[前][次][番号順一覧][スレッド一覧]

ruby-changes:21200

From: yugui <ko1@a...>
Date: Sun, 11 Sep 2011 19:57:06 +0900 (JST)
Subject: [ruby-changes:21200] yugui:r33249 (ruby_1_9_3): merges r33201 from trunk into ruby_1_9_3.

yugui	2011-09-11 19:56:54 +0900 (Sun, 11 Sep 2011)

  New Revision: 33249

  http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=33249

  Log:
    merges r33201 from trunk into ruby_1_9_3.
    --
    * encoding.c (load_encoding): predefined encoding names are safe.
      [ruby-dev:44469] [Bug #5279]
    * transcode.c (load_transcoder_entry): ditto.

  Modified files:
    branches/ruby_1_9_3/ChangeLog
    branches/ruby_1_9_3/encoding.c
    branches/ruby_1_9_3/test/ruby/test_encoding.rb
    branches/ruby_1_9_3/transcode.c

Index: ruby_1_9_3/encoding.c
===================================================================
--- ruby_1_9_3/encoding.c	(revision 33248)
+++ ruby_1_9_3/encoding.c	(revision 33249)
@@ -554,6 +554,7 @@
 	else if (ISUPPER(*s)) *s = TOLOWER(*s);
 	++s;
     }
+    FL_UNSET(enclib, FL_TAINT|FL_UNTRUSTED);
     OBJ_FREEZE(enclib);
     ruby_verbose = Qfalse;
     ruby_debug = Qfalse;
Index: ruby_1_9_3/ChangeLog
===================================================================
--- ruby_1_9_3/ChangeLog	(revision 33248)
+++ ruby_1_9_3/ChangeLog	(revision 33249)
@@ -1,3 +1,10 @@
+Tue Sep  6 13:15:44 2011  Nobuyoshi Nakada  <nobu@r...>
+
+	* encoding.c (load_encoding): predefined encoding names are safe.
+	  [ruby-dev:44469] [Bug #5279]
+
+	* transcode.c (load_transcoder_entry): ditto.
+
 Fri Sep  9 16:02:04 2011  NARUSE, Yui  <naruse@r...>
 
 	* insns.def (concatstrings): don't use initial ASCII-8BIT string.
Index: ruby_1_9_3/test/ruby/test_encoding.rb
===================================================================
--- ruby_1_9_3/test/ruby/test_encoding.rb	(revision 33248)
+++ ruby_1_9_3/test/ruby/test_encoding.rb	(revision 33249)
@@ -96,4 +96,9 @@
     str2 = Marshal.load(Marshal.dump(str2))
     assert_equal(str, str2, '[ruby-dev:38596]')
   end
+
+  def test_unsafe
+    bug5279 = '[ruby-dev:44469]'
+    assert_ruby_status([], '$SAFE=3; "a".encode("utf-16be")', bug5279)
+  end
 end
Index: ruby_1_9_3/transcode.c
===================================================================
--- ruby_1_9_3/transcode.c	(revision 33248)
+++ ruby_1_9_3/transcode.c	(revision 33249)
@@ -368,6 +368,7 @@
         const char *lib = entry->lib;
         size_t len = strlen(lib);
         char path[sizeof(transcoder_lib_prefix) + MAX_TRANSCODER_LIBNAME_LEN];
+        VALUE fn;
 
         entry->lib = NULL;
 
@@ -375,7 +376,10 @@
             return NULL;
         memcpy(path, transcoder_lib_prefix, sizeof(transcoder_lib_prefix) - 1);
         memcpy(path + sizeof(transcoder_lib_prefix) - 1, lib, len + 1);
-        if (!rb_require(path))
+        fn = rb_str_new2(path);
+        FL_UNSET(fn, FL_TAINT|FL_UNTRUSTED);
+        OBJ_FREEZE(fn);
+        if (!rb_require_safe(fn, rb_safe_level()))
             return NULL;
     }
 

--
ML: ruby-changes@q...
Info: http://www.atdot.net/~ko1/quickml/

[前][次][番号順一覧][スレッド一覧]