ruby-changes:51596
From: usa <ko1@a...>
Date: Sat, 30 Jun 2018 22:06:41 +0900 (JST)
Subject: [ruby-changes:51596] usa:r63807 (ruby_2_4): merge revision(s) 60596, 60599: [Backport #14060]
usa 2018-06-30 22:06:35 +0900 (Sat, 30 Jun 2018) New Revision: 63807 https://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=63807 Log: merge revision(s) 60596,60599: [Backport #14060] file.c: infect from arguments * file.c (rb_check_realpath_internal): infetct the result with arguments, no taint if none are tainted and cwd is not used. [ruby-core:83583] [Bug #14060] file.c: infect from arguments * file.c (rb_check_realpath_internal): infetct the result with arguments, no taint if none are tainted and cwd is not used. [ruby-core:83583] [Bug #14060] Modified directories: branches/ruby_2_4/ Modified files: branches/ruby_2_4/file.c branches/ruby_2_4/test/ruby/test_file.rb branches/ruby_2_4/version.h Index: ruby_2_4/file.c =================================================================== --- ruby_2_4/file.c (revision 63806) +++ ruby_2_4/file.c (revision 63807) @@ -3979,7 +3979,7 @@ rb_check_realpath_internal(VALUE basedir https://github.com/ruby/ruby/blob/trunk/ruby_2_4/file.c#L3979 if (origenc != enc && rb_enc_str_asciionly_p(resolved)) rb_enc_associate(resolved, origenc); - OBJ_TAINT(resolved); + OBJ_INFECT(resolved, unresolved_path); return resolved; } Index: ruby_2_4/version.h =================================================================== --- ruby_2_4/version.h (revision 63806) +++ ruby_2_4/version.h (revision 63807) @@ -1,6 +1,6 @@ https://github.com/ruby/ruby/blob/trunk/ruby_2_4/version.h#L1 #define RUBY_VERSION "2.4.5" #define RUBY_RELEASE_DATE "2018-06-30" -#define RUBY_PATCHLEVEL 302 +#define RUBY_PATCHLEVEL 303 #define RUBY_RELEASE_YEAR 2018 #define RUBY_RELEASE_MONTH 6 Index: ruby_2_4/test/ruby/test_file.rb =================================================================== --- ruby_2_4/test/ruby/test_file.rb (revision 63806) +++ ruby_2_4/test/ruby/test_file.rb (revision 63807) @@ -292,6 +292,23 @@ class TestFile < Test::Unit::TestCase https://github.com/ruby/ruby/blob/trunk/ruby_2_4/test/ruby/test_file.rb#L292 end end + def test_realpath_taintedness + Dir.mktmpdir('rubytest-realpath') {|tmpdir| + realdir = File.realpath(tmpdir) + assert_predicate(realdir, :tainted?) + dir, base = File.split(realdir) + assert_predicate(File.realpath(base, dir), :tainted?) + base.untaint + assert_predicate(File.realpath(base, dir), :tainted?) + base.taint + dir.untaint + assert_predicate(File.realpath(base, dir), :tainted?) + base.untaint + assert_not_predicate(File.realpath(base, dir), :tainted?) + assert_predicate(Dir.chdir(dir) {File.realpath(base)}, :tainted?) + } + end + def test_realdirpath Dir.mktmpdir('rubytest-realdirpath') {|tmpdir| realdir = File.realpath(tmpdir) Index: ruby_2_4 =================================================================== --- ruby_2_4 (revision 63806) +++ ruby_2_4 (revision 63807) Property changes on: ruby_2_4 ___________________________________________________________________ Modified: svn:mergeinfo ## -0,0 +0,1 ## Merged /trunk:r60596 -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/