ruby-changes:21152
From: nobu <ko1@a...>
Date: Tue, 6 Sep 2011 13:16:08 +0900 (JST)
Subject: [ruby-changes:21152] nobu:r33201 (trunk): * encoding.c (load_encoding): predefined encoding names are safe.
nobu 2011-09-06 13:15:49 +0900 (Tue, 06 Sep 2011) New Revision: 33201 http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=33201 Log: * encoding.c (load_encoding): predefined encoding names are safe. [ruby-dev:44469] [Bug #5279] * transcode.c (load_transcoder_entry): ditto. Modified files: trunk/ChangeLog trunk/encoding.c trunk/test/ruby/test_encoding.rb trunk/transcode.c Index: encoding.c =================================================================== --- encoding.c (revision 33200) +++ encoding.c (revision 33201) @@ -561,6 +561,7 @@ else if (ISUPPER(*s)) *s = TOLOWER(*s); ++s; } + FL_UNSET(enclib, FL_TAINT|FL_UNTRUSTED); OBJ_FREEZE(enclib); ruby_verbose = Qfalse; ruby_debug = Qfalse; Index: ChangeLog =================================================================== --- ChangeLog (revision 33200) +++ ChangeLog (revision 33201) @@ -1,3 +1,10 @@ +Tue Sep 6 13:15:44 2011 Nobuyoshi Nakada <nobu@r...> + + * encoding.c (load_encoding): predefined encoding names are safe. + [ruby-dev:44469] [Bug #5279] + + * transcode.c (load_transcoder_entry): ditto. + Tue Sep 6 12:07:10 2011 Nobuyoshi Nakada <nobu@r...> * transcode.c: enabled econv newline option. Index: test/ruby/test_encoding.rb =================================================================== --- test/ruby/test_encoding.rb (revision 33200) +++ test/ruby/test_encoding.rb (revision 33201) @@ -99,4 +99,9 @@ str2 = Marshal.load(Marshal.dump(str2)) assert_equal(str, str2, '[ruby-dev:38596]') end + + def test_unsafe + bug5279 = '[ruby-dev:44469]' + assert_ruby_status([], '$SAFE=3; "a".encode("utf-16be")', bug5279) + end end Index: transcode.c =================================================================== --- transcode.c (revision 33200) +++ transcode.c (revision 33201) @@ -370,6 +370,7 @@ const char *lib = entry->lib; size_t len = strlen(lib); char path[sizeof(transcoder_lib_prefix) + MAX_TRANSCODER_LIBNAME_LEN]; + VALUE fn; entry->lib = NULL; @@ -377,7 +378,10 @@ return NULL; memcpy(path, transcoder_lib_prefix, sizeof(transcoder_lib_prefix) - 1); memcpy(path + sizeof(transcoder_lib_prefix) - 1, lib, len + 1); - if (!rb_require(path)) + fn = rb_str_new2(path); + FL_UNSET(fn, FL_TAINT|FL_UNTRUSTED); + OBJ_FREEZE(fn); + if (!rb_require_safe(fn, rb_safe_level())) return NULL; } -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/