ruby-changes:11757
From: yugui <ko1@a...>
Date: Tue, 12 May 2009 00:07:19 +0900 (JST)
Subject: [ruby-changes:11757] Ruby:r23404 (ruby_1_9_1): * ext/dl/lib/dl/func.rb (DL::Function#call): prevents
yugui 2009-05-12 00:07:00 +0900 (Tue, 12 May 2009) New Revision: 23404 http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=23404 Log: * ext/dl/lib/dl/func.rb (DL::Function#call): prevents passing tainted arguments to a C function. Patch by sheepman <sheepman AT sheepman.sakura.ne.jp>. * ext/dl/lib/dl/func.rb (DL::Function#check_safe_obj): new method for checking #call's arguments. Modified files: branches/ruby_1_9_1/ChangeLog branches/ruby_1_9_1/ext/dl/lib/dl/func.rb Index: ruby_1_9_1/ChangeLog =================================================================== --- ruby_1_9_1/ChangeLog (revision 23403) +++ ruby_1_9_1/ChangeLog (revision 23404) @@ -1,3 +1,12 @@ +Mon May 11 22:33:46 2009 Yuki Sonoda (Yugui) <yugui@y...> + + * ext/dl/lib/dl/func.rb (DL::Function#call): prevents + passing tainted arguments to a C function. + Patch by sheepman <sheepman AT sheepman.sakura.ne.jp>. + + * ext/dl/lib/dl/func.rb (DL::Function#check_safe_obj): + new method for checking #call's arguments. + Tue Mar 10 04:53:16 2009 Nobuyoshi Nakada <nobu@r...> * configure.in (MINIRUBY): keep macro into Makefile. Index: ruby_1_9_1/ext/dl/lib/dl/func.rb =================================================================== --- ruby_1_9_1/ext/dl/lib/dl/func.rb (revision 23403) +++ ruby_1_9_1/ext/dl/lib/dl/func.rb (revision 23404) @@ -25,8 +25,16 @@ @cfunc.to_i end + def check_safe_obj(val) + if $SAFE > 0 and val.tainted? + raise SecurityError, 'Insecure operation' + end + end + def call(*args, &block) funcs = [] + args.each{|e| check_safe_obj(e) } + check_safe_obj(block) args = wrap_args(args, @stack.types, funcs, &block) r = @cfunc.call(@stack.pack(args)) funcs.each{|f| f.unbind_at_call()} -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/