PATCH: [perl #120675] Unexpected tainting via regex using locale

Tainting should only be turned on if something that could be tainted is
actually tried.  Hence in a [bracketed character class], if the
character being matched is something like

    "a" =~ /([a-z])/l;

tainting isn't turned on because the match doesn't actually depend on
the locale definition.  That is, it would match regardless of the
locale.  Similarly,

    "A" =~ /([a-z])/l;

shouldn't turn on tainting because it shouldn't match no matter what
locale is in effect.  However, until this commit, this worked only
because of a compilte time optimization.  The following (from the
ticket) isn't optimized and didn't work until this commit:

    "foo.bar_baz" =~ /^(.*)[._](.*?)$/';

The [._] was causing tainting even though there is nothing in the
pattern that is locale-dependent.

This commit just moves the tainting to code branches where the locale
actually does matter.  It was just turning it on for any bracketed
character class where the target character didn't match any of the
explicit characters in the class.

1 files changed, 5 insertions, 0 deletions

diff --git a/lib/locale.t b/lib/locale.t
index b15d297b20..6407a61a55 100644
--- a/lib/locale.t
+++ b/lib/locale.t
@@ -278,6 +278,11 @@ check_taint      $+;
 check_taint      $1;
 check_taint_not  $2;
 
+"a" =~ /([a-z])/;
+check_taint_not $1, '"a" =~ /([a-z])/';
+"foo.bar_baz" =~ /^(.*)[._](.*?)$/;  # Bug 120675
+check_taint_not $1, '"foo.bar_baz" =~ /^(.*)[._](.*?)$/';
+
 # After all this tainting $a should be cool.
 
 check_taint_not  $a;