marcandre	2009-09-22 01:12:46 +0900 (Tue, 22 Sep 2009)

  New Revision: 25017

  http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=25017

  Log:
    * ossl_config.c (ossl_config_add_value_m, ossl_config_set_section): Check if frozen (or untrusted for $SECURE >= 4) [ruby-core:18377]

  Modified files:
    trunk/ChangeLog
    trunk/ext/openssl/ossl_config.c

Index: ChangeLog
===================================================================
--- ChangeLog	(revision 25016)
+++ ChangeLog	(revision 25017)
@@ -1,3 +1,8 @@
+Tue Sep 22 01:10:02 2009  Marc-Andre Lafortune  <ruby-core@m...>
+
+	* ossl_config.c (ossl_config_add_value_m, ossl_config_set_section):
+	  Check if frozen (or untrusted for $SECURE >= 4) [ruby-core:18377]
+
 Mon Sep 21 17:12:10 2009  Nobuyoshi Nakada  <nobu@r...>
 
 	* proc.c (proc_binding): allow proc from method.  [ruby-core:25589]
Index: ext/openssl/ossl_config.c
===================================================================
--- ext/openssl/ossl_config.c	(revision 25016)
+++ ext/openssl/ossl_config.c	(revision 25017)
@@ -192,10 +192,19 @@
 #endif
 }
 
+static void
+rb_ossl_config_modify_check(VALUE config)
+{
+    if (OBJ_FROZEN(config)) rb_error_frozen("OpenSSL::Config");
+    if (!OBJ_UNTRUSTED(config) && rb_safe_level() >= 4)
+	rb_raise(rb_eSecurityError, "Insecure: can't modify OpenSSL config");
+}
+
 #if !defined(OSSL_NO_CONF_API)
 static VALUE
 ossl_config_add_value_m(VALUE self, VALUE section, VALUE name, VALUE value)
 {
+    rb_ossl_config_modify_check(self);
     return ossl_config_add_value(self, section, name, value);
 }
 #else
@@ -257,6 +266,7 @@
 {
     VALUE arg[2];
 
+    rb_ossl_config_modify_check(self);
     arg[0] = self;
     arg[1] = section;
     rb_block_call(hash, rb_intern("each"), 0, 0, set_conf_section_i, (VALUE)arg);

--
ML: ruby-changes@q...
Info: http://www.atdot.net/~ko1/quickml/