ruby-changes:28677
From: nagachika <ko1@a...>
Date: Tue, 14 May 2013 20:13:52 +0900 (JST)
Subject: [ruby-changes:28677] nagachika:r40729 (ruby_2_0_0): merge revision(s) 40728:
nagachika 2013-05-14 20:13:40 +0900 (Tue, 14 May 2013) New Revision: 40729 http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=40729 Log: merge revision(s) 40728: * ext/dl/lib/dl/func.rb (DL::Function#call): check tainted when $SAFE > 0. * ext/fiddle/function.c (function_call): check tainted when $SAFE > 0. * test/fiddle/test_func.rb (module Fiddle): add test for above. Modified directories: branches/ruby_2_0_0/ Modified files: branches/ruby_2_0_0/ChangeLog branches/ruby_2_0_0/ext/dl/lib/dl/func.rb branches/ruby_2_0_0/ext/fiddle/function.c branches/ruby_2_0_0/test/fiddle/test_func.rb branches/ruby_2_0_0/version.h Index: ruby_2_0_0/ChangeLog =================================================================== --- ruby_2_0_0/ChangeLog (revision 40728) +++ ruby_2_0_0/ChangeLog (revision 40729) @@ -1,3 +1,11 @@ https://github.com/ruby/ruby/blob/trunk/ruby_2_0_0/ChangeLog#L1 +Tue May 14 20:11:00 2013 CHIKANAGA Tomoyuki <nagachika@r...> + + * ext/dl/lib/dl/func.rb (DL::Function#call): check tainted when + $SAFE > 0. + * ext/fiddle/function.c (function_call): check tainted when $SAFE > 0. + * test/fiddle/test_func.rb (module Fiddle): add test for above. + + Sun May 12 22:42:25 2013 KOSAKI Motohiro <kosaki.motohiro@g...> * signal.c (rb_f_kill): fixes typo. s/HAS_KILLPG/HAVE_KILLPG/. Index: ruby_2_0_0/ext/dl/lib/dl/func.rb =================================================================== --- ruby_2_0_0/ext/dl/lib/dl/func.rb (revision 40728) +++ ruby_2_0_0/ext/dl/lib/dl/func.rb (revision 40729) @@ -92,6 +92,9 @@ module DL https://github.com/ruby/ruby/blob/trunk/ruby_2_0_0/ext/dl/lib/dl/func.rb#L92 super else funcs = [] + if $SAFE >= 1 && args.any? { |x| x.tainted? } + raise SecurityError, "tainted parameter not allowed" + end _args = wrap_args(args, @stack.types, funcs, &block) r = @cfunc.call(@stack.pack(_args)) funcs.each{|f| f.unbind_at_call()} Index: ruby_2_0_0/ext/fiddle/function.c =================================================================== --- ruby_2_0_0/ext/fiddle/function.c (revision 40728) +++ ruby_2_0_0/ext/fiddle/function.c (revision 40729) @@ -126,6 +126,15 @@ function_call(int argc, VALUE argv[], VA https://github.com/ruby/ruby/blob/trunk/ruby_2_0_0/ext/fiddle/function.c#L126 TypedData_Get_Struct(self, ffi_cif, &function_data_type, cif); + if (rb_safe_level() >= 1) { + for (i = 0; i < argc; i++) { + VALUE src = argv[i]; + if (OBJ_TAINTED(src)) { + rb_raise(rb_eSecurityError, "tainted parameter not allowed"); + } + } + } + values = xcalloc((size_t)argc + 1, (size_t)sizeof(void *)); generic_args = xcalloc((size_t)argc, (size_t)sizeof(fiddle_generic)); Index: ruby_2_0_0/version.h =================================================================== --- ruby_2_0_0/version.h (revision 40728) +++ ruby_2_0_0/version.h (revision 40729) @@ -1,10 +1,10 @@ https://github.com/ruby/ruby/blob/trunk/ruby_2_0_0/version.h#L1 #define RUBY_VERSION "2.0.0" -#define RUBY_RELEASE_DATE "2013-05-12" -#define RUBY_PATCHLEVEL 193 +#define RUBY_RELEASE_DATE "2013-05-14" +#define RUBY_PATCHLEVEL 194 #define RUBY_RELEASE_YEAR 2013 #define RUBY_RELEASE_MONTH 5 -#define RUBY_RELEASE_DAY 12 +#define RUBY_RELEASE_DAY 14 #include "ruby/version.h" Index: ruby_2_0_0/test/fiddle/test_func.rb =================================================================== --- ruby_2_0_0/test/fiddle/test_func.rb (revision 40728) +++ ruby_2_0_0/test/fiddle/test_func.rb (revision 40729) @@ -7,6 +7,16 @@ module Fiddle https://github.com/ruby/ruby/blob/trunk/ruby_2_0_0/test/fiddle/test_func.rb#L7 assert_nil f.call(10) end + def test_syscall_with_tainted_string + f = Function.new(@libc['system'], [TYPE_VOIDP], TYPE_INT) + assert_raises(SecurityError) do + Thread.new { + $SAFE = 1 + f.call("uname -rs".taint) + }.join + end + end + def test_sinf begin f = Function.new(@libm['sinf'], [TYPE_FLOAT], TYPE_FLOAT) Property changes on: ruby_2_0_0 ___________________________________________________________________ Modified: svn:mergeinfo Merged /trunk:r40728 -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/