[前][次][番号順一覧][スレッド一覧]

ruby-changes:21279

From: nobu <ko1@a...>
Date: Sun, 25 Sep 2011 16:54:45 +0900 (JST)
Subject: [ruby-changes:21279] nobu:r33328 (trunk): * encoding.c (require_enc): reject only loading from untrusted

nobu	2011-09-25 16:54:35 +0900 (Sun, 25 Sep 2011)

  New Revision: 33328

  http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=33328

  Log:
    * encoding.c (require_enc): reject only loading from untrusted
      load paths.  [ruby-dev:44541] [Bug #5279]
    * transcode.c (load_transcoder_entry): ditto.

  Modified files:
    trunk/ChangeLog
    trunk/encoding.c
    trunk/test/ruby/test_encoding.rb
    trunk/transcode.c

Index: encoding.c
===================================================================
--- encoding.c	(revision 33327)
+++ encoding.c	(revision 33328)
@@ -543,7 +543,8 @@
 static VALUE
 require_enc(VALUE enclib)
 {
-    return rb_require_safe(enclib, rb_safe_level());
+    int safe = rb_safe_level();
+    return rb_require_safe(enclib, safe > 3 ? 3 : safe);
 }
 
 static int
Index: ChangeLog
===================================================================
--- ChangeLog	(revision 33327)
+++ ChangeLog	(revision 33328)
@@ -1,3 +1,10 @@
+Sun Sep 25 16:54:33 2011  Nobuyoshi Nakada  <nobu@r...>
+
+	* encoding.c (require_enc): reject only loading from untrusted
+	  load paths.  [ruby-dev:44541] [Bug #5279]
+
+	* transcode.c (load_transcoder_entry): ditto.
+
 Sun Sep 25 16:45:05 2011  Nobuyoshi Nakada  <nobu@r...>
 
 	* configure.in: ignore all warnings from an arbitrary
Index: test/ruby/test_encoding.rb
===================================================================
--- test/ruby/test_encoding.rb	(revision 33327)
+++ test/ruby/test_encoding.rb	(revision 33328)
@@ -102,6 +102,6 @@
 
   def test_unsafe
     bug5279 = '[ruby-dev:44469]'
-    assert_ruby_status([], '$SAFE=3; "a".encode("utf-16be")', bug5279)
+    assert_ruby_status([], '$SAFE=4; "a".encode("utf-16be")', bug5279)
   end
 end
Index: transcode.c
===================================================================
--- transcode.c	(revision 33327)
+++ transcode.c	(revision 33328)
@@ -370,6 +370,7 @@
         const size_t total_len = sizeof(transcoder_lib_prefix) - 1 + len;
         const VALUE fn = rb_str_new(0, total_len);
         char *const path = RSTRING_PTR(fn);
+	const int safe = rb_safe_level();
 
         entry->lib = NULL;
 
@@ -378,7 +379,7 @@
         rb_str_set_len(fn, total_len);
         FL_UNSET(fn, FL_TAINT|FL_UNTRUSTED);
         OBJ_FREEZE(fn);
-        if (!rb_require_safe(fn, rb_safe_level()))
+        if (!rb_require_safe(fn, safe > 3 ? 3 : safe))
             return NULL;
     }
 

--
ML: ruby-changes@q...
Info: http://www.atdot.net/~ko1/quickml/

[前][次][番号順一覧][スレッド一覧]