Skip Menu |
 

Preferred bug tracker

Please visit the preferred bug tracker to report your issue.

This queue is for tickets about the Crypt-Rijndael CPAN distribution.

Report information
The Basics
Id: 40511
Status: resolved
Priority: 0/
Queue: Crypt-Rijndael

People
Owner: Nobody in particular
Requestors: dean [...] cs.serenevy.net
Cc:
AdminCc:

Bug Information
Severity: (no value)
Broken in: 1.06
Fixed in: (no value)



Subject: tainted key fails with misleading "key must be a string scalar"
Download (untitled) / with headers
text/plain 391b
In taint mode a tainted key value issues the misleading "key must be a string scalar" error due to failing SvPOK check. Either alter test to accept tainted keys or alter error message to indicate that untainting may be necessary. To recreate: #!/usr/bin/perl -wT use strict; use Crypt::Rijndael; my $key = substr($^X,0,0) . "a"x32; Crypt::Rijndael->new( $key, Crypt::Rijndael::MODE_CBC );
Download (untitled) / with headers
text/plain 521b
On Wed Oct 29 20:13:21 2008, dean@cs.serenevy.net wrote: Show quoted text
> In taint mode a tainted key value issues the misleading "key must be a > string scalar" error due to failing SvPOK check. Either alter test to > accept tainted keys or alter error message to indicate that untainting > may be necessary.
I've updated the error message and uploaded 1.07_02 to PAUSE to let the CPAN Testers have a wack at it. I'm not a big internals guy, so if someone wants to use tainted data as an initialization vector, send me the patch.


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.