ruby-changes:16053
From: wyhaines <ko1@a...>
Date: Tue, 25 May 2010 03:39:46 +0900 (JST)
Subject: [ruby-changes:16053] Ruby:r28002 (ruby_1_8_6): Backport #484 ; Make OpenSSL::Config freeze correctly, preventing further config changes.
wyhaines 2010-05-25 03:39:36 +0900 (Tue, 25 May 2010) New Revision: 28002 http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=28002 Log: Backport #484 [ruby-core:18377]; Make OpenSSL::Config freeze correctly, preventing further config changes. Modified files: branches/ruby_1_8_6/ChangeLog branches/ruby_1_8_6/ext/openssl/ossl_config.c branches/ruby_1_8_6/version.h Index: ruby_1_8_6/ext/openssl/ossl_config.c =================================================================== --- ruby_1_8_6/ext/openssl/ossl_config.c (revision 28001) +++ ruby_1_8_6/ext/openssl/ossl_config.c (revision 28002) @@ -158,6 +158,14 @@ return self; } +static void +rb_ossl_config_modify_check(VALUE config) +{ + if (OBJ_FROZEN(config)) rb_error_frozen("OpenSSL::Config"); + if (!OBJ_TAINTED(config) && rb_safe_level() >= 4) + rb_raise(rb_eSecurityError, "Insecure: can't modify OpenSSL config"); +} + static VALUE ossl_config_add_value(VALUE self, VALUE section, VALUE name, VALUE value) { @@ -167,6 +175,7 @@ CONF *conf; CONF_VALUE *sv, *cv; + rb_ossl_config_modify_check(self); StringValue(section); StringValue(name); StringValue(value); @@ -247,6 +256,7 @@ { VALUE arg[2]; + rb_ossl_config_modify_check(self); arg[0] = self; arg[1] = section; rb_iterate(rb_each, hash, set_conf_section_i, (VALUE)arg); Index: ruby_1_8_6/ChangeLog =================================================================== --- ruby_1_8_6/ChangeLog (revision 28001) +++ ruby_1_8_6/ChangeLog (revision 28002) @@ -1,3 +1,11 @@ +Mon May 24 06:26:00 2010 Kirk haines <khaines@r...> + + * ext/openssl/ossl_config.c: Backport #484 [ruby-core:18377]; OpenSSL::Config now freezes correctly, preventing further modification. + +Mon May 24 05:25:00 2010 Kirk haines <khaines@r...> + + * lib/fileutils.rb: Backport #1700 [ruby-core:24078]; stringify group argument in #fu_get_gid before making regexp match. r28001 + Mon May 24 05:15:00 2010 Kirk Haines <khaines@r...> * configure.in: Bug #2553 [ruby-core:27380]; Add a --disable-ucontext option, for use with --enable-pthreads, to avoid performance loss from --enable-pthreads and the oodles of sigprocmask calls that normally brings. r27999 @@ -2,4 +10,2 @@ - * lib/fileutils.rb: Backport #1700 [ruby-core:24078]; stringify group argument in #fu_get_gid before making regexp match. - Thu May 20 04:10:00 2010 Kirk Haines <khaines@r...> Index: ruby_1_8_6/version.h =================================================================== --- ruby_1_8_6/version.h (revision 28001) +++ ruby_1_8_6/version.h (revision 28002) @@ -2,7 +2,7 @@ #define RUBY_RELEASE_DATE "2010-05-25" #define RUBY_VERSION_CODE 186 #define RUBY_RELEASE_CODE 20100525 -#define RUBY_PATCHLEVEL 400 +#define RUBY_PATCHLEVEL 401 #define RUBY_VERSION_MAJOR 1 #define RUBY_VERSION_MINOR 8 -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/