Summary: | lc launders tainted flag | |||
---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Petr Pisar <ppisar> | |
Component: | perl | Assignee: | Marcela Mašláňová <mmaslano> | |
Status: | CLOSED DUPLICATE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | |
Severity: | unspecified | Docs Contact: | ||
Priority: | unspecified | |||
Version: | 14 | CC: | cweyl, iarnell, jlieskov, kasal, lkundrak, mmaslano, ppisar, psabata, rc040203, tcallawa | |
Target Milestone: | --- | Keywords: | Regression, Security | |
Target Release: | --- | |||
Hardware: | Unspecified | |||
OS: | Unspecified | |||
URL: | http://rt.perl.org/rt3//Public/Bug/Display.html?id=87336 | |||
Whiteboard: | ||||
Fixed In Version: | Doc Type: | Bug Fix | ||
Doc Text: | Story Points: | --- | ||
Clone Of: | ||||
: | 692862 (view as bug list) | Environment: | ||
Last Closed: | 2011-04-01 14:42:06 UTC | Type: | --- | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: |
*** This bug has been marked as a duplicate of bug 692898 *** |
perlsec manual states: > Laundering data using regular expression is the _only_ mechanism for > untainting dirty data, [...] However perl-5.12.3-142.fc14.x86_64 clears tainted flag even after lc() and uc() perl functions: $ perl -Te 'use Scalar::Util qw(tainted); printf("%d %d %d\n", tainted($0), tainted(lc($0)), tainted(uc($0)));' 1 0 0 This has been recognized by upstream as a security regression and fixed in forthcoming perl-5.14 (RT #87336).