evil nulls

hi there,
i'm building a perl script that will make some system calls and i want to make it smart enough to catch "evil nulls".

by that i mean there are characters that can trick perl but when they get processed by the system it gets something different than was given to perl.

ie.
in perl, i look for user input to change a password and i want to make sure it's not root.

if ( $input ne "root" )
{
chpass( $input );
}

but there are chars you can pass perl that are null characters:
ie.

$input = "root\0asdf3df23v";
perl sees that and knows it's not equal to "root" so it lets the request thru.... but the system sees the null ("\0") and terminates the string there, changing password for "root".

has anyone programmed things to deal with this condition? above is about the extent of my knowledge on this subject.

any help is greatly appreciated.

well... after some extensive searching, i found it.

this condition is called a "poison nul" not "evil null". and in case anyone is coding perl for system use, here's how you can get rid of those chars:

$userinput =~ s/\0//g;

no longer do you have to worry about someone exploiting your perl code for use on your system!

hooray!