Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.
Sign upperl -S erroneously allows \ escapes in PATH #15584
Comments
This comment has been minimized.
This comment has been minimized.
From @cpansproutOn Unix, entries in PATH are separated by : and may validly contain backslashes. ‘perl -S’ erroneously To demonstrate: $ mkdir ~/'\' perl is reading the initial ‘/Users/sprout/\:/usr/bin’ as one PATH entry, which is wrong. The Perl_find_script function in util.c uses delimcpy to find the colon. delimcpy allows the terminator to be escaped, which is inappropriate for this call site. -- Father Chrysostomos |
This comment has been minimized.
This comment has been minimized.
From @xenuOn Sat, 3 Sep 2016 12:24:34 -0500
According to POSIX, it's impossible:
http://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap08.html#tag_08_03 |
This comment has been minimized.
This comment has been minimized.
The RT System itself - Status changed from 'new' to 'open' |
This comment has been minimized.
This comment has been minimized.
From @cpansproutOn Sat Sep 03 13:15:40 2016, me@xenu.pl wrote:
Indeed, as I demonstrated, if you do try to escape a colon, it will not be escaped. The OS will treat \ as the last character of a path. -- Father Chrysostomos |
This comment has been minimized.
This comment has been minimized.
From @cpansproutOn Sat Sep 03 13:20:14 2016, sprout wrote:
Speaking of which, does VMS allow \ to escape a path separator? Also, if the path separator is sometimes | on VMS, then is the code in util.c:find_script even correct for VMS? -- Father Chrysostomos |
This comment has been minimized.
This comment has been minimized.
From @craigberryOn Sat, Sep 3, 2016 at 3:20 PM, Father Chrysostomos via RT
Ah, good. I had understood you to be saying that it did escape it and |
This comment has been minimized.
This comment has been minimized.
From @craigberryOn Sat, Sep 3, 2016 at 3:29 PM, Father Chrysostomos via RT
For purposes of -S, it doesn't look like path separators are involved PERL5LIB tries to do both, i.e., function as a search list or as a |
This comment has been minimized.
This comment has been minimized.
From @tonycozOn Fri Sep 02 22:28:05 2016, sprout wrote:
So use delimcpy_no_escape()? Tony |
This comment has been minimized.
This comment has been minimized.
From @tonycoz0001-perl-129183-don-t-treat-as-an-escape-in-PATH-for-S.patchFrom a6a25977bac8954bedc8ce17c9429a38535e57a1 Mon Sep 17 00:00:00 2001
From: Tony Cook <tony@develop-help.com>
Date: Wed, 12 Oct 2016 10:42:47 +1100
Subject: (perl 129183) don't treat \ as an escape in PATH for -S
---
util.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/util.c b/util.c
index a69ddad..c6727bb 100644
--- a/util.c
+++ b/util.c
@@ -3455,9 +3455,8 @@ Perl_find_script(pTHX_ const char *scriptname, bool dosearch,
if (len < sizeof tmpbuf)
tmpbuf[len] = '\0';
# else
- s = delimcpy(tmpbuf, tmpbuf + sizeof tmpbuf, s, bufend,
- ':',
- &len);
+ s = delimcpy_no_escape(tmpbuf, tmpbuf + sizeof tmpbuf, s, bufend,
+ ':', &len);
# endif
if (s < bufend)
s++;
--
2.1.4
|
This comment has been minimized.
This comment has been minimized.
From @cpansproutOn Tue Oct 11 16:44:52 2016, tonyc wrote:
Yes. (At the time I reported it, I was looking for buggy users of delimcpy, and I correctly surmised that I would not have time to fix them all, hence this bug report.) -- Father Chrysostomos |
This comment has been minimized.
This comment has been minimized.
From @craigberryOn Sat, Sep 3, 2016 at 12:28 AM, Father Chrysostomos
But isn't colon technically legal (if inadvisable) in a Unix filename? |
This comment has been minimized.
This comment has been minimized.
From @tonycozOn Sat, 28 Jan 2017 16:42:24 -0800, craig.a.berry@gmail.com wrote:
That's covered by the original quote from POSIX: directory names that might be used in PATH should not I've applied my patch as e80af1f Tony |
This comment has been minimized.
This comment has been minimized.
@tonycoz - Status changed from 'open' to 'pending release' |
This comment has been minimized.
This comment has been minimized.
From @khwilliamsonThank you for filing this report. You have helped make Perl better. With the release yesterday of Perl 5.28.0, this and 185 other issues have been Perl 5.28.0 may be downloaded via: If you find that the problem persists, feel free to reopen this ticket. |
This comment has been minimized.
This comment has been minimized.
@khwilliamson - Status changed from 'pending release' to 'resolved' |
Migrated from rt.perl.org#129183 (status was 'resolved')
Searchable as RT129183$