ruby-changes:35264
From: nagachika <ko1@a...>
Date: Tue, 2 Sep 2014 02:34:42 +0900 (JST)
Subject: [ruby-changes:35264] nagachika:r47346 (ruby_2_1): merge revision(s) r46547: [Backport #9976]
nagachika 2014-09-02 02:34:33 +0900 (Tue, 02 Sep 2014) New Revision: 47346 http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=47346 Log: merge revision(s) r46547: [Backport #9976] * hash.c (env_aset, env_has_key, env_assoc, env_has_value), (env_rassoc, env_key): prohibit tainted strings if $SAFE is non-zero. [Bug #9976] Modified directories: branches/ruby_2_1/ Modified files: branches/ruby_2_1/ChangeLog branches/ruby_2_1/hash.c branches/ruby_2_1/test/ruby/test_env.rb branches/ruby_2_1/version.h Index: ruby_2_1/ChangeLog =================================================================== --- ruby_2_1/ChangeLog (revision 47345) +++ ruby_2_1/ChangeLog (revision 47346) @@ -1,3 +1,9 @@ https://github.com/ruby/ruby/blob/trunk/ruby_2_1/ChangeLog#L1 +Tue Sep 2 02:21:58 2014 Nobuyoshi Nakada <nobu@r...> + + * hash.c (env_aset, env_has_key, env_assoc, env_has_value), + (env_rassoc, env_key): prohibit tainted strings if $SAFE is + non-zero. [Bug #9976] + Tue Sep 2 02:08:12 2014 Nobuyoshi Nakada <nobu@r...> * signal.c (rb_f_kill): directly enqueue an ignored signal to self, Index: ruby_2_1/hash.c =================================================================== --- ruby_2_1/hash.c (revision 47345) +++ ruby_2_1/hash.c (revision 47346) @@ -2876,8 +2876,8 @@ env_aset(VALUE obj, VALUE nm, VALUE val) https://github.com/ruby/ruby/blob/trunk/ruby_2_1/hash.c#L2876 env_delete(obj, nm); return Qnil; } - StringValue(nm); - StringValue(val); + SafeStringValue(nm); + SafeStringValue(val); name = RSTRING_PTR(nm); value = RSTRING_PTR(val); if (memchr(name, '\0', RSTRING_LEN(nm))) @@ -3372,7 +3372,8 @@ env_has_key(VALUE env, VALUE key) https://github.com/ruby/ruby/blob/trunk/ruby_2_1/hash.c#L3372 { char *s; - s = StringValuePtr(key); + SafeStringValue(key); + s = RSTRING_PTR(key); if (memchr(s, '\0', RSTRING_LEN(key))) rb_raise(rb_eArgError, "bad environment variable name"); if (getenv(s)) return Qtrue; @@ -3391,7 +3392,8 @@ env_assoc(VALUE env, VALUE key) https://github.com/ruby/ruby/blob/trunk/ruby_2_1/hash.c#L3392 { char *s, *e; - s = StringValuePtr(key); + SafeStringValue(key); + s = RSTRING_PTR(key); if (memchr(s, '\0', RSTRING_LEN(key))) rb_raise(rb_eArgError, "bad environment variable name"); e = getenv(s); @@ -3413,6 +3415,7 @@ env_has_value(VALUE dmy, VALUE obj) https://github.com/ruby/ruby/blob/trunk/ruby_2_1/hash.c#L3415 obj = rb_check_string_type(obj); if (NIL_P(obj)) return Qnil; + rb_check_safe_obj(obj); env = GET_ENVIRON(environ); while (*env) { char *s = strchr(*env, '='); @@ -3443,6 +3446,7 @@ env_rassoc(VALUE dmy, VALUE obj) https://github.com/ruby/ruby/blob/trunk/ruby_2_1/hash.c#L3446 obj = rb_check_string_type(obj); if (NIL_P(obj)) return Qnil; + rb_check_safe_obj(obj); env = GET_ENVIRON(environ); while (*env) { char *s = strchr(*env, '='); @@ -3473,7 +3477,7 @@ env_key(VALUE dmy, VALUE value) https://github.com/ruby/ruby/blob/trunk/ruby_2_1/hash.c#L3477 char **env; VALUE str; - StringValue(value); + SafeStringValue(value); env = GET_ENVIRON(environ); while (*env) { char *s = strchr(*env, '='); Index: ruby_2_1/version.h =================================================================== --- ruby_2_1/version.h (revision 47345) +++ ruby_2_1/version.h (revision 47346) @@ -1,6 +1,6 @@ https://github.com/ruby/ruby/blob/trunk/ruby_2_1/version.h#L1 #define RUBY_VERSION "2.1.2" #define RUBY_RELEASE_DATE "2014-09-02" -#define RUBY_PATCHLEVEL 217 +#define RUBY_PATCHLEVEL 218 #define RUBY_RELEASE_YEAR 2014 #define RUBY_RELEASE_MONTH 9 Index: ruby_2_1/test/ruby/test_env.rb =================================================================== --- ruby_2_1/test/ruby/test_env.rb (revision 47345) +++ ruby_2_1/test/ruby/test_env.rb (revision 47346) @@ -451,4 +451,85 @@ class TestEnv < Test::Unit::TestCase https://github.com/ruby/ruby/blob/trunk/ruby_2_1/test/ruby/test_env.rb#L451 end; end end + + def test_taint_aref + assert_raise(SecurityError) do + proc do + $SAFE = 2 + ENV["FOO".taint] + end.call + end + end + + def test_taint_fetch + assert_raise(SecurityError) do + proc do + $SAFE = 2 + ENV.fetch("FOO".taint) + end.call + end + end + + def test_taint_assoc + assert_raise(SecurityError) do + proc do + $SAFE = 2 + ENV.assoc("FOO".taint) + end.call + end + end + + def test_taint_rassoc + assert_raise(SecurityError) do + proc do + $SAFE = 2 + ENV.rassoc("FOO".taint) + end.call + end + end + + def test_taint_key + assert_raise(SecurityError) do + proc do + $SAFE = 2 + ENV.key("FOO".taint) + end.call + end + end + + def test_taint_key_p + assert_raise(SecurityError) do + proc do + $SAFE = 2 + ENV.key?("FOO".taint) + end.call + end + end + + def test_taint_value_p + assert_raise(SecurityError) do + proc do + $SAFE = 2 + ENV.value?("FOO".taint) + end.call + end + end + + def test_taint_aset_value + assert_raise(SecurityError) do + proc do + $SAFE = 2 + ENV["FOO"] = "BAR".taint + end.call + end + end + + def test_taint_aset_key + assert_raise(SecurityError) do + proc do + $SAFE = 2 + ENV["FOO".taint] = "BAR" + end.call + end + end end Property changes on: ruby_2_1 ___________________________________________________________________ Modified: svn:mergeinfo Merged /trunk:r46547 -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/