ruby-changes:26306
From: shugo <ko1@a...>
Date: Thu, 13 Dec 2012 14:13:16 +0900 (JST)
Subject: [ruby-changes:26306] shugo:r38357 (trunk): * marshal.c (r_entry0): don't taint classes and modules because
shugo 2012-12-13 14:12:55 +0900 (Thu, 13 Dec 2012) New Revision: 38357 http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=38357 Log: * marshal.c (r_entry0): don't taint classes and modules because Marshal.load just return the dumped classes and modules. [Bug #7325] [ruby-core:49198] * test/ruby/test_marshal.rb: related test. Modified files: trunk/ChangeLog trunk/marshal.c trunk/test/ruby/test_marshal.rb Index: ChangeLog =================================================================== --- ChangeLog (revision 38356) +++ ChangeLog (revision 38357) @@ -1,3 +1,11 @@ https://github.com/ruby/ruby/blob/trunk/ChangeLog#L1 +Thu Dec 13 14:10:00 2012 Shugo Maeda <shugo@r...> + + * marshal.c (r_entry0): don't taint classes and modules because + Marshal.load just return the dumped classes and modules. + [Bug #7325] [ruby-core:49198] + + * test/ruby/test_marshal.rb: related test. + Thu Dec 13 14:10:13 2012 NAKAMURA Usaku <usa@r...> * test/ruby/test_require.rb (TestRequire#test_loaded_features_encoding): Index: marshal.c =================================================================== --- marshal.c (revision 38356) +++ marshal.c (revision 38357) @@ -1323,7 +1323,8 @@ r_entry0(VALUE v, st_index_t num, struct https://github.com/ruby/ruby/blob/trunk/marshal.c#L1323 else { st_insert(arg->data, num, (st_data_t)v); } - if (arg->infection) { + if (arg->infection && + TYPE(v) != T_CLASS && TYPE(v) != T_MODULE) { FL_SET(v, arg->infection); if ((VALUE)real_obj != Qundef) FL_SET((VALUE)real_obj, arg->infection); Index: test/ruby/test_marshal.rb =================================================================== --- test/ruby/test_marshal.rb (revision 38356) +++ test/ruby/test_marshal.rb (revision 38357) @@ -499,4 +499,22 @@ class TestMarshal < Test::Unit::TestCase https://github.com/ruby/ruby/blob/trunk/test/ruby/test_marshal.rb#L499 ary = [ [2.0, e], [e] ] assert_equal(ary, Marshal.load(Marshal.dump(ary)), bug7348) end + + class TestClass + end + + module TestModule + end + + def test_marshal_load_should_not_taint_classes + bug7325 = '[ruby-core:49198]' + for c in [TestClass, TestModule] + assert(!c.tainted?) + assert(!c.untrusted?) + c2 = Marshal.load(Marshal.dump(c).taint.untrust) + assert_same(c, c2) + assert(!c.tainted?, bug7325) + assert(!c.untrusted?, bug7325) + end + end end -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/