ruby-changes:35410

usa	2014-09-10 11:42:11 +0900 (Wed, 10 Sep 2014)

  New Revision: 47492

  http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=47492

  Log:
    merge revision(s) 46547: [Backport #9976]
    
    * hash.c (env_aset, env_has_key, env_assoc, env_has_value),
      (env_rassoc, env_key): prohibit tainted strings if $SAFE is
      non-zero.  [Bug #9976]

  Modified directories:
    branches/ruby_2_0_0/
  Modified files:
    branches/ruby_2_0_0/ChangeLog
    branches/ruby_2_0_0/hash.c
    branches/ruby_2_0_0/test/ruby/test_env.rb
    branches/ruby_2_0_0/version.h
Index: ruby_2_0_0/ChangeLog
===================================================================
--- ruby_2_0_0/ChangeLog	(revision 47491)
+++ ruby_2_0_0/ChangeLog	(revision 47492)
@@ -1,3 +1,9 @@ https://github.com/ruby/ruby/blob/trunk/ruby_2_0_0/ChangeLog#L1
+Wed Sep 10 11:39:54 2014  Nobuyoshi Nakada  <nobu@r...>
+
+	* hash.c (env_aset, env_has_key, env_assoc, env_has_value),
+	  (env_rassoc, env_key): prohibit tainted strings if $SAFE is
+	  non-zero.  [Bug #9976]
+
 Sat Sep  6 09:10:45 2014  Zachary Scott  <e@z...>
 
 	* lib/rdoc/generator/template/darkfish/js/jquery.js: Backport
Index: ruby_2_0_0/hash.c
===================================================================
--- ruby_2_0_0/hash.c	(revision 47491)
+++ ruby_2_0_0/hash.c	(revision 47492)
@@ -2547,8 +2547,8 @@ env_aset(VALUE obj, VALUE nm, VALUE val) https://github.com/ruby/ruby/blob/trunk/ruby_2_0_0/hash.c#L2547
 	env_delete(obj, nm);
 	return Qnil;
     }
-    StringValue(nm);
-    StringValue(val);
+    SafeStringValue(nm);
+    SafeStringValue(val);
     name = RSTRING_PTR(nm);
     value = RSTRING_PTR(val);
     if (memchr(name, '\0', RSTRING_LEN(nm)))
@@ -3048,7 +3048,8 @@ env_has_key(VALUE env, VALUE key) https://github.com/ruby/ruby/blob/trunk/ruby_2_0_0/hash.c#L3048
     char *s;
 
     rb_secure(4);
-    s = StringValuePtr(key);
+    SafeStringValue(key);
+    s = RSTRING_PTR(key);
     if (memchr(s, '\0', RSTRING_LEN(key)))
 	rb_raise(rb_eArgError, "bad environment variable name");
     if (getenv(s)) return Qtrue;
@@ -3068,7 +3069,8 @@ env_assoc(VALUE env, VALUE key) https://github.com/ruby/ruby/blob/trunk/ruby_2_0_0/hash.c#L3069
     char *s, *e;
 
     rb_secure(4);
-    s = StringValuePtr(key);
+    SafeStringValue(key);
+    s = RSTRING_PTR(key);
     if (memchr(s, '\0', RSTRING_LEN(key)))
 	rb_raise(rb_eArgError, "bad environment variable name");
     e = getenv(s);
@@ -3091,6 +3093,7 @@ env_has_value(VALUE dmy, VALUE obj) https://github.com/ruby/ruby/blob/trunk/ruby_2_0_0/hash.c#L3093
     rb_secure(4);
     obj = rb_check_string_type(obj);
     if (NIL_P(obj)) return Qnil;
+    rb_check_safe_obj(obj);
     env = GET_ENVIRON(environ);
     while (*env) {
 	char *s = strchr(*env, '=');
@@ -3122,6 +3125,7 @@ env_rassoc(VALUE dmy, VALUE obj) https://github.com/ruby/ruby/blob/trunk/ruby_2_0_0/hash.c#L3125
     rb_secure(4);
     obj = rb_check_string_type(obj);
     if (NIL_P(obj)) return Qnil;
+    rb_check_safe_obj(obj);
     env = GET_ENVIRON(environ);
     while (*env) {
 	char *s = strchr(*env, '=');
@@ -3153,7 +3157,7 @@ env_key(VALUE dmy, VALUE value) https://github.com/ruby/ruby/blob/trunk/ruby_2_0_0/hash.c#L3157
     VALUE str;
 
     rb_secure(4);
-    StringValue(value);
+    SafeStringValue(value);
     env = GET_ENVIRON(environ);
     while (*env) {
 	char *s = strchr(*env, '=');
Index: ruby_2_0_0/version.h
===================================================================
--- ruby_2_0_0/version.h	(revision 47491)
+++ ruby_2_0_0/version.h	(revision 47492)
@@ -1,10 +1,10 @@ https://github.com/ruby/ruby/blob/trunk/ruby_2_0_0/version.h#L1
 #define RUBY_VERSION "2.0.0"
-#define RUBY_RELEASE_DATE "2014-09-06"
-#define RUBY_PATCHLEVEL 556
+#define RUBY_RELEASE_DATE "2014-09-10"
+#define RUBY_PATCHLEVEL 557
 
 #define RUBY_RELEASE_YEAR 2014
 #define RUBY_RELEASE_MONTH 9
-#define RUBY_RELEASE_DAY 6
+#define RUBY_RELEASE_DAY 10
 
 #include "ruby/version.h"
 
Index: ruby_2_0_0/test/ruby/test_env.rb
===================================================================
--- ruby_2_0_0/test/ruby/test_env.rb	(revision 47491)
+++ ruby_2_0_0/test/ruby/test_env.rb	(revision 47492)
@@ -448,4 +448,85 @@ class TestEnv < Test::Unit::TestCase https://github.com/ruby/ruby/blob/trunk/ruby_2_0_0/test/ruby/test_env.rb#L448
       end;
     end
   end
+
+  def test_taint_aref
+    assert_raise(SecurityError) do
+      proc do
+        $SAFE = 2
+        ENV["FOO".taint]
+      end.call
+    end
+  end
+
+  def test_taint_fetch
+    assert_raise(SecurityError) do
+      proc do
+        $SAFE = 2
+        ENV.fetch("FOO".taint)
+      end.call
+    end
+  end
+
+  def test_taint_assoc
+    assert_raise(SecurityError) do
+      proc do
+        $SAFE = 2
+        ENV.assoc("FOO".taint)
+      end.call
+    end
+  end
+
+  def test_taint_rassoc
+    assert_raise(SecurityError) do
+      proc do
+        $SAFE = 2
+        ENV.rassoc("FOO".taint)
+      end.call
+    end
+  end
+
+  def test_taint_key
+    assert_raise(SecurityError) do
+      proc do
+        $SAFE = 2
+        ENV.key("FOO".taint)
+      end.call
+    end
+  end
+
+  def test_taint_key_p
+    assert_raise(SecurityError) do
+      proc do
+        $SAFE = 2
+        ENV.key?("FOO".taint)
+      end.call
+    end
+  end
+
+  def test_taint_value_p
+    assert_raise(SecurityError) do
+      proc do
+        $SAFE = 2
+        ENV.value?("FOO".taint)
+      end.call
+    end
+  end
+
+  def test_taint_aset_value
+    assert_raise(SecurityError) do
+      proc do
+        $SAFE = 2
+        ENV["FOO"] = "BAR".taint
+      end.call
+    end
+  end
+
+  def test_taint_aset_key
+    assert_raise(SecurityError) do
+      proc do
+        $SAFE = 2
+        ENV["FOO".taint] = "BAR"
+      end.call
+    end
+  end
 end

Property changes on: ruby_2_0_0
___________________________________________________________________
Modified: svn:mergeinfo
   Merged /trunk:r46547


--
ML: ruby-changes@q...
Info: http://www.atdot.net/~ko1/quickml/