[前][次][番号順一覧][スレッド一覧]

ruby-changes:24124

From: nobu <ko1@a...>
Date: Fri, 22 Jun 2012 13:37:04 +0900 (JST)
Subject: [ruby-changes:24124] nobu:r36175 (trunk): random.c: check initialize and load

nobu	2012-06-22 13:36:54 +0900 (Fri, 22 Jun 2012)

  New Revision: 36175

  http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=36175

  Log:
    random.c: check initialize and load
    
    * random.c (random_init, random_load): cannot initialize frozen object
      again, nor with tainted/untrusted object.  [Bug #6540]

  Modified files:
    trunk/ChangeLog
    trunk/random.c
    trunk/test/ruby/test_rand.rb

Index: ChangeLog
===================================================================
--- ChangeLog	(revision 36174)
+++ ChangeLog	(revision 36175)
@@ -1,3 +1,8 @@
+Fri Jun 22 13:36:50 2012  Nobuyoshi Nakada  <nobu@r...>
+
+	* random.c (random_init, random_load): cannot initialize frozen object
+	  again, nor with tainted/untrusted object.  [Bug #6540]
+
 Fri Jun 22 13:32:33 2012  Nobuyoshi Nakada  <nobu@r...>
 
 	* error.c (rb_check_copyable): new function, to ensure the target is
Index: test/ruby/test_rand.rb
===================================================================
--- test/ruby/test_rand.rb	(revision 36174)
+++ test/ruby/test_rand.rb	(revision 36175)
@@ -484,4 +484,25 @@
       Random.new.marshal_load(0)
     }
   end
+
+  def test_marshal_load_frozen
+    r = Random.new(0)
+    d = r.marshal_dump
+    r.freeze
+    assert_raise(RuntimeError, '[Bug #6540]') do
+      r.marshal_load(d)
+    end
+  end
+
+  def test_marshal_load_insecure
+    r = Random.new(0)
+    d = r.marshal_dump
+    l = proc do
+      $SAFE = 4
+      r.marshal_load(d)
+    end
+    assert_raise(SecurityError, '[Bug #6540]') do
+      l.call
+    end
+  end
 end
Index: random.c
===================================================================
--- random.c	(revision 36174)
+++ random.c	(revision 36175)
@@ -462,10 +462,12 @@
     rb_random_t *rnd = get_rnd(obj);
 
     if (argc == 0) {
+	rb_check_frozen(obj);
 	vseed = random_seed();
     }
     else {
 	rb_scan_args(argc, argv, "01", &vseed);
+	rb_check_copyable(obj, vseed);
     }
     rnd->seed = rand_init(&rnd->mt, vseed);
     return obj;
@@ -686,6 +688,7 @@
     VALUE *ary;
     unsigned long x;
 
+    rb_check_copyable(obj, dump);
     Check_Type(dump, T_ARRAY);
     ary = RARRAY_PTR(dump);
     switch (RARRAY_LEN(dump)) {

--
ML: ruby-changes@q...
Info: http://www.atdot.net/~ko1/quickml/

[前][次][番号順一覧][スレッド一覧]