[前][次][番号順一覧][スレッド一覧]

ruby-changes:58808

From: Jeremy <ko1@a...>
Date: Mon, 18 Nov 2019 08:19:25 +0900 (JST)
Subject: [ruby-changes:58808] 398cd3cc7d (master): [ruby/etc] Remove taint support

https://git.ruby-lang.org/ruby.git/commit/?id=398cd3cc7d

From 398cd3cc7dda375c2d21355057c11ecb4abeda70 Mon Sep 17 00:00:00 2001
From: Jeremy Evans <code@j...>
Date: Fri, 18 Oct 2019 12:10:03 -0700
Subject: [ruby/etc] Remove taint support

Ruby 2.7 deprecates taint and it no longer has an effect.
The lack of taint support should not cause a problem in
previous Ruby versions.

Still untaint the tmpdir object on Ruby <2.7, as returning
a tainted string there could cause problems.

diff --git a/ext/etc/etc.c b/ext/etc/etc.c
index 28761df..3cf1dda 100644
--- a/ext/etc/etc.c
+++ b/ext/etc/etc.c
@@ -100,7 +100,7 @@ static VALUE https://github.com/ruby/ruby/blob/trunk/ext/etc/etc.c#L100
 safe_setup_str(const char *str)
 {
     if (str == 0) str = "";
-    return rb_tainted_str_new2(str);
+    return rb_str_new2(str);
 }
 
 static VALUE
@@ -219,7 +219,6 @@ etc_getpwnam(VALUE obj, VALUE nam) https://github.com/ruby/ruby/blob/trunk/ext/etc/etc.c#L219
     struct passwd *pwd;
     const char *p = StringValueCStr(nam);
 
-    rb_check_safe_obj(nam);
     pwd = getpwnam(p);
     if (pwd == 0) rb_raise(rb_eArgError, "can't find user for %"PRIsVALUE, nam);
     return setup_passwd(pwd);
@@ -463,7 +462,6 @@ etc_getgrnam(VALUE obj, VALUE nam) https://github.com/ruby/ruby/blob/trunk/ext/etc/etc.c#L462
     struct group *grp;
     const char *p = StringValueCStr(nam);
 
-    rb_check_safe_obj(nam);
     grp = getgrnam(p);
     if (grp == 0) rb_raise(rb_eArgError, "can't find group for %"PRIsVALUE, nam);
     return setup_group(grp);
@@ -679,7 +677,10 @@ etc_systmpdir(VALUE _) https://github.com/ruby/ruby/blob/trunk/ext/etc/etc.c#L677
     }
 # endif
 #endif
+#ifndef RB_PASS_KEYWORDS
+    /* untaint on Ruby < 2.7 */
     FL_UNSET(tmpdir, FL_TAINT);
+#endif
     return tmpdir;
 }
 
-- 
cgit v0.10.2


--
ML: ruby-changes@q...
Info: http://www.atdot.net/~ko1/quickml/

[前][次][番号順一覧][スレッド一覧]