Skip Menu |
 

This queue is for tickets about the bignum CPAN distribution.

Report information
The Basics
Id: 58954
Status: resolved
Priority: 0/
Queue: bignum

People
Owner: Nobody in particular
Requestors: dstahlke [...] gmail.com
Cc:
AdminCc:

Bug Information
Severity: Important
Broken in: 0.22
Fixed in: 0.41



Download (untitled) / with headers
text/plain 273b
bignum's oct function does not perform a conversion if its argument doesn't start with '0'. $ perl -e 'print oct(100)," ",hex(100),"\n"' 64 256 $ perl -Mbignum -e 'print oct(100)," ",hex(100),"\n"' 100 256 $ perl -Mbignum -e 'print oct("0100")," ",hex(100),"\n"' 64 256
Subject: security consequences
From: dstahlke [...] gmail.com
Download (untitled) / with headers
text/plain 227b
I should mention that this potentially has security consequences since oct() is often used as a parameter to chmod. An application that has been tested to work will suddenly have different behavior when 'use bignum;' is added.
Download (untitled) / with headers
text/plain 223b
The _oct() subroutine in bignum.pm requires octal numbers to have a leading '0' (zero). The input to _oct() is passed to the from_oct() subroutine in Math/BigInt.pm, which also requires octal numbers to have a leading zero.
Download (untitled) / with headers
text/plain 286b
A fix for this should also give the same output as the cases below, when bignum is in effect. I.e., when the string is prefixed by '0b' or '0x', the prefix takes precedence: $ perl -wle 'print oct "0b1111"' 15 $ perl -wle 'print oct "01111"' 585 $ perl -wle 'print oct "0x1111"' 4369
Resolved in bignum-0.41


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.