[前][次][番号順一覧][スレッド一覧]

ruby-changes:35192

From: suke <ko1@a...>
Date: Mon, 25 Aug 2014 20:18:29 +0900 (JST)
Subject: [ruby-changes:35192] suke:r47274 (trunk): * ext/win32ole/win32ole.c(fole_s_connect, fole_initialize): raise a

suke	2014-08-25 20:18:17 +0900 (Mon, 25 Aug 2014)

  New Revision: 47274

  http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=47274

  Log:
    * ext/win32ole/win32ole.c(fole_s_connect, fole_initialize): raise a
      security error with the tainted string object.
    * ext/win32ole/win32ole_event.c(ev_advise): ditto.
    * test/win32ole/test_win32ole.rb(test_s_new_exc_svr_tainted,
      test_s_new_exc_host_tainted): ditto.
    * test/win32ole/test_win32ole_event.rb(test_s_new_exc_tainted): ditto.

  Modified files:
    trunk/ChangeLog
    trunk/ext/win32ole/win32ole.c
    trunk/ext/win32ole/win32ole_event.c
    trunk/test/win32ole/test_win32ole.rb
    trunk/test/win32ole/test_win32ole_event.rb
Index: ChangeLog
===================================================================
--- ChangeLog	(revision 47273)
+++ ChangeLog	(revision 47274)
@@ -1,3 +1,12 @@ https://github.com/ruby/ruby/blob/trunk/ChangeLog#L1
+Mon Aug 25 20:15:50 2014  Masaki Suketa <masaki.suketa@n...>
+
+	* ext/win32ole/win32ole.c(fole_s_connect, fole_initialize): raise a
+	  security error with the tainted string object.
+	* ext/win32ole/win32ole_event.c(ev_advise): ditto.
+	* test/win32ole/test_win32ole.rb(test_s_new_exc_svr_tainted,
+	  test_s_new_exc_host_tainted): ditto.
+	* test/win32ole/test_win32ole_event.rb(test_s_new_exc_tainted): ditto.
+
 Mon Aug 25 12:56:54 2014  Ivan Korunkov  <ivankorunkov@y...>
 
 	* lib/logger.rb (format_datetime): use "%6N" to show microsecond.
Index: ext/win32ole/win32ole.c
===================================================================
--- ext/win32ole/win32ole.c	(revision 47273)
+++ ext/win32ole/win32ole.c	(revision 47274)
@@ -26,7 +26,7 @@ https://github.com/ruby/ruby/blob/trunk/ext/win32ole/win32ole.c#L26
 const IID IID_IMultiLanguage2 = {0xDCCFC164, 0x2B38, 0x11d2, {0xB7, 0xEC, 0x00, 0xC0, 0x4F, 0x8F, 0x5D, 0x9A}};
 #endif
 
-#define WIN32OLE_VERSION "1.7.7"
+#define WIN32OLE_VERSION "1.7.8"
 
 typedef HRESULT (STDAPICALLTYPE FNCOCREATEINSTANCEEX)
     (REFCLSID, IUnknown*, DWORD, COSERVERINFO*, DWORD, MULTI_QI*);
@@ -1907,10 +1907,10 @@ fole_s_connect(int argc, VALUE *argv, VA https://github.com/ruby/ruby/blob/trunk/ext/win32ole/win32ole.c#L1907
     ole_initialize();
 
     rb_scan_args(argc, argv, "1*", &svr_name, &others);
-    SafeStringValue(svr_name);
+    StringValue(svr_name);
     if (rb_safe_level() > 0 && OBJ_TAINTED(svr_name)) {
-        rb_raise(rb_eSecurityError, "Insecure Object Connection - %s",
-		 StringValuePtr(svr_name));
+        rb_raise(rb_eSecurityError, "insecure connection - `%s'",
+		StringValuePtr(svr_name));
     }
 
     /* get CLSID from OLE server name */
@@ -2390,16 +2390,16 @@ fole_initialize(int argc, VALUE *argv, V https://github.com/ruby/ruby/blob/trunk/ext/win32ole/win32ole.c#L2390
     rb_call_super(0, 0);
     rb_scan_args(argc, argv, "11*", &svr_name, &host, &others);
 
-    SafeStringValue(svr_name);
+    StringValue(svr_name);
     if (rb_safe_level() > 0 && OBJ_TAINTED(svr_name)) {
-        rb_raise(rb_eSecurityError, "Insecure Object Creation - %s",
+        rb_raise(rb_eSecurityError, "insecure object creation - `%s'",
                  StringValuePtr(svr_name));
     }
     if (!NIL_P(host)) {
-	SafeStringValue(host);
+        StringValue(host);
         if (rb_safe_level() > 0 && OBJ_TAINTED(host)) {
-            rb_raise(rb_eSecurityError, "Insecure Object Creation - %s",
-                     StringValuePtr(svr_name));
+            rb_raise(rb_eSecurityError, "insecure object creation - `%s'",
+                     StringValuePtr(host));
         }
         return ole_create_dcom(self, svr_name, host, others);
     }
Index: ext/win32ole/win32ole_event.c
===================================================================
--- ext/win32ole/win32ole_event.c	(revision 47273)
+++ ext/win32ole/win32ole_event.c	(revision 47274)
@@ -897,12 +897,11 @@ ev_advise(int argc, VALUE *argv, VALUE s https://github.com/ruby/ruby/blob/trunk/ext/win32ole/win32ole_event.c#L897
     }
 
     if(!RB_TYPE_P(itf, T_NIL)) {
+        pitf = StringValuePtr(itf);
         if (rb_safe_level() > 0 && OBJ_TAINTED(itf)) {
-            rb_raise(rb_eSecurityError, "Insecure Event Creation - %s",
+            rb_raise(rb_eSecurityError, "insecure event creation - `%s'",
                      StringValuePtr(itf));
         }
-        SafeStringValue(itf);
-        pitf = StringValuePtr(itf);
         hr = find_iid(ole, pitf, &iid, &pTypeInfo);
     }
     else {
Index: test/win32ole/test_win32ole.rb
===================================================================
--- test/win32ole/test_win32ole.rb	(revision 47273)
+++ test/win32ole/test_win32ole.rb	(revision 47274)
@@ -169,6 +169,33 @@ if defined?(WIN32OLE) https://github.com/ruby/ruby/blob/trunk/test/win32ole/test_win32ole.rb#L169
       }
     end
 
+    def test_s_new_exc_svr_tainted
+      th = Thread.start {
+        $SAFE = 1
+        svr = "Scripting.Dictionary"
+        svr.taint
+        WIN32OLE.new(svr)
+      }
+      exc = assert_raise(SecurityError) {
+        th.join
+      }
+      assert_match(/insecure object creation - `Scripting.Dictionary'/, exc.message)
+    end
+
+    def test_s_new_exc_host_tainted
+      th = Thread.start {
+        $SAFE = 1
+        svr = "Scripting.Dictionary"
+        host = "localhost"
+        host.taint
+        WIN32OLE.new(svr, host)
+      }
+      exc = assert_raise(SecurityError) {
+        th.join
+      }
+      assert_match(/insecure object creation - `localhost'/, exc.message)
+    end
+
     def test_s_new_DCOM
       rshell = WIN32OLE.new("Shell.Application")
       assert_instance_of(WIN32OLE, rshell)
@@ -194,6 +221,19 @@ if defined?(WIN32OLE) https://github.com/ruby/ruby/blob/trunk/test/win32ole/test_win32ole.rb#L221
       }
     end
 
+    def test_s_coonect_exc_tainted
+      th = Thread.start {
+        $SAFE = 1
+        svr = "winmgmts:"
+        svr.taint
+        WIN32OLE.connect(svr)
+      }
+      exc = assert_raise(SecurityError) {
+        th.join
+      }
+      assert_match(/insecure connection - `winmgmts:'/, exc.message)
+    end
+
     def test_invoke_accept_symbol_hash_key
       fso = WIN32OLE.new('Scripting.FileSystemObject')
       afolder = fso.getFolder(".")
Index: test/win32ole/test_win32ole_event.rb
===================================================================
--- test/win32ole/test_win32ole_event.rb	(revision 47273)
+++ test/win32ole/test_win32ole_event.rb	(revision 47274)
@@ -329,6 +329,19 @@ if defined?(WIN32OLE_EVENT) https://github.com/ruby/ruby/blob/trunk/test/win32ole/test_win32ole_event.rb#L329
         message_loop
         assert(h2.ev != "")
       end
+
+      def test_s_new_exc_tainted
+        th = Thread.new {
+          $SAFE=1
+          str = 'ConnectionEvents'
+          str.taint
+          ev = WIN32OLE_EVENT.new(@db, str)
+        }
+        exc = assert_raise(SecurityError) {
+          th.join
+        }
+        assert_match(/insecure event creation - `ConnectionEvents'/, exc.message)
+      end
     end
   end
 end

--
ML: ruby-changes@q...
Info: http://www.atdot.net/~ko1/quickml/

[前][次][番号順一覧][スレッド一覧]