1=CC =CD=C1=CC=C5=CE=D8=CB=CF=C5 =D0=
=CF=D3=CC=C1=C2=CC=C5=CE=C9=C5 =C4=CC=D1 autoconf_2.13.

=EB=D3=D4=C1=D4=C9, =D0=D2=C9 =CD=CF=C5=CD =D5=DE=C1=D3=D4=C9=C9 =D7 =CE=CF=
=D7=CF=CA =D7=C5=D2=D3=C9=C9 =D0=C5=D2=CC=C1...
(=CE=C5=D0=CF=C4=C4=C5=D2=D6=C9=D7=C1=C5=CD=CF=C7=CF =CB=CF=C4=C1 =D7 shell=
words.pl =CE=C5 =CF=D3=D4=C1=CE=C5=D4=D3=D1)


Change 23838 by rgs@grubert on 2005/01/20 18:21:36

	Subject: Re: [perl #33173] shellwords.pl and tainting
	From: Alexey Tourbin <at@altlinux.ru>
	Date: Tue, 28 Dec 2004 22:29:37 +0300
	Message-ID: <20041228192937.GB7824@solemn.turbinal.org>

Affected files ...

=2E.. //depot/perl/MANIFEST#1210 edit
=2E.. //depot/perl/lib/Text/ParseWords.pm#21 edit
=2E.. //depot/perl/lib/Text/ParseWords/taint.t#1 add
=2E.. //depot/perl/lib/shellwords.pl#8 edit

Differences ...

=3D=3D=3D=3D //depot/perl/MANIFEST#1210 (text) =3D=3D=3D=3D
Index: perl/MANIFEST
--- perl/MANIFEST#1209~23836~	Thu Jan 20 05:21:14 2005
+++ perl/MANIFEST	Thu Jan 20 10:21:36 2005
@@ -1865,6 +1865,7 @@
 lib/Text/Balanced/t/gentag.t	See if Text::Balanced works
 lib/Text/ParseWords.pm		Perl module to split words on arbitrary delimiter
 lib/Text/ParseWords.t		See if Text::ParseWords works
+lib/Text/ParseWords/taint.t	See if Text::ParseWords works with tainting
 lib/Text/Soundex.pm		Perl module to implement Soundex
 lib/Text/Soundex.t		See if Soundex works
 lib/Text/Tabs.pm		Do expand and unexpand

=3D=3D=3D=3D //depot/perl/lib/Text/ParseWords.pm#21 (text) =3D=3D=3D=3D
Index: perl/lib/Text/ParseWords.pm
--- perl/lib/Text/ParseWords.pm#20~23060~	Tue Jul  6 14:43:05 2004
+++ perl/lib/Text/ParseWords.pm	Thu Jan 20 10:21:36 2005
@@ -12,7 +12,7 @@
=20
=20
 sub shellwords {
-    local(@lines) =3D @_;
+    my(@lines) =3D @_;
     $lines[$#lines] =3D~ s/\s+$//;
     return(quotewords('\s+', 0, @lines));
 }
@@ -22,7 +22,6 @@
 sub quotewords {
     my($delim, $keep, @lines) =3D @_;
     my($line, @words, @allwords);
-   =20
=20
     foreach $line (@lines) {
 	@words =3D parse_line($delim, $keep, $line);
@@ -37,7 +36,7 @@
 sub nested_quotewords {
     my($delim, $keep, @lines) =3D @_;
     my($i, @allwords);
-   =20
+
     for ($i =3D 0; $i < @lines; $i++) {
 	@{$allwords[$i]} =3D parse_line($delim, $keep, $lines[$i]);
 	return() unless (@{$allwords[$i]} || !length($lines[$i]));
@@ -48,13 +47,11 @@
=20
=20
 sub parse_line {
-	# We will be testing undef strings
-	no warnings;
-	use re 'taint'; # if it's tainted, leave it as such
-
     my($delimiter, $keep, $line) =3D @_;
     my($word, @pieces);
=20
+    no warnings 'uninitialized';	# we will be testing undef strings
+
     while (length($line)) {
 	$line =3D~ s/^(["'])			# a $quote
         	    ((?:\\.|(?!\1)[^\\])*)	# and $quoted text
@@ -77,6 +74,7 @@
 		$quoted =3D~ s/\\([\\'])/$1/g if ( $PERL_SINGLE_QUOTE && $quote eq "'");
             }
 	}
+        $word .=3D substr($line, 0, 0);	# leave results tainted
         $word .=3D defined $quote ? $quoted : $unquoted;
 =20
         if (length($delim)) {
@@ -100,41 +98,48 @@
     #	@words =3D old_shellwords($line);
     #	or
     #	@words =3D old_shellwords(@lines);
+    #	or
+    #	@words =3D old_shellwords();	# defaults to $_ (and clobbers it)
=20
-    local($_) =3D join('', @_);
-    my(@words,$snippet,$field);
+    no warnings 'uninitialized';	# we will be testing undef strings
+    local *_ =3D \join('', @_) if @_;
+    my (@words, $snippet);
=20
-    s/^\s+//;
+    s/\A\s+//;
     while ($_ ne '') {
-	$field =3D '';
+	my $field =3D substr($_, 0, 0);	# leave results tainted
 	for (;;) {
-	    if (s/^"(([^"\\]|\\.)*)"//) {
-		($snippet =3D $1) =3D~ s#\\(.)#$1#g;
+	    if (s/\A"(([^"\\]|\\.)*)"//s) {
+		($snippet =3D $1) =3D~ s#\\(.)#$1#sg;
 	    }
-	    elsif (/^"/) {
+	    elsif (/\A"/) {
+		require Carp;
+		Carp::carp("Unmatched double quote: $_");
 		return();
 	    }
-	    elsif (s/^'(([^'\\]|\\.)*)'//) {
-		($snippet =3D $1) =3D~ s#\\(.)#$1#g;
+	    elsif (s/\A'(([^'\\]|\\.)*)'//s) {
+		($snippet =3D $1) =3D~ s#\\(.)#$1#sg;
 	    }
-	    elsif (/^'/) {
+	    elsif (/\A'/) {
+		require Carp;
+		Carp::carp("Unmatched single quote: $_");
 		return();
 	    }
-	    elsif (s/^\\(.)//) {
+	    elsif (s/\A\\(.)//s) {
 		$snippet =3D $1;
 	    }
-	    elsif (s/^([^\s\\'"]+)//) {
+	    elsif (s/\A([^\s\\'"]+)//) {
 		$snippet =3D $1;
 	    }
 	    else {
-		s/^\s+//;
+		s/\A\s+//;
 		last;
 	    }
 	    $field .=3D $snippet;
 	}
 	push(@words, $field);
     }
-    @words;
+    return @words;
 }
=20
 1;

=3D=3D=3D=3D //depot/perl/lib/Text/ParseWords/taint.t#1 (text) =3D=3D=3D=3D
Index: perl/lib/Text/ParseWords/taint.t
--- /dev/null	Tue May  5 13:32:27 1998
+++ perl/lib/Text/ParseWords/taint.t	Thu Jan 20 10:21:36 2005
@@ -0,0 +1,23 @@
+#!./perl -Tw
+# [perl #33173] shellwords.pl and tainting
+
+BEGIN {
+    chdir 't' if -d 't';
+    @INC =3D '../lib';
+    require Config;
+    if ($Config::Config{extensions} !~ /\bList\/Util\b/) {
+	print "1..0 # Skip: Scalar::Util was not built\n";
+	exit 0;
+    }
+}
+
+use Text::ParseWords qw(shellwords old_shellwords);
+use Scalar::Util qw(tainted);
+
+print "1..2\n";
+
+print "not " if grep { not tainted($_) } shellwords("$0$^X");
+print "ok 1\n";
+
+print "not " if grep { not tainted($_) } old_shellwords("$0$^X");
+print "ok 2\n";

=3D=3D=3D=3D //depot/perl/lib/shellwords.pl#8 (text) =3D=3D=3D=3D
Index: perl/lib/shellwords.pl
--- perl/lib/shellwords.pl#7~23681~	Fri Dec 24 05:51:59 2004
+++ perl/lib/shellwords.pl	Thu Jan 20 10:21:36 2005
@@ -8,40 +8,7 @@
 ;#	or
 ;#	@words =3D shellwords();		# defaults to $_ (and clobbers it)
=20
-sub shellwords {
-    local *_ =3D \join('', @_) if @_;
-    my (@words, $snippet);
+require Text::ParseWords;
+*shellwords =3D \&Text::ParseWords::old_shellwords;
=20
-    s/\A\s+//;
-    while ($_ ne '') {
-	my $field =3D substr($_, 0, 0);	# leave results tainted
-	for (;;) {
-	    if (s/\A"(([^"\\]|\\.)*)"//s) {
-		($snippet =3D $1) =3D~ s#\\(.)#$1#sg;
-	    }
-	    elsif (/\A"/) {
-		die "Unmatched double quote: $_\n";
-	    }
-	    elsif (s/\A'(([^'\\]|\\.)*)'//s) {
-		($snippet =3D $1) =3D~ s#\\(.)#$1#sg;
-	    }
-	    elsif (/\A'/) {
-		die "Unmatched single quote: $_\n";
-	    }
-	    elsif (s/\A\\(.)//s) {
-		$snippet =3D $1;
-	    }
-	    elsif (s/\A([^\s\\'"]+)//) {
-		$snippet =3D $1;
-	    }
-	    else {
-		s/\A\s+//;
-		last;
-	    }
-	    $field .=3D $snippet;
-	}
-	push(@words, $field);
-    }
-    return @words;
-}
 1;
End of Patch.

> --=20
> // AB1002-UANIC

--6WlEvdN9Dv0WHSBl
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFCRDamfBKgtDjnu0YRAs7dAJ9noe65kjKUB1wdaRHBn5lOt7wqBQCcCwlq
rKCuRPTEOXRlX8lEukqUZ3A=
=FKzT
-----END PGP SIGNATURE-----

--6WlEvdN9Dv0WHSBl--