ruby-changes:26417
From: usa <ko1@a...>
Date: Wed, 19 Dec 2012 21:13:29 +0900 (JST)
Subject: [ruby-changes:26417] usa:r38468 (ruby_1_9_3): merge revision(s) 38357,38363: [Backport #7325]
usa 2012-12-19 21:13:19 +0900 (Wed, 19 Dec 2012) New Revision: 38468 http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=38468 Log: merge revision(s) 38357,38363: [Backport #7325] * marshal.c (r_entry0): don't taint classes and modules because Marshal.load just return the dumped classes and modules. [Bug #7325] [ruby-core:49198] * test/ruby/test_marshal.rb: related test. Marshal.load just returns the dumped classes and modules. Modified directories: branches/ruby_1_9_3/ Modified files: branches/ruby_1_9_3/ChangeLog branches/ruby_1_9_3/marshal.c branches/ruby_1_9_3/test/ruby/test_marshal.rb branches/ruby_1_9_3/version.h Index: ruby_1_9_3/ChangeLog =================================================================== --- ruby_1_9_3/ChangeLog (revision 38467) +++ ruby_1_9_3/ChangeLog (revision 38468) @@ -1,3 +1,11 @@ https://github.com/ruby/ruby/blob/trunk/ruby_1_9_3/ChangeLog#L1 +Wed Dec 19 21:12:49 2012 Shugo Maeda <shugo@r...> + + * marshal.c (r_entry0): don't taint classes and modules because + Marshal.load just returns the dumped classes and modules. + [Bug #7325] [ruby-core:49198] + + * test/ruby/test_marshal.rb: related test. + Tue Dec 11 19:19:33 2012 Luis Lavena <luislavena@g...> * win32/file.c (replace_to_long_name): correct logic around wildcard Index: ruby_1_9_3/version.h =================================================================== --- ruby_1_9_3/version.h (revision 38467) +++ ruby_1_9_3/version.h (revision 38468) @@ -1,10 +1,10 @@ https://github.com/ruby/ruby/blob/trunk/ruby_1_9_3/version.h#L1 #define RUBY_VERSION "1.9.3" -#define RUBY_PATCHLEVEL 341 +#define RUBY_PATCHLEVEL 342 -#define RUBY_RELEASE_DATE "2012-12-13" +#define RUBY_RELEASE_DATE "2012-12-19" #define RUBY_RELEASE_YEAR 2012 #define RUBY_RELEASE_MONTH 12 -#define RUBY_RELEASE_DAY 13 +#define RUBY_RELEASE_DAY 19 #include "ruby/version.h" Index: ruby_1_9_3/marshal.c =================================================================== --- ruby_1_9_3/marshal.c (revision 38467) +++ ruby_1_9_3/marshal.c (revision 38468) @@ -1214,7 +1214,8 @@ r_entry0(VALUE v, st_index_t num, struct https://github.com/ruby/ruby/blob/trunk/ruby_1_9_3/marshal.c#L1214 else { st_insert(arg->data, num, (st_data_t)v); } - if (arg->infection) { + if (arg->infection && + TYPE(v) != T_CLASS && TYPE(v) != T_MODULE) { FL_SET(v, arg->infection); if ((VALUE)real_obj != Qundef) FL_SET((VALUE)real_obj, arg->infection); Index: ruby_1_9_3/test/ruby/test_marshal.rb =================================================================== --- ruby_1_9_3/test/ruby/test_marshal.rb (revision 38467) +++ ruby_1_9_3/test/ruby/test_marshal.rb (revision 38468) @@ -483,4 +483,22 @@ class TestMarshal < Test::Unit::TestCase https://github.com/ruby/ruby/blob/trunk/ruby_1_9_3/test/ruby/test_marshal.rb#L483 assert_equal(Rational(1, 2), Marshal.load("\x04\bU:\rRational[\ai\x06i\a")) assert_raise(ArgumentError){Marshal.load("\x04\bU:\rRational[\bi\x00i\x00i\x00")} end + + class TestClass + end + + module TestModule + end + + def test_marshal_load_should_not_taint_classes + bug7325 = '[ruby-core:49198]' + for c in [TestClass, TestModule] + assert(!c.tainted?) + assert(!c.untrusted?) + c2 = Marshal.load(Marshal.dump(c).taint.untrust) + assert_same(c, c2) + assert(!c.tainted?, bug7325) + assert(!c.untrusted?, bug7325) + end + end end Property changes on: ruby_1_9_3 ___________________________________________________________________ Modified: svn:mergeinfo Merged /trunk:r38357,38363 -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/