[前][次][番号順一覧][スレッド一覧]

ruby-changes:24322

From: nobu <ko1@a...>
Date: Thu, 12 Jul 2012 11:44:39 +0900 (JST)
Subject: [ruby-changes:24322] nobu:r36373 (trunk): rb_str_new_frozen: new object if tainted/untrusted unmatch

nobu	2012-07-12 11:44:27 +0900 (Thu, 12 Jul 2012)

  New Revision: 36373

  http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=36373

  Log:
    rb_str_new_frozen: new object if tainted/untrusted unmatch
    
    * string.c (rb_str_new_frozen): since the result object should have
      same tainted/untrusted bits with the original object, return new
      object if the shared object unmatch.  [ruby-core:39745][Bug #5374]

  Modified files:
    trunk/ChangeLog
    trunk/string.c
    trunk/test/ruby/test_file.rb

Index: ChangeLog
===================================================================
--- ChangeLog	(revision 36372)
+++ ChangeLog	(revision 36373)
@@ -1,3 +1,9 @@
+Thu Jul 12 11:44:23 2012  Nobuyoshi Nakada  <nobu@r...>
+
+	* string.c (rb_str_new_frozen): since the result object should have
+	  same tainted/untrusted bits with the original object, return new
+	  object if the shared object unmatch.  [ruby-core:39745][Bug #5374]
+
 Thu Jul 12 10:46:39 2012  NAKAMURA Usaku  <usa@r...>
 
 	* test/net/http/test_http.rb (TestNetHTTPLocalBind#test_bind_to_local*):
Index: string.c
===================================================================
--- string.c	(revision 36372)
+++ string.c	(revision 36373)
@@ -681,7 +681,7 @@
 	assert(OBJ_FROZEN(str));
 	ofs = RSTRING_LEN(str) - RSTRING_LEN(orig);
 	if ((ofs > 0) || (klass != RBASIC(str)->klass) ||
-	    (!OBJ_TAINTED(str) && OBJ_TAINTED(orig)) ||
+	    ((RBASIC(str)->flags ^ RBASIC(orig)->flags) & (FL_TAINT|FL_UNTRUSTED)) ||
 	    ENCODING_GET(str) != ENCODING_GET(orig)) {
 	    str = str_new3(klass, str);
 	    RSTRING(str)->as.heap.ptr += ofs;
Index: test/ruby/test_file.rb
===================================================================
--- test/ruby/test_file.rb	(revision 36372)
+++ test/ruby/test_file.rb	(revision 36373)
@@ -316,6 +316,16 @@
     end
   end
 
+  def test_untainted_path
+    bug5374 = '[ruby-core:39745]'
+    cwd = ("./"*40+".".taint).dup.untaint
+    in_safe = proc {|safe| $SAFE = safe; File.stat(cwd)}
+    assert_not_send([cwd, :tainted?])
+    (0..1).each do |level|
+      assert_nothing_raised(SecurityError, bug5374) {in_safe[level]}
+    end
+  end
+
   if /(bcc|ms|cyg)win|mingw|emx/ =~ RUBY_PLATFORM
     def test_long_unc
       feature3399 = '[ruby-core:30623]'

--
ML: ruby-changes@q...
Info: http://www.atdot.net/~ko1/quickml/

[前][次][番号順一覧][スレッド一覧]