You are viewing a plain text version of this content. The canonical link for it is here.
Posted to modperl-cvs@perl.apache.org by st...@apache.org on 2004/10/01 05:30:12 UTC
cvs commit: modperl-2.0/xs/Apache/RequestIO Apache__RequestIO.h
stas 2004/09/30 20:30:12
Modified: . Changes
t/filter/TestFilter out_str_lc.pm
t/lib/TestAPRlib bucket.pm
t/lib/TestCommon Utils.pm
t/protocol/TestProtocol echo_block.pm
t/response/TestAPR flatten.pm
t/response/TestApache read.pm
xs/APR/Bucket APR__Bucket.h
xs/Apache/Filter Apache__Filter.h
xs/Apache/RequestIO Apache__RequestIO.h
Log:
make sure that Apache::Filter::read, APR::Socket::recv,
Apache::RequestIO::read, APR::Brigade::flatten, and APR::Bucket::read
all return tainted data under -T
Revision Changes Path
1.506 +4 -0 modperl-2.0/Changes
Index: Changes
===================================================================
RCS file: /home/cvs/modperl-2.0/Changes,v
retrieving revision 1.505
retrieving revision 1.506
diff -u -u -r1.505 -r1.506
--- Changes 30 Sep 2004 03:39:24 -0000 1.505
+++ Changes 1 Oct 2004 03:30:11 -0000 1.506
@@ -12,6 +12,10 @@
=item 1.99_17-dev
+make sure that Apache::Filter::read, APR::Socket::recv,
+Apache::RequestIO::read, APR::Brigade::flatten, and APR::Bucket::read
+all return tainted data under -T [Stas]
+
tag the custom pools created by mod_perl for easier pools debug [Joe
Orton]
1.2 +7 -0 modperl-2.0/t/filter/TestFilter/out_str_lc.pm
Index: out_str_lc.pm
===================================================================
RCS file: /home/cvs/modperl-2.0/t/filter/TestFilter/out_str_lc.pm,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -u -r1.1 -r1.2
--- out_str_lc.pm 15 Jan 2003 06:47:15 -0000 1.1
+++ out_str_lc.pm 1 Oct 2004 03:30:11 -0000 1.2
@@ -5,12 +5,19 @@
use Apache::Filter ();
+use TestCommon::Utils;
+
use Apache::Const -compile => 'OK';
sub handler {
my $filter = shift;
while ($filter->read(my $buffer, 1024)) {
+
+ # test that read() returns tainted data
+ die "read() has returned untainted data"
+ unless TestCommon::Utils::is_tainted($buffer);
+
$filter->print(lc $buffer);
}
1.5 +11 -1 modperl-2.0/t/lib/TestAPRlib/bucket.pm
Index: bucket.pm
===================================================================
RCS file: /home/cvs/modperl-2.0/t/lib/TestAPRlib/bucket.pm,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -u -r1.4 -r1.5
--- bucket.pm 21 Aug 2004 00:41:36 -0000 1.4
+++ bucket.pm 1 Oct 2004 03:30:11 -0000 1.5
@@ -7,12 +7,13 @@
use Apache::Test;
use Apache::TestUtil;
+use TestCommon::Utils;
use APR::Bucket ();
use APR::BucketType ();
sub num_of_tests {
- return 14;
+ return 16;
}
sub test {
@@ -118,6 +119,15 @@
return APR::Bucket->new(lc $data);
}
+ }
+
+ # read data is tainted
+ {
+ my $data = "xxx";
+ my $b = APR::Bucket->new($data);
+ $b->read(my $read);
+ ok t_cmp($read, $data, 'new($data)');
+ ok TestCommon::Utils::is_tainted($read);
}
# remove/destroy
1.2 +2 -0 modperl-2.0/t/lib/TestCommon/Utils.pm
Index: Utils.pm
===================================================================
RCS file: /home/cvs/modperl-2.0/t/lib/TestCommon/Utils.pm,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -u -r1.1 -r1.2
--- Utils.pm 1 Oct 2004 03:05:04 -0000 1.1
+++ Utils.pm 1 Oct 2004 03:30:11 -0000 1.2
@@ -20,7 +20,9 @@
use TestCommon::Utils;
+ # test whether some SV is tainted
$b->read(my $data);
+ ok TestCommon::Utils::is_tainted($data);
1.9 +8 -2 modperl-2.0/t/protocol/TestProtocol/echo_block.pm
Index: echo_block.pm
===================================================================
RCS file: /home/cvs/modperl-2.0/t/protocol/TestProtocol/echo_block.pm,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -u -r1.8 -r1.9
--- echo_block.pm 28 Sep 2004 01:47:23 -0000 1.8
+++ echo_block.pm 1 Oct 2004 03:30:11 -0000 1.9
@@ -11,6 +11,8 @@
use Apache::Connection ();
use APR::Socket ();
+use TestCommon::Utils;
+
use Apache::Const -compile => 'OK';
use APR::Const -compile => qw(SO_NONBLOCK);
@@ -31,8 +33,12 @@
or die "failed to set blocking mode";
}
- while ($socket->recv(my $buff, BUFF_LEN)) {
- $socket->send($buff);
+ while ($socket->recv(my $buffer, BUFF_LEN)) {
+
+ die "recv() has returned untainted data:"
+ unless TestCommon::Utils::is_tainted($buffer);
+
+ $socket->send($buffer);
}
Apache::OK;
1.7 +6 -1 modperl-2.0/t/response/TestAPR/flatten.pm
Index: flatten.pm
===================================================================
RCS file: /home/cvs/modperl-2.0/t/response/TestAPR/flatten.pm,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -u -r1.6 -r1.7
--- flatten.pm 8 Jul 2004 06:06:33 -0000 1.6
+++ flatten.pm 1 Oct 2004 03:30:12 -0000 1.7
@@ -5,6 +5,7 @@
use Apache::Test;
use Apache::TestUtil;
+use TestCommon::Utils;
use Apache::RequestRec ();
use APR::Bucket ();
@@ -16,7 +17,7 @@
my $r = shift;
- plan $r, tests => 20;
+ plan $r, tests => 26;
# first, create a brigade
my $pool = $r->pool;
@@ -95,6 +96,8 @@
Apache::OK;
}
+# this sub runs 3 sub-tests with a false $check_content
+# and 4 otherwise
sub verify {
my($len, $expected_len, $data, $check_content) = @_;
@@ -104,6 +107,8 @@
ok t_cmp(length($data),
$len,
"\$bb->flatten(\$data, $len) returned all expected data");
+
+ ok TestCommon::Utils::is_tainted($data);
if ($check_content) {
# don't use t_cmp() here, else we get 200,000 characters
1.5 +6 -1 modperl-2.0/t/response/TestApache/read.pm
Index: read.pm
===================================================================
RCS file: /home/cvs/modperl-2.0/t/response/TestApache/read.pm,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -u -r1.4 -r1.5
--- read.pm 7 Nov 2003 08:55:32 -0000 1.4
+++ read.pm 1 Oct 2004 03:30:12 -0000 1.5
@@ -6,6 +6,8 @@
use Apache::RequestRec ();
use Apache::RequestIO ();
+use TestCommon::Utils;
+
use Apache::Const -compile => 'OK';
use constant BUFSIZ => 512; #small for testing
@@ -29,7 +31,10 @@
$offset += $read;
}
- #make sure we dont block after all data is read
+ die "read() has returned untainted data:"
+ unless TestCommon::Utils::is_tainted($buffer);
+
+ # make sure we dont block after all data is read
my $n = $r->read(my $x, BUFSIZ);
die unless $n == 0;
1.14 +8 -1 modperl-2.0/xs/APR/Bucket/APR__Bucket.h
Index: APR__Bucket.h
===================================================================
RCS file: /home/cvs/modperl-2.0/xs/APR/Bucket/APR__Bucket.h,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -u -r1.13 -r1.14
--- APR__Bucket.h 20 Aug 2004 21:11:00 -0000 1.13
+++ APR__Bucket.h 1 Oct 2004 03:30:12 -0000 1.14
@@ -52,10 +52,17 @@
modperl_croak(aTHX_ rc, "APR::Bucket::read");
}
- sv_setpvn(buffer, (len ? str : ""), len);
+ if (len) {
+ sv_setpvn(buffer, str, len);
+ }
+ else {
+ sv_setpvn(buffer, "", 0);
+ }
/* must run any set magic */
SvSETMAGIC(buffer);
+
+ SvTAINTED_on(buffer);
return len;
}
1.42 +2 -0 modperl-2.0/xs/Apache/Filter/Apache__Filter.h
Index: Apache__Filter.h
===================================================================
RCS file: /home/cvs/modperl-2.0/xs/Apache/Filter/Apache__Filter.h,v
retrieving revision 1.41
retrieving revision 1.42
diff -u -u -r1.41 -r1.42
--- Apache__Filter.h 12 Jul 2004 07:32:07 -0000 1.41
+++ Apache__Filter.h 1 Oct 2004 03:30:12 -0000 1.42
@@ -80,6 +80,8 @@
/* must run any set magic */
SvSETMAGIC(buffer);
+ SvTAINTED_on(buffer);
+
return len;
}
1.56 +2 -1 modperl-2.0/xs/Apache/RequestIO/Apache__RequestIO.h
Index: Apache__RequestIO.h
===================================================================
RCS file: /home/cvs/modperl-2.0/xs/Apache/RequestIO/Apache__RequestIO.h,v
retrieving revision 1.55
retrieving revision 1.56
diff -u -u -r1.55 -r1.56
--- Apache__RequestIO.h 15 Aug 2004 00:20:34 -0000 1.55
+++ Apache__RequestIO.h 1 Oct 2004 03:30:12 -0000 1.56
@@ -251,7 +251,6 @@
if (total > 0) {
mpxs_sv_cur_set(buffer, offset+total);
- SvTAINTED_on(buffer);
}
else {
sv_setpvn(buffer, "", 0);
@@ -259,6 +258,8 @@
/* must run any set magic */
SvSETMAGIC(buffer);
+
+ SvTAINTED_on(buffer);
return newSViv(total);
}
Re: cvs commit: modperl-2.0/xs/Apache/RequestIO Apache__RequestIO.h
Posted by Stas Bekman <st...@stason.org>.
stas@apache.org wrote:
> Index: Changes
> ===================================================================
> RCS file: /home/cvs/modperl-2.0/Changes,v
> retrieving revision 1.505
> retrieving revision 1.506
> diff -u -u -r1.505 -r1.506
> --- Changes 30 Sep 2004 03:39:24 -0000 1.505
> +++ Changes 1 Oct 2004 03:30:11 -0000 1.506
> @@ -12,6 +12,10 @@
>
> =item 1.99_17-dev
>
> +make sure that Apache::Filter::read, APR::Socket::recv,
> +Apache::RequestIO::read, APR::Brigade::flatten, and APR::Bucket::read
> +all return tainted data under -T [Stas]
Could someone please verify whether I've missed some other methods that
populate a buffer of data and we don't test whether they return tainted
data? Thanks a bunch!
This commit has fixed 3 of the methods which previously didn't set the
data to tainted under -T.
--
__________________________________________________________________
Stas Bekman JAm_pH ------> Just Another mod_perl Hacker
http://stason.org/ mod_perl Guide ---> http://perl.apache.org
mailto:stas@stason.org http://use.perl.org http://apacheweek.com
http://modperlbook.org http://apache.org http://ticketmaster.com
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@perl.apache.org
For additional commands, e-mail: dev-help@perl.apache.org