[前][次][番号順一覧][スレッド一覧]

ruby-changes:13514

From: nobu <ko1@a...>
Date: Sun, 11 Oct 2009 00:02:07 +0900 (JST)
Subject: [ruby-changes:13514] Ruby:r25290 (trunk): * file.c (path_check_0): prevent from GC.

nobu	2009-10-10 23:57:46 +0900 (Sat, 10 Oct 2009)

  New Revision: 25290

  http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=25290

  Log:
    * file.c (path_check_0): prevent from GC.

  Modified files:
    trunk/ChangeLog
    trunk/file.c

Index: ChangeLog
===================================================================
--- ChangeLog	(revision 25289)
+++ ChangeLog	(revision 25290)
@@ -1,3 +1,7 @@
+Sat Oct 10 23:57:44 2009  Nobuyoshi Nakada  <nobu@r...>
+
+	* file.c (path_check_0): prevent from GC.
+
 Sat Oct 10 23:51:22 2009  Nobuyoshi Nakada  <nobu@r...>
 
 	* transcode.c (rb_transcoding, str_transcoding_resize): fixed
Index: file.c
===================================================================
--- file.c	(revision 25289)
+++ file.c	(revision 25290)
@@ -4523,7 +4523,8 @@
 
 	rb_str_cat2(newpath, "/");
 	rb_str_cat2(newpath, p0);
-	p0 = RSTRING_PTR(path = newpath);
+	path = newpath;
+	p0 = RSTRING_PTR(path);
     }
     for (;;) {
 #ifndef S_IWOTH
@@ -4537,6 +4538,7 @@
 	    rb_warn("Insecure world writable dir %s in %sPATH, mode 0%o",
 		    p0, (execpath ? "" : "LOAD_"), st.st_mode);
 	    if (p) *p = '/';
+	    RB_GC_GUARD(path);
 	    return 0;
 	}
 	s = strrdirsep(p0);
@@ -4548,15 +4550,11 @@
 }
 #endif
 
-static int
-fpath_check(const char *path)
-{
 #if ENABLE_PATH_CHECK
-    return path_check_0(rb_str_new2(path), FALSE);
+#define fpath_check(path) path_check_0(path, FALSE)
 #else
-    return 1;
+#define fpath_check(path) 1
 #endif
-}
 
 int
 rb_path_check(const char *path)
@@ -4654,7 +4652,7 @@
     }
 
     if (expanded || is_absolute_path(f) || is_explicit_relative(f)) {
-	if (safe_level >= 1 && !fpath_check(f)) {
+	if (safe_level >= 1 && !fpath_check(fname)) {
 	    rb_raise(rb_eSecurityError, "loading from unsafe path %s", f);
 	}
 	if (!expanded) fname = rb_file_expand_path(fname, Qnil);
@@ -4725,7 +4723,7 @@
     }
 
     if (expanded || is_absolute_path(f) || is_explicit_relative(f)) {
-	if (safe_level >= 1 && !fpath_check(f)) {
+	if (safe_level >= 1 && !fpath_check(path)) {
 	    rb_raise(rb_eSecurityError, "loading from unsafe path %s", f);
 	}
 	if (!file_load_ok(f)) return 0;
@@ -4759,7 +4757,7 @@
     }
 
   found:
-    if (safe_level >= 1 && !fpath_check(f)) {
+    if (safe_level >= 1 && !fpath_check(tmp)) {
 	rb_raise(rb_eSecurityError, "loading from unsafe file %s", f);
     }
 

--
ML: ruby-changes@q...
Info: http://www.atdot.net/~ko1/quickml/

[前][次][番号順一覧][スレッド一覧]