ruby-changes:52915
From: nagachika <ko1@a...>
Date: Thu, 18 Oct 2018 00:06:23 +0900 (JST)
Subject: [ruby-changes:52915] nagachika:r65128 (ruby_2_5): merge revision(s) 65125:
nagachika 2018-10-18 00:06:18 +0900 (Thu, 18 Oct 2018) New Revision: 65128 https://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=65128 Log: merge revision(s) 65125: infect taint flag on Array#pack and String#unpack with the directives "B", "b", "H" and "h". * pack.c (pack_pack, pack_unpack_internal): infect taint flag. * test/ruby/test_pack.rb: add test for above. Modified directories: branches/ruby_2_5/ Modified files: branches/ruby_2_5/pack.c branches/ruby_2_5/test/ruby/test_pack.rb branches/ruby_2_5/version.h Index: ruby_2_5/test/ruby/test_pack.rb =================================================================== --- ruby_2_5/test/ruby/test_pack.rb (revision 65127) +++ ruby_2_5/test/ruby/test_pack.rb (revision 65128) @@ -860,4 +860,20 @@ EXPECTED https://github.com/ruby/ruby/blob/trunk/ruby_2_5/test/ruby/test_pack.rb#L860 assert_equal "hogefuga", "aG9nZWZ1Z2E=".unpack1("m") assert_equal "01000001", "A".unpack1("B*") end + + def test_pack_infection + tainted_array_string = ["123456"] + tainted_array_string.first.taint + ['a', 'A', 'Z', 'B', 'b', 'H', 'h', 'u', 'M', 'm', 'P', 'p'].each do |f| + assert_predicate(tainted_array_string.pack(f), :tainted?) + end + end + + def test_unpack_infection + tainted_string = "123456" + tainted_string.taint + ['a', 'A', 'Z', 'B', 'b', 'H', 'h', 'u', 'M', 'm'].each do |f| + assert_predicate(tainted_string.unpack(f).first, :tainted?) + end + end end Index: ruby_2_5/pack.c =================================================================== --- ruby_2_5/pack.c (revision 65127) +++ ruby_2_5/pack.c (revision 65128) @@ -749,6 +749,7 @@ pack_pack(int argc, VALUE *argv, VALUE a https://github.com/ruby/ruby/blob/trunk/ruby_2_5/pack.c#L749 StringValue(from); ptr = RSTRING_PTR(from); plen = RSTRING_LEN(from); + OBJ_INFECT(res, from); if (len == 0 && type == 'm') { encodes(res, ptr, plen, type, 0); @@ -776,6 +777,7 @@ pack_pack(int argc, VALUE *argv, VALUE a https://github.com/ruby/ruby/blob/trunk/ruby_2_5/pack.c#L777 case 'M': /* quoted-printable encoded string */ from = rb_obj_as_string(NEXTFROM); + OBJ_INFECT(res, from); if (len <= 1) len = 72; qpencode(res, from, len); @@ -801,6 +803,7 @@ pack_pack(int argc, VALUE *argv, VALUE a https://github.com/ruby/ruby/blob/trunk/ruby_2_5/pack.c#L803 } else { t = StringValuePtr(from); + OBJ_INFECT(res, from); rb_obj_taint(from); } if (!associates) { @@ -1184,6 +1187,7 @@ pack_unpack_internal(VALUE str, VALUE fm https://github.com/ruby/ruby/blob/trunk/ruby_2_5/pack.c#L1187 len = (send - s) * 8; bits = 0; bitstr = rb_usascii_str_new(0, len); + OBJ_INFECT(bitstr, str); t = RSTRING_PTR(bitstr); for (i=0; i<len; i++) { if (i & 7) bits >>= 1; @@ -1205,6 +1209,7 @@ pack_unpack_internal(VALUE str, VALUE fm https://github.com/ruby/ruby/blob/trunk/ruby_2_5/pack.c#L1209 len = (send - s) * 8; bits = 0; bitstr = rb_usascii_str_new(0, len); + OBJ_INFECT(bitstr, str); t = RSTRING_PTR(bitstr); for (i=0; i<len; i++) { if (i & 7) bits <<= 1; @@ -1226,6 +1231,7 @@ pack_unpack_internal(VALUE str, VALUE fm https://github.com/ruby/ruby/blob/trunk/ruby_2_5/pack.c#L1231 len = (send - s) * 2; bits = 0; bitstr = rb_usascii_str_new(0, len); + OBJ_INFECT(bitstr, str); t = RSTRING_PTR(bitstr); for (i=0; i<len; i++) { if (i & 1) @@ -1249,6 +1255,7 @@ pack_unpack_internal(VALUE str, VALUE fm https://github.com/ruby/ruby/blob/trunk/ruby_2_5/pack.c#L1255 len = (send - s) * 2; bits = 0; bitstr = rb_usascii_str_new(0, len); + OBJ_INFECT(bitstr, str); t = RSTRING_PTR(bitstr); for (i=0; i<len; i++) { if (i & 1) Index: ruby_2_5/version.h =================================================================== --- ruby_2_5/version.h (revision 65127) +++ ruby_2_5/version.h (revision 65128) @@ -1,10 +1,10 @@ https://github.com/ruby/ruby/blob/trunk/ruby_2_5/version.h#L1 #define RUBY_VERSION "2.5.2" -#define RUBY_RELEASE_DATE "2018-10-17" -#define RUBY_PATCHLEVEL 102 +#define RUBY_RELEASE_DATE "2018-10-18" +#define RUBY_PATCHLEVEL 103 #define RUBY_RELEASE_YEAR 2018 #define RUBY_RELEASE_MONTH 10 -#define RUBY_RELEASE_DAY 17 +#define RUBY_RELEASE_DAY 18 #include "ruby/version.h" Index: ruby_2_5 =================================================================== --- ruby_2_5 (revision 65127) +++ ruby_2_5 (revision 65128) Property changes on: ruby_2_5 ___________________________________________________________________ Modified: svn:mergeinfo ## -0,0 +0,1 ## Merged /trunk:r65125 -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/