ruby-changes:25169
From: knu <ko1@a...>
Date: Tue, 16 Oct 2012 17:57:01 +0900 (JST)
Subject: [ruby-changes:25169] knu:r37220 (ruby_1_8): Merge r37148 from ruby_1_8_7.
knu 2012-10-16 17:55:07 +0900 (Tue, 16 Oct 2012) New Revision: 37220 http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=37220 Log: Merge r37148 from ruby_1_8_7. * error.c (name_err_to_s): we need not infect msg. * test/ruby/test_exception.rb (TestException#test_exception_to_s_should_not_propagate_untrustedness): test for it. Modified files: branches/ruby_1_8/ChangeLog branches/ruby_1_8/error.c branches/ruby_1_8/test/ruby/test_exception.rb Index: ruby_1_8/error.c =================================================================== --- ruby_1_8/error.c (revision 37219) +++ ruby_1_8/error.c (revision 37220) @@ -665,9 +665,6 @@ if (NIL_P(mesg)) return rb_class_name(CLASS_OF(exc)); StringValue(str); - if (str != mesg) { - OBJ_INFECT(str, mesg); - } return str; } Index: ruby_1_8/ChangeLog =================================================================== --- ruby_1_8/ChangeLog (revision 37219) +++ ruby_1_8/ChangeLog (revision 37220) @@ -1,3 +1,9 @@ +Tue Oct 16 17:00:36 2012 Akinori MUSHA <knu@i...> + + * error.c (name_err_to_s): we need not infect msg. + + * test/ruby/test_exception.rb (TestException#test_exception_to_s_should_not_propagate_untrustedness): test for it. + Tue Oct 16 16:51:08 2012 Akinori MUSHA <knu@i...> * ext/bigdecimal/bigdecimal.c (VpMemAlloc): Fixes a bug reported Index: ruby_1_8/test/ruby/test_exception.rb =================================================================== --- ruby_1_8/test/ruby/test_exception.rb (revision 37219) +++ ruby_1_8/test/ruby/test_exception.rb (revision 37220) @@ -204,6 +204,34 @@ o.taint e = NameError.new(o) s = e.to_s - assert_equal(true, s.tainted?) + assert_equal(false, s.tainted?) end + + def test_exception_to_s_should_not_propagate_untrustedness + favorite_lang = "Ruby" + + for exc in [Exception, NameError] + assert_raise(SecurityError) do + lambda { + $SAFE = 4 + exc.new(favorite_lang).to_s + favorite_lang.replace("Python") + }.call + end + end + + assert_raise(SecurityError) do + lambda { + $SAFE = 4 + o = Object.new + (class << o; self; end).send(:define_method, :to_str) { + favorite_lang + } + NameError.new(o).to_s + favorite_lang.replace("Python") + }.call + end + + assert_equal("Ruby", favorite_lang) + end end -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/