From: Rafael Garcia-Suarez Date: Thu, 29 Apr 2010 13:02:01 +0200 Subject: [PATCH] Wrap by default coderefs returned by rdo and reval Origin: http://perl5.git.perl.org/perl.git/commit/554545435d592fa5ae8b79e031e59e9b09d6ff69 Bug-Debian: http://bugs.debian.org/631529 (suggested by Tim Bunce) Modified to apply to 5.10 in Debian. --- ext/Safe/Safe.pm | 8 +++++--- 1 files changed, 5 insertions(+), 3 deletions(-) diff --git a/ext/Safe/Safe.pm b/ext/Safe/Safe.pm index e33598e..52532e4 100644 --- a/ext/Safe/Safe.pm +++ b/ext/Safe/Safe.pm @@ -346,6 +346,7 @@ sub reval { ? Opcode::_safe_call_sv($root, $obj->{Mask}, $evalsub) : scalar Opcode::_safe_call_sv($root, $obj->{Mask}, $evalsub); _clean_stash($root.'::') if $sg != sub_generation(); + $obj->wrap_code_refs_within(@subret); return (wantarray) ? @subret : $subret[0]; } @@ -424,6 +425,7 @@ sub rdo { ? Opcode::_safe_call_sv($root, $obj->{Mask}, $evalsub) : scalar Opcode::_safe_call_sv($root, $obj->{Mask}, $evalsub); _clean_stash($root.'::') if $sg != sub_generation(); + $obj->wrap_code_refs_within(@subret); return (wantarray) ? @subret : $subret[0]; } @@ -637,9 +639,9 @@ expression evaluated, or a return statement may be used, just as with subroutines and B. The context (list or scalar) is determined by the caller as usual. -This behaviour differs from the beta distribution of the Safe extension -where earlier versions of perl made it hard to mimic the return -behaviour of the eval() command and the context was always scalar. +If the return value of reval() is (or contains) any code reference, +those code references are wrapped to be themselves executed always +in the compartment. See L. The formerly undocumented STRICT argument sets strictness: if true 'use strict;' is used, otherwise it uses 'no strict;'. B: if -- tg: (597a298..) fixes/safe-reval-rdo-cve-2010-1447 (depends on: fixes/safe-upgrade)