ruby-changes:12746
From: yugui <ko1@a...>
Date: Sun, 9 Aug 2009 15:52:05 +0900 (JST)
Subject: [ruby-changes:12746] Ruby:r24466 (ruby_1_9_1): merges r24396 from trunk into ruby_1_9_1.
yugui 2009-08-09 00:33:47 +0900 (Sun, 09 Aug 2009) New Revision: 24466 http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=24466 Log: merges r24396 from trunk into ruby_1_9_1. -- * lib/pp.rb (guard_inspect_key): untrust internal hash to prevent unexpected SecurityError. * test/ruby/test_object.rb: add a test for [ruby-dev:38982]. Modified files: branches/ruby_1_9_1/ChangeLog branches/ruby_1_9_1/lib/pp.rb branches/ruby_1_9_1/test/ruby/test_object.rb branches/ruby_1_9_1/version.h Index: ruby_1_9_1/ChangeLog =================================================================== --- ruby_1_9_1/ChangeLog (revision 24465) +++ ruby_1_9_1/ChangeLog (revision 24466) @@ -1,3 +1,10 @@ +Wed Aug 5 01:38:27 2009 Yusuke Endoh <mame@t...> + + * lib/pp.rb (guard_inspect_key): untrust internal hash to prevent + unexpected SecurityError. + + * test/ruby/test_object.rb: add a test for [ruby-dev:38982]. + Tue Aug 4 22:10:34 2009 NAKAMURA Usaku <usa@r...> * win32/win32.c (has_redirection): need to execute shell if commandline Index: ruby_1_9_1/lib/pp.rb =================================================================== --- ruby_1_9_1/lib/pp.rb (revision 24465) +++ ruby_1_9_1/lib/pp.rb (revision 24466) @@ -107,17 +107,17 @@ module PPMethods def guard_inspect_key if Thread.current[:__recursive_key__] == nil - Thread.current[:__recursive_key__] = {} + Thread.current[:__recursive_key__] = {}.untrust end if Thread.current[:__recursive_key__][:inspect] == nil - Thread.current[:__recursive_key__][:inspect] = {} + Thread.current[:__recursive_key__][:inspect] = {}.untrust end save = Thread.current[:__recursive_key__][:inspect] begin - Thread.current[:__recursive_key__][:inspect] = {} + Thread.current[:__recursive_key__][:inspect] = {}.untrust yield ensure Thread.current[:__recursive_key__][:inspect] = save Index: ruby_1_9_1/version.h =================================================================== --- ruby_1_9_1/version.h (revision 24465) +++ ruby_1_9_1/version.h (revision 24466) @@ -1,5 +1,5 @@ #define RUBY_VERSION "1.9.1" -#define RUBY_PATCHLEVEL 270 +#define RUBY_PATCHLEVEL 271 #define RUBY_VERSION_MAJOR 1 #define RUBY_VERSION_MINOR 9 #define RUBY_VERSION_TEENY 1 Index: ruby_1_9_1/test/ruby/test_object.rb =================================================================== --- ruby_1_9_1/test/ruby/test_object.rb (revision 24465) +++ ruby_1_9_1/test/ruby/test_object.rb (revision 24466) @@ -405,4 +405,40 @@ assert_equal(true, s.untrusted?) assert_equal(true, s.tainted?) end + + def test_exec_recursive + Thread.current[:__recursive_key__] = nil + a = [[]] + a.inspect + + assert_nothing_raised do + -> do + $SAFE = 4 + begin + a.hash + rescue ArgumentError + end + end.call + end + + -> do + assert_nothing_raised do + $SAFE = 4 + a.inspect + end + end.call + + -> do + o = Object.new + def o.to_ary(x); end + def o.==(x); $SAFE = 4; false; end + a = [[o]] + b = [] + b << b + + assert_nothing_raised do + b == a + end + end.call + end end -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/