Cache::Memcached - pos() weirdness

Dave Evans memcached-list-20040309@djce.org.uk
Fri, 21 May 2004 01:10:57 +0100


Brad Fitzpatrick wrote:
>>After some experimentation, it seems the answer is: Taint mode.
> 
> Ah!
> 
> I bet if we just untaint the data we read from the network, it should
> work?

Yeah, you'd have thought so, eh?  Hmmm.  I just tried that, and it
doesn't cut it.

Here's another patch which also makes the problem go away:

--- Memcached.pm.orig   Fri May 21 00:04:04 2004
+++ Memcached.pm        Fri May 21 00:05:21 2004
@@ -486,10 +486,10 @@
             }

             # do we have a complete VALUE line?
-            if ($buf{$sock} =~ /^VALUE (\S+) (\d+) (\d+)\r\n/g) {
+           my $tmpcopy = $buf{$sock};
+            if ($tmpcopy =~ /^VALUE (\S+) (\d+) (\d+)\r\n/g) {
                 ($key{$sock}, $flags{$sock}, $state{$sock}) = ($1,
int($2), $3+2);
-                my $p = pos($buf{$sock});
-                pos($buf{$sock}) = 0;
+                my $p = pos($tmpcopy);
                 my $len = length($buf{$sock});
                 my $copy = $len-$p > $state{$sock} ? $state{$sock} :
$len-$p;
                 $ret->{$key{$sock}} = substr($buf{$sock}, $p, $copy)

So the net result of all this is that I still have no idea why the code
fails :-(   Also IMO the first patch is a more elegant and more
efficient solution than the patch above.

-- 
Dave

PGP key: http://rudolf.org.uk/pgpkey