Skip Menu |
 

This queue is for tickets about the App-perlbrew CPAN distribution.

Report information
The Basics
Id: 103807
Status: new
Priority: 0/
Queue: App-perlbrew

People
Owner: Nobody in particular
Requestors: KENTNL [...] cpan.org
Cc:
AdminCc:

Bug Information
Severity: (no value)
Broken in: 0.73
Fixed in: (no value)



Subject: Incorrect parameter escaping leaves --as entirelyt unquoted
Download (untitled) / with headers
text/html 1021b

perlbrew install perl-5.21.10 -v --as ' --bogus '


This generates  a shell command line of:

 

(cd /home/vagrant/perl5/perlbrew/build/perl-5.21.10 && rm -f config.sh Policy.sh && patchperl && sh Configure -de '-Dprefix=/home/vagrant/perl5/perlbrew/perls/ --bogus' '-Dusedevel' '-A'eval:scriptdir=/home/vagrant/perl5/perlbrew/perls/ --bogus/bin'' && make  && make test_harness && make install)

Take careful note of the '-A' quoting:

'-A'eval:scriptdir=/home/vagrant/perl5/perlbrew/perls/ --bogus/bin''
|xx|----------------||

xx parts are quoted.
-- parts are unquoted.

This means things as simple as spaces are enough to cause perlbrew to change where it passes its script dir, and instead pass an unintentionally shorter one, followed by an extraneous argument.

 

On 2015-04-19 01:12:00, KENTNL wrote:
> perlbrew install perl-5.21.10 -v --as ' --bogus '
>
>
> This generates a shell command line of:
>
> (cd /home/vagrant/perl5/perlbrew/build/perl-5.21.10 && rm -f config.sh
> Policy.sh && patchperl && sh Configure -de
> '-Dprefix=/home/vagrant/perl5/perlbrew/perls/ --bogus' '-Dusedevel'
> '-A'eval:scriptdir=/home/vagrant/perl5/perlbrew/perls/ --bogus/bin''
> && make &&
> make test_harness && make install)
>
> Take careful note of the '-A' quoting:
>
> '-A'eval:scriptdir=/home/vagrant/perl5/perlbrew/perls/ --bogus/bin''
> |xx|----------------||
>
> xx parts are quoted.
> -- parts are unquoted.
>
> This means things as simple as spaces are enough to cause perlbrew to
> change
> where it passes its script dir, and instead pass an unintentionally
> shorter
> one, followed by an extraneous argument.


More over, it appears the RHS of the equation *also*  needs quoting  as that -Aeval= line gets run somewhere.

For instance, manual pluming with

   -"A'eval:scriptdir=perl<5/bin'"

Is enough to create an unusual  bug occur:

Configure: line 1660: 5/bin: No such file or directory

Changing this to: 

   -"A'eval:scriptdir=\"perl<5/bin\"'"

 

Gets around config, and then perl itself gets ugly sometime post-config.
 



This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.