Re: HTTP Response splitting

It seems that perl's tainting facility could be put to use here. How about a PerlIO layer which prevents you from writing out tainted data?

#!perl -T

package PerlIO::via::TaintCheck;

sub PUSHED { bless [], $_[0] }
sub WRITE {
  my ($obj, $buf, $fh) = @_;
  if (is_tainted($buf)) { die "attempting to output tainted data" }
  print $fh $buf;
  length $buf;
}

sub is_tainted { # borrowed from PHOENIX/Taint-0.09
    local(@_, $@, $^W) = @_;  # Prevent errors, stringifying
    not eval { join("",@_), kill 0; 1 };
}

package main;

use CGI qw(:standard);

binmode STDOUT, ':via(TaintCheck)';
...
# catch insecure use of param data:
print "<p>Welcome, ", param('name'), ", to our web site.\n";
[download]

Comment on Re: HTTP Response splitting Download Code