First Last Prev Next    This bug is not in your last search results.
Bug 118575 - Params::Validate taint issue
Params::Validate taint issue
Status: CLOSED NOTABUG
Product: Red Hat Enterprise Linux 2.1
Classification: Red Hat
Component: perl (Show other bugs)
2.1
All Linux
high Severity high
: ---
: ---
Assigned To: Jason Vas Dias
Fanny Augustin
http://smallville.devel.redhat.com/er...
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-03-17 16:22 EST by Bret McMillan
Modified: 2007-11-30 17:06 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-04-21 15:38:07 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Test script that illustrates Params::Validate issue (222 bytes, text/plain)
2004-06-15 08:44 EDT, Greg DeKoenigsberg 		no flags Details
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Bret McMillan 2004-03-17 16:22:32 EST 
my $sid = $pxt->param('sid');

...

my %params = validate(@_, { sid => 1 });
Comment 1 Chip Turner 2004-05-17 12:15:24 EDT 
added new version of perl-Params-Validate (0.74) which should address this
Comment 2 Greg DeKoenigsberg 2004-05-24 16:54:02 EDT 
Bret, any way to replicate this reliably?  If so, update the bug. 
Otherwise, looks like this just goes away and new perl-Params-Validate
becomes part of the TODO.
Comment 3 Bret McMillan 2004-05-24 18:51:19 EDT 
/network/systems/details/edit.pxt

seems to be having the most issues on prod.  Not really sure how
reliable that is for a test though.
Comment 4 Chip Turner 2004-05-27 10:19:14 EDT 
fixed with new Params::Validate
Comment 5 Matt Jamison 2004-06-02 13:57:52 EDT 
test plan?
Comment 6 Chip Turner 2004-06-02 15:47:16 EDT 
there is no test plan; this is infrastructural.  any breakage would have shown up during 
normal site usage.  so basically any ISEs you see may be caused by this, just report as 
usual and engineers will handle it
Comment 7 Fanny Augustin 2004-06-08 10:03:59 EDT 
No breakage was noticed.
Comment 8 Bret McMillan 2004-06-11 11:17:29 EDT 
FAILS_QAing until we know just what's going on w/ IS's 3.2 + updated
Params::Validate pkg satellite so we don't loose track of any fix for
them.
Comment 9 Greg DeKoenigsberg 2004-06-15 08:42:49 EDT 
From Chip's comment:

This script reproduces it when run like (script attached to bug):
echo 1 | perl -T test-taint.pl
                                                                     
          
Looks like a bug in validate_with.  If the param isn't there, and
you're in taint mode, and you're using the XS validator, you are
screwed hard.  Even happens in perl 5.8.3.  I'll report it to the
maintainer.
Comment 10 Greg DeKoenigsberg 2004-06-15 08:44:19 EDT 
Created attachment 101145 [details]
Test script that illustrates Params::Validate issue
Comment 11 Greg DeKoenigsberg 2004-06-15 08:46:02 EDT 
Deferring to rhn350.  We'll keep watching it until something pops out
of the Perl maintainer.

NOTE: in our case, it appears that the worst problem here is that it
masks real errors in RHN code with useless error messages.
Comment 12 Greg DeKoenigsberg 2004-07-12 09:45:27 EDT 
Actually, it occurs to be that this should be aligned against Perl itself.
Comment 13 Jason Vas Dias 2006-04-21 15:38:07 EDT 
Just closing out old bugs here.

We don't ship perl-Params-Validate (the Params::Validate module) in any current
RHEL or Fedora release - looks like this bug has become a non-issue.
If anyone disagrees, please re-open.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.