Add memCHRs() macro and use it

This replaces strchr("list", c) calls throughout the core. They don't work properly when 'c' is a NUL, returning the position of the terminating NUL in "list" instead of failure. This could lead to segfaults or even security issues.
author: Karl Williamson <khw@cpan.org> 2019-12-07 13:47:05 -0700
committer: Karl Williamson <khw@cpan.org> 2019-12-18 09:33:09 -0700
commit: 4aada8b9eda25f3f024283c0c27c1424b5ba40ff (patch)
tree: 2c0ded2d593e998be054336ebf9648e4e18877fb /os2
parent: fcafb10c71dbfc03eacb02eeb0c567facc269a72 (diff)
download: perl-4aada8b9eda25f3f024283c0c27c1424b5ba40ff.tar.gz
2 files changed, 2 insertions, 2 deletions
diff --git a/os2/dl_os2.c b/os2/dl_os2.c
index 76fa9dc42d..f15c465f62 100644
--- a/os2/dl_os2.c
+++ b/os2/dl_os2.c
@@ -121,7 +121,7 @@ dlopen(const char *path, int mode)
 	/* Not found. Check for non-FAT name and try truncated name. */
 	/* Don't know if this helps though... */
 	for (beg = dot = path + strlen(path);
-	     beg > path && !strchr(":/\\", *(beg-1));
+	     beg > path && !memCHRs(":/\\", *(beg-1));
 	     beg--)
 		if (*beg == '.')
 			dot = beg;
diff --git a/os2/os2.c b/os2/os2.c
index ae987cb06f..0c9fa17831 100644
--- a/os2/os2.c
+++ b/os2/os2.c
@@ -1400,7 +1400,7 @@ do_spawn3(pTHX_ char *cmd, int execf, int flag)
 	goto doshell;
 
     for (s = cmd; *s; s++) {
-	if (*s != ' ' && !isALPHA(*s) && strchr("$&*(){}[]'\";\\|?<>~`\n",*s)) {
+	if (*s != ' ' && !isALPHA(*s) && memCHRs("$&*(){}[]'\";\\|?<>~`\n",*s)) {
 	    if (*s == '\n' && s[1] == '\0') {
 		*s = '\0';
 		break;
author	Karl Williamson <khw@cpan.org>	2019-12-07 13:47:05 -0700
committer	Karl Williamson <khw@cpan.org>	2019-12-18 09:33:09 -0700
commit	4aada8b9eda25f3f024283c0c27c1424b5ba40ff (patch)
tree	2c0ded2d593e998be054336ebf9648e4e18877fb /os2
parent	fcafb10c71dbfc03eacb02eeb0c567facc269a72 (diff)
download	perl-4aada8b9eda25f3f024283c0c27c1424b5ba40ff.tar.gz