ruby-changes:13514
From: nobu <ko1@a...>
Date: Sun, 11 Oct 2009 00:02:07 +0900 (JST)
Subject: [ruby-changes:13514] Ruby:r25290 (trunk): * file.c (path_check_0): prevent from GC.
nobu 2009-10-10 23:57:46 +0900 (Sat, 10 Oct 2009) New Revision: 25290 http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=25290 Log: * file.c (path_check_0): prevent from GC. Modified files: trunk/ChangeLog trunk/file.c Index: ChangeLog =================================================================== --- ChangeLog (revision 25289) +++ ChangeLog (revision 25290) @@ -1,3 +1,7 @@ +Sat Oct 10 23:57:44 2009 Nobuyoshi Nakada <nobu@r...> + + * file.c (path_check_0): prevent from GC. + Sat Oct 10 23:51:22 2009 Nobuyoshi Nakada <nobu@r...> * transcode.c (rb_transcoding, str_transcoding_resize): fixed Index: file.c =================================================================== --- file.c (revision 25289) +++ file.c (revision 25290) @@ -4523,7 +4523,8 @@ rb_str_cat2(newpath, "/"); rb_str_cat2(newpath, p0); - p0 = RSTRING_PTR(path = newpath); + path = newpath; + p0 = RSTRING_PTR(path); } for (;;) { #ifndef S_IWOTH @@ -4537,6 +4538,7 @@ rb_warn("Insecure world writable dir %s in %sPATH, mode 0%o", p0, (execpath ? "" : "LOAD_"), st.st_mode); if (p) *p = '/'; + RB_GC_GUARD(path); return 0; } s = strrdirsep(p0); @@ -4548,15 +4550,11 @@ } #endif -static int -fpath_check(const char *path) -{ #if ENABLE_PATH_CHECK - return path_check_0(rb_str_new2(path), FALSE); +#define fpath_check(path) path_check_0(path, FALSE) #else - return 1; +#define fpath_check(path) 1 #endif -} int rb_path_check(const char *path) @@ -4654,7 +4652,7 @@ } if (expanded || is_absolute_path(f) || is_explicit_relative(f)) { - if (safe_level >= 1 && !fpath_check(f)) { + if (safe_level >= 1 && !fpath_check(fname)) { rb_raise(rb_eSecurityError, "loading from unsafe path %s", f); } if (!expanded) fname = rb_file_expand_path(fname, Qnil); @@ -4725,7 +4723,7 @@ } if (expanded || is_absolute_path(f) || is_explicit_relative(f)) { - if (safe_level >= 1 && !fpath_check(f)) { + if (safe_level >= 1 && !fpath_check(path)) { rb_raise(rb_eSecurityError, "loading from unsafe path %s", f); } if (!file_load_ok(f)) return 0; @@ -4759,7 +4757,7 @@ } found: - if (safe_level >= 1 && !fpath_check(f)) { + if (safe_level >= 1 && !fpath_check(tmp)) { rb_raise(rb_eSecurityError, "loading from unsafe file %s", f); } -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/